Date   

Re: [PATCH] UefiCpuPkg VTF0 X64: Build page tables using 1-GByte Page Granularity

Ni, Ray
 

OVMF's ResetVector is including the UefiCpuPkg's ResetVector. So, OVMF owners please do evaluate the impact.

I think this change assumes platform owner knows which format of page table should be chosen in build time.

-----Original Message-----
From: Dov Murik <dovmurik@linux.ibm.com>
Sent: Tuesday, July 20, 2021 4:02 AM
To: Ard Biesheuvel <ardb@kernel.org>; Ni, Ray <ray.ni@intel.com>; Brijesh Singh <brijesh.singh@amd.com>; James Bottomley <jejb@linux.ibm.com>; Erdem Aktas <erdemaktas@google.com>; Tom Lendacky <thomas.lendacky@amd.com>
Cc: S, Ashraf Ali <ashraf.ali.s@intel.com>; devel@edk2.groups.io; Ard Biesheuvel <ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@intel.com>; Agyeman, Prince <prince.agyeman@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>; De, Debkumar <debkumar.de@intel.com>; Han, Harry <harry.han@intel.com>; West, Catharine <catharine.west@intel.com>; V, Sangeetha <sangeetha.v@intel.com>
Subject: Re: [PATCH] UefiCpuPkg VTF0 X64: Build page tables using 1-GByte Page Granularity



On 19/07/2021 10:09, Ard Biesheuvel wrote:
On Mon, 19 Jul 2021 at 05:14, Ni, Ray <ray.ni@intel.com> wrote:

This change generates the reset vector binary which only contains 1G page table. If a platform doesn't support 1G page table, this will cause system hang.

To Ard and Jordan,
Can you evaluate whether this change impacts OVMF?
I don't have a clue, sorry, and I wouldn't know where to begin looking.

Brijesh, Dov, James, Erdem: after Laszlo's sudden departure, I will be
needing help reviewing OVMF patches that are highly specific to
SEV/SNP or x86 in general.
Adding Tom too - I think he modified the OVMF reset vector lately and might know.


Please take a look.

I'm not an expert, but I think that OVMF has its own reset vector in OvmfPkg/ResetVector, and therefore the changes in uefiCpuPkg will not affect OVMF.


Regarding the patch itself:

(1) I suggest separating the python tooling changes to one patch, verifying that the new python scripts generate the same binary files as the original python scripts. Then add another patch which introduces the reset vector changes.

(2) Do all x64 CPUs support 1 GB pages? Is it always enabled? Do we need to check this capability somewhere?


-Dov




To Prince,
Can you evaluate whether this change impacts SimicsOpenBoardPkg?

Thanks,
Ray

-----Original Message-----
From: S, Ashraf Ali <ashraf.ali.s@intel.com>
Sent: Friday, July 2, 2021 8:25 PM
To: devel@edk2.groups.io
Cc: S, Ashraf Ali <ashraf.ali.s@intel.com>; Ni, Ray
<ray.ni@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>; De,
Debkumar <debkumar.de@intel.com>; Han, Harry <harry.han@intel.com>;
West, Catharine <catharine.west@intel.com>; V, Sangeetha
<sangeetha.v@intel.com>
Subject: [PATCH] UefiCpuPkg VTF0 X64: Build page tables using 1-GByte
Page Granularity

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3473

X64 Reset Vector Code can access the memory range till 4GB using the Linear-Address Translation to a 2-MByte Page, when user wants to use more than 4G using 2M Page it will leads to use more number of Page table entries. using the 1-GByte Page table user can use more than 4G Memory by reducing the page table entries using 1-GByte Page, this patch attached can access memory range till 512GByte.
Build Scrips for Reset Vector currently based on Python 2 which is already EOL, needs to modify the build script based on Python 3, update the Binary accordingly.

Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Cc: Sangeetha V <sangeetha.v@intel.com>
Signed-off-by: Ashraf Ali S <ashraf.ali.s@intel.com>
---
.../Vtf0/Bin/ResetVector.ia32.port80.raw | Bin 516 -> 484 bytes
.../ResetVector/Vtf0/Bin/ResetVector.ia32.raw | Bin 484 -> 468 bytes
.../Vtf0/Bin/ResetVector.ia32.serial.raw | Bin 884 -> 868 bytes
.../Vtf0/Bin/ResetVector.x64.port80.raw | Bin 28676 -> 12292 bytes
.../ResetVector/Vtf0/Bin/ResetVector.x64.raw | Bin 28676 -> 12292 bytes
.../Vtf0/Bin/ResetVector.x64.serial.raw | Bin 28676 -> 12292 bytes
UefiCpuPkg/ResetVector/Vtf0/Build.py | 11 +--
.../ResetVector/Vtf0/Ia32/PageTables64.asm | 2 +-
UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt | 2 +-
.../Vtf0/Tools/FixupForRawSection.py | 4 +-
UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb | 4 +-
.../ResetVector/Vtf0/X64/1GPageTables.asm | 64 ++++++++++++++++++
.../X64/{PageTables.asm => 2MPageTables.asm} | 0
13 files changed, 77 insertions(+), 10 deletions(-) create mode
100644 UefiCpuPkg/ResetVector/Vtf0/X64/1GPageTables.asm
rename UefiCpuPkg/ResetVector/Vtf0/X64/{PageTables.asm =>
2MPageTables.asm} (100%)

diff --git
a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.port80.raw
b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.port80.raw
index
2c6ff655ded2a5855ca8f4428d559a7727eb6983..79b23c047bdc6e552d77d5c9e9a
eae21ff04d91d 100644 GIT binary patch delta 410
zcmZo+dBQ9-0SF8a=rRZ}FxWCMF#Invo+zYJ-&~=>P<pEKFmr@L>EYMB8#X*^*s&i7
zI*-2o*Lifq#%B#L{TUe;3~zVd>wJ;c9c#dNqsaO-vqO<t>wyxZ<^$|Sx+*`qBE-KP
zRw#MZ?IF_m@c;k+44fxR?lK-MVJf=bP$9%z%Jy2m^*||G=ZV*+3=ec3YyDQrw&BCG
zhLV39>OTT4_yTke(6spG0}_@eiX$2-m<39tfuvB0QMW|nV~~MBTOFDYFc(>?{CR!5
z`2b5=qlIr&sV@Ka2ph)3jn)CK3=F06%+4CG<$;o&htnFZ!=g(0n4LMA4`}djk7m=n
z@tSo9&>Du9B|zggh&^lgwVUBX-))iIZU6Ps_!-61b|^D2IPfbSNPCqzIiFFU^R?Xs
zd4>r<#gi8>%0vL2z`!uOpJBgKz-zAkjsdS((>jm5W_tbeb@R)JfB*l#TmvLJAN+p?
a3S}hl`Z9zAvN|lpjbXxs*L#qpCjbB+6v6TU

delta 442
zcmX9)O-lk%6n)b;mb6f&NEbm;61Fgs7G?G=i3EW`h#0jTXjjt=xN`<_@e*RfKhRH@
zRthehQp<ioAq+%O48GjhrlO+Pox1Q2_nv#+{d#7P9J~e=HbTgQ&;mk;ijh-3kW;e(
z2#|b@Yi!yt8wAow*Da-71;Y*UMJdG%{oGQ>0fSK3#P_%@6n3VVmKY~2sF%gXydlkT
zz2J+}fsf;~_pRoa+J(fR`Ut;~>qat}3#muERkA!QyT~Xg^M>rg%^bM|McBYs`8V0A
zcP&Nw(O;ogKlFmCBIg5bq<OffWLb~o2jr#sf=_+23&RMToIQfL9{47AKyeO;1a)>J
zBhR=?>3OE6Mw4r>-vk>Al5t4>DR50tqp6HM5M^V1To7n?Y1=u`A{@A7c!=ymHGRlZ
zJ}anuVpcRdDYzN0P#%MY-J^!^vR_OvBRp9GvF1f*Ah$29X~lhJI8j|qcKWL;$&ORN
mb+{6FrzA&7=!a5r41gb~Ws5tejhbe+Ol`#xF!g`tAAbQ#M!vED

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.raw
b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.raw
index
e34780a3a2c9b22bd10a1d5a405e344faaff94f3..ce7faa502b858e99908bcdb397b
776258205e1d5 100644 GIT binary patch delta 421
zcmaFDe1%zP0uUG;&}9%{V6bIiVEA8TJW)uczPUn$q4ZSeVde;h(!;MgckBm(&ZDpY
zbsl}`&d9)Ec)Rmn=Zm!NSOdlzMb@vG9g56a50n@+A7C%iRr%2sA^z>KLdmOc50S=)
z|NsAI;5=D!m+@c;Q_=N?3L)lFw%6jV2TIvGPrN>5c%buG>$g&-l7BD10Br{v65o74
z!m|EEaYRD}vp|V7kQ6F0>XvAH3^E94n?v&f<|1pAKd)~$A7DvqwD658)#cwFVZ(U1
z(K^7DfuU5M*;(VYJW#Upa9X2vSX3z=volBY0S*4`(QKMGUbF51+Qaa&258)`-3%Z4
zZtt%9ub0NpD4w=MnSsH9U+F;FtJKNSjMDY5-6qI0OaQ6_1rZE@G=l)pF$@fo&qL_h
zFuI>%zf-_#uKkVyuUXSNkGy7j{quG6%Zz{j|G(S<Bsw4be+DxMO257gVSvmG3vpwZ
NFyZwchzJ{m0sv1?z^?!R

literal 484
zcmX9*OG_g`5Uz2YXi!K{AwfI@4Wb8^4I;k92Z}6+5k#W02QLkK9j9Rq9_&L7ZDbtq
zqIePigaaNjIzCSdixLS)RFt&2cybqA?5!~cU5~H6s_N>tZQD+`9S{Z>1OTb`GBa#G
zt*_G(GaClinx^RkGo#yGe2LyNvnlO${H9mTj3XK78TZswjJl#0BPWZ(PsE3m63x5<
zkjV2pUL={H-<6y`Ayi}y>qBYR=+mmu*E{2X*HV!;FJ=@olMU=1D<ODc<ds9CLcd-$
z>r@&PjmS*9G|11z5fTzEKTW^U3gc6Jd}Rz>i=xwezWi&|RKrFLb)7MgiLyt(A5Nap
z{K@){_&;%jkXDHiVLej|v^%t)8c;mepB%?^+SRc((Td402KNZ-pIe~y>R7ebhG=Mi
zG0>h98oCZ15CogOAHb`XKiHDrNJxngrv+CGHM`_x1(RWLh67mGTp&(0SUJnJ3Rcm&
z65UvCM_?B@w(a-w1uqM*d0DnQmyjJzmTIyi$x?vuV|+aEM~V$8raq+<d#HFpKI8Y<
TrM$1pedcB-0FmP|Qr7<gpRvyd

diff --git
a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.serial.raw
b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.serial.raw
index
6dfa68eabb48a44bc50a0b7fe678f80b5cdadfd5..6503a988abdac06f9aa88f0a65f
2525e12233b0a 100644 GIT binary patch delta 426
zcmeyu_JnPMtN<&s;Q?I+0R{$J1_p-zMaC0#Rrs4LR2WK6bslDpP$)h8+H+!>JIm{T
zoku68$xYtMs2t$H#K2&9yYpV>i?r@o1I8OgcCVQoiY!|Xl$bUjU@tOI`Oy_2{_U_r
z$*XP;k;aGr|Nm#;JXvy=@n8v4(e;K3A?8xfm(zi^wH_#C>pb!L_+($k?)of7kU&X%
z^8pFV6U7k?70d!9(m+zE#Hd@M@iE8{piK_V2bhbjRsOub-F$#0t<l0as#KSMdxQ<+
z;YRBKR|bYsd1hyg*YZHg&ckVq)?rble9X=q%?C92w@0&S-gwQr186V9%Rm4A|KIhO
z`OON2k{`Q%FmEt?H#v*RP`Ks4UK&56c-jtS1_lRyr2}cNv?s4)imrd{GC`hU0?-K)
zzyM?f2mqbLz%cndgq{tf`x*8-1-$0n?-=l!Bdznu%Ljj6Grj)ylK211_kaHXf4Teb
e|Nos2{y&2l1two#MwlBG;>Ivx!s|Uq(h~riBD@{|

delta 425
zcmaFD_JwVNtbi=D;Q?I+0R{$J1_p-zMV1qFRYV&rRDc|Y(&L?nnIjZR54`jN@+Ky@
zv%mcP|NsBaqZ1S4CZ1G|2xMYlFudJ)uk%G(cdP;9jUu;~%s_<>MRu(RN~~Dff$Sn<
zl^<OZ;@=J{l)UKn5NUh})X%_qvg9`7!4jsTs|^)G%%z+!X8~2V9w_DPJn`}nP{Cvy
z#_sxJMvz!Z5vv4H((*)cW<v$DK#2m76e_XlmS}toG6`sBAS=kuA}^IcFRuZGSXqF)
zv_=cxs8VzO?GZMNha0T}T!DVkWOmkgsRon;tLQwO)@U6TRVvKv%)zPw6y@I@&8B(d
zB`c7*1Be-zUOt;_%H$+G>%U$aKcjfs4rQRn_>~T%y|SO&#T1?W(j2HroM8dT6;J?X
zO+L>6re~jL*zXkZns2{jz-!L5&Lb~R`~e2e%P;?5ivNFk_0RwRFIW8q2IYhQ&nCRS
WJpl|r#)O5qF-(~7`Upe>LIMEmI;Oe+

diff --git
a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.port80.raw
b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.port80.raw
index
6c0bcc47ebff84830b59047790c70d96e9488296..835f8ea423437fdd8b33470ca07
b5d09e27ef5bf 100644 GIT binary patch literal 12292
zcmeI&+i#oo0mkts4Go129J)fo=$7=rD1$;94uge`K!JtR2m?x1&W9N`jtlni4!~nY
zMKVPp5;sh{V}AhViU1dVP$**DtP&R#RiF&CsHt!04FZH}-n3u#KY(6K@yE_L{>6E&
z?8q}SGc)VwyIqx+a)EMza)EMza)EMza)EMza)EMza)EMza)EMz@AU%z;;$<lUAkFl
z463KNvDDER)G|66gX*QDF{oqcXbfsO9gRWt(a{*xv2-*BwStbuppK)XF{tC|XbkEH
zbTkI_LpmCRI)RSHpiZQtF{lb1jY0L((HPW8bTkIFl8(lpendxOP^;)@4C-V$8iP88
zj>e!?)6p2z03D4%ok~YzP(P-lF{sn%Xbfr%9gRW#gpS6beo9AUP=j<d1~o)SV^C}9
zXbfr{9gRV)r=u~b4RkaHbvhl5LH&%5#-PriqcNzBbTkHaCLN7I{hW@*pw6PBF{rcY
zXbfr-9gRVqLq}s!=hD#_)Mh#wgW5tzV^G6%GzN7Z9gRVqPe)@=7tqld)P;032K5U%
z8iTrsj>e!arlT>aU((SS)Ce7oL0v*eV^CY^XbkFCbTkHaDIJYLjndH=)Ma!u26Z_d
zjX`arqcNx}=x7Y;N;(>Yx{8j*pngq9V^CvsGzN7w9gRU<Lq}s!*V54#)OB<;26a6h
zjY0i}j>e#FprbLUaXK1<x{;2?pngk7V^BBI(HPXtbTkHa3muI?ZKtC#s9Wi13~GXo
z#-M&jM`KVs=x7Y;HaZ%Ex}A>3pzfffF{nG~XbkEuIvRtzn~uhy?xCYGsC(&X4C+2Q
z8iTr@j>e#VPe)@=RXQ4jdVr3`pdO^7F{nS#(HPVp>1Yh<Avzj^dYF#JpdO*4F{nrB
zXbkExIvRs|oQ}qz{zOM(P?K~t2K59TjX~AuXbh@OM`KWbrlT>aC+TPmszFC%P=BGL
zF{r=N(HPX<=x7Y;?{qW<^%NbAK|M`JV^Gh~(U>K-6t5!tb>t;Rck;YuqrdUL=bx{4
znvGRkpIdW7{gY;6;2#&X?x}y+Y^>Qix9R=*-l@h0)!%E)^-c`c=Q<~}+Y6rEU0hmw
zI)__(+OIBn@ui;P;Qg(STL-GU?%3S3Z*rv5J34vc&eVpda_r=$4PQJrvHJ75q1wS+
zW2>6~?G_(FIPTxIk9yv!Et~wnjg`IizRuvz)cacRcHY~P);l{tulKb-TX5}g`%rQI
z*5dr)u)C%*aPhlOOt{h8UpuY1URfL7HPHNY>Ad2Xj!va_a%98To&8ferrNyd`W^L6
zmDeUN>6vSej9)3$2Ya_|><kvMHCJtpY~N8ov3J{wscfvgc3a<>`#Q^Ki+!|MD~{`I
zsSM3m-Z-$lvTpu$OQ{SO_f}LkSB6sD7_6+z!SO@g?tt3&7tinI;&HRu+wE4??d$Am
zpR(Yu-qdH)``>)|&^gsg&+6*z`r_Xy#e=E`pDiBMui4Q)sW`hmyx{8W3Qg~u&h-5B
zf$6=SYtB%+_?hCP8b>ZmPig6L<Wn0j{^zLw{MJ{v|AKa3KHfQg_hsXq<<-{Pon@Ub
z7oY4dRt|T&i}x*EomKo%v&C0;Z0$Q^Yxj(;eS54m-(8rQIeL0|T`o{AP%cm|P%cm|
pP%cm|P%cm|P%cm|@LgMA@vB4sf8V(M=BqR_v-s)J?;L$U`3*d;lz{*M

literal 28676
zcmeI*_qU~IRlxBbLjs685mBO|gop|%NU?wvx1boY0V*O`9^2Sk%;?zns8I(n#xB;!
z-gT@5QP~<mte{w;Shg)@hy_KlGoB<L*YZzL*Ll{O^Evn2_j}Hn=e~EpYwrATufP8K
z>t7jntXIYrx8HeXBo~XD&0$=0+nqzt<YIBNIgHoPGr3sYY!2gMJ(G*Y&E_!fq-S!m
zxY-=WC3+?oi<`}1T&ibsvAEeB#+~&{E*3YN!?=r{$;IMka~OBkGr3sYY!2f!^-L}n
zH=Dz_o1V$V;%0Lgucc>lvAEeB#%t@DTr6%jhw(akCKrpF&0(C-Gr3sYY!2fxJ(G*Y
z&E_y(SI^{PakDv$yX%=;EN(W3@p^hD7mJ(CVcbK{<YIBNIgHoWGr3sYY!2fM^h_=m
zH=Dz_r=H2h;%0Lgm+P5aEN(W3@rHUP7mJ(CVZ4!^$;IMka~N-|XL7N)*&N2b^h_=m
zH=DzF6FrlQ#m(k0-c--zVsW!MjC<>uTr6%jhjE3T$;IMka~SuD!#Z65nOrPxHivPg
zp2@}HW^)*Cre|`oxY-=Wef3N(7B`#2cym3Ii^a|6Fy2DX<YIBNIgGc|Gr3sYY!2go
zdL|c(o6TX|U(e)XakDv$x6(7YSlnz5<E`~fE*3YN!+0A#lZ(a8<}e<hXL7N)*&N0L
z^-L}nH=DzFTRoGD#m(k09;9b-vAEeB#)I`tE*3YN!+40E$;IMka~KcRGr3sYY!2h?
z^h_=mH=DzFdp(nj#m(k0-a*ggVsW!MjCa&Cxmet64&z~ZCKrpF&0#!T&*WlpvpI}+
z(lfbO+-wfx5qc&Ui<`}1JW|i(VsW!Mj7RC2Tr6%jhw*4VlZ(a8<}lt_&*WlpvpI~^
zGr3sYY!2gH;;;_ae<l};o6TW7M$hD8akDv$$Lg6}EN(W3@veF%7mJ(CVZ583$;IMk
za~O})Gr3sYY!2hy^-L}nH=Dz_O3&nCakDv$_s}!BSlnz5<MDbX7mJ(CVZ5iF$;IMk
za~SWXXL7N)*&N1u>zQ0EZZ?PUK6)k>i<`}1ysw_g#o}gj7*EhMxmet64&#Y>CKrpF
z&0#!A&*WlpvpJ0S(=)kP+-wfx{q;;P7B`#2_y9eVi^a|6FrKVua<RDC9L5LgnOrPx
zHiz*PJ(G*Y&E_yZNYCVAakDv$r|OwpEN(W3@iaY?i^a|6Fg{q%<YIBNIgAg{Gr3sY
zY!2f?^-L}nH=D!wFg=rt#m(k0mY&JQ;%0LgA0CHwxc)P_Slnz5<0JG;E*3YN!}v%&
zlZ(a8<}f}=&*WlpvpI~9)-$<S+-wfxq@Kye;%0LgAERe-vAEeB#>eWJTr6%jhw*WG
zCKrpF&0&1Jp2@}HW^)*ypl5QixY-=WC+eA8EN(W3@kx3n7mJ(CVSKWl$;IMka~PkZ
zXL7N)*&N2F>X}?DZZ?PUX?i9Xi<`}1T&-tvvAEeB#;5C<Tr6%jhjERb$;IMka~P-e
zOfD8To5T1FJ(G*Y&E_yZQ_tjLakDv$(|RTsi<`}1e3qWc#o}gj7@w_Ya<RDC9LDG9
znOrPxHiz-KdL|c(o6TW-o}S6Y;%0LgpRZ?fvAEeB#uw<BTr6%jhf#Va7mJ(CVVsG>
zI$ZymTr6%jhw+7aCKrpF&0&0zp2@}HW^)){tY>nuxY-=WwR$EOi<`}1e2JdP#o}gj
z7+<Pqa<RDC9LAUFnOrPxHivOm&*WlpvpI~X>zQ0EZZ?PU3_X*J#m(k0o~dVYvAEeB
z#+U1vTr6%jhjE>r$;IMka~NNtXL7N)*&N38dL|c(o6TW-rJl*f;%0LgU!`YqvAEeB
z##if^Tr6%jhw(LfCKrpF&0&14p2@}HW^)){r)P4pxY-=W*Xx;FEN(W3@eO(=7mJ(C
zVLVIE<YIBNIgD@AGr3sYY!2g_^h_=mH=D!wW<8UO#m(k0zD3XEVsW!MjBnL5xmet6
z4&&SOOfD8To5R?8CKrpF&0&0d9M<9b&*WlpvpJ0K&@;JM+-wfxJM~O17B`#2_%1z@
zi^a|6Fuq&Q<YIBNIgIboGr3sYY!2gl^-L}nH=D!wK0T9*#m(k0zF*JeVsW!Mj33Z5
zxmet64&w*)OfD8To5T1aJ(G*Y&E_zESkL5QakDv$AJH?pSlnz5<45&OE*3YN!#JmB
za<RDC9LA67nOrPxHiz-!dL|c(o6TYTgr3R8;%0LgKdEPOvAEeB#!u;)Tr6%jhw;;T
zCKrpF&0#!S&*WlpvpI|#^h_=mH=DzFj-JWI;%0LgKci=IvAEeB#&h*dE*3YN!}wV}
zlZ(a8<}iLv&*WlpvpI~P*E6|T+-wfxd3q)ni<`}1w4TYu;%0LgzYvFYxc)P_Slnz5
z;}`WzE*3YN!?;n;<YIBNIgID)nOrPxHiz*7J(G*Y&E_y(sAqDqxY-=WFX@?FEN(W3
z@ghBwi^a|6Fn(Fj<YIBNIgDS?Gr3sYY!2gB^-L}nH=D!wH9eDy#m(k0eqGPxVsW!M
zjNi~Rxmet64&%joCKrpF&0)Mm&*WlpvpJ04)HAtQ+-wfxxAaUd7B`#2c&VPr#o}gj
z7{9G&a<RDC9LDeHnOrPxHiz-MdL|c(o6TYTo}S6Y;%0LgH|d#NEN(W3@%wrv7mJ(C
zVf=xf$;IMka~LnvGr3sYY!2fO^-L}nH=D!wBR!Lg#m(k0{#eiCVsW!Mj6cycxmet6
z4rBC8E*3YN!}!xUti$!6$;IMka~OZ7XL7N)*&N27>zQ0EZZ?PU7kVZai<`}1{H31B
z#o}gj7&q&gTr6%jhw)c>CKrpF&0*Z4XL7N)*&N1sJ(G*Y&E_y(u4i(wxY-=Wt$HRG
zi<`}1{I#CR#o}gj7=NQ@a<RDC9LC@3nOrPxHiz+ddL|c(o6TXoLeJ!4akDv$zt=Ol
zSlnz5;~(@)E*3YN!^7w~ti$|aa<RDC9L7KDnOrPxHiz*~dL|c(o6TXoO3&nCakDv$
zf7Ua(Slnz5<6rblE*3YN!}wP{lZ(a8<}m(E&*WlpvpI}^*E6|T+-wfxKlDs47B`#2
z_)k5Pi^a|6FkY=^a<RDC9L5DblZ(a8=G^W>ufK4Io9Ea^Z`;?09{1sn^W(S=$9*_{
zKOE=5aSj~kz;O;7=fH6e9OuAs4jkveaSr_7o&zuO@BE{8d>xPbaNLL6u4~8h;CLP!
z&x7Ol!Ep{8=fH6e9OuAs4jkveaSj~k!2h#3aQGDf$93F+;|?5m;J5?F9XRg5aR-h&
zaNL384jgyjxC8$Sci_Q?UmtN<#G?*Binws~!_S<)?DStg^O>h^J#+dVk9zvO-uKj>
zojHB^v)=yfhoAcWGpFx$?Trt3>8Y2TIep*5!Ex%B&fa+OQ?5AG=MQ<DJ9l&4@Vvu1
z`-1cTe&ND}voARJV>j3N@4qPG!7n@e$7gRj`HT;F&_y?0{kZcNACAteAAN0K^G=uC
z`EdX0hu-&Jp8k}3zUsy+uDRtISKZ^xpC0PC>n~sPvWtG<n%B7cck1-rFFtkG^H&~@
zytYr>_3Vqz|Kj0*2lv?*Ui+$3m!5mY&2`PI&;9-3r5<~Dsl$_AeaYpALm&R4Pye_&
zeeq@2TyeO)`!$bz#^q=J{I=&kyn`oRa@#w&`tkSukMqBKc<7Ql9X>jF=3(#s)Kl+x
z;@MAm<V820dBhXm?eN#T|HY5J-}$#VeDd}q&fa+P%p;!s)Kjl_@ni3D$^8zGo_O}t
zF1`Ov=Px<jz2WdD&VT6P$!>_baN)$2H=Vd*PW;R*mz=nAo>LKh;vt8R?sDQmC$8wj
zoqM0SvS0py!_k+=xsN)$@vk`4=icDv`nTuCE3SLlb5CD*;K>sg-SgxPZ+6(H!=Wc%
z{y~RhFN+)U(!;A>Ip-d7bDg~5E^*yW*Y$OC-7VL><ou%#&v5Uk!(rE7f4F=5y8VCQ
zzxu^-yWjNR{%Ab!F;BSlZqIv{C)|4J$+OQtd@;`d^M&(u;ru`S=Y<RBpY-a(&BG2)
zbJY!po7;apch!Afc-4JgaMgXDf7RK!aP#5(z4gXBPU72M<jL><xHvrWL;v%%{x6Nr
BvabLD

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.raw
b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.raw
index
a78d5b407c8a106c221af127216d073cf8fdb99d..80c2de6ed5ef5e8dc5d45297fb8
3e7085bce0c01 100644 GIT binary patch literal 12292
zcmeI&OK)6-0mbp-n3#mun2<IGLgPGWLcx%PHx9*+hMMw7$|IOiN}=uWei;u8kTz#z
zQfUY>BOw;3%YJ|^F=dg1Od`mpk-8udwK7GZICs-*P>WEe*U2A=&w%bop5LAMkMDTS
zYQ~yQr_)(I+wH2lR0~uKR0~uKR0~uKR0~uKR0~uKR0~uKR0~uKe6JVy3$LzpWd5+!
z7*tPrFyGM_)B-vhgX*QDF{o4MXbfs09gRWt(a{*xsdO|3wTO<!pcd277}RNWGzN7#
z9gRVqK}TayXVTFa)LC>i234b@F{pkz8iP8Uj>e#t(9sywIdn7zwUmy=pngC{V^BY&
zqcNyubTkGvKu2Rx=hD#_)OmC?26a9ijX^D^qcNxp=x7Y;M|3m>wStbupa$t^3~D7E
zjX|xVqcNz}bTkIFhK|OdE~KL|s2|hO7}Q!i8iQI#M`KVI(a{*xPv~e2>S8(?gSv!{
z#-N7iXbkF7IvRtzjE=^j*3;1#)CM{lgW5<(V^EjV(HPVfbTkHaB^`}HT}4M@P*>B@
z7}Pa%GzN7o9gRU<M@M5&!*nzTwTX_#psuH*F{q!?(HPVXbTkGvLPujzH`37<)J=3W
z2DO=v#-M&iM`KW1=x7Y;W;z;!`Z*nqL5<SU7}PCvGzRqxIvRtzm5#=sZlj|ysN3mi
z4C)R#8iU$OM`KXi=x7Y;mvl4+btfH-LES}1V^DX~(HPV{bTkIFosPz!?xmwKs4+Sk
zgSwB7#-Mi4(HPYIbTkI_D>@p3dVr3`pngq9V^9y$(HPWk=x7Y;Avzj^dYF#Jpngk7
zV^F`NqcN!8)6p1IosPz!9-*T#s7L8&4C*mD8iRVAj>e##prbLUC+TPm>M1%JgL;~d
z#-N^|qcNyw>1Yh<IXW7H8mFT%sORZu3~GXo#-JK>GzRqo9gRV~NJnE(O*$HbdWnw4
zpkAh<F{oGQXbfs69gRW#fsV$Y{zyk-P`l`8%)A@Qcai-%@fM>yetE0e-~8hB*BeEv
zx%B$imTztRyVV?c`^xr1jZa$5<-2Ew{?Rx%*<7Q>f%Z)A*kEI(SUkPAytMZf$J_hn
zcJ-7eJly_Q`$&Dy1M7PZjSm;SBjZ=?&cw#aoH{<V=D)9vE&FO_aN_8m(WR}=y5(07
z7JoGH&z|=u7L0%F=91n<U$Ja=8hz~#ivt_d-oN{+#)66CbC;CoEl={`WCpJN@cA(}
zd;2HOFRzzOY}_-@`h5O8<&%v}rgwaJ%{Rs2$(&MeU32@6#!&5@u}wWQt>JB3q{fQg
z&FhL4Wo*yXTf^ITG|uYXyl67(YVX|NchR9@;dHr&=605+D~4)=v$ek+Sy)>&`>v(b
zHkP**)z;SrQy#3St;*4nW8Ln6=H4oQXIcll-P)={#YbPir~gbHe(z7mF0I#kmer?M
zm;W{?A6!5BbouChO^@_R<vHuqi!^m;DpRvlN2U%ITh^*m_VVi(o%ugu{&M158E^jm
zq<{X_zjFHx?Y(JRaoXM+w-pQP?GK6t#s7*|=hh$ZcIS4^Uu`O1!*u!69bLJ9bmhL$
zl^=|@XS-j1=lmz1rMj*bs1~Res1~Res1~Res1~Res1~Res22FXEHL-!vH6dcCq7qh
Rzx!r&I&(88?>TXI=l^%>e!Ktx

literal 28676
zcmeI*_qU~IRlxBb!cc4z0VOI*h=`z~ASxiBTM>*{07XO;eQaZIF{5MOqedOT7{y*6
z?7b^dRJH~XJN77+4YpijN3k=WBp=t(KS9@d*1G3&&YAan-kIl~yWchU{&26q{`%`*
z5x1{b#1*&Qc|{}_i<`}1TypE3L(k-5akDv$JLs8QEN(W3ajBlk#o}gj7<be&xmet6
z4&#)b$;IMka~OBhGr3sYY!2hjdL|c(o6TX|MbG47akDv$yXu)-EN(W3@oIV|7mJ(C
zVZ6GY$;IMka~Q9oXL7N)*&N1e>X}?DZZ?PUT6!iIi<`}1oYphBSlnz5<1#&yi^a|6
zFkV~F<YIBNIgGpMnOrPxHivO{J(G*Y&E_!fp=WZjxY-=W>*$$WEN(W3@w$2@7mJ(C
zVcb*C<YIBNIgHEoOfD8To5OfLJ(G*Y&E_y(U(e)XakDv$H_$V=Slnz5<6e3u7mJ(C
zVZ5Q9$;IMka~N-=XL7N)*&N2b^-L}nH=Dz_LeJ!4akDv$`@~@#uK!Ff7B`#2xKhvL
zVsW!Mj5pRZxmet64&%OhCKrpF&0)NWp2@}HW^)+#(=)kP+-wfxP4!GJ7B`#2xWAss
z#o}gj7!S}hxmet64&%-AOfD8To5Of>J(G*Y&E_!PLeJ!4akDv$2kMzzEN(W3@s@ff
z7mJ(CVZ4=|$;IMka~KcOGr3sYY!2hWdL|c(o6TXowVuhv;%0Lg579HZSlnz5<8Aaz
zE*3YN!+2XglZ(a8<}lt)&*WlpvpI~1>X}?DZZ?PUFg=rt#m(k09<FC{vAEeB#@p+e
zTr6%jhw%tKlZ(a8<}e<qXL7N)*&N2B^h_=mH=DzF2R)OE#m(k0-cirwVsW!MjMOu^
zSlnz5<DKHL4%dGs7mJ(CVZ5`R$;IMka~O}-Gr3sYY!2gH^h_=mH=DzFjGoEG;%0Lg
zkJU4|Slnz5<6ZSkE*3YN!?;S%<YIBNIgEGHGr3sYY!2gbdL|c(o6TXoyPnC#;%0Lg
z@1bXMvAEeB#(V0STr6%jhw)x|CKrpF&0#!V&*WlpvpI|>=$TwBZZ?PUL_L#>#m(k0
z-doS)VsW!MjQ7zqxmet64&zCBCKrpF&0)N+p2@}HW^))%)-$<S+-wfx{q#&O7B`#2
zc#59M#o}gj81JuVa<RDC9L7`iOfD8To5T13J(G*Y&E_yZP|xIIakDv$r|FqoEN(W3
z@j-ef7mJ(CVSKQj$;IMka~Mm{<YIBNIgAg9!#Z65nOrPxHiz+{dL|c(o6TW-n4ZbS
z;%0LgAFgL|vAEeB#z*LxTr6%jhjB*F<YIBNIgF3gGr3sYY!2h2^h_=mH=D!wXg!mQ
z#m(k0K1R>vVsW!MjE~hbxmet64&&qWOfD8To5T2cJ(G*Y&E_yZLC@r3akDv$Pt-HH
zSlnz5<CFAEE*3YN!}w%9lZ(a8<}j|-Gr3sYY!2g7^h_=mH=Dz_M$hD8akDv$vw9{M
zi<`}1e5#(w#o}gj7@wwRa<RDC9L704lZ(a8<}f~8&*WlpvpI~<&@;JM+-wfxGxba^
z7B`#2_$)n>i^a|6Fg{z)<YIBNIgHQIGr3sYY!2gd^-L}nH=DyKJ(G*Y&E_!9$6+0=
z|4c3xH=D!wJUx?(#m(k0K3~t|VsW!Mj4#kLxmet64&z!qlZ(a8<}kic&*WlpvpI|}
z(lfbO+-wfxi}g${7B`#2xS(fpvAEeB#?$poE*3YN!+3_C$;IMka~RLmGr3sYY!2f~
z^h_=mH=Dz_PS50GakDv$FV!=-Slnz5<9a=li^a|6FuqLB<YIBNIgBsYGr3sYY!2gD
zdL|c(o6TW-g`Ua9;%0LgU#VwuvAEeB##iZ?Tr6%jhw;^VCKrpF&0&0vp2@}HW^)){
zt7metxY-=W*XfyDEN(W3@%4Hp7mJ(CVSIz0$;IMka~R*KXL7N)*&N0<>6u(CZZ?PU
z&3Yymi<`}1Y(0~U#m(k0o*jpExc)P_Slnz5<6HDhE*3YN!}wM`lZ(a8<}kiZ&*Wlp
zvpI}!*E6|T+-wfxJM>I07B`#2_)a~Oi^a|6FuqIA<YIBNIgIbtGr3sYY!2gl^h_=m
zH=D!wUOkhG#m(k0zE98OVsW!MjPKVoxmet64&w*(OfD8To5T1)J(G*Y&E_zENYCVA
zakDv$AJ#LuSlnz5<45#NE*3YN!}w7>lZ(a8<}iLt&*WlpvpI|(*E6|T+-wfxC-h7%
z7B`#2c#fXQ#o}gj7&qvdTr6%jhw+noCKrpF&0+kMp2@}HW^)+N)ib$R+-wfxr}a!O
z7B`#2_!&Kui^a|6Fn(6g<YIBNIgID&nOrPxHiyxACKrpF&0+jp9M<9b&*WlpvpI~P
z*E6|T+-wfxMm>{@#m(k0p08(evAEeB#tZaJE*3YN!+4>d$;IMka~Qv%XL7N)*&N1;
z^h_=mH=D!wMLm;?#m(k0eo4>dVsW!Mj9=C>xmet64&zt!OfD8To5T23J(G*Y&E_zE
zP0!?FakDv$U)M9aSlnz5<HdR=7mJ(CVf==k$;IMka~Qv=XL7N)*&N1i>6u(CZZ?PU
z+j=G!i<`}1{EnW<#o}gj7{9A$a<RDC9LDeInOrPxHivPOp2@}HW^)+7uV-?xxY-=W
zALyA}EN(W3@e)0gi^a|6F#b@_<YIBNIgCHjGr3sYY!2g(^-L}nH=D!w6FrlQ#m(k0
zM$hD8akDv$m&RcouK!Ff7B`#2c$uEb#o}gj7=Nl~a<RDC9LAsNnOrPxHiz-&dL|c(
zo6TYTg`Ua9;%0Lgf2n73vAEeB#?5*r7mJ(CVVvlhTr6%jhw*YflZ(a8<}hy2Gr3sY
zY!2hE^h_=mH=D!wYdw>T#m(k0{zlK_VsW!MjK9@0xmet64&(3iOfD8To5T2fJ(G*Y
z&E_!vLC@r3akDu*jGn_f%pWEfi<`}1{G*=9#o}gj82_Yaa<RDC9L6j4OfD8To5T2L
zJ(G*Y&E_!vMbG47akDv$f7LU&Slnz5<KOg5E*3YN!}xbSlZ(a8<}m(4&*WlpvpJ0a
z)HAtQ+-wfxReB~Di<`}1T+}nUSln#RZ9e4si?_S^L+qos?(0L2`*8dF<G2sUeK>wS
z9OuDt4jkveaSj~kz;O;7=fH6e9OuAs4*cJq126Xf{G+#j9*_HQ+=pAQYsdG&@qKW7
z9~{39j&tBR2aa>#I0ue%;5Y}4bKp1!{-4c(!><51uHz0Ici^}K#~nECz;OqTJ8;~A
z;|?5m;J5?F9r!=60}np@I*H379(DNE#Ko&0e*WBL=l=Ye&pdm}`E&Pp)YI?v__HrN
zf9~?HecKBka`yMnpS#z!H$L#U&c68kx%(atj<dgT;l@j!a>dy`d5y!P8=iMq7hZ7k
z?-ws#Jn-yGA|Cvb3x9m!<}=TD+Ji2+>FURxTzWVvuYQMX`<k~ub?3wVs~>XTe|h>-
z?)l0auej#sXIyoU^DjM=ao1nG<|UW>+%<Q&`giKw-7Y<Q*OS*j9C>Y@z3YV+o&5aa
zfCu-57he0yvv;`WRVR-=oZ|3eSD(84aLB`7^eG=*=PteMnkx>scf011&$#^jpWga<
zhciF%)U9W}`f>ODkCWd$Jay`hhev15KkPl9diJ5GpYxPQUUK94M?B#%hkwokE`9X<
zPwsd4!`qIyaO0Wtk9hJ^&))sgN8jbt{SVKce$EHn=>a#LoI2dS;qVbBXAUoRL(IjC
zr?0%}^c8dZr*1xV`pWsqis;jCeRy=2(+@g*MIY|m`}CFl@&_J{zC2EzbtwPsx$$?`
zz2vzcckwOHoWA6qXKr}o!@e92IrH)-9*(&zZpb?w&UWRTx#2Ex-A&i^b#vX#*S+}U
zafkBWQHMkR_nYeQ^lj_5pTa-u*W)(7{=fafc-}id;g(l_-a9?vmOGuf@chFk;pCq$
zo_yBDlT)v{c=6<^x86ML@RC>EaJaec+jCdl=Y?0@=LJ{Y=lNG%n2UdLIMppT-hRGY
SPx9m^JvI){eBb~48~hhX6Rzk0

diff --git
a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.serial.raw
b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.serial.raw
index
61c71349a8a599916f3eeae8c5dee92efb56db71..9a24e8a752440462541a9589e51
4770692a838e4 100644 GIT binary patch literal 12292
zcmeI&No<sL9LDjd3`;?ADxy?DDT|5=+Jc~nO9jQc<AxRYZQQpyqvQUYG{lT(ZQ{Wg
zk6gUT%~}sUrlROY5)WdCrfM_{V;Um~qGHE);A=uhqn`DB5A&J-d^7L7|KId5(@cMV
zfB(GUT21MZP9U8?I)QWo=>*aVq!UOdkWL_-KsteR0_g<O3H+xguz}qrcGmAE1{&3r
z+^KgAG-@0j1C7eiG0>>-bPP0V0v!X5nn=e$qbAWY(5PlQ1{yV)j)6u^p<|#?2hlOm
zsDtSkXw+0X1{!q;9RrQZ(lOAe7CHtRbtoMJjhaTsK%)+$W1vyf=@@9#;dBf%>Igap
z8a0ECfkw5`G0><Z=@@9#QFIJ6Y9<{6jhaQrK%<VPW1vyT&@s@c*>nsvs*R3;M$MsP
zpiy(_7--ZyItCgwpN@e>9ZSbRqmH9vpi#%uG0><5bPP1=1Ud#9bs`-DjXH^rfkvH7
z$3UYN(lOAeQ|K6I)Twj~G^(ABfkt)EG0><*bPP0VF&zVqI*pEjMlGRZpixWd7--b#
zbPP1=3_1oHwTzB|Mx9B=K%<t^G0>>9=oo0!*>nsv>Kr--8g(um1C8pWW1vyz(J|1d
z6?6<VY9$>5jXIx>fks_G$3UZ2(J|1d3+WhWR2Llsjk<`Afks_S$3UYlp<|#?m(nrN
zsLSXWXw>C&3^eKrItCiGnvQ`+T}j74qpqT3pix)TG0>=M=oo0!wR8+LY7HF&jk=DG
zfkt)HG0>>%=@@9#S~><Abpss(jk=MJfkxd#$3UZQremN{x6m=rs9Wh6Xw+?V3^eL?
zItChb2OR^Ax|5E9M%_inK%;VW3^eL)ItChb4;=%Ix|fcDM%_opK%?%bW1vwF&@s@c
z2k97S)I)R(H0ohG1{(DU9RrPel#YQ$_0TcUsK@9SXjGn#fkqYR7--bvbPP1=2|5NE
zRitB}QBTq_(5R>A7--bfbPP1=89D|U^(-9&je3rbfkr(~$3WK|{57-jg^|IZGaEHB
zxF@r*X{7$hq>;+YnU3TGW{dWH`l$6RE)`pf-@f!xp;{_VKl{a5R}{W36<c3lQogP5
zd8s&S-O$2M3tM}O^Hun`Je28fD-2aH$_@UO`Tote{7<?1nQtE%yKZk-Pi<IF85!7=
z9Occ`(emc8Pi;I^N5fP9e5%TpaZ<<j@|Wcux%D@-H*M=Vr<&>PS+>skCB2^1(>{OC
zi`_GJ54GiYuJ4*&`l^=vDq`|S`7fH@%a7~%EQ-@Ig~^rIl6kFjVPbhp^}`OAKUlZB
zuwv|m<r*&JpZAy_{rfZgi>>|GRKKkJExm4Cw&k(zC}vvnGn3nC`9<qnOW)MDlI*v$
z*O{K>^Y>P__j-J;bjD?C3k$Pvcc0ZXR9e3J0;w=NvvNUob`r}&xzh4AYYT^DRyOx~
zLH6w%CZ4dZI$<E$y()W0Yqjcw*|y>A;EoB|xx?>-<m{qk)tqh5wmG>oJ3H4qZ~n1X
zYt`7jEp3?2X$|YYc-v+sdmGT!S}i+wTeZyJ)1LaDQ^&}GtEFRBQ^%~PjQsMhe(2l&
z?v1-n$z_{n<Ob#?|IA7*GPiU5u3D`{1DzA4WG`c{c5%biEoxZ*`D$|m&Fb6M=f2^-
z9erD?S0ArOlJh4&vN_<W53zpi`_;{>pX~RIKYWYzE84VTb#>~d^Hx`zbLICd-FvI!
zs=F(rqm{e&)@qf-za=-1C-1~S^5)jM=6ujKXLHw__q)o&weJpit@_>lua@4X6G$hJ
uP9U8?I)QWo=>*aVq!UOd@PC*<WpLNNZv^$duDNEF`ui&z_CK=!i^A`|H=E!9

literal 28676
zcmeI*eb}aXS<vxw85UR+XGMz5D3%osDvf0oMZiuWX+=>iBf_koT4VNV>r74W=UAH!
z&^G!0-me$S%5r;UT`EppK(rT8)0QYZ)ueq`n=A}bUdDTNKOVMYNA+(W_wP97`P|n%
z*Z01!>vvzz?>e5DKb}jME?s(OJUreRH$U{?osnEDZZ?N;-PH$&p2@}HW^)*i(lfbO
z+-wfxl%C1O;%0LgkJdA}Slnz5<9a=li^a|6Fdn04a<RDC9L8hyOfD8To5OgVp2@}H
zW^))f=$TwBZZ?PUcs-Mg#m(k0K0wdpVsW!Mj1SZ^xmet64&w=WCKrpF&0&0yp2@}H
zW^)*)^-L}nH=Dz_QP1RJakDv$57sleSlnz5<B57E7mJ(CVSI?5$;IMka~Mz3Gr3sY
zY!2g>=$TwBZZ?PUOZ7}H7B`#2c(R_!#o}gj7&qyeTr6%jhw;nwOfD8To5T1}J(G*Y
z&E_zExt__z;%0LgPth~ESlnz5<5%dJTr6%jhw&@*OfD8To5Ogjp2@}HW^))f>zQ0E
zZZ?PUv^b2z{h!Ij;%0Lgx9FK%EN(W3@nL!<7mJ(CVLV;W<YIBNIgAh2Gr3sYY!2fi
z^h_=mH=D!wReB~Di<`}1JVVdqVsW!MjA!bZTr6%jhw-cROfD8To5T1udL|c(o6TYT
zT0N7C#m(k0K2p!*VsW!MjE~YYxmet64&&G9nOrPxHiz*nJ(G*Y&E_y})ib$R+-wfx
z*?J}yi<`}1+@@!8vAEeB#z*U!Tr6%jhw(9bCKrpF&0#!8&*WlpvpI~9)ib$R+-wfx
z<Md1}7B`#2c&?tw#o}gj7$2`^a<RDC9LDqXOfD8To5Og%p2@}HW^))X&@;JM+-wfx
z6ZA|j7B`#2`1N`w7mJ(CVWghP#o}gj7@ru2ak&38xmet64&#M-CKrpF&0)Mq&*Wlp
zvpJ04pl5QixY-=WC+V47EN(W3@nSubi^a|6Fn*(+$;IMka~QYlnOrPxHiz-adL|c(
zo6TXoM9<`6akDv$Pth~ESlnz5<5TraE*3YN!+5El$;IMka~PkdXL7N)*&N2F>zQ0E
zZZ?PUGCh-v#m(k0K10vsVsW!MjNhbZa<RDC9L8_fGr3sYY!2fy^-L}nH=D!wEqW#w
zi<`}1yj;)ZVsW!MjNhtfa<RDC9L6j3OfD8To5T2RdL|c(o6TXoQqSaKakDv$&(brw
zSlnz5<G1UXTr6%jhw<5ZCKrpF&0+iwJ(G*Y&E_zEr=H2h;%0LgOV8wDakDv$&xyl0
z-2a(eEN(W3@ws{?7mJ(CVSJvR$;IMka~Qu%&*WlpvpJ04t!HwvxY-=W89kGW#m(k0
zK3~t|VsW!MjNhYYa<RDC9L5*unOrPxHiz+h^-L}nH=D!weR?Jri<`}1{C+)?i^a|6
zF#dp^$;IMka~OY6&*WlpvpI}Eq-S!mxY-=W7wVZ@EN(W3@rU(HE*3YN!?;7w<YIBN
zIgBsTGr3sYY!2hBp2@}HW^)+l^h_=mH=D!wBYGwmi<`}1{82rVi^a|6FwX0lTr6%j
zhw;bsOfD8To5T3ydL|c(o6TYT2|bgG#m(k0{-mDC#o}gj7=KF7<YIBNIgCH8XL7N)
z*&N27(KESN+-we`^h_=mH=Dz_5QlNN|1-H*+-wfxi}g${7B`#2__KN@7mJ(CVf;Bg
zlZ(a8<}mKmGr3sYY!2hk>zQ0EZZ?PUC3+?oi<`}1`~^Lei^a|6FfQtuTr6%jhw&;s
zlZ(a8<}hBZXL7N)*&N1e^h_=mH=D!wi+Uy(i<`}1+@)u7vAEeB#$VDixmet64&#!Z
z$;IMka~OYF&*WlpvpI|})ib$R+-wfx%k)ex7B`#2_;Njyi^a|6Fup?1<YIBNIgGE=
zGr3sYY!2hA^h_=mH=D!wYCV&S#m(k0zDCdFVsW!MjIY%*xmet64&&?eOfD8To5T2e
zJ(G*Y&E_z^LC@r3akDv$Z`3onSlnz5<FDwMTr6%jhq3icE*3YN!}zOl7>D~mlZ(a8
z<}m)6p2@}HW^)*SUC-oVakDv$zoBPxvAEeB#y9DiTr6%jhw(S{OfD8To5T29dL|c(
zo6TW-v!2Pt;%0Lge_PMwVsW!MjK8C2a<RDC9LC?(Gr3sYY!2gF^h_=mH=D!wdwM1p
zi<`}1{Cz!>i^a|6FuqmK<YIBNIgGpYOfD8To5T1AdL|c(o6TYTLp_s=#m(k0{*j)^
z#o}gj82?z$<YIBNIgEdzXL7N)*&N0{)ib$R+-wfxwR$EOi<`}1+@oi5vAEeB#<%I2
zTr6%jhjFi-$;IMka~QAFGr3sYY!2g}>6u(CZZ?PU&-F|$7B`#2_!oL67mJ(CVZ2_?
z<YIBNIgHjbxmet64&&S7Fb?;BCKrpF&0&0pp2@}HW^)+#>6u(CZZ?PU20fFD#m(k0
z-l%7CvAEeB#+&p^E*3YN!}v};lZ(a8<}lu@XL7N)*&N1q>6u(CZZ?PU-FhY$i<`}1
z{7XHPi^a|6F#eUE$;IMka~S_x&*WlpvpI}^qi1rlxY-=W_vo2iEN(W3@fJOki^a|6
zFuqsM<YIBNIgIbqGr3sYY!2i5^-L}nH=D!ww|XWQi<`}1{D7Xx#o}gj7(b|Ia<RDC
z9LB%XGr3sYY!2goJ(G*Y&E_!Ps%LVsxY-=Wzt=OlSlnz5<868-7mJ(CVf+U@lZ(a8
z<}m)Fp2@}HW^))nq-S!mxY-=Wf6_C#Slnz5WAsce7B`#2_~AH=!~LJh#o}gj7(b$C
za<RDC9LA68nOrPxHiz+_^-L}nH=D!wF+G!u#m(k0-mYhIvAEeB#(&W>xmet64&wnm
zlZ(a8<}gn5OfD8To5OgAp2@}HW^))1>X}?DZZ?PU<9a3+i<`}1{8v4bi^a|6FfQwv
zTr6%jhw<O^OfD8To5T1CJ(G*Y&E_!vyPnC#;%0Lg|3lB@VsW!MJS;tjaaeztTr6%j
zhw+noCKrpF&0+jcJ(G*Y&E_!PrDt-nxY-=WPwAOlEN(W3@oqhni^a|6Fn(Ik<YIBN
zIgFptGr3sYY!2f+dL|c(o6TXoSI^{PakDv$_vx8jEN(W3@qRs%i^a|6Fs|sCTr6%j
z=OJ&qbmd_;?`9vpI<L1K=i%Y&<2Vn;c{qMQ9M^;6I&fSEj_bg29XPH7$93Si4jk8k
z<2vyF_d4(vKj$BP_;WnY!*L$2-q()T!SOmcUI)kTgX21ITnCQpz;PWot^>z);J6MP
z*MVPT>%iex03640297guoPpyE9B1G-1IHOS&cJa7jx+F!bO!Ey&#Ak=<np~ged_MG
zeDAwY-F@BVtIs_4^2s-yy7lmz32uyd!QrReD|bBi!ucD||JZ9@bMC<l=b!X~S3Tv^
z&;7`S^EZ9X$6WlJb8o$H{wa6f_mSU!?kyM2KmD+Cocqp;_nmsh&FA{$Qx98b?tR~>
zAOGf?&;HbztFQmLmmj(PtZTNPaLxAPFW>X}!?^gyllNS?a^>P1A6Z}fYPVif|H4;0
zdF!JhZhhOuAG-L!nOA@Iv#z`Uju)StIvi!*@d<bK*^j^ev4_WZ-1hW$zv>lFe%F0B
zpMBufw?FB^4<Ft+ZuqXVZ@cc>&pzsoAE@(BJaz7dldnDOd1s%y;o_T5zT>dNt$p!L
zcfRY~3m<uaXRbM*|NH5legFUY75*Pi@jcgFJ+iZRTz}Ky5TE<zFZzNyf9l4wHy^$}
z@$B<oeba>>y?Q=}Gyjb1ub%lGFM0ZVPk!+5)b)=(Y@NCAaW8%4xsN^l+E+aPy8A9X
z?`5BK_&A?=>P62u`G~_`KD5Wh`_5c=-pgNk?n6$!=yBIS<M8b1*M8Pxo_YVt^@oS|
z9R9?~+uwiX$~`exuAIK*{?j+l>3biz{`4*LZ57d{pMBVR-05eXzPS$%o_hM0e#iO4
z-Zx!yl|1K~Y5VAFw*NPu>jxZ8+LiY1s~6g>m;cwT=R9KT36I!%{N<l{UHrsdZ+qPr
zUiqjqr>}eRnR`C$a6KFj?aVu#beNVK<DPuX;Vf^NM}9E3U2{y&zGnLu9^;vN9v64r
ze^=i%cRg^|TTWhbn5#=qjXJ!?&o3@lC-CZc=zrnA?0X*e>weB}jn}{MWe<MP>p$^j
z58iO*;u}u#y@!kU<R`D3Jo?JXOW%9t%E>M7JAA3bjNX3F;bkBC7rNV@_NLpP_Qu<v
j_J-Rp&Xu=6c;CbCb@e@7{+Tb1OP3z}mY;w3OP78Y>oK+#

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Build.py
b/UefiCpuPkg/ResetVector/Vtf0/Build.py
index 343c53b5ff..29f29ff0c2 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/Build.py
+++ b/UefiCpuPkg/ResetVector/Vtf0/Build.py
@@ -1,7 +1,7 @@
## @file
# Automate the process of building the various reset vector types
# -# Copyright (c) 2009, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2021, Intel Corporation. All rights
+reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -32,16 +32,19 @@ for arch in ('ia32', 'x64'):
'-o', output,
'Vtf0.nasmb',
)
+ print(f"Command : {' '.join(commandLine)}")
ret = RunCommand(commandLine)
- print '\tASM\t' + output
- if ret != 0: sys.exit(ret)
+ if ret != 0:
+ print(f"something went wrong while executing the {commandLine[-1]}")
+ sys.exit()
+ print('\tASM\t' + output)

commandLine = (
'python',
'Tools/FixupForRawSection.py',
output,
)
- print '\tFIXUP\t' + output
+ print('\tFIXUP\t' + output)
ret = RunCommand(commandLine)
if ret != 0: sys.exit(ret)

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Ia32/PageTables64.asm
b/UefiCpuPkg/ResetVector/Vtf0/Ia32/PageTables64.asm
index 87a4125d4b..9cc6f56c17 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/Ia32/PageTables64.asm
+++ b/UefiCpuPkg/ResetVector/Vtf0/Ia32/PageTables64.asm
@@ -15,7 +15,7 @@ BITS 32
SetCr3ForPageTables64:

;
- ; These pages are built into the ROM image in X64/PageTables.asm
+ ; These pages are built into the ROM image in
+ X64/1GPageTables.asm
;
mov eax, ADDR_OF(TopLevelPageDirectory)
mov cr3, eax
diff --git a/UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt
b/UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt
index e6e5b54243..eb9dd24ee2 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt
+++ b/UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt
@@ -29,7 +29,7 @@ EBP/RBP - Pointer to the start of the Boot Firmware
Volume === HOW TO BUILD VTF0 ===

Dependencies:
-* Python 2.5~2.7
+* Python 3.0 or newer
* Nasm 2.03 or newer

To rebuild the VTF0 binaries:
diff --git a/UefiCpuPkg/ResetVector/Vtf0/Tools/FixupForRawSection.py
b/UefiCpuPkg/ResetVector/Vtf0/Tools/FixupForRawSection.py
index c77438a0ce..de771eba22 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/Tools/FixupForRawSection.py
+++ b/UefiCpuPkg/ResetVector/Vtf0/Tools/FixupForRawSection.py
@@ -1,7 +1,7 @@
## @file
# Apply fixup to VTF binary image for FFS Raw section # -#
Copyright (c) 2008, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2008 - 2021, Intel Corporation. All rights
+reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -15,6 +15,6 @@ c = ((len(d) + 4 + 7) & ~7) - 4 if c > len(d):
c -= len(d)
f = open(sys.argv[1], 'wb')
- f.write('\x90' * c)
+ f.write(b'\x90' * c)
f.write(d)
f.close()
diff --git a/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb
b/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb
index 493738c79c..0625efc456 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb
+++ b/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb
@@ -2,7 +2,7 @@
; @file
; This file includes all other code files to assemble the reset
vector code ; -; Copyright (c) 2008 - 2013, Intel Corporation. All
rights reserved.<BR>
+; Copyright (c) 2008 - 2021, Intel Corporation. All rights
+reserved.<BR>
; SPDX-License-Identifier: BSD-2-Clause-Patent ;

;--------------------------------------------------------------------
----------
@@ -36,7 +36,7 @@
%include "PostCodes.inc"

%ifdef ARCH_X64
-%include "X64/PageTables.asm"
+%include "X64/1GPageTables.asm"
%endif

%ifdef DEBUG_PORT80
diff --git a/UefiCpuPkg/ResetVector/Vtf0/X64/1GPageTables.asm
b/UefiCpuPkg/ResetVector/Vtf0/X64/1GPageTables.asm
new file mode 100644
index 0000000000..8ae6c4c98c
--- /dev/null
+++ b/UefiCpuPkg/ResetVector/Vtf0/X64/1GPageTables.asm
@@ -0,0 +1,64 @@
+;-------------------------------------------------------------------
+---
+--------
+; @file
+; Emits Page Tables for 1:1 mapping of the addresses 0 -
+0x8000000000
+(512GB) ; ; Copyright (c) 2021, Intel Corporation. All rights
+reserved.<BR> ; SPDX-License-Identifier: BSD-2-Clause-Patent ;
+Linear-Address Translation to a 1-GByte Page ;
+;-------------------------------------------------------------------
+---
+--------
+
+BITS 64
+
+%define ALIGN_TOP_TO_4K_FOR_PAGING
+
+%define PAGE_PRESENT 0x01
+%define PAGE_READ_WRITE 0x02
+%define PAGE_USER_SUPERVISOR 0x04
+%define PAGE_WRITE_THROUGH 0x08
+%define PAGE_CACHE_DISABLE 0x010
+%define PAGE_ACCESSED 0x020
+%define PAGE_DIRTY 0x040
+%define PAGE_PAT 0x080
+%define PAGE_GLOBAL 0x0100
+%define PAGE_1G 0x80
+
+%define PAGE_PDP_ATTR (PAGE_ACCESSED + \
+ PAGE_READ_WRITE + \
+ PAGE_PRESENT)
+
+%define PAGE_PDP_1G_ATTR (PAGE_ACCESSED + \
+ PAGE_READ_WRITE + \
+ PAGE_PRESENT + \
+ PAGE_1G)
+
+%define PGTBLS_OFFSET(x) ((x) - TopLevelPageDirectory) %define
+PGTBLS_ADDR(x) (ADDR_OF(TopLevelPageDirectory) + (x))
+
+%define PDP(offset) (ADDR_OF(TopLevelPageDirectory) + (offset) + \
+ PAGE_PDP_ATTR)
+
+%define PDP_1G(x) ((x << 30) + PAGE_PDP_1G_ATTR)
+
+ALIGN 16
+
+TopLevelPageDirectory:
+
+ ;
+ ; Top level Page Directory Pointers (1 * 512GB entry)
+ ;
+ DQ PDP(0x1000)
+
+
+ TIMES 0x1000-PGTBLS_OFFSET($) DB 0
+ ;
+ ; Next level Page Directory Pointers (512 * 1GB entries => 512GB)
+ ;
+%assign i 0
+%rep 512
+ DQ PDP_1G(i)
+ %assign i i+1
+%endrep
+
+
+EndOfPageTables:
diff --git a/UefiCpuPkg/ResetVector/Vtf0/X64/PageTables.asm
b/UefiCpuPkg/ResetVector/Vtf0/X64/2MPageTables.asm
similarity index 100%
rename from UefiCpuPkg/ResetVector/Vtf0/X64/PageTables.asm
rename to UefiCpuPkg/ResetVector/Vtf0/X64/2MPageTables.asm
--
2.32.0.windows.1


Re: [PATCH v3 10/11] OvmfPkg: add BlobVerifierLibSevHashes

Dov Murik
 

Tom, Brijesh, Ard,

I think I found a bug in this patch. I used libfuzzer to test the
VerifyBlob implementation here, and it immediately found a few "read
memory out of range" issues. See details below in VerifyBlob.

If the Guest Owner properly validates the measurement (which includes
the expected well-formatted hashes table), then QEMU cannot modify it by
including problematic length fields, etc. So I this bug is not a
security issue - it doesn't allow QEMU to circumvent the
kernel/initrd/cmdline measurement check.

That said, I think that OVMF should not access memory ranges it's not
supposed to, and that's why I think hardening this parsing function is a
good idea.

I'll submit another version with added validity checks of the hashes
table structure. I'll also add the INT32 explanation comment per Tom's
suggestion.



On Tue, Jul 20, 2021 at 08:04:00AM +0000, Dov Murik wrote:
Add an implementation for BlobVerifierLib that locates the SEV hashes
table and verifies that the calculated hashes of the kernel, initrd, and
cmdline blobs indeed match the expected hashes stated in the hashes
table.

If there's a missing hash or a hash mismatch then EFI_ACCESS_DENIED is
returned which will cause a failure to load a kernel image.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457
Co-developed-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
---
OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf | 37 ++++
OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c | 200 ++++++++++++++++++++
2 files changed, 237 insertions(+)

diff --git a/OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf
new file mode 100644
index 000000000000..76ca0b8154ce
--- /dev/null
+++ b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierLibSevHashes.inf
@@ -0,0 +1,37 @@
+## @file
+#
+# Blob verifier library that uses SEV hashes table. The hashes table holds the
+# allowed hashes of the kernel, initrd, and cmdline blobs.
+#
+# Copyright (C) 2021, IBM Corp
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 1.29
+ BASE_NAME = BlobVerifierLibSevHashes
+ FILE_GUID = 59e713b5-eff3-46a7-8d8b-46f4c004ad7b
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = BlobVerifierLib
+ CONSTRUCTOR = BlobVerifierLibSevHashesConstructor
+
+[Sources]
+ BlobVerifierSevHashes.c
+
+[Packages]
+ CryptoPkg/CryptoPkg.dec
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+ BaseCryptLib
+ BaseMemoryLib
+ DebugLib
+ PcdLib
+
+[FixedPcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize
diff --git a/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c
new file mode 100644
index 000000000000..797d63d18067
--- /dev/null
+++ b/OvmfPkg/Library/BlobVerifierLib/BlobVerifierSevHashes.c
@@ -0,0 +1,200 @@
+/** @file
+
+ Blob verifier library that uses SEV hashes table. The hashes table holds the
+ allowed hashes of the kernel, initrd, and cmdline blobs.
+
+ Copyright (C) 2021, IBM Corporation
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/BaseCryptLib.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BlobVerifierLib.h>
+
+/**
+ The SEV Hashes table must be in encrypted memory and has the table
+ and its entries described by
+
+ <GUID>|UINT16 <len>|<data>
+
+ With the whole table GUID being 9438d606-4f22-4cc9-b479-a793d411fd21
+
+ The current possible table entries are for the kernel, the initrd
+ and the cmdline:
+
+ 4de79437-abd2-427f-b835-d5b172d2045b kernel
+ 44baf731-3a2f-4bd7-9af1-41e29169781d initrd
+ 97d02dd8-bd20-4c94-aa78-e7714d36ab2a cmdline
+
+ The size of the entry is used to identify the hash, but the
+ expectation is that it will be 32 bytes of SHA-256.
+**/
+
+#define SEV_HASH_TABLE_GUID \
+ (GUID) { 0x9438d606, 0x4f22, 0x4cc9, { 0xb4, 0x79, 0xa7, 0x93, 0xd4, 0x11, 0xfd, 0x21 } }
+#define SEV_KERNEL_HASH_GUID \
+ (GUID) { 0x4de79437, 0xabd2, 0x427f, { 0xb8, 0x35, 0xd5, 0xb1, 0x72, 0xd2, 0x04, 0x5b } }
+#define SEV_INITRD_HASH_GUID \
+ (GUID) { 0x44baf731, 0x3a2f, 0x4bd7, { 0x9a, 0xf1, 0x41, 0xe2, 0x91, 0x69, 0x78, 0x1d } }
+#define SEV_CMDLINE_HASH_GUID \
+ (GUID) { 0x97d02dd8, 0xbd20, 0x4c94, { 0xaa, 0x78, 0xe7, 0x71, 0x4d, 0x36, 0xab, 0x2a } }
+
+STATIC CONST EFI_GUID mSevKernelHashGuid = SEV_KERNEL_HASH_GUID;
+STATIC CONST EFI_GUID mSevInitrdHashGuid = SEV_INITRD_HASH_GUID;
+STATIC CONST EFI_GUID mSevCmdlineHashGuid = SEV_CMDLINE_HASH_GUID;
+
+#pragma pack (1)
+typedef struct {
+ GUID Guid;
+ UINT16 Len;
+ UINT8 Data[];
+} HASH_TABLE;
+#pragma pack ()
+
+STATIC HASH_TABLE *mHashesTable;
+STATIC UINT16 mHashesTableSize;
+
+STATIC
+CONST GUID*
+FindBlobEntryGuid (
+ IN CONST CHAR16 *BlobName
+ )
+{
+ if (StrCmp (BlobName, L"kernel") == 0) {
+ return &mSevKernelHashGuid;
+ } else if (StrCmp (BlobName, L"initrd") == 0) {
+ return &mSevInitrdHashGuid;
+ } else if (StrCmp (BlobName, L"cmdline") == 0) {
+ return &mSevCmdlineHashGuid;
+ } else {
+ return NULL;
+ }
+}
+
+/**
+ Verify blob from an external source.
+
+ @param[in] BlobName The name of the blob
+ @param[in] Buf The data of the blob
+ @param[in] BufSize The size of the blob in bytes
+
+ @retval EFI_SUCCESS The blob was verified successfully.
+ @retval EFI_ACCESS_DENIED The blob could not be verified, and therefore
+ should be considered non-secure.
+**/
+EFI_STATUS
+EFIAPI
+VerifyBlob (
+ IN CONST CHAR16 *BlobName,
+ IN CONST VOID *Buf,
+ IN UINT32 BufSize
+ )
+{
+ CONST GUID *Guid;
+ INT32 Len;
+ HASH_TABLE *Entry;
+
+ if (mHashesTable == NULL || mHashesTableSize == 0) {
+ DEBUG ((DEBUG_ERROR,
+ "%a: Verifier called but no hashes table discoverd in MEMFD\n",
+ __FUNCTION__));
+ return EFI_ACCESS_DENIED;
+ }
+
+ Guid = FindBlobEntryGuid (BlobName);
+ if (Guid == NULL) {
+ DEBUG ((DEBUG_ERROR, "%a: Unknown blob name \"%s\"\n", __FUNCTION__,
+ BlobName));
+ return EFI_ACCESS_DENIED;
+ }
+
+ for (Entry = mHashesTable, Len = 0;
+ Len < (INT32)mHashesTableSize;
+ Len += Entry->Len,
+ Entry = (HASH_TABLE *)((UINT8 *)Entry + Entry->Len)) {
+ UINTN EntrySize;
+ EFI_STATUS Status;
+ UINT8 Hash[SHA256_DIGEST_SIZE];
+
+ if (!CompareGuid (&Entry->Guid, Guid)) {
Bug: This can access memory above the mHashTableSize limit. Consider
mHashTableSize == 1. We enter the for loop but CompareGuid will "read"
16 bytes of Entry->Guid, which is past the limit.


+ continue;
+ }
+
+ DEBUG ((DEBUG_INFO, "%a: Found GUID %g in table\n", __FUNCTION__, Guid));
+
+ EntrySize = Entry->Len - sizeof (Entry->Guid) - sizeof (Entry->Len);
Bug: This can access memory above the mHashTableSize limit. Consider
mHashTableSize == 16. CompareGuid is OK but Entry->Len accesses the 2
bytes at offset 16, which is after the limit.


+ if (EntrySize != SHA256_DIGEST_SIZE) {
+ DEBUG ((DEBUG_ERROR, "%a: Hash has the wrong size %d != %d\n",
+ __FUNCTION__, EntrySize, SHA256_DIGEST_SIZE));
+ return EFI_ACCESS_DENIED;
+ }
+
+ //
+ // Calculate the buffer's hash and verify that it is identical to the
+ // expected hash table entry
+ //
+ Sha256HashAll (Buf, BufSize, Hash);
+
+ if (CompareMem (Entry->Data, Hash, EntrySize) == 0) {
Bug: This can access memory above the mHashTableSize limit. Consider
mHashTableSize == 21. CompareGuid is OK and Entry->Len == 50 as
expected (18 bytes header and 32 bytes for SHA256). But CompareMem will
try to read the 32 bytes when it's only allowed to read 3 bytes
(21 - 18).


-Dov


+ Status = EFI_SUCCESS;
+ DEBUG ((DEBUG_INFO, "%a: Hash comparison succeeded for \"%s\"\n",
+ __FUNCTION__, BlobName));
+ } else {
+ Status = EFI_ACCESS_DENIED;
+ DEBUG ((DEBUG_ERROR, "%a: Hash comparison failed for \"%s\"\n",
+ __FUNCTION__, BlobName));
+ }
+ return Status;
+ }
+
+ DEBUG ((DEBUG_ERROR, "%a: Hash GUID %g not found in table\n", __FUNCTION__,
+ Guid));
+ return EFI_ACCESS_DENIED;
+}
+
+/**
+ Locate the SEV hashes table.
+
+ This function always returns success, even if the table can't be found. The
+ subsequent VerifyBlob calls will fail if no table was found.
+
+ @retval RETURN_SUCCESS The verifier tables were set up correctly
+**/
+RETURN_STATUS
+EFIAPI
+BlobVerifierLibSevHashesConstructor (
+ VOID
+ )
+{
+ HASH_TABLE *Ptr = (void *)(UINTN)FixedPcdGet64 (PcdQemuHashTableBase);
+ UINT32 Size = FixedPcdGet32 (PcdQemuHashTableSize);
+
+ mHashesTable = NULL;
+ mHashesTableSize = 0;
+
+ if (Ptr == NULL || Size == 0) {
+ return RETURN_SUCCESS;
+ }
+
+ if (!CompareGuid (&Ptr->Guid, &SEV_HASH_TABLE_GUID)) {
+ return RETURN_SUCCESS;
+ }
+
+ if (Ptr->Len < (sizeof Ptr->Guid + sizeof Ptr->Len)) {
+ return RETURN_SUCCESS;
+ }
+
+ DEBUG ((DEBUG_INFO, "%a: Found injected hashes table in secure location\n",
+ __FUNCTION__));
+
+ mHashesTable = (HASH_TABLE *)Ptr->Data;
+ mHashesTableSize = Ptr->Len - sizeof Ptr->Guid - sizeof Ptr->Len;
+
+ DEBUG ((DEBUG_VERBOSE, "%a: mHashesTable=0x%p, Size=%u\n", __FUNCTION__,
+ mHashesTable, mHashesTableSize));
+
+ return RETURN_SUCCESS;
+}
--
2.25.1


回复: [edk2-devel] [PATCH v2 0/4] Allow EccCheck to run on other repositories

gaoliming
 

Pierre:

 I have merged this patch set at 40a9066439cbab235933525810f46f03806c6ef1..fb5b6220a9718fc28ae67f317d3611214a05589c

 

Thanks

Liming

发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 PierreGondois
发送时间: 2021721 16:20
收件人: PierreGondois <pierre.gondois@...>; devel@edk2.groups.io
主题: Re: [edk2-devel] [PATCH v2 0/4] Allow EccCheck to run on other repositories

 

Hi Sean and Bret,
Do you have any comments on the patchset ?

Regards,
Pierre


Re: [PATCH v2 1/1] ArmVirtPkg: Remove meaningless comment

Sami Mujawar
 

Hi Philippe,

Thank you for this patch.

Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>

Regards,

Sami Mujawar

On 21/07/2021, 09:19, "Philippe Mathieu-Daudé" <philmd@redhat.com> wrote:

From: Philippe Mathieu-Daude <philmd@redhat.com>

The "Shell Embedded Boot Loader" description (added in
commit 6f5872b1f401) does not add any value, remove it.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Julien Grall <julien@xen.org>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 3 ---
ArmVirtPkg/ArmVirtKvmTool.fdf | 3 ---
ArmVirtPkg/ArmVirtXen.fdf | 3 ---
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 3 ---
4 files changed, 12 deletions(-)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index d9abadbe708c..619b5f0b44c0 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -375,9 +375,6 @@ [Components.common]
#
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf

- #
- # UEFI application (Shell Embedded Boot Loader)
- #
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/ArmVirtPkg/ArmVirtKvmTool.fdf b/ArmVirtPkg/ArmVirtKvmTool.fdf
index 076155199905..152453dc4bb3 100644
--- a/ArmVirtPkg/ArmVirtKvmTool.fdf
+++ b/ArmVirtPkg/ArmVirtKvmTool.fdf
@@ -173,9 +173,6 @@ [FV.FvMain]
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
INF OvmfPkg/VirtioRngDxe/VirtioRng.inf

- #
- # UEFI application (Shell Embedded Boot Loader)
- #
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf

diff --git a/ArmVirtPkg/ArmVirtXen.fdf b/ArmVirtPkg/ArmVirtXen.fdf
index 8fbbc2313aff..9597465cf58a 100644
--- a/ArmVirtPkg/ArmVirtXen.fdf
+++ b/ArmVirtPkg/ArmVirtXen.fdf
@@ -177,9 +177,6 @@ [FV.FvMain]
INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf

- #
- # UEFI application (Shell Embedded Boot Loader)
- #
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 5b1d10057545..26f13f6a2115 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -99,9 +99,6 @@ [FV.FvMain]
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
INF OvmfPkg/VirtioRngDxe/VirtioRng.inf

- #
- # UEFI application (Shell Embedded Boot Loader)
- #
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
--
2.31.1


Re: [PATCH v3] OvmfPkg: Remove unused print service driver (PrintDxe)

Philippe Mathieu-Daudé
 

Ping?

On 7/7/21 8:02 PM, Philippe Mathieu-Daudé wrote:
From: Philippe Mathieu-Daude <philmd@redhat.com>

PrintDxe produces gEfiPrint2ProtocolGuid and gEfiPrint2SProtocolGuid,
and those are consumed by the following PrintLib instance:

MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf

However, none of the OVMF DSC files contain such a PrintLib class
resolution, so none of the OVMF platforms need PrintDxe.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
OvmfPkg/Bhyve/BhyveX64.dsc | 1 -
OvmfPkg/OvmfPkgIa32.dsc | 1 -
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
OvmfPkg/OvmfPkgX64.dsc | 1 -
OvmfPkg/OvmfXen.dsc | 1 -
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
OvmfPkg/Bhyve/BhyveX64.fdf | 1 -
OvmfPkg/OvmfPkgIa32.fdf | 1 -
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
OvmfPkg/OvmfPkgX64.fdf | 1 -
OvmfPkg/OvmfXen.fdf | 1 -
12 files changed, 12 deletions(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 1d487befae08..d1974b4a6873 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -722,7 +722,6 @@ [Components]
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
}
- MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index 006831449518..c08fa9bdbf5b 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -673,7 +673,6 @@ [Components]
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
}
- MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index f53efeae7986..dff4b97b37c0 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -816,7 +816,6 @@ [Components]
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
}
- MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b3662e17f256..f3df655c990e 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -830,7 +830,6 @@ [Components.X64]
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
}
- MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a905866..dc9a2720f9b2 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -828,7 +828,6 @@ [Components]
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
}
- MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 3c1ca6bfd493..aee91a61e7c3 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -610,7 +610,6 @@ [Components]
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
}
- MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 9977b0f00a18..42f120d016e1 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -234,7 +234,6 @@ [FV.DXEFV]
INF MdeModulePkg/Application/UiApp/UiApp.inf
INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
-INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/Bhyve/BhyveX64.fdf b/OvmfPkg/Bhyve/BhyveX64.fdf
index b3b4d44cef34..e8227f865f75 100644
--- a/OvmfPkg/Bhyve/BhyveX64.fdf
+++ b/OvmfPkg/Bhyve/BhyveX64.fdf
@@ -233,7 +233,6 @@ [FV.DXEFV]
INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
INF MdeModulePkg/Application/UiApp/UiApp.inf
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
-INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 04b41445ca34..031eb4225c53 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -254,7 +254,6 @@ [FV.DXEFV]
INF MdeModulePkg/Application/UiApp/UiApp.inf
INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
-INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 02fd8f0c413e..7194f08e6024 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -255,7 +255,6 @@ [FV.DXEFV]
INF MdeModulePkg/Application/UiApp/UiApp.inf
INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
-INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 5fa8c0895808..b304e3149d4f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -267,7 +267,6 @@ [FV.DXEFV]
INF MdeModulePkg/Application/UiApp/UiApp.inf
INF OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
-INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
index aeb9336fd5b7..d109341d2890 100644
--- a/OvmfPkg/OvmfXen.fdf
+++ b/OvmfPkg/OvmfXen.fdf
@@ -325,7 +325,6 @@ [FV.DXEFV]
INF MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
INF MdeModulePkg/Application/UiApp/UiApp.inf
INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
-INF MdeModulePkg/Universal/PrintDxe/PrintDxe.inf
INF MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
INF MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf


Re: [PATCH v2 0/4] Allow EccCheck to run on other repositories

PierreGondois
 

Hi Sean and Bret,
Do you have any comments on the patchset ?

Regards,
Pierre


[PATCH v2 1/1] ArmVirtPkg: Remove meaningless comment

Philippe Mathieu-Daudé
 

From: Philippe Mathieu-Daude <philmd@redhat.com>

The "Shell Embedded Boot Loader" description (added in
commit 6f5872b1f401) does not add any value, remove it.

Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Julien Grall <julien@xen.org>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 3 ---
ArmVirtPkg/ArmVirtKvmTool.fdf | 3 ---
ArmVirtPkg/ArmVirtXen.fdf | 3 ---
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 3 ---
4 files changed, 12 deletions(-)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index d9abadbe708c..619b5f0b44c0 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -375,9 +375,6 @@ [Components.common]
#
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf

- #
- # UEFI application (Shell Embedded Boot Loader)
- #
ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/ArmVirtPkg/ArmVirtKvmTool.fdf b/ArmVirtPkg/ArmVirtKvmTool.fdf
index 076155199905..152453dc4bb3 100644
--- a/ArmVirtPkg/ArmVirtKvmTool.fdf
+++ b/ArmVirtPkg/ArmVirtKvmTool.fdf
@@ -173,9 +173,6 @@ [FV.FvMain]
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
INF OvmfPkg/VirtioRngDxe/VirtioRng.inf

- #
- # UEFI application (Shell Embedded Boot Loader)
- #
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf

diff --git a/ArmVirtPkg/ArmVirtXen.fdf b/ArmVirtPkg/ArmVirtXen.fdf
index 8fbbc2313aff..9597465cf58a 100644
--- a/ArmVirtPkg/ArmVirtXen.fdf
+++ b/ArmVirtPkg/ArmVirtXen.fdf
@@ -177,9 +177,6 @@ [FV.FvMain]
INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf

- #
- # UEFI application (Shell Embedded Boot Loader)
- #
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 5b1d10057545..26f13f6a2115 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -99,9 +99,6 @@ [FV.FvMain]
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
INF OvmfPkg/VirtioRngDxe/VirtioRng.inf

- #
- # UEFI application (Shell Embedded Boot Loader)
- #
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
--
2.31.1


Re: [PATCH 1/1] MdePkg: add definition of LINUX_EFI_INITRD_MEDIA_GUID

Daniel Schaefer
 

On 7/16/21 11:56 PM, Ard Biesheuvel wrote:
On Fri, 16 Jul 2021 at 17:00, Kinney, Michael D
<michael.d.kinney@intel.com> wrote:

Hi Ard,

I see you were involved in the OS side changes.

Can you explain what is required for the FW <-> OS interface with respect to Load File Protocol and this media device path node.

What happens if this media device path node is not present? What breaks?

Trying to figure out if this is a required interop feature (MdePkg candidate) or an EDK II specific extension (MdeModulePkg candidate).
Let me give some context first:
Linux distro boot generally relies on an initial ramdisk (initrd)
which is provided by the loader, and which contains additional kernel
modules (for storage and netwerk, for instance), and the initial user
space startup code, ie., the code which brings up the user space side
of the entire OS.
Before we introduced this media path, the only way for a EFI pre-OS
loader (such as GRUB) to provide this initrd was to copy it into DRAM
somewhere, and use a arch-specific method of passing the DRAM address
and size to the OS (x86 uses struct bootparam, whereas ARM uses device
tree). It also requires knowledge on the part of GRUB regarding which
parts of DRAM are suitable for holding an initrd image. For measured
boot scenarios, it may be an advantage not to have the initrd linger
in DRAM for longer that necessary, and we actually intend to measure
the initrd loaded via the new method right after it has been loaded
this way.
To avoid extending this to other architectures such as RISC-V, I
decided to introduce a special vendor media path for Linux initrd
images, which GRUB et al can implement, which provides the initrd
image when the OS loader that consumes it asks for it.
So for Linux on x86 or ARM, this is optional, given that support for
the old method is not going away any time soon. For RISC-V, I
suggested that only the new method be implemented, but I am not sure
what the status is there.
It's a good idea. We followed your advice and added your initrd command to our development branch of RISC-V EDK2:

https://github.com/riscv/riscv-edk2-platforms/commit/534eeba0ac9b984eedc58ba1e8a2d28e2827ba40

And we're using it in our CI to test whether Linux boots:

https://github.com/riscv/riscv-edk2-platforms/blob/riscv-virt-gh-actions/.github/workflows/riscv-edk2.yml#L314

Note that many embedded style systems don't
use GRUB, and may not use initrds to begin with. OTOH, U-Boot also
implements support for the Linux initrd vendor media path, and work is
ongoing to add measured boot support as well.
In any case, I don't have a strong preference where this should live,
as long as it is in a generic place where all architectures can use
it.


Re: [PATCH v3 00/11] Measured SEV boot with kernel/initrd/cmdline

Dov Murik
 

On 20/07/2021 20:27, Ard Biesheuvel wrote:
On Tue, 20 Jul 2021 at 19:22, Tom Lendacky <thomas.lendacky@amd.com> wrote:

On 7/20/21 3:03 AM, Dov Murik wrote:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3457
I believe the convention is that this line be in the individual patch
commit messages just like this (i.e. with the BZ: tag and the first line),
not as a Ref: tag at the end of the commit message.

I'll let Ard decide on that, though.
Using Ref: in the signoff section of the patch is perfectly fine with me.

I'll go over this series on Thursday and merge it if everything looks ok.

Please hold off - I think I found a bug in patch 10 (parsing of the SEV
hashes GUIDed structure).

I'll update with my findings soon.



Thanks all for the review.
Thank you Tom and Brijesh for the review -- you helped improve our
contribution.


-Dov


Re: [PATCH v2 1/1] MdeModulePkg: Add BootDiscoveryPolicyUiLib.

Sunny Wang
 

Hi Greg,

I just had an offline discussion with Zhichao. Zhichao made a good point. It looks like this feature requires platform code to add PCD override in DynamicHii type in its platform .dsc file. Otherwise, the PcdSet32S() call won't initiate the "BootDiscoveryPolicy" variable.
Therefore, could you add a comment to the dec file to say that the PCD override in DynamicHii type is required for enabling this feature? You can take the comment for PcdTcgPhysicalPresenceInterfaceVer in \SecurityPkg\SecurityPkg.dec below as a reference for adding your comment for PcdBootDiscoveryPolicy in MdeModulePkg/MdeModulePkg.dec.

# To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>
# For example, map to TCG2_VERSION.PpiVersion to be configured by Tcg2ConfigDxe driver.<BR>
# gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS<BR>

Best Regards,
Sunny Wang

-----Original Message-----
From: Gao, Zhichao <zhichao.gao@intel.com>
Sent: Wednesday, July 21, 2021 1:14 PM
To: Grzegorz Bernacki <gjb@semihalf.com>
Cc: devel@edk2.groups.io; leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>; Sunny Wang <Sunny.Wang@arm.com>; mw@semihalf.com; upstream@semihalf.com; pete@akeo.ie; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan <dandan.bi@intel.com>; Dong, Eric <eric.dong@intel.com>
Subject: RE: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: Add BootDiscoveryPolicyUiLib.

OK. I am not familiar with PCD, it is new usage for me. And now I got to know the reason. But seems the behavior would be different base on the initialization on DSC file.
Whatever, this patch is OK to me. Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>

Thanks,
Zhichao

-----Original Message-----
From: Grzegorz Bernacki <gjb@semihalf.com>
Sent: Friday, July 9, 2021 5:55 PM
To: Gao, Zhichao <zhichao.gao@intel.com>
Cc: devel@edk2.groups.io; leif@nuviainc.com; ardb+tianocore@kernel.org;
Samer.El-Haj-Mahmoud@arm.com; sunny.Wang@arm.com;
mw@semihalf.com; upstream@semihalf.com; pete@akeo.ie; Wang, Jian J
<jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan
<dandan.bi@intel.com>; Dong, Eric <eric.dong@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: Add
BootDiscoveryPolicyUiLib.

Hi Zhichao,

Setting HII-type PCD causes variable initialization, so if
GetVariable() fails due to variable not being found, it will be
initialized by PcdSet32S() function.
thanks,
greg

czw., 8 lip 2021 o 10:08 Gao, Zhichao <zhichao.gao@intel.com> napisał(a):

See below comments.

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
Grzegorz Bernacki
Sent: Tuesday, July 6, 2021 6:45 PM
To: devel@edk2.groups.io
Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj-
Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com;
upstream@semihalf.com; pete@akeo.ie; Wang, Jian J
<jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan
<dandan.bi@intel.com>; Dong, Eric <eric.dong@intel.com>; Grzegorz
Bernacki <gjb@semihalf.com>; Sunny Wang <sunny.wang@arm.com>
Subject: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: Add
BootDiscoveryPolicyUiLib.

This library extends Boot Maintenance Menu and allows to select Boot
Discovery Policy. When choice is made BootDiscoveryPolicy variable is set.
Platform code can use this variable to decide which class of device shall be
connected.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
---
MdeModulePkg/MdeModulePkg.dec | 6 +

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
inf | 52 +++++++
MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h |
22
+++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
c | 160 ++++++++++++++++++++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
uni | 16 ++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib
Strings.uni | 29 ++++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib
Vfr.Vfr | 44 ++++++
7 files changed, 329 insertions(+)
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
inf
create mode 100644 MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
c
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
uni
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib
Strings.uni
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib
Vfr.Vfr

diff --git a/MdeModulePkg/MdeModulePkg.dec
b/MdeModulePkg/MdeModulePkg.dec index ad84421cf3..4e1c291768
100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -425,6 +425,9 @@
## Include/UniversalPayload/SerialPortInfo.h
gUniversalPayloadSerialPortInfoGuid = { 0xaa7e190d, 0xbe21, 0x4409,
{ 0x8e, 0x67, 0xa2, 0xcd, 0xf, 0x61, 0xe1, 0x70 } }

+ ## GUID used for Boot Discovery Policy FormSet guid and related variables.
+ gBootDiscoveryPolicyMgrFormsetGuid = { 0x5b6f7107, 0xbb3c, 0x4660, {
+ 0x92, 0xcd, 0x54, 0x26, 0x90, 0x28, 0x0b, 0xbd } }
+
[Ppis]
## Include/Ppi/AtaController.h
gPeiAtaControllerPpiGuid = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a,
0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}
@@ -1600,6 +1603,9 @@
# @Prompt Console Output Row of Text Setup

gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow|25|UINT32|0x40
00000e

+ ## Specify the Boot Discovery Policy settings
+
gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy|2|UINT32|0x4
0000
+ 00f
+
[PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64]

gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiExposedTableVersions|0x20|UI
NT32|0x0001004c

diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.inf
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.inf
new file mode 100644
index 0000000000..1fb4d43caa
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLib.inf
@@ -0,0 +1,52 @@
+## @file
+# Library for BDS phase to use Boot Discovery Policy # # Copyright
+(c) 2021, ARM Ltd. All rights reserved.<BR> # Copyright (c) 2021,
+Semihalf All rights reserved.<BR> # SPDX-License-Identifier:
+BSD-2-Clause-Patent # ##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BootDiscoveryPolicyUiLib
+ MODULE_UNI_FILE = BootDiscoveryPolicyUiLib.uni
+ FILE_GUID = BE73105A-B13D-4B57-A41A-463DBD15FE10
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL|DXE_DRIVER UEFI_APPLICATION
+ CONSTRUCTOR = BootDiscoveryPolicyUiLibConstructor
+ DESTRUCTOR = BootDiscoveryPolicyUiLibDestructor
+#
+# The following information is for reference only and not required by the
build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ BootDiscoveryPolicyUiLib.c
+ BootDiscoveryPolicyUiLibStrings.uni
+ BootDiscoveryPolicyUiLibVfr.Vfr
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ DevicePathLib
+ BaseLib
+ UefiRuntimeServicesTableLib
+ UefiBootServicesTableLib
+ DebugLib
+ HiiLib
+ UefiLib
+ BaseMemoryLib
+
+[Guids]
+ gBootDiscoveryPolicyMgrFormsetGuid
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy ##
PRODUCES
+
+[Depex]
+ gEfiHiiDatabaseProtocolGuid AND gPcdProtocolGuid
diff --git a/MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
b/MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
new file mode 100644
index 0000000000..8eb0968a16
--- /dev/null
+++ b/MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
@@ -0,0 +1,22 @@
+/** @file
+ Definition for structure & defines exported by Boot Discovery Policy
+UI
+
+ Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> Copyright (c)
+ 2021, Semihalf All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _BOOT_DISCOVERY_POLICY_UI_LIB_H_ #define
+_BOOT_DISCOVERY_POLICY_UI_LIB_H_
+
+#define BDP_CONNECT_MINIMAL 0 /* Do not connect any additional
devices */
+#define BDP_CONNECT_NET 1
+#define BDP_CONNECT_ALL 2
+
+#define BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID { 0x5b6f7107,
0xbb3c,
+0x4660, { 0x92, 0xcd, 0x54, 0x26, 0x90, 0x28, 0x0b, 0xbd } }
+
+#define BOOT_DISCOVERY_POLICY_VAR L"BootDiscoveryPolicy"
+
+#endif
diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.c
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.c
new file mode 100644
index 0000000000..6814d0bb8f
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLib.c
@@ -0,0 +1,160 @@
+/** @file
+ Boot Discovery Policy UI for Boot Maintenance menu.
+
+ Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> Copyright (c)
+ 2021, Semihalf All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Guid/BootDiscoveryPolicy.h>
+#include <Library/UefiDriverEntryPoint.h> #include
+<Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HiiLib.h>
+#include <Library/UefiLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Include/Library/PcdLib.h>
+
+///
+/// HII specific Vendor Device Path definition.
+///
+typedef struct {
+ VENDOR_DEVICE_PATH VendorDevicePath;
+ EFI_DEVICE_PATH_PROTOCOL End;
+} HII_VENDOR_DEVICE_PATH;
+
+extern unsigned char BootDiscoveryPolicyUiLibVfrBin[];
+
+EFI_HII_HANDLE mBPHiiHandle = NULL;
+EFI_HANDLE mBPDriverHandle = NULL;
+
+STATIC HII_VENDOR_DEVICE_PATH mVendorDevicePath = {
+ {
+ {
+ HARDWARE_DEVICE_PATH,
+ HW_VENDOR_DP,
+ {
+ (UINT8)(sizeof (VENDOR_DEVICE_PATH)),
+ (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8)
+ }
+ },
+ BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID
+ },
+ {
+ END_DEVICE_PATH_TYPE,
+ END_ENTIRE_DEVICE_PATH_SUBTYPE,
+ {
+ (UINT8)(END_DEVICE_PATH_LENGTH),
+ (UINT8)((END_DEVICE_PATH_LENGTH) >> 8)
+ }
+ }
+};
+
+/**
+
+ Initialize Boot Maintenance Menu library.
+
+ @param ImageHandle The image handle.
+ @param SystemTable The system table.
+
+ @retval EFI_SUCCESS Install Boot manager menu success.
+ @retval Other Return error status.gBPDisplayLibGuid
+
+**/
+EFI_STATUS
+EFIAPI
+BootDiscoveryPolicyUiLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ UINTN Size;
+ UINT32 BootDiscoveryPolicy;
+
+ Size = sizeof (UINT32);
+ Status = gRT->GetVariable (
+ BOOT_DISCOVERY_POLICY_VAR,
+ &gBootDiscoveryPolicyMgrFormsetGuid,
+ NULL,
+ &Size,
+ &BootDiscoveryPolicy
+ );
+ if (EFI_ERROR (Status)) {
+ Status = PcdSet32S (PcdBootDiscoveryPolicy, PcdGet32
(PcdBootDiscoveryPolicy));
+ ASSERT_EFI_ERROR (Status);
+ }
I don't understand the above check. Seems the value of the variable is not used
and the Pcd value is not changed.

Thanks,
Zhichao

+
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &mBPDriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mVendorDevicePath,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Publish our HII data
+ //
+ mBPHiiHandle = HiiAddPackages (
+ &gBootDiscoveryPolicyMgrFormsetGuid,
+ mBPDriverHandle,
+ BootDiscoveryPolicyUiLibVfrBin,
+ BootDiscoveryPolicyUiLibStrings,
+ NULL
+ );
+ if (mBPHiiHandle == NULL) {
+ gBS->UninstallMultipleProtocolInterfaces (
+ mBPDriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mVendorDevicePath,
+ NULL
+ );
+
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Destructor of Boot Maintenance menu library.
+
+ @param ImageHandle The firmware allocated handle for the EFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The destructor completed successfully.
+ @retval Other value The destructor did not complete successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+BootDiscoveryPolicyUiLibDestructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+
+ if (mBPDriverHandle != NULL) {
+ gBS->UninstallProtocolInterface (
+ mBPDriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mVendorDevicePath
+ );
+ mBPDriverHandle = NULL;
+ }
+
+ if (mBPHiiHandle != NULL) {
+ HiiRemovePackages (mBPHiiHandle);
+ mBPHiiHandle = NULL;
+ }
+
+ return EFI_SUCCESS;
+}
diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.uni
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.uni
new file mode 100644
index 0000000000..89231bc2d7
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLib.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Boot Discovery Policy UI module.
+//
+// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> // Copyright
+(c) 2021, Semihalf All rights reserved.<BR> // //
+SPDX-License-Identifier: BSD-2-Clause-Patent // // **/
+
+
+#string STR_MODULE_ABSTRACT
+#language en-US "Boot Discovery Policy UI module."
+
+#string STR_MODULE_DESCRIPTION
+#language en-US "Boot Discovery Policy UI module."
diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
bStrings.uni
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
bStrings.uni
new file mode 100644
index 0000000000..736011c9bb
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLibStrings.uni
@@ -0,0 +1,29 @@
+// *++
+//
+// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> // Copyright
+(c) 2021, Semihalf All rights reserved.<BR> //
+SPDX-License-Identifier: BSD-2-Clause-Patent // // Module Name:
+//
+// BootDiscoveryPolicyUiLibStrings.uni
+//
+// Abstract:
+//
+// String definitions for Boot Discovery Policy UI.
+//
+// --*/
+
+/=#
+
+
+#langdef en-US "English"
+
+#string STR_FORM_BDP_MAIN_TITLE #language en-US "Boot
Discovery
Policy"
+
+#string STR_FORM_BDP_CONN_MIN #language en-US "Minimal"
+
+#string STR_FORM_BDP_CONN_NET #language en-US "Connect
Network Devices"
+
+#string STR_FORM_BDP_CONN_ALL #language en-US "Connect All
Devices"
+
diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
bVfr.Vfr
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
bVfr.Vfr
new file mode 100644
index 0000000000..0de87ec34f
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLibVfr.Vfr
@@ -0,0 +1,44 @@
+///** @file
+//
+// Formset for Boot Discovery Policy UI // // Copyright (c) 2021, ARM
+Ltd. All rights reserved.<BR> // Copyright (c) 2021, Semihalf All
+rights reserved.<BR> // // SPDX-License-Identifier:
+BSD-2-Clause-Patent // //**/
+
+#include <Uefi/UefiMultiPhase.h>
+#include "Guid/BootDiscoveryPolicy.h"
+#include <Guid/HiiBootMaintenanceFormset.h>
+
+typedef struct {
+ UINT32 BootDiscoveryPolicy;
+} BOOT_DISCOVERY_POLICY_VARSTORE_DATA;
+
+formset
+ guid = BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID,
+ title = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ help = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ classguid = EFI_IFR_BOOT_MAINTENANCE_GUID,
+
+ efivarstore BOOT_DISCOVERY_POLICY_VARSTORE_DATA,
+ attribute = EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+ name = BootDiscoveryPolicy,
+ guid = BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID;
+
+ form formid = 0x0001,
+ title = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE);
+
+ oneof varid = BootDiscoveryPolicy.BootDiscoveryPolicy,
+ prompt = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ help = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ flags = NUMERIC_SIZE_4 | INTERACTIVE | RESET_REQUIRED,
+ option text = STRING_TOKEN(STR_FORM_BDP_CONN_MIN), value =
BDP_CONNECT_MINIMAL, flags = DEFAULT;
+ option text = STRING_TOKEN(STR_FORM_BDP_CONN_NET), value =
BDP_CONNECT_NET, flags = 0;
+ option text = STRING_TOKEN(STR_FORM_BDP_CONN_ALL), value =
+ BDP_CONNECT_ALL, flags = 0; endoneof;
+
+ endform;
+endformset;
--
2.25.1




IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Re: [RFC PATCH] OvmfPkg/OvmfXen: set PcdAcpiS3Enable at initialization

Gary Lin
 

On Tue, Jul 20, 2021 at 02:52:12PM +0800, Gary Lin via groups.io wrote:
On Mon, Jul 19, 2021 at 05:07:21PM +0100, Anthony PERARD wrote:
It would have been nice to have this patch in a patch series with
"OvmfPkg/OvmfXen: add QemuKernelLoaderFsDxe", mostly to make it simpler
to understand the problem needed to be fixed.
To be honest, I don't have Xen environment and didn't realize that it's
about direct kernel boot until looking into another bug report. I just
compared InitializeXenPlatform() with InitializePlatform() and my
colleague told me OvmfXen works again after setting PcdAcpiS3Enable.

On Thu, Jul 08, 2021 at 12:05:49PM +0800, Gary Lin wrote:
There are several functions in OvmfPkg/Library using
QemuFwCfgS3Enabled() to detect the S3 support status. However, in
MdeModulePkg, PcdAcpiS3Enable is used to check S3 support. Since
InitializeXenPlatform() didn't set PcdAcpiS3Enable as
InitializePlatform() did, this made the inconsistency between
drivers/functions.

For example, S3SaveStateDxe checked PcdAcpiS3Enable and skipped
S3BootScript because the default value is FALSE. On the other hand,
PlatformBootManagerBeforeConsole() from OvmfPkg/Library called
QemuFwCfgS3Enabled() and found it returned TRUE, so it invoked
SaveS3BootScript(). However, S3SaveStateDxe skipped S3BootScript, so
SaveS3BootScript() asserted due to EFI_NOT_FOUND.
This sounds like OvmfPkg would need to be fixed to use PcdAcpiS3Enable
instead of QemuFwCfgS3Enabled() in most placed and have a single place
where QemuFwCfgS3Enabled() is used to set PcdAcpiS3Enable. If you feel
like trying to fix that, that would be nice, and then we could probably
set PcdAcpiS3Enable unconditionally on OvmfXen (and maybe hope that S3
support actually works with Xen).
That's why I marked this patch as RFC since the inconsistency could
exist in OVMF for KVM, not just Xen, so I would like to have feedbacks
from OvmfPkg maintainers. I'll amend the patch set to cover other
drivers/libraries in OvmfPkg.

In the mean time, this patch is fine but wants better comments. First
two paragraphs are good, but the rest needs explanation on what we are
trying to fix/workaround, that is "Direct Kernel Boot" as it is called
in "man xl.cfg".
Thanks for the suggestion. Will amend the comment in v2.
BTW, it seems to me that QEMU fwcfg is only used for Xen Direct Kernel
Boot. However, per xl.cfg manpage, it's possible to turn on or off S3
support by setting "acpi_s3" in xl.cfg, but PcdAcpiS3Enable wasn't set
in the current OvmfXen implementation. Just wonder how xl passes the S3
support bit to OvmfXen.

Thanks,

Gary Lin

Setting PcdAcpiS3Enable at InitializeXenPlatform() "fixes" the crash
reported by my colleague. The other possible direction is to replace
QemuFwCfgS3Enabled() with PcdAcpiS3Enable. I'm not sure which one is
the right fix.

Signed-off-by: Gary Lin <glin@suse.com>
---
diff --git a/OvmfPkg/XenPlatformPei/Platform.c b/OvmfPkg/XenPlatformPei/Platform.c
index a811e72ee301..f7edc979486e 100644
--- a/OvmfPkg/XenPlatformPei/Platform.c
+++ b/OvmfPkg/XenPlatformPei/Platform.c
@@ -26,6 +26,8 @@
#include <Library/PciLib.h>
#include <Library/PeimEntryPoint.h>
#include <Library/PeiServicesLib.h>
+#include <Library/QemuFwCfgLib.h>
I don't think QemuFwCfgLib.h is needed, can you remove it?
Sure, will remove it from v2.

+#include <Library/QemuFwCfgS3Lib.h>
#include <Library/ResourcePublicationLib.h>
#include <Guid/MemoryTypeInformation.h>
#include <Ppi/MasterBootMode.h>
@@ -433,6 +437,12 @@ InitializeXenPlatform (
CpuDeadLoop ();
}

+ if (QemuFwCfgS3Enabled ()) {
This test needs a comment. QEMU's fwcfg isn't supposed to be available,
unless one try to use the Direct Kernel Boot functionality.

+ DEBUG ((DEBUG_INFO, "S3 support was detected on QEMU\n"));
+ Status = PcdSetBoolS (PcdAcpiS3Enable, TRUE);
+ ASSERT_EFI_ERROR (Status);
+ }
+
XenConnect ();

BootModeInitialization ();
diff --git a/OvmfPkg/XenPlatformPei/XenPlatformPei.inf b/OvmfPkg/XenPlatformPei/XenPlatformPei.inf
index 597cb6fcd7ff..1e22c0b2e2aa 100644
--- a/OvmfPkg/XenPlatformPei/XenPlatformPei.inf
+++ b/OvmfPkg/XenPlatformPei/XenPlatformPei.inf
@@ -57,6 +57,8 @@ [LibraryClasses]
ResourcePublicationLib
PeiServicesLib
PeimEntryPoint
+ QemuFwCfgLib
Same here, QemuFwCfgLib doesn't seems to be needed or used.
Will remove it from v2.

Thanks,

Gary Lin






Re: [tianocore.github.io.wiki PATCH 1/1] Xcode.md: Update instructions to work on modern macOS and Xcode versions

Andrew Fish
 

These Xcode instructions look good to me in general. Thanks for doing this I usually do things following a non public path. 

I think to make these instructions work you need to update *_XCODE5_*_MTOC_PATH

By default, this will install mtoc at /opt/local/bin/mtoc.
*_XCODE5_*_MTOC_PATH = /usr/local/bin/mtoc

We could change this to match the brew default location, I think this location is way out of date. I think the other things get fixed by the path variables. 

Thanks,

Andrew Fish



On May 25, 2021, at 5:36 AM, Rebecca Cran <rebecca@...> wrote:

On 5/25/21 6:21 AM, Laszlo Ersek wrote:

The idea is to use the wiki of any one of your projects on github.com --
most fittingly, your edk2 fork's wiki.

The URL to clone the "real" wiki repo from is:

  git://github.com/tianocore/tianocore.github.io.wiki

And the repo URL of the wiki of your edk2 fork *should be*:

  git@...:bcran/edk2.wiki.git

I'm not sure if you first need to enable the wiki function, for your
edk2 fork, on github.com. Maybe that's hidden somewhere between the
project (fork) settings. Either way, once your wiki repo exists, just
force-push to it whatever your local clone contains. And, only the
"master" branch matters for rendering, AFAICT.


Ah, got it - thanks.

The updated Xcode.md page is at https://github.com/bcran/edk2/wiki/Xcode


--
Rebecca Cran









Re: [PATCH] EmulatorPkg: Update lldbefi.py to work with current lldb which uses python3

Andrew Fish
 

Reviewed-by: Andrew Fish <afish@apple.com>

On May 9, 2021, at 12:26 PM, Rebecca Cran <rebecca@bsdio.com> wrote:

The version of lldb shipping with macOS Big Sur is lldb-1205.0.27.3, and
it uses python3. Update lldbefi.py to work with it, including removing
the unused 'commands' import and fixing the print statements.

Signed-off-by: Rebecca Cran <rebecca@bsdio.com>
---
EmulatorPkg/Unix/lldbefi.py | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/EmulatorPkg/Unix/lldbefi.py b/EmulatorPkg/Unix/lldbefi.py
index c3fb2675cb..952f8bf982 100755
--- a/EmulatorPkg/Unix/lldbefi.py
+++ b/EmulatorPkg/Unix/lldbefi.py
@@ -10,7 +10,6 @@ import lldb
import os
import uuid
import string
-import commands
import optparse
import shlex

@@ -389,7 +388,7 @@ def LoadEmulatorEfiSymbols(frame, bp_loc , internal_dict):

FileName = frame.thread.process.ReadCStringFromMemory (FileNamePtr, FileNameLen, Error)
if not Error.Success():
- print "!ReadCStringFromMemory() did not find a %d byte C string at %x" % (FileNameLen, FileNamePtr)
+ print("!ReadCStringFromMemory() did not find a %d byte C string at %x" % (FileNameLen, FileNamePtr))
# make breakpoint command continue
return False

@@ -398,7 +397,7 @@ def LoadEmulatorEfiSymbols(frame, bp_loc , internal_dict):
LoadAddress = frame.FindVariable ("LoadAddress").GetValueAsUnsigned() - 0x240

debugger.HandleCommand ("target modules add %s" % FileName)
- print "target modules load --slid 0x%x %s" % (LoadAddress, FileName)
+ print("target modules load --slid 0x%x %s" % (LoadAddress, FileName))
debugger.HandleCommand ("target modules load --slide 0x%x --file %s" % (LoadAddress, FileName))
else:
target = debugger.GetSelectedTarget()
@@ -408,7 +407,7 @@ def LoadEmulatorEfiSymbols(frame, bp_loc , internal_dict):
if FileName == ModuleName or FileName == SBModule.GetFileSpec().GetFilename():
target.ClearModuleLoadAddress (SBModule)
if not target.RemoveModule (SBModule):
- print "!lldb.target.RemoveModule (%s) FAILED" % SBModule
+ print("!lldb.target.RemoveModule (%s) FAILED" % SBModule)

# make breakpoint command continue
return False
@@ -490,15 +489,15 @@ def efi_guid_command(debugger, command, result, dict):

if len(args) >= 1:
if GuidStr in guid_dict:
- print "%s = %s" % (guid_dict[GuidStr], GuidStr)
- print "%s = %s" % (guid_dict[GuidStr], GuidToCStructStr (GuidStr))
+ print("%s = %s" % (guid_dict[GuidStr], GuidStr))
+ print("%s = %s" % (guid_dict[GuidStr], GuidToCStructStr (GuidStr)))
else:
- print GuidStr
+ print(GuidStr)
else:
# dump entire dictionary
width = max(len(v) for k,v in guid_dict.iteritems())
for value in sorted(guid_dict, key=guid_dict.get):
- print '%-*s %s %s' % (width, guid_dict[value], value, GuidToCStructStr(value))
+ print('%-*s %s %s' % (width, guid_dict[value], value, GuidToCStructStr(value)))

return

@@ -538,4 +537,4 @@ def __lldb_init_module (debugger, internal_dict):
if Breakpoint.GetNumLocations() == 1:
# Set the emulator breakpoints, if we are in the emulator
debugger.HandleCommand("breakpoint command add -s python -F lldbefi.LoadEmulatorEfiSymbols {id}".format(id=Breakpoint.GetID()))
- print 'Type r to run emulator. SecLldbScriptBreak armed. EFI modules should now get source level debugging in the emulator.'
+ print('Type r to run emulator. SecLldbScriptBreak armed. EFI modules should now get source level debugging in the emulator.')
--
2.30.1 (Apple Git-130)







Re: [PATCH v2 1/1] MdeModulePkg: Add BootDiscoveryPolicyUiLib.

Gao, Zhichao
 

OK. I am not familiar with PCD, it is new usage for me. And now I got to know the reason. But seems the behavior would be different base on the initialization on DSC file.
Whatever, this patch is OK to me. Reviewed-by: Zhichao Gao <zhichao.gao@intel.com>

Thanks,
Zhichao

-----Original Message-----
From: Grzegorz Bernacki <gjb@semihalf.com>
Sent: Friday, July 9, 2021 5:55 PM
To: Gao, Zhichao <zhichao.gao@intel.com>
Cc: devel@edk2.groups.io; leif@nuviainc.com; ardb+tianocore@kernel.org;
Samer.El-Haj-Mahmoud@arm.com; sunny.Wang@arm.com;
mw@semihalf.com; upstream@semihalf.com; pete@akeo.ie; Wang, Jian J
<jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan
<dandan.bi@intel.com>; Dong, Eric <eric.dong@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: Add
BootDiscoveryPolicyUiLib.

Hi Zhichao,

Setting HII-type PCD causes variable initialization, so if
GetVariable() fails due to variable not being found, it will be
initialized by PcdSet32S() function.
thanks,
greg

czw., 8 lip 2021 o 10:08 Gao, Zhichao <zhichao.gao@intel.com> napisał(a):

See below comments.

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
Grzegorz Bernacki
Sent: Tuesday, July 6, 2021 6:45 PM
To: devel@edk2.groups.io
Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer.El-Haj-
Mahmoud@arm.com; sunny.Wang@arm.com; mw@semihalf.com;
upstream@semihalf.com; pete@akeo.ie; Wang, Jian J
<jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan
<dandan.bi@intel.com>; Dong, Eric <eric.dong@intel.com>; Grzegorz
Bernacki <gjb@semihalf.com>; Sunny Wang <sunny.wang@arm.com>
Subject: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: Add
BootDiscoveryPolicyUiLib.

This library extends Boot Maintenance Menu and allows to select Boot
Discovery Policy. When choice is made BootDiscoveryPolicy variable is set.
Platform code can use this variable to decide which class of device shall be
connected.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
---
MdeModulePkg/MdeModulePkg.dec | 6 +

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
inf | 52 +++++++
MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h |
22
+++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
c | 160 ++++++++++++++++++++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
uni | 16 ++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib
Strings.uni | 29 ++++

MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib
Vfr.Vfr | 44 ++++++
7 files changed, 329 insertions(+)
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
inf
create mode 100644 MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
c
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib.
uni
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib
Strings.uni
create mode 100644
MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLib
Vfr.Vfr

diff --git a/MdeModulePkg/MdeModulePkg.dec
b/MdeModulePkg/MdeModulePkg.dec index ad84421cf3..4e1c291768
100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -425,6 +425,9 @@
## Include/UniversalPayload/SerialPortInfo.h
gUniversalPayloadSerialPortInfoGuid = { 0xaa7e190d, 0xbe21, 0x4409,
{ 0x8e, 0x67, 0xa2, 0xcd, 0xf, 0x61, 0xe1, 0x70 } }

+ ## GUID used for Boot Discovery Policy FormSet guid and related variables.
+ gBootDiscoveryPolicyMgrFormsetGuid = { 0x5b6f7107, 0xbb3c, 0x4660, {
+ 0x92, 0xcd, 0x54, 0x26, 0x90, 0x28, 0x0b, 0xbd } }
+
[Ppis]
## Include/Ppi/AtaController.h
gPeiAtaControllerPpiGuid = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a,
0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}
@@ -1600,6 +1603,9 @@
# @Prompt Console Output Row of Text Setup

gEfiMdeModulePkgTokenSpaceGuid.PcdSetupConOutRow|25|UINT32|0x40
00000e

+ ## Specify the Boot Discovery Policy settings
+
gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy|2|UINT32|0x4
0000
+ 00f
+
[PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64]

gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiExposedTableVersions|0x20|UI
NT32|0x0001004c

diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.inf
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.inf
new file mode 100644
index 0000000000..1fb4d43caa
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLib.inf
@@ -0,0 +1,52 @@
+## @file
+# Library for BDS phase to use Boot Discovery Policy # # Copyright
+(c) 2021, ARM Ltd. All rights reserved.<BR> # Copyright (c) 2021,
+Semihalf All rights reserved.<BR> # SPDX-License-Identifier:
+BSD-2-Clause-Patent # ##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BootDiscoveryPolicyUiLib
+ MODULE_UNI_FILE = BootDiscoveryPolicyUiLib.uni
+ FILE_GUID = BE73105A-B13D-4B57-A41A-463DBD15FE10
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL|DXE_DRIVER UEFI_APPLICATION
+ CONSTRUCTOR = BootDiscoveryPolicyUiLibConstructor
+ DESTRUCTOR = BootDiscoveryPolicyUiLibDestructor
+#
+# The following information is for reference only and not required by the
build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ BootDiscoveryPolicyUiLib.c
+ BootDiscoveryPolicyUiLibStrings.uni
+ BootDiscoveryPolicyUiLibVfr.Vfr
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ DevicePathLib
+ BaseLib
+ UefiRuntimeServicesTableLib
+ UefiBootServicesTableLib
+ DebugLib
+ HiiLib
+ UefiLib
+ BaseMemoryLib
+
+[Guids]
+ gBootDiscoveryPolicyMgrFormsetGuid
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBootDiscoveryPolicy ##
PRODUCES
+
+[Depex]
+ gEfiHiiDatabaseProtocolGuid AND gPcdProtocolGuid
diff --git a/MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
b/MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
new file mode 100644
index 0000000000..8eb0968a16
--- /dev/null
+++ b/MdeModulePkg/Include/Guid/BootDiscoveryPolicy.h
@@ -0,0 +1,22 @@
+/** @file
+ Definition for structure & defines exported by Boot Discovery Policy
+UI
+
+ Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> Copyright (c)
+ 2021, Semihalf All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _BOOT_DISCOVERY_POLICY_UI_LIB_H_ #define
+_BOOT_DISCOVERY_POLICY_UI_LIB_H_
+
+#define BDP_CONNECT_MINIMAL 0 /* Do not connect any additional
devices */
+#define BDP_CONNECT_NET 1
+#define BDP_CONNECT_ALL 2
+
+#define BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID { 0x5b6f7107,
0xbb3c,
+0x4660, { 0x92, 0xcd, 0x54, 0x26, 0x90, 0x28, 0x0b, 0xbd } }
+
+#define BOOT_DISCOVERY_POLICY_VAR L"BootDiscoveryPolicy"
+
+#endif
diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.c
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.c
new file mode 100644
index 0000000000..6814d0bb8f
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLib.c
@@ -0,0 +1,160 @@
+/** @file
+ Boot Discovery Policy UI for Boot Maintenance menu.
+
+ Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> Copyright (c)
+ 2021, Semihalf All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Guid/BootDiscoveryPolicy.h>
+#include <Library/UefiDriverEntryPoint.h> #include
+<Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HiiLib.h>
+#include <Library/UefiLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Include/Library/PcdLib.h>
+
+///
+/// HII specific Vendor Device Path definition.
+///
+typedef struct {
+ VENDOR_DEVICE_PATH VendorDevicePath;
+ EFI_DEVICE_PATH_PROTOCOL End;
+} HII_VENDOR_DEVICE_PATH;
+
+extern unsigned char BootDiscoveryPolicyUiLibVfrBin[];
+
+EFI_HII_HANDLE mBPHiiHandle = NULL;
+EFI_HANDLE mBPDriverHandle = NULL;
+
+STATIC HII_VENDOR_DEVICE_PATH mVendorDevicePath = {
+ {
+ {
+ HARDWARE_DEVICE_PATH,
+ HW_VENDOR_DP,
+ {
+ (UINT8)(sizeof (VENDOR_DEVICE_PATH)),
+ (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8)
+ }
+ },
+ BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID
+ },
+ {
+ END_DEVICE_PATH_TYPE,
+ END_ENTIRE_DEVICE_PATH_SUBTYPE,
+ {
+ (UINT8)(END_DEVICE_PATH_LENGTH),
+ (UINT8)((END_DEVICE_PATH_LENGTH) >> 8)
+ }
+ }
+};
+
+/**
+
+ Initialize Boot Maintenance Menu library.
+
+ @param ImageHandle The image handle.
+ @param SystemTable The system table.
+
+ @retval EFI_SUCCESS Install Boot manager menu success.
+ @retval Other Return error status.gBPDisplayLibGuid
+
+**/
+EFI_STATUS
+EFIAPI
+BootDiscoveryPolicyUiLibConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ UINTN Size;
+ UINT32 BootDiscoveryPolicy;
+
+ Size = sizeof (UINT32);
+ Status = gRT->GetVariable (
+ BOOT_DISCOVERY_POLICY_VAR,
+ &gBootDiscoveryPolicyMgrFormsetGuid,
+ NULL,
+ &Size,
+ &BootDiscoveryPolicy
+ );
+ if (EFI_ERROR (Status)) {
+ Status = PcdSet32S (PcdBootDiscoveryPolicy, PcdGet32
(PcdBootDiscoveryPolicy));
+ ASSERT_EFI_ERROR (Status);
+ }
I don't understand the above check. Seems the value of the variable is not used
and the Pcd value is not changed.

Thanks,
Zhichao

+
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &mBPDriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mVendorDevicePath,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Publish our HII data
+ //
+ mBPHiiHandle = HiiAddPackages (
+ &gBootDiscoveryPolicyMgrFormsetGuid,
+ mBPDriverHandle,
+ BootDiscoveryPolicyUiLibVfrBin,
+ BootDiscoveryPolicyUiLibStrings,
+ NULL
+ );
+ if (mBPHiiHandle == NULL) {
+ gBS->UninstallMultipleProtocolInterfaces (
+ mBPDriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mVendorDevicePath,
+ NULL
+ );
+
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Destructor of Boot Maintenance menu library.
+
+ @param ImageHandle The firmware allocated handle for the EFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The destructor completed successfully.
+ @retval Other value The destructor did not complete successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+BootDiscoveryPolicyUiLibDestructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+
+ if (mBPDriverHandle != NULL) {
+ gBS->UninstallProtocolInterface (
+ mBPDriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mVendorDevicePath
+ );
+ mBPDriverHandle = NULL;
+ }
+
+ if (mBPHiiHandle != NULL) {
+ HiiRemovePackages (mBPHiiHandle);
+ mBPHiiHandle = NULL;
+ }
+
+ return EFI_SUCCESS;
+}
diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.uni
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
b.uni
new file mode 100644
index 0000000000..89231bc2d7
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLib.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Boot Discovery Policy UI module.
+//
+// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> // Copyright
+(c) 2021, Semihalf All rights reserved.<BR> // //
+SPDX-License-Identifier: BSD-2-Clause-Patent // // **/
+
+
+#string STR_MODULE_ABSTRACT
+#language en-US "Boot Discovery Policy UI module."
+
+#string STR_MODULE_DESCRIPTION
+#language en-US "Boot Discovery Policy UI module."
diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
bStrings.uni
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
bStrings.uni
new file mode 100644
index 0000000000..736011c9bb
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLibStrings.uni
@@ -0,0 +1,29 @@
+// *++
+//
+// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR> // Copyright
+(c) 2021, Semihalf All rights reserved.<BR> //
+SPDX-License-Identifier: BSD-2-Clause-Patent // // Module Name:
+//
+// BootDiscoveryPolicyUiLibStrings.uni
+//
+// Abstract:
+//
+// String definitions for Boot Discovery Policy UI.
+//
+// --*/
+
+/=#
+
+
+#langdef en-US "English"
+
+#string STR_FORM_BDP_MAIN_TITLE #language en-US "Boot
Discovery
Policy"
+
+#string STR_FORM_BDP_CONN_MIN #language en-US "Minimal"
+
+#string STR_FORM_BDP_CONN_NET #language en-US "Connect
Network Devices"
+
+#string STR_FORM_BDP_CONN_ALL #language en-US "Connect All
Devices"
+
diff --git
a/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
bVfr.Vfr
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyUiLi
bVfr.Vfr
new file mode 100644
index 0000000000..0de87ec34f
--- /dev/null
+++
b/MdeModulePkg/Library/BootDiscoveryPolicyUiLib/BootDiscoveryPolicyU
+++ iLibVfr.Vfr
@@ -0,0 +1,44 @@
+///** @file
+//
+// Formset for Boot Discovery Policy UI // // Copyright (c) 2021, ARM
+Ltd. All rights reserved.<BR> // Copyright (c) 2021, Semihalf All
+rights reserved.<BR> // // SPDX-License-Identifier:
+BSD-2-Clause-Patent // //**/
+
+#include <Uefi/UefiMultiPhase.h>
+#include "Guid/BootDiscoveryPolicy.h"
+#include <Guid/HiiBootMaintenanceFormset.h>
+
+typedef struct {
+ UINT32 BootDiscoveryPolicy;
+} BOOT_DISCOVERY_POLICY_VARSTORE_DATA;
+
+formset
+ guid = BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID,
+ title = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ help = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ classguid = EFI_IFR_BOOT_MAINTENANCE_GUID,
+
+ efivarstore BOOT_DISCOVERY_POLICY_VARSTORE_DATA,
+ attribute = EFI_VARIABLE_BOOTSERVICE_ACCESS |
EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
+ name = BootDiscoveryPolicy,
+ guid = BOOT_DISCOVERY_POLICY_MGR_FORMSET_GUID;
+
+ form formid = 0x0001,
+ title = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE);
+
+ oneof varid = BootDiscoveryPolicy.BootDiscoveryPolicy,
+ prompt = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ help = STRING_TOKEN(STR_FORM_BDP_MAIN_TITLE),
+ flags = NUMERIC_SIZE_4 | INTERACTIVE | RESET_REQUIRED,
+ option text = STRING_TOKEN(STR_FORM_BDP_CONN_MIN), value =
BDP_CONNECT_MINIMAL, flags = DEFAULT;
+ option text = STRING_TOKEN(STR_FORM_BDP_CONN_NET), value =
BDP_CONNECT_NET, flags = 0;
+ option text = STRING_TOKEN(STR_FORM_BDP_CONN_ALL), value =
+ BDP_CONNECT_ALL, flags = 0; endoneof;
+
+ endform;
+endformset;
--
2.25.1





Re: [edk2-platforms][PATCH V1] KabylakeOpenBoardPkg: Implement the PEI Reset Services

Chiu, Chasel
 

Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>

-----Original Message-----
From: Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>
Sent: Tuesday, July 13, 2021 5:27 PM
To: devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Jeremy Soller
<jeremy@system76.com>; Michael Kubacki <Michael.Kubacki@microsoft.com>;
Benjamin Doron <benjamin.doron00@gmail.com>
Subject: [edk2-platforms][PATCH V1] KabylakeOpenBoardPkg: Implement the
PEI Reset Services

This change implements the ResetSystem and ResetSystem2 PEI services for
KabylakeRvp3 and GalagoPro3. The invocation of PchInitializeReset() was
missing from BoardInitLib.

Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Jeremy Soller <jeremy@system76.com>
Cc: Michael Kubacki <Michael.Kubacki@microsoft.com>
Cc: Benjamin Doron <benjamin.doron00@gmail.com>
---
.../Library/BoardInitLib/PeiBoardInitPreMemLib.inf | 3 ++-
.../BoardInitLib/PeiGalagoPro3InitPreMemLib.c | 8 +++++++-
.../BoardInitLib/PeiMultiBoardInitPreMemLib.inf | 3 ++-
.../Library/BoardInitLib/PeiBoardInitPreMemLib.inf | 3 ++-
.../BoardInitLib/PeiKabylakeRvp3InitPreMemLib.c | 13 +++++++++++--
.../BoardInitLib/PeiMultiBoardInitPreMemLib.inf | 3 ++-
6 files changed, 26 insertions(+), 7 deletions(-)

diff --git
a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLib/PeiB
oardInitPreMemLib.inf
b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLib/PeiB
oardInitPreMemLib.inf
index e4b783684f..d6c91cd2b9 100644
---
a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLib/PeiB
oardInitPreMemLib.inf
+++ b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLi
+++ b/PeiBoardInitPreMemLib.inf
@@ -1,7 +1,7 @@
## @file
# Component information file for PEI GalagoPro3 Board Init Pre-Mem Library #
-# Copyright (c) 2019 - 2020 Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2019 - 2021 Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -22,6 +22,7 @@
MemoryAllocationLib
PcdLib
SiliconInitLib
+ PchResetLib

[Packages]
MinPlatformPkg/MinPlatformPkg.dec
diff --git
a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLib/PeiG
alagoPro3InitPreMemLib.c
b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLib/PeiG
alagoPro3InitPreMemLib.c
index ca32ab2514..6bf77a2af0 100644
---
a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLib/PeiG
alagoPro3InitPreMemLib.c
+++ b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLi
+++ b/PeiGalagoPro3InitPreMemLib.c
@@ -1,7 +1,7 @@
/** @file
System 76 GalagoPro3 board pre-memory initialization.

-Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2019 - 2021, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

**/
@@ -209,6 +209,12 @@ GalagoPro3BoardInitBeforeMemoryInit (
///
SiliconInit ();

+ //
+ // Install PCH RESET PPI and EFI RESET2 PeiService // Status =
+ PchInitializeReset (); ASSERT_EFI_ERROR (Status);
+
return EFI_SUCCESS;
}

diff --git
a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLib/Pei
MultiBoardInitPreMemLib.inf
b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLib/Pei
MultiBoardInitPreMemLib.inf
index d866f59338..fe31f42135 100644
---
a/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLib/Pei
MultiBoardInitPreMemLib.inf
+++ b/Platform/Intel/KabylakeOpenBoardPkg/GalagoPro3/Library/BoardInitLi
+++ b/PeiMultiBoardInitPreMemLib.inf
@@ -1,7 +1,7 @@
## @file
# Component information file for PEI GalagoPro3 Board Init Pre-Mem Library #
-# Copyright (c) 2019 - 2020 Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2019 - 2021 Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -24,6 +24,7 @@
PcdLib
SiliconInitLib
MultiBoardInitSupportLib
+ PchResetLib

[Packages]
MinPlatformPkg/MinPlatformPkg.dec
diff --git
a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInitLib/Pe
iBoardInitPreMemLib.inf
b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInitLib/Pe
iBoardInitPreMemLib.inf
index d0cdba666f..850fc51418 100644
---
a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInitLib/Pe
iBoardInitPreMemLib.inf
+++ b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInit
+++ Lib/PeiBoardInitPreMemLib.inf
@@ -1,7 +1,7 @@
## @file
# Component information file for PEI KabylakeRvp3 Board Init Pre-Mem Library
# -# Copyright (c) 2017 - 2020 Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017 - 2021 Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -23,6 +23,7 @@
PcdLib
SiliconInitLib
EcLib
+ PchResetLib

[Packages]
MinPlatformPkg/MinPlatformPkg.dec
diff --git
a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInitLib/Pe
iKabylakeRvp3InitPreMemLib.c
b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInitLib/Pe
iKabylakeRvp3InitPreMemLib.c
index 8f2e036356..d34b0be3c7 100644
---
a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInitLib/Pe
iKabylakeRvp3InitPreMemLib.c
+++ b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInit
+++ Lib/PeiKabylakeRvp3InitPreMemLib.c
@@ -1,6 +1,6 @@
/** @file

-Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

**/
@@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include
<SioRegs.h> #include <Library/PchPcrLib.h> #include <Library/SiliconInitLib.h>
+#include <Library/PchResetLib.h>

#include "PeiKabylakeRvp3InitLib.h"

@@ -282,6 +283,8 @@ KabylakeRvp3BoardInitBeforeMemoryInit (
VOID
)
{
+ EFI_STATUS Status;
+
if (LibPcdGetSku () == BoardIdKabyLakeYLpddr3Rvp3) {
KabylakeRvp3InitPreMem ();
} else if (LibPcdGetSku () == BoardIdSkylakeRvp3) { @@ -297,12 +300,18 @@
KabylakeRvp3BoardInitBeforeMemoryInit (

GpioInitPreMem ();
SioInit ();
-
+
///
/// Do basic PCH init
///
SiliconInit ();

+ //
+ // Install PCH RESET PPI and EFI RESET2 PeiService // Status =
+ PchInitializeReset (); ASSERT_EFI_ERROR (Status);
+
return EFI_SUCCESS;
}

diff --git
a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInitLib/Pe
iMultiBoardInitPreMemLib.inf
b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInitLib/Pe
iMultiBoardInitPreMemLib.inf
index a51712ac34..23fe6b6f03 100644
---
a/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInitLib/Pe
iMultiBoardInitPreMemLib.inf
+++ b/Platform/Intel/KabylakeOpenBoardPkg/KabylakeRvp3/Library/BoardInit
+++ Lib/PeiMultiBoardInitPreMemLib.inf
@@ -1,7 +1,7 @@
## @file
# Component information file for PEI KabylakeRvp3 Board Init Pre-Mem Library
# -# Copyright (c) 2017 - 2020 Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017 - 2021 Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -25,6 +25,7 @@
SiliconInitLib
MultiBoardInitSupportLib
EcLib
+ PchResetLib

[Packages]
MinPlatformPkg/MinPlatformPkg.dec
--
2.27.0.windows.1


Re: [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for silicon policy structures

Chiu, Chasel
 

Hi Nate,

Just one small feedbacks inline, please check them.
With that resolved: Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>

Thanks,
Chasel

-----Original Message-----
From: Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>
Sent: Wednesday, July 21, 2021 4:22 AM
To: devel@edk2.groups.io
Cc: Oram, Isaac W <isaac.w.oram@intel.com>; Chiu, Chasel
<chasel.chiu@intel.com>
Subject: [edk2-platforms] [PATCH V1] WhitleySiliconPkg: Improve comments for
silicon policy structures

Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Isaac Oram <isaac.w.oram@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
---
.../Include/Ppi/RasImcS3Data.h | 6 +
.../Include/Ppi/UpiPolicyPpi.h | 5 +-
.../WhitleySiliconPkg/Include/Upi/KtiHost.h | 250 +++++++++---------
.../SouthClusterLbg/Include/PchPolicyCommon.h | 9 +
.../SecurityIp/SecurityIpMkTme1v0_Inputs.h | 8 +-
.../SecurityIp/SecurityIpMkTme1v0_Outputs.h | 12 +-
.../SecurityIp/SecurityIpSgxTem1v0_Inputs.h | 43 +--
.../Guid/SecurityIp/SecurityIpTdx1v0_Inputs.h | 4 +-
.../Security/Include/Guid/SecurityPolicy.h | 29 ++
.../Include/Guid/SecurityPolicy_Flat.h | 4 +-
.../Library/SecurityPolicyDefinitions.h | 28 ++
11 files changed, 245 insertions(+), 153 deletions(-) create mode 100644
Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
create mode 100644
Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefinition
s.h

diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
index 82725bc84..2198f8516 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/RasImcS3Data.h
@@ -44,7 +44,13 @@ EFI_STATUS
OUT VOID *Data
);

+/**
+ RAS IMC S3 Data PPI
+**/
struct _RAS_IMC_S3_DATA_PPI {
+ /**
+ Retrieves data for S3 saved memory RAS features from non-volatile storage.
+ **/
RAS_IMC_S3_DATA_PPI_GET_IMC_S3_RAS_DATA GetImcS3RasData; };

diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
index e355dcaba..503c5c0ae 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Ppi/UpiPolicyPpi.h
@@ -24,6 +24,9 @@

typedef struct _UPI_POLICY_PPI UPI_POLICY_PPI;

+/**
+ UPI Policy Structure
+**/
struct _UPI_POLICY_PPI {
/**
This member specifies the revision of the UPI_POLICY_PPI. This field is used
to @@ -32,7 +35,7 @@ struct _UPI_POLICY_PPI {
to correctly interpret the content of the INTERFACE fields.
**/
UINT32 Revision;
- KTI_HOST_IN Upi;
+ KTI_HOST_IN Upi; ///< KTIRC input structure
};

#endif // _UPI_POLICY_PPI_H_
diff --git a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
index cf558b3d3..e793cc647 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
+++ b/Silicon/Intel/WhitleySiliconPkg/Include/Upi/KtiHost.h
@@ -99,28 +99,31 @@ typedef struct {
KTI_RESERVED_2 Phy[MAX_FW_KTI_PORTS]; } KTI_RESERVED_4;

-//
-// PHY settings that are system dependent. Need 1 of these for each
socket/link/freq.
-//
+/**
+ Per Lane PHY Configuration

+ These PHY settings are system dependent. Every socket/link/freq requires an
instance of this structure.
+**/
typedef struct {
- UINT8 SocketID;
- UINT8 AllLanesUseSameTxeq;
- UINT8 Freq;
- UINT32 Link;
- UINT32 TXEQL[20];
- UINT32 CTLEPEAK[5];
+ UINT8 SocketID; ///< Socket ID
+ UINT8 AllLanesUseSameTxeq; ///< Use same TXEQ on all lanes
+ UINT8 Freq; ///< The Link Speed these TXEQ settings should be used
for
+ UINT32 Link; ///< Port Number
+ UINT32 TXEQL[20]; ///< TXEQ Settings
+ UINT32 CTLEPEAK[5]; ///< CTLE Peaking Settings
} PER_LANE_EPARAM_LINK_INFO;

-//
-// This is for full speed mode, all lanes have the same TXEQ setting -//
+/**
+ All Lanes PHY Configuration
+
+ This is for full speed mode, all lanes have the same TXEQ setting **/
typedef struct {
- UINT8 SocketID;
- UINT8 Freq;
- UINT32 Link;
- UINT32 AllLanesTXEQ;
- UINT8 CTLEPEAK;
+ UINT8 SocketID; ///< Socket ID
+ UINT8 Freq; ///< The Link Speed these TXEQ settings should be used
for
+ UINT32 Link; ///< Port Number
+ UINT32 AllLanesTXEQ; ///< TXEQ Setting
+ UINT8 CTLEPEAK; ///< CTLE Peaking Setting
} ALL_LANES_EPARAM_LINK_INFO;

#define ADAPTIVE_CTLE 0x3f
@@ -173,130 +176,141 @@ typedef struct {
KTI_CPU_PHY_SETTING Phy[MAX_FW_KTI_PORTS];
} KTI_CPU_SETTING;

-//
-// KTIRC input structure
-//
+/**
+ KTIRC input structure
+**/
typedef struct {
//
// Protocol layer and other general options; note that "Auto" is provided only
options whose value will change depending
// on the topology, not for all options.
//

- //
- // Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each
CPU's IIO.
- // Value 0 indicates, that CPU is not relevant for the system. If resource is
- // requested for an CPU that is not currently populated, KTIRC will assume
- // that the ratio is 0 for that CPU and won't allocate any resources for it.
- // If resource is not requested for an CPU that is populated, KTIRC will force
- // the ratio for that CPU to 1.
- //
-
-
+ /**
+ Indicates the ratio of Bus/MMIOL/IO resource to be allocated for each CPU's
IIO.
Align indents for every lines in this blob.









+ Value 0 indicates, that CPU is not relevant for the system. If resource is
+ requested for an CPU that is not currently populated, KTIRC will assume
For 'a' CPU




+ that the ratio is 0 for that CPU and won't allocate any resources for it.
+ If resource is not requested for an CPU that is populated, KTIRC will force
+ the ratio for that CPU to 1.
+ **/
UINT8 BusRatio[MAX_SOCKET];

- UINT8 D2KCreditConfig; // 1 - Min, 2 - Med (Default), 3- Max
- UINT8 SnoopThrottleConfig; // 0 - Disabled (Default), 1 - Min, 2 - Med,
3- Max
- UINT8 SnoopAllCores; // 0 - Disabled, 1 - Enabled, 2 - Auto
- UINT8 LegacyVgaSoc; // Socket that claims the legacy VGA range;
valid values are 0-7; 0 is default.
- UINT8 LegacyVgaStack; // Stack that claims the legacy VGA range;
valid values are 0-3; 0 is default.
- UINT8 ColdResetRequestStart;
- UINT8 P2pRelaxedOrdering; // 0 - Disable(default) 1 - Enable
- UINT8 DebugPrintLevel; // Bit 0 - Fatal, Bit1 - Warning, Bit2 - Info
Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
- UINT8 SncEn; // 0 - Disable, (default) 1 - Enable
- UINT8 UmaClustering; // 0 - Disable, 2 - 2Clusters UMA, 4 -
4Clusters UMA
- UINT8 IoDcMode; // 0 - Disable IODC, 1 - AUTO (default), 2 -
IODC_EN_REM_INVITOM_PUSH, 3 - IODC_EN_REM_INVITOM_ALLOCFLOW
- // 4 - IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 -
IODC_EN_REM_INVITOM_AND_WCILF
- UINT8 DegradePrecedence; // Use DEGRADE_PRECEDENCE definition;
TOPOLOGY_PRECEDENCE is default
- UINT8 Degrade4SPreference;// 4S1LFullConnect topology is default;
another option is 4S2LRing topology.
- UINT8 DirectoryModeEn; // 0 - Disable; 1 - Enable (default)
- UINT8 XptPrefetchEn; // Xpt Prefetch : 1 - Enable; 0 - Disable; 2 -
Auto (default)
- UINT8 KtiPrefetchEn; // Kti Prefetch : 1 - Enable; 0 - Disable; 2 -
Auto (default)
- UINT8 XptRemotePrefetchEn; // Xpt Remote Prefetch : 1 - Enable; 0
- Disable; 2 - Auto (default) (ICX only)
- UINT8 RdCurForXptPrefetchEn; // RdCur for XPT Prefetch : 0 - Disable,
1 - Enable, 2- Auto (default)
- UINT8 KtiFpgaEnable[MAX_SOCKET]; // Indicate if should enable Fpga
device found in this socket : 0 - Disable, 1 - Enable, 2- Auto
- UINT8 DdrtQosMode; // DDRT QoS Feature: 0 - Disable (default),
1 - M2M QoS Enable, Cha QoS Disable
- // 2 - M2M QoS Enable, Cha QoS Enable
+ UINT8 D2KCreditConfig; ///< 1 - Min, 2 - Med (Default), 3-
Max
+ UINT8 SnoopThrottleConfig; ///< 0 - Disabled (Default), 1 - Min,
2 - Med, 3- Max
+ UINT8 SnoopAllCores; ///< 0 - Disabled, 1 - Enabled, 2 - Auto
+ UINT8 LegacyVgaSoc; ///< Socket that claims the legacy
VGA range; valid values are 0-7; 0 is default.
+ UINT8 LegacyVgaStack; ///< Stack that claims the legacy VGA
range; valid values are 0-3; 0 is default.
+ UINT8 ColdResetRequestStart; ///< @deprecated Reserved.
+ UINT8 P2pRelaxedOrdering; ///< 0 - Disable(default) 1 - Enable
+ UINT8 DebugPrintLevel; ///< Bit 0 - Fatal, Bit1 - Warning, Bit2
- Info Summary; Bit 3 - Info detailed. 1 - Enable; 0 - Disable
+ UINT8 SncEn; ///< 0 - Disable, (default) 1 - Enable
+ UINT8 UmaClustering; ///< 0 - Disable, 2 - 2Clusters UMA, 4 -
4Clusters UMA
+ UINT8 IoDcMode; ///< 0 - Disable IODC, 1 - AUTO
(default), 2 - IODC_EN_REM_INVITOM_PUSH, 3 -
IODC_EN_REM_INVITOM_ALLOCFLOW
+ ///< 4 -
IODC_EN_REM_INVITOM_ALLOC_NONALLOC, 5 -
IODC_EN_REM_INVITOM_AND_WCILF
+ UINT8 DegradePrecedence; ///< Use DEGRADE_PRECEDENCE
definition; TOPOLOGY_PRECEDENCE is default
+ UINT8 Degrade4SPreference; ///< 4S1LFullConnect topology is
default; another option is 4S2LRing topology.
+ UINT8 DirectoryModeEn; ///< 0 - Disable; 1 - Enable (default)
+ UINT8 XptPrefetchEn; ///< Xpt Prefetch : 1 - Enable; 0 -
Disable; 2 - Auto (default)
+ UINT8 KtiPrefetchEn; ///< Kti Prefetch : 1 - Enable; 0 -
Disable; 2 - Auto (default)
+ UINT8 XptRemotePrefetchEn; ///< Xpt Remote Prefetch : 1 -
Enable; 0 - Disable; 2 - Auto (default) (ICX only)
+ UINT8 RdCurForXptPrefetchEn; ///< RdCur for XPT Prefetch : 0 -
Disable, 1 - Enable, 2- Auto (default)
+ UINT8 KtiFpgaEnable[MAX_SOCKET]; ///< Indicate if should enable
Fpga device found in this socket : 0 - Disable, 1 - Enable, 2- Auto
+ UINT8 DdrtQosMode; ///< DDRT QoS Feature: 0 - Disable
(default), 1 - M2M QoS Enable, Cha QoS Disable
+ ///< 2 - M2M QoS
+ Enable, Cha QoS Enable

//
// Phy/Link Layer Options (System-wide and per socket)
//
- UINT8 KtiLinkSpeedMode; // Link speed mode selection; 0 - Slow
Speed; 1- Full Speed (default)
- UINT8 KtiLinkSpeed; // Use KTI_LINKSPEED definition
- UINT8 KtiAdaptationEn; // 0 - Disable, 1 - Enable
- UINT8 KtiAdaptationSpeed; // Use KTI_LINK_SPEED definition;
MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
- UINT8 KtiLinkL0pEn; // 0 - Disable, 1 - Enable, 2- Auto (default)
- UINT8 KtiLinkL1En; // 0 - Disable, 1 - Enable, 2- Auto (default)
- UINT8 KtiFailoverEn; // 0 - Disable, 1 - Enable, 2- Auto (default)
- UINT8 KtiLbEn; // 0 - Disable(default), 1 - Enable
- UINT8 KtiCrcMode; // CRC_MODE_16BIT,
CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
-
- UINT8 KtiCpuSktHotPlugEn; // 0 - Disable (default), 1 - Enable
- UINT8 KtiCpuSktHotPlugTopology; // 0 - 4S Topology (default), 1 - 8S
Topology
- UINT8 KtiSkuMismatchCheck; // 0 - No, 1 - Yes (default)
- UINT8 IrqThreshold; // IRQ Threshold setting
- UINT8 TorThresLoctoremNorm; // TOR threshold - Loctorem
threshold normal
- UINT8 TorThresLoctoremEmpty; // TOR threshold - Loctorem
threshold empty
- UINT8 MbeBwCal; // 0 - Linear, 1 - Biased, 2 - Legacy, 3 -
AUTO (default = Linear)
- UINT8 TscSyncEn; // TSC sync in sockets: 0 - Disable, 1 - Enable,
2 - AUTO (Default)
- UINT8 StaleAtoSOptEn; // HA A to S directory optimization: 1 -
Enable; 0 - Disable; 2 - Auto (Default)
- UINT8 LLCDeadLineAlloc; // LLC dead line alloc: 1 -
Enable(Default); 0 - Disable
- UINT8 SplitLock;
- UINT8 ColdResetRequestEnd;
-
- //
- // Phy/Link Layer Options (per Port)
- //
+ UINT8 KtiLinkSpeedMode; ///< Link speed mode selection; 0 -
Slow Speed; 1- Full Speed (default)
+ UINT8 KtiLinkSpeed; ///< Use KTI_LINKSPEED definition
+ UINT8 KtiAdaptationEn; ///< 0 - Disable, 1 - Enable
+ UINT8 KtiAdaptationSpeed; ///< Use KTI_LINK_SPEED definition;
MAX_KTI_LINK_SPEED - Auto (i.e BIOS choosen speed)
+ UINT8 KtiLinkL0pEn; ///< 0 - Disable, 1 - Enable, 2- Auto
(default)
+ UINT8 KtiLinkL1En; ///< 0 - Disable, 1 - Enable, 2- Auto
(default)
+ UINT8 KtiFailoverEn; ///< 0 - Disable, 1 - Enable, 2- Auto
(default)
+ UINT8 KtiLbEn; ///< 0 - Disable(default), 1 - Enable
+ UINT8 KtiCrcMode; ///< CRC_MODE_16BIT,
CRC_MODE_ROLLING_32BIT, CRC_MODE_AUTO or CRC_MODE_PER_LINK
+
+ UINT8 KtiCpuSktHotPlugEn; ///< 0 - Disable (default), 1 - Enable
+ UINT8 KtiCpuSktHotPlugTopology; ///< 0 - 4S Topology (default), 1
- 8S Topology
+ UINT8 KtiSkuMismatchCheck; ///< 0 - No, 1 - Yes (default)
+ UINT8 IrqThreshold; ///< IRQ Threshold setting
+ UINT8 TorThresLoctoremNorm; ///< TOR threshold - Loctorem
threshold normal
+ UINT8 TorThresLoctoremEmpty; ///< TOR threshold - Loctorem
threshold empty
+ UINT8 MbeBwCal; ///< 0 - Linear, 1 - Biased, 2 - Legacy, 3
- AUTO (default = Linear)
+ UINT8 TscSyncEn; ///< TSC sync in sockets: 0 - Disable, 1 -
Enable, 2 - AUTO (Default)
+ UINT8 StaleAtoSOptEn; ///< HA A to S directory optimization:
1 - Enable; 0 - Disable; 2 - Auto (Default)
+ UINT8 LLCDeadLineAlloc; ///< LLC dead line alloc: 1 -
Enable(Default); 0 - Disable
+ UINT8 SplitLock; ///< @deprecated Reserved, must be set
to 0.
+ UINT8 ColdResetRequestEnd; ///< @deprecated Reserved.
+
+ ///
+ /// Phy/Link Layer Options (per Port) ///
KTI_CPU_SETTING PhyLinkPerPortSetting[MAX_SOCKET];


- UINT8 mmCfgBase; ///< MMCFG Base address, must be 64MB (SKX,
HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G, 2:1.75G, 3:2G,
4:2.25G, 5:3G, 6: Auto}
- UINT8 mmCfgSize; ///< MMCFG Size address, must be 64M, 128M or
256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
- UINT32 mmiolBase; ///< MMIOL Base address, must be 64MB aligned
- UINT32 mmiolSize; ///< MMIOL Size address
- UINT32 mmiohBase; ///< Address bits above 4GB, i,e, the hex value
here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
- UINT8 CpuPaLimit; ///< Limits the max address to 46bits. This will take
precedence over mmiohBase
- UINT8 lowGap;
- UINT8 highGap;
- UINT16 mmiohSize; ////<< Number of 1GB contiguous regions to be
assigned for MMIOH space per CPU. Range 1-1024
- UINT8 isocEn; ///< 1 - Enable; 0 - Disable (BIOS will force this for 4S)
- UINT8 dcaEn; ///< 1 - Enable; 0 - Disable
+ UINT8 mmCfgBase; ///< MMCFG Base address, must be
64MB (SKX, HSX, BDX) / 256MB (GROVEPORT) aligned. Options: {0:1G, 1:1.5G,
2:1.75G, 3:2G, 4:2.25G, 5:3G, 6: Auto}
+ UINT8 mmCfgSize; ///< MMCFG Size address, must be 64M,
128M or 256M. Options: {0:64M, 1:128M, 2:256M, 3:512M, 4:1G, 5:2G, 6: Auto}
+ UINT32 mmiolBase; ///< MMIOL Base address, must be
64MB aligned
+ UINT32 mmiolSize; ///< MMIOL Size address
+ UINT32 mmiohBase; ///< Address bits above 4GB, i,e, the
hex value here is address Bit[45:32] for SKX family, Bit[51:32] for ICX-SP
+ UINT8 CpuPaLimit; ///< Limits the max address to 46bits.
This will take precedence over mmiohBase
+ UINT8 lowGap; ///< @deprecated Reserved.
+ UINT8 highGap; ///< @deprecated Reserved.
+ UINT16 mmiohSize; ///< Number of 1GB contiguous
regions to be assigned for MMIOH space per CPU. Range 1-1024
+ UINT8 isocEn; ///< 1 - Enable; 0 - Disable (BIOS will force
this for 4S)
+ UINT8 dcaEn; ///< 1 - Enable; 0 - Disable

- /*
+ /**
BoardTypeBitmask:
- Bits[3:0] - Socket0
- Bits[7:4] - Socket1
- Bits[11:8] - Socket2
- Bits[15:12] - Socket3
- Bits[19:16] - Socket4
- Bits[23:20] - Socket5
- Bits[27:24] - Socket6
- Bits[31:28] - Socket7
+ - Bits[3:0] - Socket0
+ - Bits[7:4] - Socket1
+ - Bits[11:8] - Socket2
+ - Bits[15:12] - Socket3
+ - Bits[19:16] - Socket4
+ - Bits[23:20] - Socket5
+ - Bits[27:24] - Socket6
+ - Bits[31:28] - Socket7

Within each Socket-specific field, bits mean:
- Bit0 = CPU_TYPE_STD support; always 1 on Socket0
- Bit1 = CPU_TYPE_F support
- Bit2 = CPU_TYPE_P support
- Bit3 = reserved
- */
+ - Bit0 = CPU_TYPE_STD support; always 1 on Socket0
+ - Bit1 = CPU_TYPE_F support
+ - Bit2 = CPU_TYPE_P support
+ - Bit3 = reserved
+ **/
UINT32 BoardTypeBitmask;
- UINT32 AllLanesPtr;
- UINT32 PerLanePtr;
- UINT32 AllLanesSizeOfTable;
- UINT32 PerLaneSizeOfTable;
- UINT32 WaitTimeForPSBP; // the wait time in units of 1000us for PBSP
to check in.
- BOOLEAN IsKtiNvramDataReady;
- UINT32 OemHookPostTopologyDiscovery;
- UINT32 OemGetResourceMapUpdate;
- UINT32 OemGetAdaptedEqSettings;
- UINT32 OemCheckCpuPartsChangeSwap;
-
- BOOLEAN WaSerializationEn; // Enable BIOS serialization WA by
PcdWaSerializationEn
+ UINT32 AllLanesPtr; ///< Pointer to an array of
ALL_LANES_EPARAM_LINK_INFO structures.
+ UINT32 PerLanePtr; ///< Pointer to an array of
PER_LANE_EPARAM_LINK_INFO structures.
+ UINT32 AllLanesSizeOfTable; ///< Number of elements in array
pointed to by AllLanesPtr
+ UINT32 PerLaneSizeOfTable; ///< Number of elements in array
pointed to by PerLanePtr
+ UINT32 WaitTimeForPSBP; ///< the wait time in units of
1000us for PBSP to check in.
+ BOOLEAN IsKtiNvramDataReady; ///< Used internally, Reserved.
+ UINT32 OemHookPostTopologyDiscovery; ///<
OEM_HOOK_POST_TOPOLOGY_DISCOVERY function pointer. Invoked at the end
of topology discovery, used for error reporting.
+ UINT32 OemGetResourceMapUpdate; ///<
OEM_GET_RESOURCE_MAP_UPDATE function pointer. Allows platform code to
adjust the resource map.
+ UINT32 OemGetAdaptedEqSettings; ///< @deprecated Reserved,
must be set to 0.
+ UINT32 OemCheckCpuPartsChangeSwap; ///< @deprecated
Reserved, must be set to 0.
+
+ BOOLEAN WaSerializationEn; ///< Enable BIOS serialization WA
by PcdWaSerializationEn
KTI_RESERVED_3 Reserved166;
KTI_RESERVED_4 Reserved167[MAX_SOCKET];
- UINT8 KtiInEnableMktme; // 0 - Disabled; 1 - Enabled; MkTme
status decides D2Kti feature state
+ UINT8 KtiInEnableMktme; ///< 0 - Disabled; 1 - Enabled;
MkTme status decides D2Kti feature state
+ /**
+ Pointers to the location of the CFR/SINIT binaries.
+
+ Contains a pointer to a 24 byte fixed length array.
+ The array contains the 3 instances of the following c-struct
+ ~~~
+ typedef struct {
+ UINT32 CfrImagePtr;
+ UINT32 CfrImageSize;
+ }
+ ~~~
+ This allows a maximum of 3 CFR/SINIT binaries to be provided by platform
code.
+ **/
UINT32 CFRImagePtr;
- UINT8 S3mCFRCommit; // 0 - Disable S3m CFR flow. 1 -
Provision S3m CFR but not Commit. 2 - Provsion and Commit S3M CFR.
- UINT8 PucodeCFRCommit; // 0 - Disable Pucode CFR flow. 1 -
Provision Pucode CFR but not Commit. 2 - Provsion and Commit Pucode CFR.
+ UINT8 S3mCFRCommit; ///< 0 - Disable S3m CFR flow. 1 -
Provision S3m CFR but not Commit. 2 - Provision and Commit S3M CFR.
+ UINT8 PucodeCFRCommit; ///< 0 - Disable Pucode CFR flow. 1
- Provision Pucode CFR but not Commit. 2 - Provision and Commit Pucode CFR.
} KTI_HOST_IN;

#pragma pack()
diff --git
a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyComm
on.h
b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyComm
on.h
index f5861ccaf..0e10d0b8f 100644
---
a/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyComm
on.h
+++
b/Silicon/Intel/WhitleySiliconPkg/Pch/SouthClusterLbg/Include/PchPolicyComm
on.h
@@ -23,6 +23,9 @@ extern EFI_GUID gFlashProtectionConfigGuid;
// ---------------------------- PCH General Config -------------------------------
//

+/**
+ PCH General Configuration
+**/
typedef struct {
/**
Subsystem Vendor ID and Subsystem ID of the PCH devices.
@@ -775,6 +778,9 @@ typedef enum {
PchHdaIDispMode1T = 1
} PCH_HDAUDIO_IDISP_TMODE;

+/**
+ This structure contains the policies which are related to HD Audio device
(cAVS).
+**/
typedef struct {
/**
This member describes whether or not Intel HD Audio (Azalia) should be
enabled.
@@ -1674,6 +1680,9 @@ typedef struct {
UINT16 ProtectedRangeBase;
} PROTECTED_RANGE;

+/**
+ PCH Flash Protection Configuration
+**/
typedef struct {
PROTECTED_RANGE ProtectRange[PCH_FLASH_PROTECTED_RANGES];
} PCH_FLASH_PROTECTION_CONFIG;
diff --git
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
Tme1v0_Inputs.h
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
Tme1v0_Inputs.h
index 4c48ca19e..84197b8c8 100644
---
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
Tme1v0_Inputs.h
+++
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
Tme1v0_Inputs.h
@@ -8,15 +8,15 @@
**/

//
-// TME
+// TME (Total Memory Encryption)
//
-UINT8 EnableTme; // TME Enable
-UINT8 EnableTmeCR; // Exclude Crystal Ridge memory from
encryption.
+UINT8 EnableTme; ///< TME Enable
+UINT8 EnableTmeCR; ///< TME for Optane Persistent Memory.
Set to 0 exclude Optane from encryption.

//
// MK-TME
//
-UINT8 EnableMktme; // MK-TME Enable
+UINT8 EnableMktme; ///< MK-TME Enable

UINT8 ReservedS234;
UINT8 ReservedS235;
diff --git
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
Tme1v0_Outputs.h
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
Tme1v0_Outputs.h
index 3a6262a65..201cdd9a9 100644
---
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
Tme1v0_Outputs.h
+++
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpMk
Tme1v0_Outputs.h
@@ -10,9 +10,9 @@
//
// MK-TME
//
-// NAK - Not a knob, used just for indication
-UINT8 TmeCapability; // TME Capable
-UINT8 TmeCrSupport; // Flag used to check if Crystal Ridge is supported in UEFI
-UINT8 MktmeCapability; // MK-TME Capable
-UINT16 MktmeMaxKeys; // Max number of keys used for encryption
-UINT8 MkTmeKeyIdBits; // Used to suppress setup menu key-splits
\ No newline at end of file
+// NAK (Not a knob) - Used just for indication
+UINT8 TmeCapability; // NAK (Not a knob) - TME Capable
+UINT8 TmeCrSupport; // NAK (Not a knob) - Flag used to check
if Crystal Ridge is supported in UEFI
+UINT8 MktmeCapability; // NAK (Not a knob) - MK-TME Capable
+UINT16 MktmeMaxKeys; // NAK (Not a knob) - Max number of
keys used for encryption
+UINT8 MkTmeKeyIdBits; // NAK (Not a knob) - Used to suppress
setup menu key-splits
diff --git
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgx
Tem1v0_Inputs.h
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgx
Tem1v0_Inputs.h
index 2deabd0b5..c46434392 100644
---
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgx
Tem1v0_Inputs.h
+++
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpSgx
Tem1v0_Inputs.h
@@ -10,27 +10,30 @@
//
// SGX
//
-UINT8 EnableSgx;
-UINT8 SgxFactoryReset; // Delete all registration data, if SGX enabled
force IPE/FirstBinding flow
-UINT64 PrmrrSize; // SGX PRMRR size
+UINT8 EnableSgx; ///< Enable SGX
+UINT8 SgxFactoryReset; ///< Delete all registration data, if SGX
enabled force IPE/FirstBinding flow
+UINT64 PrmrrSize; ///< SGX PRMRR size
UINT64 ReservedS239;
-UINT8 SgxQoS; // SGX Quality of Service
-UINT8 SgxAutoRegistrationAgent;
-UINT8 SgxPackageInfoInBandAccess; // Expose Package Info to OS
-UINT8 EpochUpdate;
-UINT64 SgxEpoch0; // SGX EPOCH0 value {0 - 0xFFFFFFFFFFFFFFFF}
-UINT64 SgxEpoch1; // SGX EPOCH1 value {0 - 0xFFFFFFFFFFFFFFFF}
-UINT8 SgxLeWr; // Flexible Launch Enclave Policy (Wr En)
-UINT64 SgxLePubKeyHash0; // Launch Enclave Hash 0
-UINT64 SgxLePubKeyHash1; // Launch Enclave Hash 1
-UINT64 SgxLePubKeyHash2; // Launch Enclave Hash 2
-UINT64 SgxLePubKeyHash3; // Launch Enclave Hash 3
-// Client SGX - unused in server
-UINT8 SgxSinitNvsData; // SGX NVS data from Flash passed during
previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
- // Pass value of zero if there is not data saved or when
SGX is disabled.
-UINT8 SgxSinitDataFromTpm; // SGX SVN data from TPM; 0: when SGX is
disabled or TPM is not present or no data
- // is present in TPM.
-UINT8 SgxDebugMode;
+UINT8 SgxQoS; ///< SGX Quality of Service
+UINT8 SgxAutoRegistrationAgent; ///< SGX Auto Registration Agent
+UINT8 SgxPackageInfoInBandAccess; ///< SGX Expose Package Info to
OS
+UINT8 EpochUpdate; ///< SGX EPOCH Update
+UINT64 SgxEpoch0; ///< SGX EPOCH0 value {0 -
0xFFFFFFFFFFFFFFFF}
+UINT64 SgxEpoch1; ///< SGX EPOCH1 value {0 -
0xFFFFFFFFFFFFFFFF}
+UINT8 SgxLeWr; ///< Flexible Launch Enclave Policy (Wr En)
+UINT64 SgxLePubKeyHash0; ///< Launch Enclave Hash 0
+UINT64 SgxLePubKeyHash1; ///< Launch Enclave Hash 1
+UINT64 SgxLePubKeyHash2; ///< Launch Enclave Hash 2
+UINT64 SgxLePubKeyHash3; ///< Launch Enclave Hash 3
+
+//
+// DEPRECATED
+//
+UINT8 SgxSinitNvsData; ///< @deprecated SGX NVS data from
Flash passed during previous boot using CPU_INFO_PROTOCOL.SGX_INFO;
+ /// Pass value of zero if there is not data
saved or when SGX is disabled.
+UINT8 SgxSinitDataFromTpm; ///< @deprecated SGX SVN data
from TPM; 0: when SGX is disabled or TPM is not present or no data
+ /// is present in TPM.
+UINT8 SgxDebugMode; ///< @deprecated

UINT8 ReservedS240;
UINT8 ReservedS241;
diff --git
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx
1v0_Inputs.h
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx
1v0_Inputs.h
index db5081c0a..79369f989 100644
---
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx
1v0_Inputs.h
+++
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityIp/SecurityIpTdx
1v0_Inputs.h
@@ -7,7 +7,7 @@
SPDX-License-Identifier: BSD-2-Clause-Patent
**/

-UINT8 EnableTdx; // TDX Enable
-UINT8 KeySplit; // TDX/MK-TME key split
+UINT8 EnableTdx; ///< TDX Enable
+UINT8 KeySplit; ///< TDX/MK-TME key split

UINT8 ReservedS245;
diff --git
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
new file mode 100644
index 000000000..0beb26704
--- /dev/null
+++ b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy.h
@@ -0,0 +1,29 @@
+/** @file
+ Provides data structure information used by ServerSecurity features in Mtkme
etc.
+
+ @copyright
+ Copyright 2018 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _SECURITY_POLICY_H_
+#define _SECURITY_POLICY_H_
+
+extern EFI_GUID gSecurityPolicyDataGuid;
+#include <Library/SecurityPolicyDefinitions.h>
+
+#pragma pack(1)
+
+/**
+ Security Policy
+**/
+typedef struct {
+ /**
+ * Please put common definitions inside the SecurityPolicy_Flat.h *
+ **/
+ #include "SecurityPolicy_Flat.h"
+} SECURITY_POLICY;
+
+#pragma pack()
+#endif
diff --git
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
index ba62b8c3a..09dacdf62 100644
--- a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
+++
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Guid/SecurityPolicy_Flat.h
@@ -1,6 +1,6 @@
/** @file
Provides data structure information used by ServerSecurity features in literally
all products
- Header is flat and injected directly in SecurityPolicy sructuture and
SOCKET_PROCESSORCORE_CONFIGURATION.
+ Header is flat and injected directly in SecurityPolicy structure and
SOCKET_PROCESSORCORE_CONFIGURATION.

@copyright
Copyright 2020 - 2021 Intel Corporation. <BR>
@@ -8,7 +8,7 @@
SPDX-License-Identifier: BSD-2-Clause-Patent
**/

- // Header is flat and injected directly in SecurityPolicy sructuture and
SOCKET_PROCESSORCORE_CONFIGURATION.
+ // Header is flat and injected directly in SecurityPolicy structure and
SOCKET_PROCESSORCORE_CONFIGURATION.
// Put common definitons here either directly or via intermediate header file..

// SECURITY_IP_MKTME_1V0 MkTme;
diff --git
a/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefiniti
ons.h
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefiniti
ons.h
new file mode 100644
index 000000000..700f5abb4
--- /dev/null
+++
b/Silicon/Intel/WhitleySiliconPkg/Security/Include/Library/SecurityPolicyDefiniti
ons.h
@@ -0,0 +1,28 @@
+/**@file
+ @copyright
+ Copyright 2020 - 2021 Intel Corporation. <BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef __SECURITY_POLICY_DEFINITIONS_H__
+#define __SECURITY_POLICY_DEFINITIONS_H__
+
+//
+// Security Policy definitions
+//
+
+//
+// Values for capable/incapable == supported/unsupported
+//
+#define SECURITY_POLICY_UNSUPPORTED 0
+#define SECURITY_POLICY_SUPPORTED 1
+
+//
+// Values for enable/disable options
+//
+#define SECURITY_POLICY_DISABLE 0
+#define SECURITY_POLICY_ENABLE 1
+#define SECURITY_POLICY_AUTO 2
+
+#endif
--
2.27.0.windows.1


Whitley FSP Released

Nate DeSimone
 

Hi All,

 

Intel is pleased to announce that Whitley FSP is now available at https://github.com/intel/FSP.

 

With Best Regards,

Nate

 


Re: [PATCH v6 00/11] Secure Boot default keys

Sunny Wang
 

Ard, Liming, Ray, Thanks for your review for ArmVirtPkg, ArmPlatformPkg, and EmulatorPkg patches.

As for the patch for Intel Platforms below, it is in another series for edk2-platforms.
- [edk2-platforms PATCH v6 1/4] Intel Platforms: add SecureBootVariableLib class resolution https://edk2.groups.io/g/devel/message/77781

Therefore, I think this series already got all the necessary Reviewed-By and Acked-By of all parts and is ready to be pushed now.

Best Regards,
Sunny Wang

-----Original Message-----
From: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
Sent: Friday, July 16, 2021 8:00 PM
To: devel@edk2.groups.io; gjb@semihalf.com
Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Sunny Wang <Sunny.Wang@arm.com>; mw@semihalf.com; upstream@semihalf.com; jiewen.yao@intel.com; jian.j.wang@intel.com; min.m.xu@intel.com; lersek@redhat.com; Sami Mujawar <Sami.Mujawar@arm.com>; afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com; rebecca@bsdio.com; grehan@freebsd.org; Thomas Abraham <thomas.abraham@arm.com>; chasel.chiu@intel.com; nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn; eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com; yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com; pete@akeo.ie; Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
Subject: RE: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys

The v6 of this series seems to have all the necessary Reviewed-By (and some Tested-By) of all parts, except the following platform specific parts. Could we get help from maintainers to review these please?

Much appreciated!

- ArmVirtPkg : https://edk2.groups.io/g/devel/message/77772
- ArmPlatformPkg: https://edk2.groups.io/g/devel/message/77775
- EmulatorPkg: https://edk2.groups.io/g/devel/message/77773
- Intel Platforms (Platform/Intel/QuarkPlatformPkg, Platform/Intel/MinPlatformPkg, Platform/Intel/Vlv2TbltDevicePkg): https://edk2.groups.io/g/devel/message/77781

Thanks,
--Samer





-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
Grzegorz Bernacki via groups.io
Sent: Wednesday, July 14, 2021 8:30 AM
To: devel@edk2.groups.io
Cc: leif@nuviainc.com; ardb+tianocore@kernel.org; Samer El-Haj-Mahmoud
<Samer.El-Haj-Mahmoud@arm.com>; Sunny Wang
<Sunny.Wang@arm.com>; mw@semihalf.com; upstream@semihalf.com;
jiewen.yao@intel.com; jian.j.wang@intel.com; min.m.xu@intel.com;
lersek@redhat.com; Sami Mujawar <Sami.Mujawar@arm.com>;
afish@apple.com; ray.ni@intel.com; jordan.l.justen@intel.com;
rebecca@bsdio.com; grehan@freebsd.org; Thomas Abraham
<thomas.abraham@arm.com>; chasel.chiu@intel.com;
nathaniel.l.desimone@intel.com; gaoliming@byosoft.com.cn;
eric.dong@intel.com; michael.d.kinney@intel.com; zailiang.sun@intel.com;
yi.qian@intel.com; graeme@nuviainc.com; rad@semihalf.com;
pete@akeo.ie; Grzegorz Bernacki <gjb@semihalf.com>
Subject: [edk2-devel] [PATCH v6 00/11] Secure Boot default keys

This patchset adds support for initialization of default
Secure Boot variables based on keys content embedded in
flash binary. This feature is active only if Secure Boot
is enabled and DEFAULT_KEY is defined. The patchset
consist also application to enroll keys from default
variables and secure boot menu change to allow user
to reset key content to default values.
Discussion on design can be found at:
https://edk2.groups.io/g/rfc/topic/82139806#600

Built with:
GCC
- RISC-V (U500, U540) [requires fixes in dsc to build]
- Intel (Vlv2TbltDevicePkg (X64/IA32), Quark, MinPlatformPkg,
EmulatorPkg (X64), Bhyve, OvmfPkg (X64/IA32))
- ARM (Sgi75,SbsaQemu,DeveloperBox, RPi3/RPi4)

RISC-V, Quark, Vlv2TbltDevicePkg, Bhyve requires additional fixes to be built,
will be post on edk2 maillist later

VS2019
- Intel (OvmfPkgX64)

Test with:
GCC5/RPi4
VS2019/OvmfX64 (requires changes to enable feature)

Tests:
1. Try to enroll key in incorrect format.
2. Enroll with only PKDefault keys specified.
3. Enroll with all keys specified.
4. Enroll when keys are enrolled.
5. Reset keys values.
6. Running signed & unsigned app after enrollment.

Changes since v1:
- change names:
SecBootVariableLib => SecureBootVariableLib
SecBootDefaultKeysDxe => SecureBootDefaultKeysDxe
SecEnrollDefaultKeysApp => EnrollFromDefaultKeysApp
- change name of function CheckSetupMode to GetSetupMode
- remove ShellPkg dependecy from EnrollFromDefaultKeysApp
- rebase to master

Changes since v2:
- fix coding style for functions headers in SecureBootVariableLib.h
- add header to SecureBootDefaultKeys.fdf.inc
- remove empty line spaces in SecureBootDefaultKeysDxe files
- revert FAIL macro in EnrollFromDefaultKeysApp
- remove functions duplicates and add SecureBootVariableLib
to platforms which used it

Changes since v3:
- move SecureBootDefaultKeys.fdf.inc to ArmPlatformPkg
- leave duplicate of CreateTimeBasedPayload in PlatformVarCleanupLib
- fix typo in guid description

Changes since v4:
- reorder patches to make it bisectable
- split commits related to more than one platform
- move edk2-platform commits to separate patchset

Changes since v5:
- split SecureBootVariableLib into SecureBootVariableLib and
SecureBootVariableProvisionLib

Grzegorz Bernacki (11):
SecurityPkg: Create SecureBootVariableLib.
SecurityPkg: Create library for enrolling Secure Boot variables.
ArmVirtPkg: add SecureBootVariableLib class resolution
OvmfPkg: add SecureBootVariableLib class resolution
EmulatorPkg: add SecureBootVariableLib class resolution
SecurityPkg: Remove duplicated functions from SecureBootConfigDxe.
ArmPlatformPkg: Create include file for default key content.
SecurityPkg: Add SecureBootDefaultKeysDxe driver
SecurityPkg: Add EnrollFromDefaultKeys application.
SecurityPkg: Add new modules to Security package.
SecurityPkg: Add option to reset secure boot keys.

SecurityPkg/SecurityPkg.dec | 14 +
ArmVirtPkg/ArmVirt.dsc.inc | 2 +
EmulatorPkg/EmulatorPkg.dsc | 2 +
OvmfPkg/Bhyve/BhyveX64.dsc | 2 +
OvmfPkg/OvmfPkgIa32.dsc | 2 +
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
OvmfPkg/OvmfPkgX64.dsc | 2 +
SecurityPkg/SecurityPkg.dsc | 5 +
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
| 48 ++
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
| 80 +++

SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.inf | 80 +++

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
gDxe.inf | 3 +

SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.inf | 46 ++
SecurityPkg/Include/Library/SecureBootVariableLib.h | 153
++++++
SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
| 134 +++++

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
gNvData.h | 2 +

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
g.vfr | 6 +
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
| 110 +++++
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
| 511 ++++++++++++++++++++

SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.c | 491 +++++++++++++++++++

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
gImpl.c | 344 ++++++-------

SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.c | 69 +++
ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc | 70
+++
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni
| 17 +

SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.uni | 16 +

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi
gStrings.uni | 4 +

SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.uni | 16 +
27 files changed, 2043 insertions(+), 188 deletions(-)
create mode 100644
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
create mode 100644
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
create mode 100644
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.inf
create mode 100644
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.inf
create mode 100644 SecurityPkg/Include/Library/SecureBootVariableLib.h
create mode 100644
SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
create mode 100644
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c
create mode 100644
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c
create mode 100644
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.c
create mode 100644
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.c
create mode 100644 ArmPlatformPkg/SecureBootDefaultKeys.fdf.inc
create mode 100644
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni
create mode 100644
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariablePro
visionLib.uni
create mode 100644
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBoot
DefaultKeysDxe.uni

--
2.25.1





IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


Re: [PATCH v6 05/11] EmulatorPkg: add SecureBootVariableLib class resolution

Ni, Ray
 

Reviewed-by: Ray Ni ray.ni@...


Re: [Patch 1/1] Maintainers.txt: Add Jiewen Yao as OvmfPkg Maintainer

Yao, Jiewen
 

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

-----Original Message-----
From: Kinney, Michael D <michael.d.kinney@intel.com>
Sent: Wednesday, July 21, 2021 8:44 AM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Ard Biesheuvel
<ardb+tianocore@kernel.org>; Justen, Jordan L <jordan.l.justen@intel.com>;
Andrew Fish <afish@apple.com>; Leif Lindholm <leif@nuviainc.com>
Subject: [Patch 1/1] Maintainers.txt: Add Jiewen Yao as OvmfPkg Maintainer

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
Maintainers.txt | 1 +
1 file changed, 1 insertion(+)

diff --git a/Maintainers.txt b/Maintainers.txt
index e9dda5c5ca0c..dd9647327774 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -420,6 +420,7 @@ OvmfPkg
F: OvmfPkg/
W: http://www.tianocore.org/ovmf/
M: Ard Biesheuvel <ardb+tianocore@kernel.org>
+M: Jiewen Yao <jiewen.yao@intel.com>
R: Jordan Justen <jordan.l.justen@intel.com>
S: Maintained

--
2.32.0.windows.1

4781 - 4800 of 82723