Date   

[PATCH v5 05/11] OvmfPkg: add BlobVerifierLibNull to DSC

Dov Murik
 

This prepares the ground for calling VerifyBlob() in
QemuKernelLoaderFsDxe.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 6 +++++-
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
OvmfPkg/OvmfPkgX64.dsc | 5 ++++-
4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index aefdcf881c99..db8bd59579b9 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -173,6 +173,7 @@ [LibraryClasses]
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf=0D
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/Customize=
dDisplayLib.inf=0D
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltL=
ib.inf=0D
+ BlobVerifierLib|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.=
inf=0D
=0D
!if $(SOURCE_DEBUG_ENABLE) =3D=3D TRUE=0D
PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDeb=
ug/PeCoffExtraActionLibDebug.inf=0D
@@ -693,7 +694,10 @@ [Components]
NULL|MdeModulePkg/Library/BootManagerUiLib/BootManagerUiLib.inf=0D
NULL|MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootMaintenanc=
eManagerUiLib.inf=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf=0D
+ }=0D
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index f53efeae7986..799a974cf21a 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -786,7 +786,10 @@ [Components]
NULL|OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiLib.inf=0D
!endif=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf=0D
+ }=0D
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b3662e17f256..66ad5dc70cee 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -800,7 +800,10 @@ [Components.X64]
NULL|OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiLib.inf=0D
!endif=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf=0D
+ }=0D
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 0a237a905866..180565a100c5 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -798,7 +798,10 @@ [Components]
NULL|OvmfPkg/Csm/LegacyBootMaintUiLib/LegacyBootMaintUiLib.inf=0D
!endif=0D
}=0D
- OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf=0D
+ OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {=0D
+ <LibraryClasses>=0D
+ NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf=0D
+ }=0D
OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf=0D
OvmfPkg/Virtio10Dxe/Virtio10.inf=0D
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf=0D
--=20
2.25.1


[PATCH v5 03/11] OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg

Dov Murik
 

From: James Bottomley <jejb@linux.ibm.com>

Support QEMU's -kernel option.

Create a QemuKernel.c for PlatformBootManagerLibGrub
which is an exact copy of the file
PlatformBootManagerLib/QemuKernel.c .

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc =
| 1 +
OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub.inf =
| 2 ++
OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h =
| 11 +++++++++++
OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c =
| 5 +++++
OvmfPkg/Library/{PlatformBootManagerLib =3D> PlatformBootManagerLibGrub}/Q=
emuKernel.c | 0
5 files changed, 19 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index a2f1324c40a6..aefdcf881c99 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -281,6 +281,7 @@ [LibraryClasses.common.PEIM]
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuE=
xceptionHandlerLib.inf=0D
MpInitLib|UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf=0D
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf=
=0D
+ QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad=
ImageLib.inf=0D
PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf=0D
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf=0D
=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManager=
LibGrub.inf b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManage=
rLibGrub.inf
index 9a806d17ec45..5f6f73d18470 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub=
.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/PlatformBootManagerLibGrub=
.inf
@@ -23,6 +23,7 @@ [Defines]
=0D
[Sources]=0D
BdsPlatform.c=0D
+ QemuKernel.c=0D
PlatformData.c=0D
BdsPlatform.h=0D
=0D
@@ -46,6 +47,7 @@ [LibraryClasses]
BootLogoLib=0D
DevicePathLib=0D
PciLib=0D
+ QemuLoadImageLib=0D
UefiLib=0D
PlatformBmPrintScLib=0D
Tcg2PhysicalPresenceLib=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h b/Ovm=
fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
index 748c63081920..f1d3a2906c00 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.h
@@ -172,4 +172,15 @@ PlatformInitializeConsole (
IN PLATFORM_CONSOLE_CONNECT_ENTRY *PlatformConsole=0D
);=0D
=0D
+/**=0D
+ Loads and boots UEFI Linux via the FwCfg interface.=0D
+=0D
+ @retval EFI_NOT_FOUND - The Linux kernel was not found=0D
+=0D
+**/=0D
+EFI_STATUS=0D
+TryRunningQemuKernel (=0D
+ VOID=0D
+ );=0D
+=0D
#endif // _PLATFORM_SPECIFIC_BDS_PLATFORM_H_=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/Ovm=
fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
index 5c92d4fc2b09..7cceeea4879c 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
@@ -1315,6 +1315,11 @@ PlatformBootManagerAfterConsole (
//=0D
Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D
=0D
+ //=0D
+ // Process QEMU's -kernel command line option=0D
+ //=0D
+ TryRunningQemuKernel ();=0D
+=0D
//=0D
// Perform some platform specific connect sequence=0D
//=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/QemuKernel.c b/OvmfPkg/=
Library/PlatformBootManagerLibGrub/QemuKernel.c
similarity index 100%
copy from OvmfPkg/Library/PlatformBootManagerLib/QemuKernel.c
copy to OvmfPkg/Library/PlatformBootManagerLibGrub/QemuKernel.c
--=20
2.25.1


[PATCH v5 07/11] OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg

Dov Murik
 

In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content
of the kernel/initrd/cmdline from the QEMU fw_cfg interface. Insert a
call to VerifyBlob after fetching to allow BlobVerifierLib
implementations to add a verification step for these blobs.

This will allow confidential computing OVMF builds to add verification
mechanisms for these blobs that originate from an untrusted source
(QEMU).

The null implementation of BlobVerifierLib does nothing in VerifyBlob,
and therefore no functional change is expected.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Co-developed-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c | 9 +++++++++
1 file changed, 9 insertions(+)

diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPk=
g/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index c7ddd86f5c75..6832d563bcb0 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -17,6 +17,7 @@
#include <Guid/QemuKernelLoaderFsMedia.h>=0D
#include <Library/BaseLib.h>=0D
#include <Library/BaseMemoryLib.h>=0D
+#include <Library/BlobVerifierLib.h>=0D
#include <Library/DebugLib.h>=0D
#include <Library/DevicePathLib.h>=0D
#include <Library/MemoryAllocationLib.h>=0D
@@ -1039,6 +1040,14 @@ QemuKernelLoaderFsDxeEntrypoint (
if (EFI_ERROR (Status)) {=0D
goto FreeBlobs;=0D
}=0D
+ Status =3D VerifyBlob (=0D
+ CurrentBlob->Name,=0D
+ CurrentBlob->Data,=0D
+ CurrentBlob->Size=0D
+ );=0D
+ if (EFI_ERROR (Status)) {=0D
+ goto FreeBlobs;=0D
+ }=0D
mTotalBlobBytes +=3D CurrentBlob->Size;=0D
}=0D
KernelBlob =3D &mKernelBlob[KernelBlobTypeKernel];=0D
--=20
2.25.1


[PATCH v5 02/11] OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds

Dov Murik
 

Newer kernels support efistub and therefore don't need all the legacy
stuff in X86QemuLoadImageLib, which are harder to secure. Specifically
the verification of kernel/initrd/cmdline blobs will be added only to
the GenericQemuLoadImageLib implementation, so use that for SEV builds.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3457
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 1d487befae08..a2f1324c40a6 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -368,7 +368,7 @@ [LibraryClasses.common.DXE_DRIVER]
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf=0D
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf=0D
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf=
=0D
- QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib=
.inf=0D
+ QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad=
ImageLib.inf=0D
!if $(TPM_ENABLE) =3D=3D TRUE=0D
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i=
nf=0D
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.in=
f=0D
--=20
2.25.1


[PATCH v2 3/3] OvmfPkg/ResetVector: add the macro to request guest termination

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The upcoming SEV-SNP support will need to make a few additional guest
termination requests depending on the failure type. Let's move the logic
to request the guest termination into a macro to keep the code readable.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Acked-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/ResetVector/Ia32/AmdSev.asm | 87 +++++++++++++++--------------
1 file changed, 45 insertions(+), 42 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 93ba917f36d2..aa95d06eaddb 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -38,6 +38,13 @@ BITS 32
%define SEV_GHCB_MSR 0xc0010130
%define SEV_STATUS_MSR 0xc0010131

+; The #VC was not for CPUID
+%define TERM_VC_NOT_CPUID 1
+
+; The unexpected response code
+%define TERM_UNEXPECTED_RESP_CODE 2
+
+
; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
; responsible to populate values in the EDX:EAX registers. After the vmmcall
; returns, it verifies that the response code matches with the expected
@@ -73,6 +80,43 @@ BITS 32
jne SevEsUnexpectedRespTerminate
%endmacro

+; Macro to terminate the guest using the VMGEXIT.
+; arg 1: reason code
+%macro TerminateVmgExit 1
+ mov eax, %1
+ ;
+ ; Use VMGEXIT to request termination. At this point the reason code is
+ ; located in EAX, so shift it left 16 bits to the proper location.
+ ;
+ ; EAX[11:0] => 0x100 - request termination
+ ; EAX[15:12] => 0x1 - OVMF
+ ; EAX[23:16] => 0xXX - REASON CODE
+ ;
+ shl eax, 16
+ or eax, 0x1100
+ xor edx, edx
+ mov ecx, SEV_GHCB_MSR
+ wrmsr
+ ;
+ ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
+ ; mode, so work around this by temporarily switching to 64-bit mode.
+ ;
+BITS 64
+ rep vmmcall
+BITS 32
+
+ ;
+ ; We shouldn't come back from the VMGEXIT, but if we do, just loop.
+ ;
+%%TerminateHlt:
+ hlt
+ jmp %%TerminateHlt
+%endmacro
+
+; Terminate the guest due to unexpected response code.
+SevEsUnexpectedRespTerminate:
+ TerminateVmgExit TERM_UNEXPECTED_RESP_CODE
+
; Check if Secure Encrypted Virtualization (SEV) features are enabled.
;
; Register usage is tight in this routine, so multiple calls for the
@@ -227,48 +271,7 @@ SevEsDisabled:
;

SevEsIdtNotCpuid:
- ;
- ; Use VMGEXIT to request termination.
- ; 1 - #VC was not for CPUID
- ;
- mov eax, 1
- jmp SevEsIdtTerminate
-
-SevEsUnexpectedRespTerminate:
- ;
- ; Use VMGEXIT to request termination.
- ; 2 - Unexpected Response is received
- ;
- mov eax, 2
-
-SevEsIdtTerminate:
- ;
- ; Use VMGEXIT to request termination. At this point the reason code is
- ; located in EAX, so shift it left 16 bits to the proper location.
- ;
- ; EAX[11:0] => 0x100 - request termination
- ; EAX[15:12] => 0x1 - OVMF
- ; EAX[23:16] => 0xXX - REASON CODE
- ;
- shl eax, 16
- or eax, 0x1100
- xor edx, edx
- mov ecx, SEV_GHCB_MSR
- wrmsr
- ;
- ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
- ; mode, so work around this by temporarily switching to 64-bit mode.
- ;
-BITS 64
- rep vmmcall
-BITS 32
-
- ;
- ; We shouldn't come back from the VMGEXIT, but if we do, just loop.
- ;
-SevEsIdtHlt:
- hlt
- jmp SevEsIdtHlt
+ TerminateVmgExit TERM_VC_NOT_CPUID
iret

;
--
2.17.1


[PATCH v2 2/3] OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The upcoming SEV-SNP support will need to make a few additional MSR
protocol based VMGEXIT's. Add a macro that wraps the common setup and
response validation logic in one place to keep the code readable.

While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS
MSR instead of open coding it.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Acked-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
OvmfPkg/ResetVector/Ia32/AmdSev.asm | 71 +++++++++++++++++++----------
1 file changed, 47 insertions(+), 24 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 2c9d990af55f..93ba917f36d2 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -35,6 +35,44 @@ BITS 32
%define CPUID_INSN_LEN 2


+%define SEV_GHCB_MSR 0xc0010130
+%define SEV_STATUS_MSR 0xc0010131
+
+; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
+; responsible to populate values in the EDX:EAX registers. After the vmmcall
+; returns, it verifies that the response code matches with the expected
+; code. If it does not match then terminate the guest. The result of request
+; is returned in the EDX:EAX.
+;
+; args 1:Request code, 2: Response code
+%macro VmgExit 2
+ ;
+ ; Add request code:
+ ; GHCB_MSR[11:0] = Request code
+ or eax, %1
+
+ mov ecx, SEV_GHCB_MSR
+ wrmsr
+
+ ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
+ ; mode, so work around this by temporarily switching to 64-bit mode.
+ ;
+BITS 64
+ rep vmmcall
+BITS 32
+
+ mov ecx, SEV_GHCB_MSR
+ rdmsr
+
+ ;
+ ; Verify the reponse code, if it does not match then request to terminate
+ ; GHCB_MSR[11:0] = Response code
+ mov ecx, eax
+ and ecx, 0xfff
+ cmp ecx, %2
+ jne SevEsUnexpectedRespTerminate
+%endmacro
+
; Check if Secure Encrypted Virtualization (SEV) features are enabled.
;
; Register usage is tight in this routine, so multiple calls for the
@@ -84,7 +122,7 @@ CheckSevFeatures:

; Check if SEV memory encryption is enabled
; MSR_0xC0010131 - Bit 0 (SEV enabled)
- mov ecx, 0xc0010131
+ mov ecx, SEV_STATUS_MSR
rdmsr
bt eax, 0
jnc NoSev
@@ -99,7 +137,7 @@ CheckSevFeatures:

; Check if SEV-ES is enabled
; MSR_0xC0010131 - Bit 1 (SEV-ES enabled)
- mov ecx, 0xc0010131
+ mov ecx, SEV_STATUS_MSR
rdmsr
bt eax, 1
jnc GetSevEncBit
@@ -196,10 +234,10 @@ SevEsIdtNotCpuid:
mov eax, 1
jmp SevEsIdtTerminate

-SevEsIdtNoCpuidResponse:
+SevEsUnexpectedRespTerminate:
;
; Use VMGEXIT to request termination.
- ; 2 - GHCB_CPUID_RESPONSE not received
+ ; 2 - Unexpected Response is received
;
mov eax, 2

@@ -215,7 +253,7 @@ SevEsIdtTerminate:
shl eax, 16
or eax, 0x1100
xor edx, edx
- mov ecx, 0xc0010130
+ mov ecx, SEV_GHCB_MSR
wrmsr
;
; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
@@ -275,7 +313,7 @@ SevEsIdtVmmComm:
mov [esp + VC_CPUID_REQUEST_REGISTER], eax

; Save current GHCB MSR value
- mov ecx, 0xc0010130
+ mov ecx, SEV_GHCB_MSR
rdmsr
mov [esp + VC_GHCB_MSR_EAX], eax
mov [esp + VC_GHCB_MSR_EDX], edx
@@ -292,31 +330,16 @@ NextReg:
jge VmmDone

shl eax, GHCB_CPUID_REGISTER_SHIFT
- or eax, GHCB_CPUID_REQUEST
mov edx, [esp + VC_CPUID_FUNCTION]
- mov ecx, 0xc0010130
- wrmsr

- ;
- ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
- ; mode, so work around this by temporarily switching to 64-bit mode.
- ;
-BITS 64
- rep vmmcall
-BITS 32
+ VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE

;
- ; Read GHCB MSR
+ ; Response GHCB MSR
; GHCB_MSR[63:32] = CPUID register value
; GHCB_MSR[31:30] = CPUID register
; GHCB_MSR[11:0] = CPUID response protocol
;
- mov ecx, 0xc0010130
- rdmsr
- mov ecx, eax
- and ecx, 0xfff
- cmp ecx, GHCB_CPUID_RESPONSE
- jne SevEsIdtNoCpuidResponse

; Save returned value
shr eax, GHCB_CPUID_REGISTER_SHIFT
@@ -334,7 +357,7 @@ VmmDone:
;
mov eax, [esp + VC_GHCB_MSR_EAX]
mov edx, [esp + VC_GHCB_MSR_EDX]
- mov ecx, 0xc0010130
+ mov ecx, SEV_GHCB_MSR
wrmsr

mov eax, [esp + VC_CPUID_RESULT_EAX]
--
2.17.1


[PATCH v2 1/3] OvmfPkg/ResetVector: move SEV specific code in a separate file

Brijesh Singh
 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

The PageTables64.asm was created to provide routines to set the CR3
register for 64-bit paging. During the SEV support, it grew to include a
lot of the SEV stuff. Before adding more SEV features, let's move all
the SEV-specific routines into a separate file.

No functionality change intended.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Acked-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
.../Ia32/{PageTables64.asm => AmdSev.asm} | 145 +------
OvmfPkg/ResetVector/Ia32/PageTables64.asm | 391 ------------------
OvmfPkg/ResetVector/ResetVector.nasmb | 1 +
3 files changed, 3 insertions(+), 534 deletions(-)
copy OvmfPkg/ResetVector/Ia32/{PageTables64.asm => AmdSev.asm} (70%)

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
similarity index 70%
copy from OvmfPkg/ResetVector/Ia32/PageTables64.asm
copy to OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 5fae8986d9da..2c9d990af55f 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -1,42 +1,14 @@
;------------------------------------------------------------------------------
; @file
-; Sets the CR3 register for 64-bit paging
+; Provide the functions to check whether SEV and SEV-ES is enabled.
;
-; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.<BR>
-; Copyright (c) 2017 - 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
+; Copyright (c) 2017 - 2021, Advanced Micro Devices, Inc. All rights reserved.<BR>
; SPDX-License-Identifier: BSD-2-Clause-Patent
;
;------------------------------------------------------------------------------

BITS 32

-%define PAGE_PRESENT 0x01
-%define PAGE_READ_WRITE 0x02
-%define PAGE_USER_SUPERVISOR 0x04
-%define PAGE_WRITE_THROUGH 0x08
-%define PAGE_CACHE_DISABLE 0x010
-%define PAGE_ACCESSED 0x020
-%define PAGE_DIRTY 0x040
-%define PAGE_PAT 0x080
-%define PAGE_GLOBAL 0x0100
-%define PAGE_2M_MBO 0x080
-%define PAGE_2M_PAT 0x01000
-
-%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \
- PAGE_DIRTY + \
- PAGE_READ_WRITE + \
- PAGE_PRESENT)
-
-%define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \
- PAGE_ACCESSED + \
- PAGE_DIRTY + \
- PAGE_READ_WRITE + \
- PAGE_PRESENT)
-
-%define PAGE_PDP_ATTR (PAGE_ACCESSED + \
- PAGE_READ_WRITE + \
- PAGE_PRESENT)
-
;
; SEV-ES #VC exception handler support
;
@@ -213,119 +185,6 @@ IsSevEsEnabled:
SevEsDisabled:
OneTimeCallRet IsSevEsEnabled

-;
-; Modified: EAX, EBX, ECX, EDX
-;
-SetCr3ForPageTables64:
-
- OneTimeCall CheckSevFeatures
- xor edx, edx
- test eax, eax
- jz SevNotActive
-
- ; If SEV is enabled, C-bit is always above 31
- sub eax, 32
- bts edx, eax
-
-SevNotActive:
-
- ;
- ; For OVMF, build some initial page tables at
- ; PcdOvmfSecPageTablesBase - (PcdOvmfSecPageTablesBase + 0x6000).
- ;
- ; This range should match with PcdOvmfSecPageTablesSize which is
- ; declared in the FDF files.
- ;
- ; At the end of PEI, the pages tables will be rebuilt into a
- ; more permanent location by DxeIpl.
- ;
-
- mov ecx, 6 * 0x1000 / 4
- xor eax, eax
-clearPageTablesMemoryLoop:
- mov dword[ecx * 4 + PT_ADDR (0) - 4], eax
- loop clearPageTablesMemoryLoop
-
- ;
- ; Top level Page Directory Pointers (1 * 512GB entry)
- ;
- mov dword[PT_ADDR (0)], PT_ADDR (0x1000) + PAGE_PDP_ATTR
- mov dword[PT_ADDR (4)], edx
-
- ;
- ; Next level Page Directory Pointers (4 * 1GB entries => 4GB)
- ;
- mov dword[PT_ADDR (0x1000)], PT_ADDR (0x2000) + PAGE_PDP_ATTR
- mov dword[PT_ADDR (0x1004)], edx
- mov dword[PT_ADDR (0x1008)], PT_ADDR (0x3000) + PAGE_PDP_ATTR
- mov dword[PT_ADDR (0x100C)], edx
- mov dword[PT_ADDR (0x1010)], PT_ADDR (0x4000) + PAGE_PDP_ATTR
- mov dword[PT_ADDR (0x1014)], edx
- mov dword[PT_ADDR (0x1018)], PT_ADDR (0x5000) + PAGE_PDP_ATTR
- mov dword[PT_ADDR (0x101C)], edx
-
- ;
- ; Page Table Entries (2048 * 2MB entries => 4GB)
- ;
- mov ecx, 0x800
-pageTableEntriesLoop:
- mov eax, ecx
- dec eax
- shl eax, 21
- add eax, PAGE_2M_PDE_ATTR
- mov [ecx * 8 + PT_ADDR (0x2000 - 8)], eax
- mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx
- loop pageTableEntriesLoop
-
- OneTimeCall IsSevEsEnabled
- test eax, eax
- jz SetCr3
-
- ;
- ; The initial GHCB will live at GHCB_BASE and needs to be un-encrypted.
- ; This requires the 2MB page for this range be broken down into 512 4KB
- ; pages. All will be marked encrypted, except for the GHCB.
- ;
- mov ecx, (GHCB_BASE >> 21)
- mov eax, GHCB_PT_ADDR + PAGE_PDP_ATTR
- mov [ecx * 8 + PT_ADDR (0x2000)], eax
-
- ;
- ; Page Table Entries (512 * 4KB entries => 2MB)
- ;
- mov ecx, 512
-pageTableEntries4kLoop:
- mov eax, ecx
- dec eax
- shl eax, 12
- add eax, GHCB_BASE & 0xFFE0_0000
- add eax, PAGE_4K_PDE_ATTR
- mov [ecx * 8 + GHCB_PT_ADDR - 8], eax
- mov [(ecx * 8 + GHCB_PT_ADDR - 8) + 4], edx
- loop pageTableEntries4kLoop
-
- ;
- ; Clear the encryption bit from the GHCB entry
- ;
- mov ecx, (GHCB_BASE & 0x1F_FFFF) >> 12
- mov [ecx * 8 + GHCB_PT_ADDR + 4], strict dword 0
-
- mov ecx, GHCB_SIZE / 4
- xor eax, eax
-clearGhcbMemoryLoop:
- mov dword[ecx * 4 + GHCB_BASE - 4], eax
- loop clearGhcbMemoryLoop
-
-SetCr3:
- ;
- ; Set CR3 now that the paging structures are available
- ;
- mov eax, PT_ADDR (0)
- mov cr3, eax
-
- OneTimeCallRet SetCr3ForPageTables64
-
-;
; Start of #VC exception handling routines
;

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
index 5fae8986d9da..eacdb69ddb9f 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -37,182 +37,6 @@ BITS 32
PAGE_READ_WRITE + \
PAGE_PRESENT)

-;
-; SEV-ES #VC exception handler support
-;
-; #VC handler local variable locations
-;
-%define VC_CPUID_RESULT_EAX 0
-%define VC_CPUID_RESULT_EBX 4
-%define VC_CPUID_RESULT_ECX 8
-%define VC_CPUID_RESULT_EDX 12
-%define VC_GHCB_MSR_EDX 16
-%define VC_GHCB_MSR_EAX 20
-%define VC_CPUID_REQUEST_REGISTER 24
-%define VC_CPUID_FUNCTION 28
-
-; #VC handler total local variable size
-;
-%define VC_VARIABLE_SIZE 32
-
-; #VC handler GHCB CPUID request/response protocol values
-;
-%define GHCB_CPUID_REQUEST 4
-%define GHCB_CPUID_RESPONSE 5
-%define GHCB_CPUID_REGISTER_SHIFT 30
-%define CPUID_INSN_LEN 2
-
-
-; Check if Secure Encrypted Virtualization (SEV) features are enabled.
-;
-; Register usage is tight in this routine, so multiple calls for the
-; same CPUID and MSR data are performed to keep things simple.
-;
-; Modified: EAX, EBX, ECX, EDX, ESP
-;
-; If SEV is enabled then EAX will be at least 32.
-; If SEV is disabled then EAX will be zero.
-;
-CheckSevFeatures:
- ; Set the first byte of the workarea to zero to communicate to the SEC
- ; phase that SEV-ES is not enabled. If SEV-ES is enabled, the CPUID
- ; instruction will trigger a #VC exception where the first byte of the
- ; workarea will be set to one or, if CPUID is not being intercepted,
- ; the MSR check below will set the first byte of the workarea to one.
- mov byte[SEV_ES_WORK_AREA], 0
-
- ;
- ; Set up exception handlers to check for SEV-ES
- ; Load temporary RAM stack based on PCDs (see SevEsIdtVmmComm for
- ; stack usage)
- ; Establish exception handlers
- ;
- mov esp, SEV_ES_VC_TOP_OF_STACK
- mov eax, ADDR_OF(Idtr)
- lidt [cs:eax]
-
- ; Check if we have a valid (0x8000_001F) CPUID leaf
- ; CPUID raises a #VC exception if running as an SEV-ES guest
- mov eax, 0x80000000
- cpuid
-
- ; This check should fail on Intel or Non SEV AMD CPUs. In future if
- ; Intel CPUs supports this CPUID leaf then we are guranteed to have exact
- ; same bit definition.
- cmp eax, 0x8000001f
- jl NoSev
-
- ; Check for SEV memory encryption feature:
- ; CPUID Fn8000_001F[EAX] - Bit 1
- ; CPUID raises a #VC exception if running as an SEV-ES guest
- mov eax, 0x8000001f
- cpuid
- bt eax, 1
- jnc NoSev
-
- ; Check if SEV memory encryption is enabled
- ; MSR_0xC0010131 - Bit 0 (SEV enabled)
- mov ecx, 0xc0010131
- rdmsr
- bt eax, 0
- jnc NoSev
-
- ; Check for SEV-ES memory encryption feature:
- ; CPUID Fn8000_001F[EAX] - Bit 3
- ; CPUID raises a #VC exception if running as an SEV-ES guest
- mov eax, 0x8000001f
- cpuid
- bt eax, 3
- jnc GetSevEncBit
-
- ; Check if SEV-ES is enabled
- ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled)
- mov ecx, 0xc0010131
- rdmsr
- bt eax, 1
- jnc GetSevEncBit
-
- ; Set the first byte of the workarea to one to communicate to the SEC
- ; phase that SEV-ES is enabled.
- mov byte[SEV_ES_WORK_AREA], 1
-
-GetSevEncBit:
- ; Get pte bit position to enable memory encryption
- ; CPUID Fn8000_001F[EBX] - Bits 5:0
- ;
- and ebx, 0x3f
- mov eax, ebx
-
- ; The encryption bit position is always above 31
- sub ebx, 32
- jns SevSaveMask
-
- ; Encryption bit was reported as 31 or below, enter a HLT loop
-SevEncBitLowHlt:
- cli
- hlt
- jmp SevEncBitLowHlt
-
-SevSaveMask:
- xor edx, edx
- bts edx, ebx
-
- mov dword[SEV_ES_WORK_AREA_ENC_MASK], 0
- mov dword[SEV_ES_WORK_AREA_ENC_MASK + 4], edx
- jmp SevExit
-
-NoSev:
- ;
- ; Perform an SEV-ES sanity check by seeing if a #VC exception occurred.
- ;
- cmp byte[SEV_ES_WORK_AREA], 0
- jz NoSevPass
-
- ;
- ; A #VC was received, yet CPUID indicates no SEV-ES support, something
- ; isn't right.
- ;
-NoSevEsVcHlt:
- cli
- hlt
- jmp NoSevEsVcHlt
-
-NoSevPass:
- xor eax, eax
-
-SevExit:
- ;
- ; Clear exception handlers and stack
- ;
- push eax
- mov eax, ADDR_OF(IdtrClear)
- lidt [cs:eax]
- pop eax
- mov esp, 0
-
- OneTimeCallRet CheckSevFeatures
-
-; Check if Secure Encrypted Virtualization - Encrypted State (SEV-ES) feature
-; is enabled.
-;
-; Modified: EAX
-;
-; If SEV-ES is enabled then EAX will be non-zero.
-; If SEV-ES is disabled then EAX will be zero.
-;
-IsSevEsEnabled:
- xor eax, eax
-
- ; During CheckSevFeatures, the SEV_ES_WORK_AREA was set to 1 if
- ; SEV-ES is enabled.
- cmp byte[SEV_ES_WORK_AREA], 1
- jne SevEsDisabled
-
- mov eax, 1
-
-SevEsDisabled:
- OneTimeCallRet IsSevEsEnabled
-
;
; Modified: EAX, EBX, ECX, EDX
;
@@ -324,218 +148,3 @@ SetCr3:
mov cr3, eax

OneTimeCallRet SetCr3ForPageTables64
-
-;
-; Start of #VC exception handling routines
-;
-
-SevEsIdtNotCpuid:
- ;
- ; Use VMGEXIT to request termination.
- ; 1 - #VC was not for CPUID
- ;
- mov eax, 1
- jmp SevEsIdtTerminate
-
-SevEsIdtNoCpuidResponse:
- ;
- ; Use VMGEXIT to request termination.
- ; 2 - GHCB_CPUID_RESPONSE not received
- ;
- mov eax, 2
-
-SevEsIdtTerminate:
- ;
- ; Use VMGEXIT to request termination. At this point the reason code is
- ; located in EAX, so shift it left 16 bits to the proper location.
- ;
- ; EAX[11:0] => 0x100 - request termination
- ; EAX[15:12] => 0x1 - OVMF
- ; EAX[23:16] => 0xXX - REASON CODE
- ;
- shl eax, 16
- or eax, 0x1100
- xor edx, edx
- mov ecx, 0xc0010130
- wrmsr
- ;
- ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
- ; mode, so work around this by temporarily switching to 64-bit mode.
- ;
-BITS 64
- rep vmmcall
-BITS 32
-
- ;
- ; We shouldn't come back from the VMGEXIT, but if we do, just loop.
- ;
-SevEsIdtHlt:
- hlt
- jmp SevEsIdtHlt
- iret
-
- ;
- ; Total stack usage for the #VC handler is 44 bytes:
- ; - 12 bytes for the exception IRET (after popping error code)
- ; - 32 bytes for the local variables.
- ;
-SevEsIdtVmmComm:
- ;
- ; If we're here, then we are an SEV-ES guest and this
- ; was triggered by a CPUID instruction
- ;
- ; Set the first byte of the workarea to one to communicate that
- ; a #VC was taken.
- mov byte[SEV_ES_WORK_AREA], 1
-
- pop ecx ; Error code
- cmp ecx, 0x72 ; Be sure it was CPUID
- jne SevEsIdtNotCpuid
-
- ; Set up local variable room on the stack
- ; CPUID function : + 28
- ; CPUID request register : + 24
- ; GHCB MSR (EAX) : + 20
- ; GHCB MSR (EDX) : + 16
- ; CPUID result (EDX) : + 12
- ; CPUID result (ECX) : + 8
- ; CPUID result (EBX) : + 4
- ; CPUID result (EAX) : + 0
- sub esp, VC_VARIABLE_SIZE
-
- ; Save the CPUID function being requested
- mov [esp + VC_CPUID_FUNCTION], eax
-
- ; The GHCB CPUID protocol uses the following mapping to request
- ; a specific register:
- ; 0 => EAX, 1 => EBX, 2 => ECX, 3 => EDX
- ;
- ; Set EAX as the first register to request. This will also be used as a
- ; loop variable to request all register values (EAX to EDX).
- xor eax, eax
- mov [esp + VC_CPUID_REQUEST_REGISTER], eax
-
- ; Save current GHCB MSR value
- mov ecx, 0xc0010130
- rdmsr
- mov [esp + VC_GHCB_MSR_EAX], eax
- mov [esp + VC_GHCB_MSR_EDX], edx
-
-NextReg:
- ;
- ; Setup GHCB MSR
- ; GHCB_MSR[63:32] = CPUID function
- ; GHCB_MSR[31:30] = CPUID register
- ; GHCB_MSR[11:0] = CPUID request protocol
- ;
- mov eax, [esp + VC_CPUID_REQUEST_REGISTER]
- cmp eax, 4
- jge VmmDone
-
- shl eax, GHCB_CPUID_REGISTER_SHIFT
- or eax, GHCB_CPUID_REQUEST
- mov edx, [esp + VC_CPUID_FUNCTION]
- mov ecx, 0xc0010130
- wrmsr
-
- ;
- ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit
- ; mode, so work around this by temporarily switching to 64-bit mode.
- ;
-BITS 64
- rep vmmcall
-BITS 32
-
- ;
- ; Read GHCB MSR
- ; GHCB_MSR[63:32] = CPUID register value
- ; GHCB_MSR[31:30] = CPUID register
- ; GHCB_MSR[11:0] = CPUID response protocol
- ;
- mov ecx, 0xc0010130
- rdmsr
- mov ecx, eax
- and ecx, 0xfff
- cmp ecx, GHCB_CPUID_RESPONSE
- jne SevEsIdtNoCpuidResponse
-
- ; Save returned value
- shr eax, GHCB_CPUID_REGISTER_SHIFT
- mov [esp + eax * 4], edx
-
- ; Next register
- inc word [esp + VC_CPUID_REQUEST_REGISTER]
-
- jmp NextReg
-
-VmmDone:
- ;
- ; At this point we have all CPUID register values. Restore the GHCB MSR,
- ; set the return register values and return.
- ;
- mov eax, [esp + VC_GHCB_MSR_EAX]
- mov edx, [esp + VC_GHCB_MSR_EDX]
- mov ecx, 0xc0010130
- wrmsr
-
- mov eax, [esp + VC_CPUID_RESULT_EAX]
- mov ebx, [esp + VC_CPUID_RESULT_EBX]
- mov ecx, [esp + VC_CPUID_RESULT_ECX]
- mov edx, [esp + VC_CPUID_RESULT_EDX]
-
- add esp, VC_VARIABLE_SIZE
-
- ; Update the EIP value to skip over the now handled CPUID instruction
- ; (the CPUID instruction has a length of 2)
- add word [esp], CPUID_INSN_LEN
- iret
-
-ALIGN 2
-
-Idtr:
- dw IDT_END - IDT_BASE - 1 ; Limit
- dd ADDR_OF(IDT_BASE) ; Base
-
-IdtrClear:
- dw 0 ; Limit
- dd 0 ; Base
-
-ALIGN 16
-
-;
-; The Interrupt Descriptor Table (IDT)
-; This will be used to determine if SEV-ES is enabled. Upon execution
-; of the CPUID instruction, a VMM Communication Exception will occur.
-; This will tell us if SEV-ES is enabled. We can use the current value
-; of the GHCB MSR to determine the SEV attributes.
-;
-IDT_BASE:
-;
-; Vectors 0 - 28 (No handlers)
-;
-%rep 29
- dw 0 ; Offset low bits 15..0
- dw 0x10 ; Selector
- db 0 ; Reserved
- db 0x8E ; Gate Type (IA32_IDT_GATE_TYPE_INTERRUPT_32)
- dw 0 ; Offset high bits 31..16
-%endrep
-;
-; Vector 29 (VMM Communication Exception)
-;
- dw (ADDR_OF(SevEsIdtVmmComm) & 0xffff) ; Offset low bits 15..0
- dw 0x10 ; Selector
- db 0 ; Reserved
- db 0x8E ; Gate Type (IA32_IDT_GATE_TYPE_INTERRUPT_32)
- dw (ADDR_OF(SevEsIdtVmmComm) >> 16) ; Offset high bits 31..16
-;
-; Vectors 30 - 31 (No handlers)
-;
-%rep 2
- dw 0 ; Offset low bits 15..0
- dw 0x10 ; Selector
- db 0 ; Reserved
- db 0x8E ; Gate Type (IA32_IDT_GATE_TYPE_INTERRUPT_32)
- dw 0 ; Offset high bits 31..16
-%endrep
-IDT_END:
diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/ResetVector.nasmb
index 5fbacaed5f9d..8a3269cfc212 100644
--- a/OvmfPkg/ResetVector/ResetVector.nasmb
+++ b/OvmfPkg/ResetVector/ResetVector.nasmb
@@ -77,6 +77,7 @@
%define SEV_ES_WORK_AREA_ENC_MASK (FixedPcdGet32 (PcdSevEsWorkAreaBase) + 16)
%define SEV_ES_VC_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + FixedPcdGet32 (PcdOvmfSecPeiTempRamSize))
%include "Ia32/Flat32ToFlat64.asm"
+%include "Ia32/AmdSev.asm"
%include "Ia32/PageTables64.asm"
%endif

--
2.17.1


[PATCH v2 0/3] Move the SEV specific changes in ResetVector in separate file

Brijesh Singh
 

The PageTable64.asm was created to build the initial page table,
but over the time it grew to include bunch of the SEV specific code
which does not directly manipulates the pagetable. Before adding more
to it, let's move all the SEV-specific routines into a separate file.

The series is taken from SNP RFCv4. And there is no functionality change
intended. Its just moving the code from one place to another.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>

The full branch is available at:
https://github.com/AMDESE/ovmf/pull/new/refactor-reset-vector

Changelog:
- fix the copyright header in AmdSev.asm

Brijesh Singh (3):
OvmfPkg/ResetVector: move SEV specific code in a separate file
OvmfPkg/ResetVector: add the macro to invoke MSR protocol based
VMGEXIT
OvmfPkg/ResetVector: add the macro to request guest termination

.../Ia32/{PageTables64.asm => AmdSev.asm} | 297 ++++---------
OvmfPkg/ResetVector/Ia32/PageTables64.asm | 391 ------------------
OvmfPkg/ResetVector/ResetVector.nasmb | 1 +
3 files changed, 92 insertions(+), 597 deletions(-)
copy OvmfPkg/ResetVector/Ia32/{PageTables64.asm => AmdSev.asm} (66%)

--
2.17.1


[PATCH edk2-platforms v2 6/6] Platform/ARM: Juno: Add JunoPkg.ci.yaml for CI support

PierreGondois
 

From: Pierre Gondois <Pierre.Gondois@arm.com>

Add a JunoPkg.ci.yaml file to enable the CI for the JunoPkg.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
---
Platform/ARM/JunoPkg/JunoPkg.ci.yaml | 104 +++++++++++++++++++++++++++
1 file changed, 104 insertions(+)
create mode 100644 Platform/ARM/JunoPkg/JunoPkg.ci.yaml

diff --git a/Platform/ARM/JunoPkg/JunoPkg.ci.yaml b/Platform/ARM/JunoPkg/JunoPkg.ci.yaml
new file mode 100644
index 000000000000..7e7f201b40ec
--- /dev/null
+++ b/Platform/ARM/JunoPkg/JunoPkg.ci.yaml
@@ -0,0 +1,104 @@
+## @file
+# Core CI configuration for JunoPkg
+#
+# VExpressPkg is part of Platform CI for builds so this is only
+# used for code analysis.
+#
+# Copyright (c) Microsoft Corporation
+# Copyright (c) 2021, Arm Ltd. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+{
+ ## options defined .pytool/Plugin/LicenseCheck
+ "LicenseCheck": {
+ "IgnoreFiles": []
+ },
+ "EccCheck": {
+ ## Exception sample looks like below:
+ ## "ExceptionList": [
+ ## "<ErrorID>", "<KeyWord>"
+ ## ]
+ "ExceptionList": [
+ ],
+ ## Both file path and directory path are accepted.
+ "IgnoreFiles": [
+ ]
+ },
+ ## options defined .pytool/Plugin/CompilerPlugin
+ "CompilerPlugin": {
+ "DscPath": "" # Don't support this test
+ # Build the Package using a PlatformCI, similarly to ArmVirtPkg.
+ },
+
+ ## options defined .pytool/Plugin/HostUnitTestCompilerPlugin
+ "HostUnitTestCompilerPlugin": {
+ "DscPath": "" # Don't support this test
+ },
+
+ ## options defined .pytool/Plugin/CharEncodingCheck
+ "CharEncodingCheck": {
+ "IgnoreFiles": []
+ },
+
+ ## options defined .pytool/Plugin/DependencyCheck
+ "DependencyCheck": {
+ "AcceptableDependencies": [
+ "ArmPkg/ArmPkg.dec",
+ "ArmPlatformPkg/ArmPlatformPkg.dec",
+ "DynamicTablesPkg/DynamicTablesPkg.dec",
+ "EmbeddedPkg/EmbeddedPkg.dec",
+ "MdePkg/MdePkg.dec",
+ "MdeModulePkg/MdeModulePkg.dec",
+ "Platform/ARM/ARM.dec",
+ "Platform/ARM/Drivers/FdtPlatformDxe/FdtPlatformDxe.dec",
+ "Platform/ARM/JunoPkg/ArmJuno.dec",
+ ],
+ # For host based unit tests
+ "AcceptableDependencies-HOST_APPLICATION":[
+ "UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec"
+ ],
+ # For UEFI shell based apps
+ "AcceptableDependencies-UEFI_APPLICATION":[
+
+ ],
+ "IgnoreInf": []
+ },
+
+ ## options defined .pytool/Plugin/DscCompleteCheck
+ "DscCompleteCheck": {
+ "IgnoreInf": [""],
+ "DscPath": "" # Don't support this test
+ # "DscPath": "ArmJuno.dsc" # Don't support this test
+ },
+
+ ## options defined .pytool/Plugin/HostUnitTestDscCompleteCheck
+ "HostUnitTestDscCompleteCheck": {
+ "IgnoreInf": [""],
+ "DscPath": "" # Don't support this test
+ },
+
+ ## options defined .pytool/Plugin/GuidCheck
+ "GuidCheck": {
+ "IgnoreGuidName": [], # Expected duplication for gEfiFirmwareVolumeTopFileGuid
+ "IgnoreGuidValue": [
+ ],
+ "IgnoreFoldersAndFiles": [],
+ "IgnoreDuplicates": [],
+ },
+
+ ## options defined .pytool/Plugin/LibraryClassCheck
+ "LibraryClassCheck": {
+ "IgnoreHeaderFile": []
+ },
+
+ ## options defined .pytool/Plugin/SpellCheck
+ "SpellCheck": {
+ "AuditOnly": True,
+ "IgnoreFiles": [], # use gitignore syntax to ignore errors in matching files
+ "ExtendWords": [
+
+ ], # words to extend to the dictionary for this package
+ "IgnoreStandardPaths": [], # Standard Plugin defined paths that should be ignore
+ "AdditionalIncludePaths": [] # Additional paths to spell check (wildcards supported)
+ }
+}
--
2.17.1


[PATCH edk2-platforms v2 5/6] .mergify: Add Mergify YML pull request rules configuration file

PierreGondois
 

From: Pierre Gondois <Pierre.Gondois@arm.com>

These files are copies of the files from the tianocore/edk2
repository. Any modification to the tianocore/edk2 files must be
reflected on the tianocore/edk2-platforms copies.

Initial commid-id in the edk2 repository: ab060128768b
Initial message:

Add directory for the Mergify YML configuration files that
provides rules and actions used to process a pull request.

* Auto commit a PR from EDK II Maintainer with 'push' label
set and all CI checks pass
* Auto close a PR from any developers without 'push' label
set and all CI checks pass.
* Auto close a PR from a non EDK II Maintainer that has
the 'push' label set.
* Post a comment to a PR that has a merge conflict.
Submitter can resolved conflicts and reopen the PR.
* Post a comment to a PR that fails PatchCheck.py
Submitter can resolve PatchCheck.py issues and
reopen the PR.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3509

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
---
.mergify/config.yml | 98 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 98 insertions(+)
create mode 100644 .mergify/config.yml

diff --git a/.mergify/config.yml b/.mergify/config.yml
new file mode 100644
index 000000000000..ee27a4152a75
--- /dev/null
+++ b/.mergify/config.yml
@@ -0,0 +1,98 @@
+## @file
+# Mergify YML file that automatically merges a GitHub pull request against
+# edk2-ci if all of the GitHub branch protections have passed. It also
+# contains rules to:
+# * auto close branches that are not from an EDK II Maintainer
+# * post a comment on pull requests that have merge conflicts.
+# * post a comment on pull requests that have PatchCheck.py errors.
+#
+# Configuration Notes:
+# * Update the 'base=edk2-ci' statements with the name of the branch to merge
+# pull requests.
+#
+# * Update the 'status-failure' statement with the name of the name of the Azure
+# Pipelines Build that performs the EDK II Maintainer check.
+#
+# * This file must be checked into the 'default' branch of a repo. Copies
+# of this file on other branches of a repo are ignored by Mergify.
+#
+# Copyright (c) 2021, Arm Ltd. All rights reserved.<BR>
+# Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# https://github.com/apps/mergify
+# https://doc.mergify.io/
+#
+##
+
+pull_request_rules:
+
+ - name: Automatically merge a PR when all required checks pass and 'push' label is present
+ conditions:
+ - base~=(^master|^stable/)
+ - label=push
+ - author=@tianocore/edk-ii-maintainers
+ - status-success=tianocore.PatchCheck
+ - status-success=Ubuntu GCC5 PR
+ - status-success=Windows VS2019 PR
+ actions:
+ merge:
+ strict: true
+ method: rebase
+
+ - name: Automatically close a PR when all required checks pass and 'push' label is not present
+ conditions:
+ - base~=(^master|^stable/)
+ - -label=push
+ - -closed
+ - status-success=tianocore.PatchCheck
+ - status-success=Ubuntu GCC5 PR
+ - status-success=Windows VS2019 PR
+ - status-success=Ubuntu GCC5 PR (FINISHED)
+ - status-success=Windows VS2019 PR (FINISHED)
+ actions:
+ close:
+ message: All checks passed. Auto close personal build.
+
+ - name: Post a comment on a PR that can not be merged due to a merge conflict
+ conditions:
+ - base~=(^master|^stable/)
+ - conflict
+ actions:
+ comment:
+ message: PR can not be merged due to conflict. Please rebase and resubmit
+
+ - name: Automatically close a PR that fails the EDK II Maintainers membership check and 'push' label is present
+ conditions:
+ - base~=(^master|^stable/)
+ - label=push
+ - -author=@tianocore/edk-ii-maintainers
+ actions:
+ close:
+ message: PR submitter is not a member of the Tianocore EDK II Maintainers team
+
+ - name: Post a comment on a PR if PatchCheck fails
+ conditions:
+ - base~=(^master|^stable/)
+ - status-failure=tianocore.PatchCheck
+ actions:
+ comment:
+ message: PR can not be merged due to a PatchCheck failure. Please resolve and resubmit
+
+ - name: Post a comment on a PR if Ubuntu GCC5 fails
+ conditions:
+ - base~=(^master|^stable/)
+ - status-failure=Ubuntu GCC5 PR
+ - status-success=Ubuntu GCC5 PR (FAILED)
+ actions:
+ comment:
+ message: PR can not be merged due to an Ubuntu GCC5 failure. Please resolve and resubmit
+
+ - name: Post a comment on a PR if Windows VS2019 fails
+ conditions:
+ - base~=(^master|^stable/)
+ - status-failure=Windows VS2019 PR
+ - status-success=Windows VS2019 PR (FAILED)
+ actions:
+ comment:
+ message: PR can not be merged due to a Windows VS2019 failure. Please resolve and resubmit
--
2.17.1


[PATCH edk2-platforms v2 4/6] .azurepipelines: Add Azure Pipelines YML configuration files

PierreGondois
 

From: Pierre Gondois <Pierre.Gondois@arm.com>

To enable CI support of the tianocore/edk2-platforms repository,
add YML configuration files used to run Continuous Integration (CI)
checks on Azure Pipelines agents.

These files are copies of the files from the tianocore/edk2
repository. Any modification to the tianocore/edk2 files must be
reflected on the tianocore/edk2-platforms copies.

The following files have been modified:
- .azurepipelines/templates/platform-build-run-steps.yml
- .azurepipelines/templates/pr-gate-build-job.yml
- .azurepipelines/templates/pr-gate-steps.yml

The sections modified are marked with the following comments:
-EDK2_PLATFORMS_MODIF_START
-EDK2_PLATFORMS_MODIF_END

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3509

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
---
.azurepipelines/ReadMe.md | 50 ++++++
.azurepipelines/Ubuntu-GCC5.yml | 21 +++
.azurepipelines/Ubuntu-PatchCheck.yml | 36 +++++
.azurepipelines/Windows-VS2019.yml | 20 +++
.azurepipelines/templates/ReadMe.md | 59 +++++++
.../templates/basetools-build-steps.yml | 37 +++++
.../templates/platform-build-run-steps.yml | 144 ++++++++++++++++++
.../templates/pr-gate-build-job.yml | 63 ++++++++
.azurepipelines/templates/pr-gate-steps.yml | 142 +++++++++++++++++
.../templates/spell-check-prereq-steps.yml | 22 +++
10 files changed, 594 insertions(+)
create mode 100644 .azurepipelines/ReadMe.md
create mode 100644 .azurepipelines/Ubuntu-GCC5.yml
create mode 100644 .azurepipelines/Ubuntu-PatchCheck.yml
create mode 100644 .azurepipelines/Windows-VS2019.yml
create mode 100644 .azurepipelines/templates/ReadMe.md
create mode 100644 .azurepipelines/templates/basetools-build-steps.yml
create mode 100644 .azurepipelines/templates/platform-build-run-steps.yml
create mode 100644 .azurepipelines/templates/pr-gate-build-job.yml
create mode 100644 .azurepipelines/templates/pr-gate-steps.yml
create mode 100644 .azurepipelines/templates/spell-check-prereq-steps.yml

diff --git a/.azurepipelines/ReadMe.md b/.azurepipelines/ReadMe.md
new file mode 100644
index 000000000000..cf57d282c197
--- /dev/null
+++ b/.azurepipelines/ReadMe.md
@@ -0,0 +1,50 @@
+# Azure DevOps Pipelines
+
+These yml files are used to provide CI builds using the Azure DevOps Pipeline Service.
+Most of the CI leverages edk2-pytools to support cross platform building and execution.
+
+## Core CI
+
+Focused on building and testing all packages in Edk2 without an actual target platform.
+
+See `.pytools/ReadMe.py` for more details
+
+## Platform CI
+
+Focused on building a single target platform and confirming functionality on that platform.
+
+## Conventions
+
+* Files extension should be *.yml. *.yaml is also supported but in Edk2 we use those for our package configuration.
+* Platform CI files should be in the `<PlatformPkg>/.azurepipelines` folder.
+* Core CI files are in the root folder.
+* Shared templates are in the `templates` folder.
+* Top level CI files should be named `<host os>-<tool_chain_tag>.yml`
+
+## Links
+
+* Basic Azure Landing Site - https://docs.microsoft.com/en-us/azure/devops/pipelines/?view=azure-devops
+* Pipeline jobs - https://docs.microsoft.com/en-us/azure/devops/pipelines/process/phases?view=azure-devops&tabs=yaml
+* Pipeline yml scheme - https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema%2Cparameter-schema
+* Pipeline expression - https://docs.microsoft.com/en-us/azure/devops/pipelines/process/expressions?view=azure-devops
+* PyTools - https://github.com/tianocore/edk2-pytool-extensions and https://github.com/tianocore/edk2-pytool-library
+
+## Lessons Learned
+
+### Templates and parameters
+
+They are great but evil. If they are used as part of determining the steps of a build they must resolve before the build starts. They can not use variables set in a yml or determined as part of a matrix. If they are used in a step then they can be bound late.
+
+### File matching patterns
+
+On Linux this can hang if there are too many files in the search list.
+
+### Templates and file splitting
+
+Suggestion is to do one big yaml file that does what you want for one of your targets. Then do the second one and find the deltas. From that you can start to figure out the right split of files, steps, jobs.
+
+### Conditional steps
+
+If you want the step to show up in the log but not run, use a step conditional. This is great when a platform doesn't currently support a feature but you want the builders to know that the features exists and maybe someday it will.
+
+If you want the step to not show up use a template step conditional wrapper. Beware this will be evaluated early (at build start). This can hide things not needed on a given OS for example.
diff --git a/.azurepipelines/Ubuntu-GCC5.yml b/.azurepipelines/Ubuntu-GCC5.yml
new file mode 100644
index 000000000000..3760c6efe105
--- /dev/null
+++ b/.azurepipelines/Ubuntu-GCC5.yml
@@ -0,0 +1,21 @@
+## @file
+# Azure Pipeline build file for a build using ubuntu and GCC5
+#
+# Copyright (c) Microsoft Corporation.
+# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+trigger:
+- master
+- stable/*
+pr:
+- master
+- stable/*
+
+jobs:
+- template: templates/pr-gate-build-job.yml
+ parameters:
+ tool_chain_tag: 'GCC5'
+ vm_image: 'ubuntu-latest'
+ arch_list: "IA32,X64,ARM,AARCH64,RISCV64"
+
diff --git a/.azurepipelines/Ubuntu-PatchCheck.yml b/.azurepipelines/Ubuntu-PatchCheck.yml
new file mode 100644
index 000000000000..4de453bf9db8
--- /dev/null
+++ b/.azurepipelines/Ubuntu-PatchCheck.yml
@@ -0,0 +1,36 @@
+## @file
+# Azure Pipielines YML file that evalues the patch series in a PR using the
+# python script BaseTools/Scripts/PatchCheck.py.
+#
+# NOTE: This example monitors pull requests against the edk2-ci branch. Most
+# environments would replace 'edk2-ci' with 'master'.
+#
+# Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# https://github.com/tianocore
+#
+##
+
+trigger: none
+
+pr:
+- master
+- stable/*
+
+pool:
+ vmImage: 'ubuntu-latest'
+
+steps:
+- checkout: self
+ clean: true
+
+- task: UsePythonVersion@0
+ inputs:
+ versionSpec: '3.7.x'
+ architecture: 'x64'
+
+- script: |
+ git fetch origin $(System.PullRequest.TargetBranch):$(System.PullRequest.TargetBranch)
+ python BaseTools/Scripts/PatchCheck.py $(System.PullRequest.TargetBranch)..$(System.PullRequest.SourceCommitId)
+ displayName: 'Use PatchCheck.py to verify patch series in pull request'
diff --git a/.azurepipelines/Windows-VS2019.yml b/.azurepipelines/Windows-VS2019.yml
new file mode 100644
index 000000000000..22f2d88c2c6a
--- /dev/null
+++ b/.azurepipelines/Windows-VS2019.yml
@@ -0,0 +1,20 @@
+## @file
+# Azure Pipeline build file for a build using Windows and VS2019
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+trigger:
+- master
+- stable/*
+
+pr:
+- master
+- stable/*
+
+jobs:
+- template: templates/pr-gate-build-job.yml
+ parameters:
+ tool_chain_tag: 'VS2019'
+ vm_image: 'windows-latest'
+ arch_list: "IA32,X64"
diff --git a/.azurepipelines/templates/ReadMe.md b/.azurepipelines/templates/ReadMe.md
new file mode 100644
index 000000000000..fa433e3ef597
--- /dev/null
+++ b/.azurepipelines/templates/ReadMe.md
@@ -0,0 +1,59 @@
+# CI Templates
+
+This folder contains azure pipeline yml templates for "Core" and "Platform" Continuous Integration and PR validation.
+
+## Common CI templates
+
+### basetools-build-steps.yml
+
+This template compiles the Edk2 basetools from source. The steps in this template are
+conditional and will only run if variable `pkg_count` is greater than 0.
+
+It also has two conditional steps only used when the toolchain contains GCC. These two steps
+use `apt` to update the system packages and add those necessary for Edk2 builds.
+
+## Core CI templates
+
+### pr-gate-build-job.yml
+
+This templates contains the jobs and most importantly the matrix of which packages and
+targets to run for Core CI.
+
+### pr-gate-steps.yml
+
+This template is the main Core CI template. It controls all the steps run and is responsible for most functionality of the Core CI process. This template sets
+the `pkg_count` variable using the `stuart_pr_eval` tool when the
+build type is "pull request"
+
+### spell-check-prereq-steps.yml
+
+This template installs the node based tools used by the spell checker plugin. The steps
+in this template are conditional and will only run if variable `pkg_count` is greater than 0.
+
+## Platform CI templates
+
+### platform-build-run-steps.yml
+
+This template makes heavy use of pytools to build and run a platform in the Edk2 repo
+
+Also uses basetools-build-steps.yml to compile basetools
+
+#### Special Notes
+
+* For a build type of pull request it will conditionally build if the patches change files that impact the platform.
+ * uses `stuart_pr_eval` to determine impact
+* For manual builds or CI builds it will always build the platform
+* It compiles basetools from source
+* Will use `stuart_build --FlashOnly` to attempt to run the built image if the `Run` parameter is set.
+* See the parameters block for expected configuration options
+* Parameter `extra_install_step` allows the caller to insert extra steps. This is useful if additional dependencies, tools, or other things need to be installed. Here is an example of installing qemu on Windows.
+
+ ``` yaml
+ steps:
+ - template: ../../.azurepipelines/templates/build-run-steps.yml
+ parameters:
+ extra_install_step:
+ - powershell: choco install qemu; Write-Host "##vso[task.prependpath]c:\Program Files\qemu"
+ displayName: Install QEMU and Set QEMU on path # friendly name displayed in the UI
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+ ```
diff --git a/.azurepipelines/templates/basetools-build-steps.yml b/.azurepipelines/templates/basetools-build-steps.yml
new file mode 100644
index 000000000000..d8c108c6e212
--- /dev/null
+++ b/.azurepipelines/templates/basetools-build-steps.yml
@@ -0,0 +1,37 @@
+## @file
+# File templates/basetools-build-job.yml
+#
+# template file to build basetools
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+parameters:
+ tool_chain_tag: ''
+
+steps:
+- ${{ if contains(parameters.tool_chain_tag, 'GCC') }}:
+ - bash: sudo apt-get update
+ displayName: Update apt
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+ - bash: sudo apt-get install gcc g++ make uuid-dev
+ displayName: Install required tools
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+- task: CmdLine@1
+ displayName: Build Base Tools from source
+ inputs:
+ filename: python
+ arguments: BaseTools/Edk2ToolsBuild.py -t ${{ parameters.tool_chain_tag }}
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+- task: CopyFiles@2
+ displayName: "Copy base tools build log"
+ inputs:
+ targetFolder: '$(Build.ArtifactStagingDirectory)'
+ SourceFolder: 'BaseTools/BaseToolsBuild'
+ contents: |
+ BASETOOLS_BUILD*.*
+ flattenFolders: true
+ condition: and(gt(variables.pkg_count, 0), succeededOrFailed())
diff --git a/.azurepipelines/templates/platform-build-run-steps.yml b/.azurepipelines/templates/platform-build-run-steps.yml
new file mode 100644
index 000000000000..2a07e387754b
--- /dev/null
+++ b/.azurepipelines/templates/platform-build-run-steps.yml
@@ -0,0 +1,144 @@
+
+## @file
+# File steps.yml
+#
+# template file containing the steps to build
+#
+# Copyright (c) 2021, Arm Limited. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+parameters:
+- name: tool_chain_tag
+ type: string
+ default: ''
+- name: build_pkg
+ type: string
+ default: ''
+- name: build_target
+ type: string
+ default: ''
+- name: build_arch
+ type: string
+ default: ''
+- name: build_file
+ type: string
+ default: ''
+- name: build_flags
+ type: string
+ default: ''
+- name: run_flags
+ type: string
+ default: ''
+
+- name: extra_install_step
+ type: stepList
+ default: []
+
+steps:
+- checkout: self
+ clean: true
+ fetchDepth: 1
+
+- task: UsePythonVersion@0
+ inputs:
+ versionSpec: "3.8.x"
+ architecture: "x64"
+
+- script: pip install -r pip-requirements.txt --upgrade
+ displayName: 'Install/Upgrade pip modules'
+
+# Set default
+- bash: echo "##vso[task.setvariable variable=pkg_count]${{ 1 }}"
+
+# Fetch the target branch so that pr_eval can diff them.
+# Seems like azure pipelines/github changed checkout process in nov 2020.
+- script: git fetch origin $(System.PullRequest.targetBranch)
+ displayName: fetch target branch
+ condition: eq(variables['Build.Reason'], 'PullRequest')
+
+# trim the package list if this is a PR
+- task: CmdLine@1
+ displayName: Check if ${{ parameters.build_pkg }} need testing
+ inputs:
+ filename: stuart_pr_eval
+ arguments: -c ${{ parameters.build_file }} -t ${{ parameters.build_target}} -a ${{ parameters.build_arch}} --pr-target origin/$(System.PullRequest.targetBranch) --output-count-format-string "##vso[task.setvariable variable=pkg_count;isOutpout=true]{pkgcount}"
+ condition: eq(variables['Build.Reason'], 'PullRequest')
+
+ # Setup repo
+- task: CmdLine@1
+ displayName: Setup
+ inputs:
+ filename: stuart_setup
+ arguments: -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} -t ${{ parameters.build_target}} -a ${{ parameters.build_arch}} ${{ parameters.build_flags}}
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+# Stuart Update
+- task: CmdLine@1
+ displayName: Update
+ inputs:
+ filename: stuart_update
+ arguments: -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} -t ${{ parameters.build_target}} -a ${{ parameters.build_arch}} ${{ parameters.build_flags}}
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+# EDK2_PLATFORMS_MODIF_START:
+# The base tools are imported in .pytool/CISettings.py via the 'edk2basetools' python module.
+# # build basetools
+# # do this after setup and update so that code base dependencies
+# # are all resolved.
+# - template: basetools-build-steps.yml
+# parameters:
+# tool_chain_tag: ${{ parameters.tool_chain_tag }}
+# EDK2_PLATFORMS_MODIF_END
+
+# Potential Extra steps
+- ${{ parameters.extra_install_step }}
+
+# Build
+- task: CmdLine@1
+ displayName: Build
+ inputs:
+ filename: stuart_build
+ arguments: -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} TARGET=${{ parameters.build_target}} -a ${{ parameters.build_arch}} ${{ parameters.build_flags}}
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+# Run
+- task: CmdLine@1
+ displayName: Run to shell
+ inputs:
+ filename: stuart_build
+ arguments: -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} TARGET=${{ parameters.build_target}} -a ${{ parameters.build_arch}} ${{ parameters.build_flags}} ${{ parameters.run_flags }} --FlashOnly
+ condition: and(and(gt(variables.pkg_count, 0), succeeded()), eq(variables['Run'], true))
+ timeoutInMinutes: 1
+
+# Copy the build logs to the artifact staging directory
+- task: CopyFiles@2
+ displayName: "Copy build logs"
+ inputs:
+ targetFolder: "$(Build.ArtifactStagingDirectory)"
+ SourceFolder: "Build"
+ contents: |
+ BUILDLOG_*.txt
+ BUILDLOG_*.md
+ CI_*.txt
+ CI_*.md
+ CISETUP.txt
+ SETUPLOG.txt
+ UPDATE_LOG.txt
+ PREVALLOG.txt
+ TestSuites.xml
+ **/BUILD_TOOLS_REPORT.html
+ **/OVERRIDELOG.TXT
+ BASETOOLS_BUILD*.*
+ flattenFolders: true
+ condition: succeededOrFailed()
+
+# Publish build artifacts to Azure Artifacts/TFS or a file share
+- task: PublishBuildArtifacts@1
+ continueOnError: true
+ displayName: "Publish build logs"
+ inputs:
+ pathtoPublish: "$(Build.ArtifactStagingDirectory)"
+ artifactName: "Build Logs $(System.JobName)"
+ condition: succeededOrFailed()
diff --git a/.azurepipelines/templates/pr-gate-build-job.yml b/.azurepipelines/templates/pr-gate-build-job.yml
new file mode 100644
index 000000000000..e436618a91f2
--- /dev/null
+++ b/.azurepipelines/templates/pr-gate-build-job.yml
@@ -0,0 +1,63 @@
+## @file
+# File templates/pr-gate-build-job.yml
+#
+# template file used to build supported packages.
+#
+# Copyright (c) Microsoft Corporation.
+# Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+parameters:
+ tool_chain_tag: ''
+ vm_image: ''
+ arch_list: ''
+
+# Build step
+jobs:
+
+- job: Build_${{ parameters.tool_chain_tag }}
+
+# EDK2_PLATFORMS_MODIF_START:
+# Build edk2-platforms packages
+ #Use matrix to speed up the build process
+ strategy:
+ matrix:
+ TARGET_ARM_PLATFORMS:
+ Build.Pkgs: 'JunoPkg'
+ Build.Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT'
+# EDK2_PLATFORMS_MODIF_END
+
+ workspace:
+ clean: all
+
+ pool:
+ vmImage: ${{ parameters.vm_image }}
+
+ steps:
+ - template: pr-gate-steps.yml
+ parameters:
+ tool_chain_tag: ${{ parameters.tool_chain_tag }}
+ build_pkgs: $(Build.Pkgs)
+ build_targets: $(Build.Targets)
+ build_archs: ${{ parameters.arch_list }}
+
+- job: FINISHED
+ dependsOn: Build_${{ parameters.tool_chain_tag }}
+ condition: succeeded()
+ steps:
+ - checkout: none
+ - script: |
+ echo FINISHED
+ sleep 10
+ displayName: FINISHED
+
+- job: FAILED
+ dependsOn: Build_${{ parameters.tool_chain_tag }}
+ condition: failed()
+ steps:
+ - checkout: none
+ - script: |
+ echo FAILED
+ sleep 10
+ displayName: FAILED
diff --git a/.azurepipelines/templates/pr-gate-steps.yml b/.azurepipelines/templates/pr-gate-steps.yml
new file mode 100644
index 000000000000..0a8a0e1e09a3
--- /dev/null
+++ b/.azurepipelines/templates/pr-gate-steps.yml
@@ -0,0 +1,142 @@
+## @file
+# File templates/pr-gate-steps.yml
+#
+# template file containing the steps to build
+#
+# Copyright (c) 2021, Arm Limited. All rights reserved.<BR>
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+parameters:
+ tool_chain_tag: ''
+ build_pkgs: ''
+ build_targets: ''
+ build_archs: ''
+
+steps:
+- checkout: self
+ clean: true
+ fetchDepth: 1
+
+- task: UsePythonVersion@0
+ inputs:
+ versionSpec: '3.8.x'
+ architecture: 'x64'
+
+- script: pip install -r pip-requirements.txt --upgrade
+ displayName: 'Install/Upgrade pip modules'
+
+# Set default
+- bash: |
+ echo "##vso[task.setvariable variable=pkgs_to_build]${{ parameters.build_pkgs }}"
+ echo "##vso[task.setvariable variable=pkg_count]${{ 1 }}"
+
+# Fetch the target branch so that pr_eval can diff them.
+# Seems like azure pipelines/github changed checkout process in nov 2020.
+- script: git fetch origin $(System.PullRequest.targetBranch)
+ displayName: fetch target branch
+ condition: eq(variables['Build.Reason'], 'PullRequest')
+
+# trim the package list if this is a PR
+- task: CmdLine@1
+ displayName: Check if ${{ parameters.build_pkgs }} need testing
+ inputs:
+ filename: stuart_pr_eval
+ arguments: -c .pytool/CISettings.py -p ${{ parameters.build_pkgs }} --pr-target origin/$(System.PullRequest.targetBranch) --output-csv-format-string "##vso[task.setvariable variable=pkgs_to_build;isOutpout=true]{pkgcsv}" --output-count-format-string "##vso[task.setvariable variable=pkg_count;isOutpout=true]{pkgcount}"
+ condition: eq(variables['Build.Reason'], 'PullRequest')
+
+# install spell check prereqs
+- template: spell-check-prereq-steps.yml
+
+# Build repo
+- task: CmdLine@1
+ displayName: Setup ${{ parameters.build_pkgs }} ${{ parameters.build_archs}}
+ inputs:
+ filename: stuart_setup
+ arguments: -c .pytool/CISettings.py -p $(pkgs_to_build) -t ${{ parameters.build_targets}} -a ${{ parameters.build_archs}} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}}
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+- task: CmdLine@1
+ displayName: Update ${{ parameters.build_pkgs }} ${{ parameters.build_archs}}
+ inputs:
+ filename: stuart_update
+ arguments: -c .pytool/CISettings.py -p $(pkgs_to_build) -t ${{ parameters.build_targets}} -a ${{ parameters.build_archs}} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}}
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+# build basetools
+# do this after setup and update so that code base dependencies
+# are all resolved.
+# EDK2_PLATFORMS_MODIF_START:
+# The base tools are imported in .pytool/CISettings.py via the 'edk2basetools' python module.
+# - template: basetools-build-steps.yml
+# parameters:
+# tool_chain_tag: ${{ parameters.tool_chain_tag }}
+# EDK2_PLATFORMS_MODIF_END
+
+- task: CmdLine@1
+ displayName: Build and Test ${{ parameters.build_pkgs }} ${{ parameters.build_archs}}
+ inputs:
+ filename: stuart_ci_build
+ arguments: -c .pytool/CISettings.py -p $(pkgs_to_build) -t ${{ parameters.build_targets}} -a ${{ parameters.build_archs}} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}}
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+# Publish Test Results to Azure Pipelines/TFS
+- task: PublishTestResults@2
+ displayName: 'Publish junit test results'
+ continueOnError: true
+ condition: and( succeededOrFailed(),gt(variables.pkg_count, 0))
+ inputs:
+ testResultsFormat: 'JUnit' # Options: JUnit, NUnit, VSTest, xUnit
+ testResultsFiles: 'Build/TestSuites.xml'
+ #searchFolder: '$(System.DefaultWorkingDirectory)' # Optional
+ mergeTestResults: true # Optional
+ testRunTitle: $(System.JobName) # Optional
+ #buildPlatform: # Optional
+ #buildConfiguration: # Optional
+ publishRunAttachments: true # Optional
+
+# Publish Test Results to Azure Pipelines/TFS
+- task: PublishTestResults@2
+ displayName: 'Publish host based test results for $(System.JobName)'
+ continueOnError: true
+ condition: and( succeededOrFailed(), gt(variables.pkg_count, 0))
+ inputs:
+ testResultsFormat: 'JUnit' # Options: JUnit, NUnit, VSTest, xUnit
+ testResultsFiles: 'Build/**/*.result.xml'
+ #searchFolder: '$(System.DefaultWorkingDirectory)' # Optional
+ mergeTestResults: false # Optional
+ testRunTitle: ${{ parameters.build_pkgs }} # Optional
+ #buildPlatform: # Optional
+ #buildConfiguration: # Optional
+ publishRunAttachments: true # Optional
+
+# Copy the build logs to the artifact staging directory
+- task: CopyFiles@2
+ displayName: "Copy build logs"
+ inputs:
+ targetFolder: '$(Build.ArtifactStagingDirectory)'
+ SourceFolder: 'Build'
+ contents: |
+ BUILDLOG_*.txt
+ BUILDLOG_*.md
+ CI_*.txt
+ CI_*.md
+ CISETUP.txt
+ SETUPLOG.txt
+ UPDATE_LOG.txt
+ PREVALLOG.txt
+ TestSuites.xml
+ **/BUILD_TOOLS_REPORT.html
+ **/OVERRIDELOG.TXT
+ flattenFolders: true
+ condition: succeededOrFailed()
+
+# Publish build artifacts to Azure Artifacts/TFS or a file share
+- task: PublishBuildArtifacts@1
+ continueOnError: true
+ displayName: "Publish build logs"
+ inputs:
+ pathtoPublish: '$(Build.ArtifactStagingDirectory)'
+ artifactName: 'Build Logs $(System.JobName)'
+ condition: succeededOrFailed()
diff --git a/.azurepipelines/templates/spell-check-prereq-steps.yml b/.azurepipelines/templates/spell-check-prereq-steps.yml
new file mode 100644
index 000000000000..e1570d4f2aac
--- /dev/null
+++ b/.azurepipelines/templates/spell-check-prereq-steps.yml
@@ -0,0 +1,22 @@
+## @file
+# File templates/spell-check-prereq-steps.yml
+#
+# template file used to install spell checking prerequisits
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+parameters:
+ none: ''
+
+steps:
+- task: NodeTool@0
+ inputs:
+ versionSpec: '10.x'
+ #checkLatest: false # Optional
+ condition: and(gt(variables.pkg_count, 0), succeeded())
+
+- script: npm install -g cspell
+ displayName: 'Install cspell npm'
+ condition: and(gt(variables.pkg_count, 0), succeeded())
--
2.17.1


[PATCH edk2-platforms v2 3/6] .pytool/Plugin: Add CI plugins

PierreGondois
 

From: Pierre Gondois <Pierre.Gondois@arm.com>

To enable CI support of the tianocore/edk2-platforms repository,
add a .pytool directory containing the following files:
- .pytool/CISettings.py
- .pytool/Readme.md

These files are largely inspired from the same files available in
the edk2 repository. The .pytool/Plugin/* files containing the
CI tests to run are not copied. edk2-platforms will rely on the
edk2basetools python package and on the edk2 python files, as
edk2 is imported as a submodule of edk2-platforms.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3509

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
---
.pytool/CISettings.py | 185 ++++++++++++++++++++++++++++
.pytool/Readme.md | 271 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 456 insertions(+)
create mode 100644 .pytool/CISettings.py
create mode 100644 .pytool/Readme.md

diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py
new file mode 100644
index 000000000000..18604646030f
--- /dev/null
+++ b/.pytool/CISettings.py
@@ -0,0 +1,185 @@
+# @file
+#
+# Copyright (c) Microsoft Corporation.
+# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
+# Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+import os
+import logging
+import edk2basetools
+
+from edk2toolext.environment import shell_environment
+from edk2toolext.invocables.edk2_ci_build import CiBuildSettingsManager
+from edk2toolext.invocables.edk2_setup import SetupSettingsManager, RequiredSubmodule
+from edk2toolext.invocables.edk2_update import UpdateSettingsManager
+from edk2toolext.invocables.edk2_pr_eval import PrEvalSettingsManager
+from edk2toollib.utility_functions import GetHostInfo
+
+
+class Settings(CiBuildSettingsManager, UpdateSettingsManager, SetupSettingsManager, PrEvalSettingsManager):
+
+ def __init__(self):
+ self.ActualPackages = []
+ self.ActualTargets = []
+ self.ActualArchitectures = []
+ self.ActualToolChainTag = ""
+ self.ActualScopes = None
+
+ # ####################################################################################### #
+ # Extra CmdLine configuration #
+ # ####################################################################################### #
+
+ def AddCommandLineOptions(self, parserObj):
+ pass
+ def RetrieveCommandLineOptions(self, args):
+ pass
+
+ # ####################################################################################### #
+ # Default Support for this Ci Build #
+ # ####################################################################################### #
+
+ def GetPackagesSupported(self):
+ ''' return iterable of edk2 packages supported by this build.
+ These should be edk2 workspace relative paths '''
+ return (
+ "JunoPkg",
+ "VExpressPkg"
+ )
+
+ def GetArchitecturesSupported(self):
+ ''' return iterable of edk2 architectures supported by this build '''
+ return (
+ "IA32",
+ "X64",
+ "ARM",
+ "AARCH64",
+ "RISCV64")
+
+ def GetTargetsSupported(self):
+ ''' return iterable of edk2 target tags supported by this build '''
+ return ("DEBUG", "RELEASE", "NO-TARGET", "NOOPT")
+
+ # ####################################################################################### #
+ # Verify and Save requested Ci Build Config #
+ # ####################################################################################### #
+
+ def SetPackages(self, list_of_requested_packages):
+ ''' Confirm the requested package list is valid and configure SettingsManager
+ to build the requested packages.
+
+ Raise UnsupportedException if a requested_package is not supported
+ '''
+ unsupported = set(list_of_requested_packages) - \
+ set(self.GetPackagesSupported())
+ if(len(unsupported) > 0):
+ logging.critical(
+ "Unsupported Package Requested: " + " ".join(unsupported))
+ raise Exception("Unsupported Package Requested: " +
+ " ".join(unsupported))
+ self.ActualPackages = list_of_requested_packages
+
+ def SetArchitectures(self, list_of_requested_architectures):
+ ''' Confirm the requests architecture list is valid and configure SettingsManager
+ to run only the requested architectures.
+
+ Raise Exception if a list_of_requested_architectures is not supported
+ '''
+ unsupported = set(list_of_requested_architectures) - \
+ set(self.GetArchitecturesSupported())
+ if(len(unsupported) > 0):
+ logging.critical(
+ "Unsupported Architecture Requested: " + " ".join(unsupported))
+ raise Exception(
+ "Unsupported Architecture Requested: " + " ".join(unsupported))
+ self.ActualArchitectures = list_of_requested_architectures
+
+ def SetTargets(self, list_of_requested_target):
+ ''' Confirm the request target list is valid and configure SettingsManager
+ to run only the requested targets.
+
+ Raise UnsupportedException if a requested_target is not supported
+ '''
+ unsupported = set(list_of_requested_target) - \
+ set(self.GetTargetsSupported())
+ if(len(unsupported) > 0):
+ logging.critical(
+ "Unsupported Targets Requested: " + " ".join(unsupported))
+ raise Exception("Unsupported Targets Requested: " +
+ " ".join(unsupported))
+ self.ActualTargets = list_of_requested_target
+
+ # ####################################################################################### #
+ # Actual Configuration for Ci Build #
+ # ####################################################################################### #
+
+ def GetActiveScopes(self):
+ ''' return tuple containing scopes that should be active for this process '''
+ if self.ActualScopes is None:
+ scopes = ("cibuild", "edk2-build", "host-based-test")
+
+ self.ActualToolChainTag = shell_environment.GetBuildVars().GetValue("TOOL_CHAIN_TAG", "")
+
+ is_linux = GetHostInfo().os.upper() == "LINUX"
+ scopes += ('pipbuild-unix',) if is_linux else ('pipbuild-win',)
+
+ if is_linux and self.ActualToolChainTag.upper().startswith("GCC"):
+ if "AARCH64" in self.ActualArchitectures:
+ scopes += ("gcc_aarch64_linux",)
+ if "ARM" in self.ActualArchitectures:
+ scopes += ("gcc_arm_linux",)
+ if "RISCV64" in self.ActualArchitectures:
+ scopes += ("gcc_riscv64_unknown",)
+ self.ActualScopes = scopes
+ return self.ActualScopes
+
+ def GetRequiredSubmodules(self):
+ ''' return iterable containing RequiredSubmodule objects.
+ If no RequiredSubmodules return an empty iterable
+ '''
+ rs = []
+ rs.append(RequiredSubmodule(
+ "edk2", True))
+ rs.append(RequiredSubmodule(
+ "Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi", False))
+ return rs
+
+ def GetName(self):
+ return "Edk2-platforms"
+
+ def GetDependencies(self):
+ return [
+ ]
+
+ def GetPackagesPath(self):
+ ''' Return a list of workspace relative paths that should be mapped as edk2 PackagesPath '''
+ edk2_platforms_path = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+ return [
+ edk2_platforms_path,
+ os.path.join(edk2_platforms_path, "Platform", "ARM"),
+ os.path.join(edk2_platforms_path, "edk2")
+ ]
+
+ def GetWorkspaceRoot(self):
+ ''' get WorkspacePath '''
+ return os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+
+ def FilterPackagesToTest(self, changedFilesList: list, potentialPackagesList: list) -> list:
+ ''' Filter potential packages to test based on changed files. '''
+ build_these_packages = []
+ possible_packages = potentialPackagesList.copy()
+ for f in changedFilesList:
+ # split each part of path for comparison later
+ nodes = f.split("/")
+
+ # python file change in .pytool folder causes building all
+ if f.endswith(".py") and ".pytool" in nodes:
+ build_these_packages = possible_packages
+ break
+
+ # BaseTools files that might change the build
+ if "BaseTools" in nodes:
+ if os.path.splitext(f) not in [".txt", ".md"]:
+ build_these_packages = possible_packages
+ break
+ return build_these_packages
diff --git a/.pytool/Readme.md b/.pytool/Readme.md
new file mode 100644
index 000000000000..5b3d9679d7f2
--- /dev/null
+++ b/.pytool/Readme.md
@@ -0,0 +1,271 @@
+# Edk2-platforms Continuous Integration
+
+## Basic Status
+
+| Package | Windows VS2019 (IA32/X64)| Ubuntu GCC (IA32/X64/ARM/AARCH64) | Known Issues |
+| :---- | :----- | :---- | :--- |
+| Platfrom/ARM/JunoPkg | | :heavy_check_mark: | Spell checking in audit mode. CompilerCheck disabled (need a PlatformCI).
+
+For more detailed status look at the test results of the latest CI run on the
+repo readme.
+
+## Background
+
+This Continuous integration and testing infrastructure leverages the TianoCore EDKII Tools PIP modules:
+[library](https://pypi.org/project/edk2-pytool-library/) and
+[extensions](https://pypi.org/project/edk2-pytool-extensions/) (with repos
+located [here](https://github.com/tianocore/edk2-pytool-library) and
+[here](https://github.com/tianocore/edk2-pytool-extensions)).
+
+The primary execution flows can be found in the
+`.azurepipelines/Windows-VS2019.yml` and `.azurepipelines/Ubuntu-GCC5.yml`
+files. These YAML files are consumed by the Azure Dev Ops Build Pipeline and
+dictate what server resources should be used, how they should be configured, and
+what processes should be run on them. An overview of this schema can be found
+[here](https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema).
+
+Inspection of these files reveals the EDKII Tools commands that make up the
+primary processes for the CI build: 'stuart_setup', 'stuart_update', and
+'stuart_ci_build'. These commands come from the EDKII Tools PIP modules and are
+configured as described below. More documentation on the tools can be
+found [here](https://github.com/tianocore/edk2-pytool-extensions/blob/master/docs/using.md)
+and [here](https://github.com/tianocore/edk2-pytool-extensions/blob/master/docs/features/feature_invocables.md).
+
+## Configuration
+
+Configuration of the CI process consists of (in order of precedence):
+
+* command-line arguments passed in via the Pipeline YAML
+* a per-package configuration file (e.g. `<package-name>.ci.yaml`) that is
+ detected by the CI system in EDKII Tools.
+* a global configuration Python module (e.g. `CISetting.py`) passed in via the
+ command-line
+
+The global configuration file is described in
+[this readme](https://github.com/tianocore/edk2-pytool-extensions/blob/master/docs/usability/using_settings_manager.md)
+from the EDKII Tools documentation. This configuration is written as a Python
+module so that decisions can be made dynamically based on command line
+parameters and codebase state.
+
+The per-package configuration file can override most settings in the global
+configuration file, but is not dynamic. This file can be used to skip or
+customize tests that may be incompatible with a specific package. Each test generally requires
+per package configuration which comes from this file.
+
+## Running CI locally
+
+The EDKII Tools environment (and by extension the ci) is designed to support
+easily and consistently running locally and in a cloud ci environment. To do
+that a few steps should be followed. Details of EDKII Tools can be found in the
+[docs folder here](https://github.com/tianocore/edk2-pytool-extensions/tree/master/docs)
+
+### Prerequisets
+
+1. A supported toolchain (others might work but this is what is tested and validated)
+ * Windows 10:
+ * VS 2017 or VS 2019
+ * Windows SDK (for rc)
+ * Windows WDK (for capsules)
+ * Ubuntu 18.04 or Fedora
+ * GCC5
+ * Easy to add more but this is the current state
+2. Python 3.7.x or newer on path
+3. git on path
+4. Recommended to setup and activate a python virtual environment
+5. Install the requirements `pip install --upgrade pip-requirements.txt`
+
+### Running CI
+
+1. clone your edk2-platforms repo
+2. Activate your python virtual environment in cmd window
+3. Get code dependencies (done only when submodules change)
+ * `stuart_setup -c .pytool/CISettings.py TOOL_CHAIN_TAG=<your tag here>`
+4. Update other dependencies (done more often)
+ * `stuart_update -c .pytool/CISettings.py TOOL_CHAIN_TAG=<your tag here>`
+5. Run CI build (--help will give you options)
+ * `stuart_ci_build -c .pytool/CISettings.py TOOL_CHAIN_TAG=<your tag here>`
+ * -p <pkg1,pkg2,pkg3> : To build only certain packages use a CSV list
+ * -a <arch1,arch2,arch3>: To run only certain architectures use a CSV list
+ * -t <target1,target2>: To run only tests related to certain targets use a
+ CSV list
+ * By default all tests are opted in. Then given a package.ci.yaml file those
+ tests can be configured for a package. Finally setting the check to the
+ value `skip` will skip that plugin. Examples:
+ * `CompilerPlugin=skip` skip the build test
+ * `GuidCheck=skip` skip the Guid check
+ * `SpellCheck=skip` skip the spell checker
+ * etc
+6. Detailed reports and logs per package are captured in the `Build` directory
+
+## Current PyTool Test Capabilities
+
+All CI tests are instances of EDKII Tools plugins. Documentation on the plugin
+system can be found [here](https://github.com/tianocore/edk2-pytool-extensions/blob/master/docs/usability/using_plugin_manager.md)
+and [here](https://github.com/tianocore/edk2-pytool-extensions/blob/master/docs/features/feature_plugin_manager.md).
+Upon invocation, each plugin will be passed the path to the current package
+under test and a dictionary containing its targeted configuration, as assembled
+from the command line, per-package configuration, and global configuration.
+
+Note: CI plugins are considered unique from build plugins and helper plugins,
+even though some CI plugins may execute steps of a build.
+
+In the example, these plugins live alongside the code under test (in the
+`.pytool/Plugin` directory), but may be moved to the 'edk2-test' repo if that
+location makes more sense for the community.
+
+### Module Inclusion Test - DscCompleteCheck
+
+This scans all INF files from a package and confirms they are
+listed in the package level DSC file. The test considers it an error if any INF
+does not appear in the `Components` section of the package-level DSC (indicating
+that it would not be built if the package were built). This is critical because
+much of the CI infrastructure assumes that all modules will be listed in the DSC
+and compiled.
+
+This test will ignore INFs in the following cases:
+
+1. When `MODULE_TYPE` = `HOST_APPLICATION`
+2. When a Library instance **only** supports the `HOST_APPLICATION` environment
+
+### Host Module Inclusion Test - HostUnitTestDscCompleteCheck
+
+This test scans all INF files from a package for those related to host
+based unit tests and confirms they are listed in the unit test DSC file for the package.
+The test considers it an error if any INF meeting the requirements does not appear
+in the `Components` section of the unit test DSC. This is critical because
+much of the CI infrastructure assumes that modules will be listed in the DSC
+and compiled.
+
+This test will only require INFs in the following cases:
+
+1. When `MODULE_TYPE` = `HOST_APPLICATION`
+2. When a Library instance explicitly supports the `HOST_APPLICATION` environment
+
+### Code Compilation Test - CompilerPlugin
+
+Once the Module Inclusion Test has verified that all modules would be built if
+all package-level DSCs were built, the Code Compilation Test simply runs through
+and builds every package-level DSC on every toolchain and for every architecture
+that is supported. Any module that fails to build is considered an error.
+
+### Host Unit Test Compilation and Run Test - HostUnitTestCompilerPlugin
+
+A test that compiles the dsc for host based unit test apps.
+On Windows this will also enable a build plugin to execute that will run the unit tests and verify the results.
+
+These tools will be invoked on any CI
+pass that includes the NOOPT target. In order for these tools to do their job,
+the package and tests must be configured in a particular way...
+
+#### Including Host-Based Tests in the Package YAML
+
+For example, looking at the `MdeModulePkg.ci.yaml` config file, there are two
+config options that control HostBased test behavior:
+
+```json
+ ## options defined .pytool/Plugin/HostUnitTestCompilerPlugin
+ "HostUnitTestCompilerPlugin": {
+ "DscPath": "Test/MdeModulePkgHostTest.dsc"
+ },
+```
+
+This option tell the test builder to run. The test builder needs to know which
+modules in this package are host-based tests, so that DSC path is provided.
+
+#### Configuring the HostBased DSC
+
+The HostBased DSC for `MdeModulePkg` is located at
+`MdeModulePkg/Test/MdeModulePkgHostTest.dsc`.
+
+To add automated host-based unit test building to a new package, create a
+similar DSC. The new DSC should make sure to have the `NOOPT` BUILD_TARGET
+and should include the line:
+
+```
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
+```
+
+All of the modules that are included in the `Components` section of this
+DSC should be of type HOST_APPLICATION.
+
+### GUID Uniqueness Test - GuidCheck
+
+This test works on the collection of all packages rather than an individual
+package. It looks at all FILE_GUIDs and GUIDs declared in DEC files and ensures
+that they are unique for the codebase. This prevents, for example, accidental
+duplication of GUIDs when using an existing INF as a template for a new module.
+
+### Cross-Package Dependency Test - DependencyCheck
+
+This test compares the list of all packages used in INFs files for a given
+package against a list of "allowed dependencies" in plugin configuration for
+that package. Any module that depends on a disallowed package will cause a test
+failure.
+
+### Library Declaration Test - LibraryClassCheck
+
+This test scans at all library header files found in the `Library` folders in
+all of the package's declared include directories and ensures that all files
+have a matching LibraryClass declaration in the DEC file for the package. Any
+missing declarations will cause a failure.
+
+### Invalid Character Test - CharEncodingCheck
+
+This test scans all files in a package to make sure that there are no invalid
+Unicode characters that may cause build errors in some character
+sets/localizations.
+
+### Spell Checking - cspell
+
+This test runs a spell checker on all files within the package. This is done
+using the NodeJs cspell tool. For details check `.pytool/Plugin/SpellCheck`.
+For this plugin to run during ci you must install nodejs and cspell and have
+both available to the command line when running your CI.
+
+Install
+
+* Install nodejs from https://nodejs.org/en/
+* Install cspell
+ 1. Open cmd prompt with access to node and npm
+ 2. Run `npm install -g cspell`
+
+ More cspell info: https://github.com/streetsidesoftware/cspell
+
+### License Checking - LicenseCheck
+
+Scans all new added files in a package to make sure code is contributed under
+BSD-2-Clause-Patent.
+
+### Ecc tool - EccCheck
+
+Run the Ecc tool on the package. The Ecc tool is available in the BaseTools
+package. It checks that the code complies to the EDKII coding standard.
+
+## PyTool Scopes
+
+Scopes are how the PyTool ext_dep, path_env, and plugins are activated. Meaning
+that if an invocable process has a scope active then those ext_dep and path_env
+will be active. To allow easy integration of PyTools capabilities there are a
+few standard scopes.
+
+| Scope | Invocable | Description |
+| :---- | :----- | :---- |
+| global | edk2_invocable++ - should be base_abstract_invocable | Running an invocables |
+| global-win | edk2_invocable++ | Running on Microsoft Windows |
+| global-nix | edk2_invocable++ | Running on Linux based OS |
+| edk2-build | | This indicates that an invocable is building EDK2 based UEFI code |
+| cibuild | set in .pytool/CISettings.py | Suggested target for edk2 continuous integration builds. Tools used for CiBuilds can use this scope. Example: asl compiler |
+| host-based-test | set in .pytool/CISettings.py | Turns on the host based tests and plugin |
+| host-test-win | set in .pytool/CISettings.py | Enables the host based test runner for Windows |
+
+## Future investments
+
+* PatchCheck tests as plugins
+* MacOS/xcode support
+* Clang/LLVM support
+* Visual Studio AARCH64 and ARM support
+* BaseTools C tools CI/PR and binary release process
+* BaseTools Python tools CI/PR process
+* Extensible private/closed source platform reporting
+* UEFI SCTs
+* Other automation
--
2.17.1


[PATCH edk2-platforms v2 2/6] pip-requirements.txt: Add python pip requirements file

PierreGondois
 

From: Pierre Gondois <Pierre.Gondois@arm.com>

To enable CI support of the tianocore/edk2-platforms repository,
add pip requirements file to install the python modules
required to perform EDK II Continuous Integration (CI) builds.

This file is a copy of the file from the tianocore/edk2
repository. Any modification to the tianocore/edk2 file must be
reflected on the tianocore/edk2-platforms copy.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3509

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
---
pip-requirements.txt | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
create mode 100644 pip-requirements.txt

diff --git a/pip-requirements.txt b/pip-requirements.txt
new file mode 100644
index 000000000000..aea2e6ece431
--- /dev/null
+++ b/pip-requirements.txt
@@ -0,0 +1,18 @@
+## @file
+# EDK II Python PIP requirements file
+#
+# This file provides the list of python components to install using PIP.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# https://pypi.org/project/pip/
+# https://pip.pypa.io/en/stable/user_guide/#requirements-files
+# https://pip.pypa.io/en/stable/reference/pip_install/#requirements-file-format
+# https://www.python.org/dev/peps/pep-0440/#version-specifiers
+##
+
+edk2-pytool-library==0.10.*
+edk2-pytool-extensions~=0.13.3
+edk2-basetools==0.1.2
+antlr4-python3-runtime==4.7.1
--
2.17.1


[PATCH edk2-platforms v2 1/6] edk2-platforms: add edk2 repository as a submodule

PierreGondois
 

From: Pierre Gondois <Pierre.Gondois@arm.com>

Add the edk2 repository as a submodule:
https://github.com/tianocore/edk2

Platforms in edk2-platforms often relies on modules available
in the edk2 repository. In order to enable an upstream CI
for edk2-platforms, adding edk2 as a submodule is a convenient
way to advertise this dependency.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3509

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
---

Notes:
v2:
- Use tianocore repository instead of personal repository [Pierre]

.gitmodules | 3 +++
edk2 | 1 +
2 files changed, 4 insertions(+)
create mode 160000 edk2

diff --git a/.gitmodules b/.gitmodules
index 88aafaf15820..ed4b2d436cdb 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
[submodule "Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi"]
path = Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi
url = https://github.com/riscv/opensbi
+[submodule "edk2"]
+ path = edk2
+ url = https://github.com/tianocore/edk2/
diff --git a/edk2 b/edk2
new file mode 160000
index 000000000000..3c81382742fd
--- /dev/null
+++ b/edk2
@@ -0,0 +1 @@
+Subproject commit 3c81382742fdde028b4c23e822f6a6b11f2ab586
--
2.17.1


[PATCH edk2-platforms v2 0/6] Enable edk2-platforms CI for JunoPkg

PierreGondois
 

From: Pierre Gondois <Pierre.Gondois@arm.com>

v2:
- Use tianocore repository instead of personal repository
for edk2 submodule [Pierre]
- Bugzilla associated to the topic:
https://bugzilla.tianocore.org/show_bug.cgi?id=3509

This patch-set is dependent on the following patch-set:
edk2-platforms:
[PATCH v1 0/2] Fix duplicated GUID
https://edk2.groups.io/g/devel/message/76910

It provides the configuration files necessary to run an upstream CI
similar to the one currently used for the main edk2 repository. The
configuration is mostly similar aswell.
Enabling the CI requires administrator rights on the edk2-platforms
repository. This configuration was tested on a private repository,
but will require additional configuration from the administrator.

The changes can be seen at: https://github.com/PierreARM/edk2-platforms/tree/1628_Enable_edk2_platforms_ci_for_JunoPkg_v2

Pierre Gondois (6):
edk2-platforms: add edk2 repository as a submodule
pip-requirements.txt: Add python pip requirements file
.pytool/Plugin: Add CI plugins
.azurepipelines: Add Azure Pipelines YML configuration files
.mergify: Add Mergify YML pull request rules configuration file
Platform/ARM: Juno: Add JunoPkg.ci.yaml for CI support

.azurepipelines/ReadMe.md | 50 ++++
.azurepipelines/Ubuntu-GCC5.yml | 21 ++
.azurepipelines/Ubuntu-PatchCheck.yml | 36 +++
.azurepipelines/Windows-VS2019.yml | 20 ++
.azurepipelines/templates/ReadMe.md | 59 ++++
.../templates/basetools-build-steps.yml | 37 +++
.../templates/platform-build-run-steps.yml | 144 ++++++++++
.../templates/pr-gate-build-job.yml | 63 ++++
.azurepipelines/templates/pr-gate-steps.yml | 142 +++++++++
.../templates/spell-check-prereq-steps.yml | 22 ++
.gitmodules | 3 +
.mergify/config.yml | 98 +++++++
.pytool/CISettings.py | 185 ++++++++++++
.pytool/Readme.md | 271 ++++++++++++++++++
Platform/ARM/JunoPkg/JunoPkg.ci.yaml | 104 +++++++
edk2 | 1 +
pip-requirements.txt | 18 ++
17 files changed, 1274 insertions(+)
create mode 100644 .azurepipelines/ReadMe.md
create mode 100644 .azurepipelines/Ubuntu-GCC5.yml
create mode 100644 .azurepipelines/Ubuntu-PatchCheck.yml
create mode 100644 .azurepipelines/Windows-VS2019.yml
create mode 100644 .azurepipelines/templates/ReadMe.md
create mode 100644 .azurepipelines/templates/basetools-build-steps.yml
create mode 100644 .azurepipelines/templates/platform-build-run-steps.yml
create mode 100644 .azurepipelines/templates/pr-gate-build-job.yml
create mode 100644 .azurepipelines/templates/pr-gate-steps.yml
create mode 100644 .azurepipelines/templates/spell-check-prereq-steps.yml
create mode 100644 .mergify/config.yml
create mode 100644 .pytool/CISettings.py
create mode 100644 .pytool/Readme.md
create mode 100644 Platform/ARM/JunoPkg/JunoPkg.ci.yaml
create mode 160000 edk2
create mode 100644 pip-requirements.txt

--
2.17.1


Re: [PATCH v2 1/1] MdePkg: add definition of LINUX_EFI_INITRD_MEDIA_GUID

Ard Biesheuvel
 

On Tue, 27 Jul 2021 at 18:45, Jeff Brasen <jbrasen@nvidia.com> wrote:

Add LINUX_EFI_INITRD_MEDIA_GUID to our collection of GUID definitions,
it can be used in a media device path to specify a Linux style initrd
that can be loaded by the OS using the LoadFile2 protocol.

Move these defines to MdePkg from OvmfPkg as these are relevant to
non-OVMF targets as well.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2564
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>

---
MdePkg/MdePkg.dec | 5 ++++
OvmfPkg/OvmfPkg.dec | 1 -
MdePkg/Include/Guid/LinuxEfiInitrdMedia.h | 31 ++++++++++++++++++++++
OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h | 17 ------------
4 files changed, 36 insertions(+), 18 deletions(-)
create mode 100644 MdePkg/Include/Guid/LinuxEfiInitrdMedia.h
delete mode 100644 OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index c5319fdd71ca..a28a2daaffa8 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -818,6 +818,11 @@ [Guids]
#
gTianoCustomDecompressGuid = { 0xA31280AD, 0x481E, 0x41B6, { 0x95, 0xE8, 0x12, 0x7F, 0x4C, 0x98, 0x47, 0x79 }}

+ #
+ # GUID used to provide initrd to linux via LoadFile2 protocol
+ #
+ gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
+
[Guids.IA32, Guids.X64]
## Include/Guid/Cper.h
gEfiIa32X64ErrorTypeCacheCheckGuid = { 0xA55701F5, 0xE3EF, 0x43de, { 0xAC, 0x72, 0x24, 0x9B, 0x57, 0x3F, 0xAD, 0x2C }}
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e39f..3153f5ae4540 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -118,7 +118,6 @@ [Guids]
gMicrosoftVendorGuid = {0x77fa9abd, 0x0359, 0x4d32, {0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b}}
gEfiLegacyBiosGuid = {0x2E3044AC, 0x879F, 0x490F, {0x97, 0x60, 0xBB, 0xDF, 0xAF, 0x69, 0x5F, 0x50}}
gEfiLegacyDevOrderVariableGuid = {0xa56074db, 0x65fe, 0x45f7, {0xbd, 0x21, 0x2d, 0x2b, 0xdd, 0x8e, 0x96, 0x52}}
- gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}
gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
diff --git a/MdePkg/Include/Guid/LinuxEfiInitrdMedia.h b/MdePkg/Include/Guid/LinuxEfiInitrdMedia.h
new file mode 100644
index 000000000000..0e7db8bd8140
--- /dev/null
+++ b/MdePkg/Include/Guid/LinuxEfiInitrdMedia.h
@@ -0,0 +1,31 @@
+/** @file
+ GUID definition for the Linux Initrd media device path
+
+ Linux distro boot generally relies on an initial ramdisk (initrd)
+ which is provided by the loader, and which contains additional kernel
+ modules (for storage and network, for instance), and the initial user
+ space startup code, i.e., the code which brings up the user space side
+ of the entire OS.
+
+ In order to provide a standard method to locate this file,
+ the GUID defined in this file is used to describe the device path
+ for a LoadFile2 Protocol instance that is responsible for loading the initrd file.
+
+ The kernel EFI Stub will locate and use this instance to load the initrd,
+ therefore the firmware/loader should install an instance of this to load the
+ relevant initrd.
+
+ Copyright (c) 2020, Arm, Ltd. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef LINUX_EFI_INITRD_MEDIA_GUID_H__
+#define LINUX_EFI_INITRD_MEDIA_GUID_H__
+
+#define LINUX_EFI_INITRD_MEDIA_GUID \
+ {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
+
+extern EFI_GUID gLinuxEfiInitrdMediaGuid;
+
+#endif
diff --git a/OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h b/OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h
deleted file mode 100644
index 83fc3fc79aa6..000000000000
--- a/OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/** @file
- GUID definition for the Linux Initrd media device path
-
- Copyright (c) 2020, Arm, Ltd. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-**/
-
-#ifndef LINUX_EFI_INITRD_MEDIA_GUID_H__
-#define LINUX_EFI_INITRD_MEDIA_GUID_H__
-
-#define LINUX_EFI_INITRD_MEDIA_GUID \
- {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
-
-extern EFI_GUID gLinuxEfiInitrdMediaGuid;
-
-#endif
--
2.25.1


[PATCH v2 1/1] MdePkg: add definition of LINUX_EFI_INITRD_MEDIA_GUID

Jeff Brasen
 

Add LINUX_EFI_INITRD_MEDIA_GUID to our collection of GUID definitions,
it can be used in a media device path to specify a Linux style initrd
that can be loaded by the OS using the LoadFile2 protocol.

Move these defines to MdePkg from OvmfPkg as these are relevant to
non-OVMF targets as well.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2564
Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
---
MdePkg/MdePkg.dec | 5 ++++
OvmfPkg/OvmfPkg.dec | 1 -
MdePkg/Include/Guid/LinuxEfiInitrdMedia.h | 31 ++++++++++++++++++++++
OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h | 17 ------------
4 files changed, 36 insertions(+), 18 deletions(-)
create mode 100644 MdePkg/Include/Guid/LinuxEfiInitrdMedia.h
delete mode 100644 OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index c5319fdd71ca..a28a2daaffa8 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -818,6 +818,11 @@ [Guids]
#
gTianoCustomDecompressGuid = { 0xA31280AD, 0x481E, 0x41B6, { 0x95, 0xE8, 0x12, 0x7F, 0x4C, 0x98, 0x47, 0x79 }}

+ #
+ # GUID used to provide initrd to linux via LoadFile2 protocol
+ #
+ gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
+
[Guids.IA32, Guids.X64]
## Include/Guid/Cper.h
gEfiIa32X64ErrorTypeCacheCheckGuid = { 0xA55701F5, 0xE3EF, 0x43de, { 0xAC, 0x72, 0x24, 0x9B, 0x57, 0x3F, 0xAD, 0x2C }}
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e39f..3153f5ae4540 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -118,7 +118,6 @@ [Guids]
gMicrosoftVendorGuid = {0x77fa9abd, 0x0359, 0x4d32, {0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b}}
gEfiLegacyBiosGuid = {0x2E3044AC, 0x879F, 0x490F, {0x97, 0x60, 0xBB, 0xDF, 0xAF, 0x69, 0x5F, 0x50}}
gEfiLegacyDevOrderVariableGuid = {0xa56074db, 0x65fe, 0x45f7, {0xbd, 0x21, 0x2d, 0x2b, 0xdd, 0x8e, 0x96, 0x52}}
- gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
gQemuKernelLoaderFsMediaGuid = {0x1428f772, 0xb64a, 0x441e, {0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}}
gGrubFileGuid = {0xb5ae312c, 0xbc8a, 0x43b1, {0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}}
gConfidentialComputingSecretGuid = {0xadf956ad, 0xe98c, 0x484c, {0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}}
diff --git a/MdePkg/Include/Guid/LinuxEfiInitrdMedia.h b/MdePkg/Include/Guid/LinuxEfiInitrdMedia.h
new file mode 100644
index 000000000000..0e7db8bd8140
--- /dev/null
+++ b/MdePkg/Include/Guid/LinuxEfiInitrdMedia.h
@@ -0,0 +1,31 @@
+/** @file
+ GUID definition for the Linux Initrd media device path
+
+ Linux distro boot generally relies on an initial ramdisk (initrd)
+ which is provided by the loader, and which contains additional kernel
+ modules (for storage and network, for instance), and the initial user
+ space startup code, i.e., the code which brings up the user space side
+ of the entire OS.
+
+ In order to provide a standard method to locate this file,
+ the GUID defined in this file is used to describe the device path
+ for a LoadFile2 Protocol instance that is responsible for loading the initrd file.
+
+ The kernel EFI Stub will locate and use this instance to load the initrd,
+ therefore the firmware/loader should install an instance of this to load the
+ relevant initrd.
+
+ Copyright (c) 2020, Arm, Ltd. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef LINUX_EFI_INITRD_MEDIA_GUID_H__
+#define LINUX_EFI_INITRD_MEDIA_GUID_H__
+
+#define LINUX_EFI_INITRD_MEDIA_GUID \
+ {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
+
+extern EFI_GUID gLinuxEfiInitrdMediaGuid;
+
+#endif
diff --git a/OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h b/OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h
deleted file mode 100644
index 83fc3fc79aa6..000000000000
--- a/OvmfPkg/Include/Guid/LinuxEfiInitrdMedia.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/** @file
- GUID definition for the Linux Initrd media device path
-
- Copyright (c) 2020, Arm, Ltd. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-**/
-
-#ifndef LINUX_EFI_INITRD_MEDIA_GUID_H__
-#define LINUX_EFI_INITRD_MEDIA_GUID_H__
-
-#define LINUX_EFI_INITRD_MEDIA_GUID \
- {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
-
-extern EFI_GUID gLinuxEfiInitrdMediaGuid;
-
-#endif
--
2.25.1


Re: [EXTERNAL] [edk2-devel] Missing TPM 2 related call to Tpm2HierarchyChangeAuth

Yao, Jiewen
 

Oops. Sorry for late response.

 

The code is NOT in EDKII, but EDKII-platform as example. https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/MinPlatformPkg/Tcg

 

We allow a platform having its own implementation. That is why it is NOT in EDKII.

 

Thank you

Yao Jiewen

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret Barkelew via groups.io
Sent: Wednesday, July 28, 2021 12:11 AM
To: devel@edk2.groups.io; stefanb@...; Yao, Jiewen <jiewen.yao@...>; Jeremiah Cox <jerecox@...>; Michael Kubacki <Michael.Kubacki@...>
Cc: Marc-André Lureau <marcandre.lureau@...>
Subject: Re: [EXTERNAL] [edk2-devel] Missing TPM 2 related call to Tpm2HierarchyChangeAuth

 

Adding @Jeremiah

 

Jeremiah, weren’t you or @Michael shopping this change to MinPlatform?

 

- Bret

 

From: Stefan Berger via groups.io
Sent: Monday, July 26, 2021 7:48 AM
To: Yao, Jiewen; devel@edk2.groups.io
Cc: Marc-André Lureau
Subject: [EXTERNAL] [edk2-devel] Missing TPM 2 related call to Tpm2HierarchyChangeAuth

 

Hello!

   The TPM 2 code in EDK2 is missing an important call to
Tpm2HierarchyChangeAuth for the platform hierarchy. We have to set the
password of that hierarchy and discard the password. See also specs
section 11:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrustedcomputinggroup.org%2Fwp-content%2Fuploads%2FTCG_PCClient_PFP_r1p05_v22_02dec2020.pdf&amp;data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cf2a2262eee2c44b3760c08d95044601a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637629077356686202%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=N7VQIw87rHqUAFQ54TvhNwcsPFEwJzdZQ9JZrmX1S4E%3D&amp;reserved=0

"Platform Firmware MUST protect access to the Platform Hierarchy and
prevent access to the platform hierarchy by
non-manufacturer-controlled components.  "

I was wondering where we could put that call so it's invoked after the
user has possibly interacted with the menu and before passing control to
the next stage such as boot loader.

Regards,

   Stefan





 


Re: [EXTERNAL] [edk2-devel] Missing TPM 2 related call to Tpm2HierarchyChangeAuth

Bret Barkelew
 

Adding @Jeremiah

 

Jeremiah, weren’t you or @Michael shopping this change to MinPlatform?

 

- Bret

 

From: Stefan Berger via groups.io
Sent: Monday, July 26, 2021 7:48 AM
To: Yao, Jiewen; devel@edk2.groups.io
Cc: Marc-André Lureau
Subject: [EXTERNAL] [edk2-devel] Missing TPM 2 related call to Tpm2HierarchyChangeAuth

 

Hello!

   The TPM 2 code in EDK2 is missing an important call to
Tpm2HierarchyChangeAuth for the platform hierarchy. We have to set the
password of that hierarchy and discard the password. See also specs
section 11:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftrustedcomputinggroup.org%2Fwp-content%2Fuploads%2FTCG_PCClient_PFP_r1p05_v22_02dec2020.pdf&amp;data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cf2a2262eee2c44b3760c08d95044601a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637629077356686202%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=N7VQIw87rHqUAFQ54TvhNwcsPFEwJzdZQ9JZrmX1S4E%3D&amp;reserved=0

"Platform Firmware MUST protect access to the Platform Hierarchy and
prevent access to the platform hierarchy by
non-manufacturer-controlled components.  "

I was wondering where we could put that call so it's invoked after the
user has possibly interacted with the menu and before passing control to
the next stage such as boot loader.

Regards,

   Stefan






 


[staging/edk2-redfish-client RedfishFeatureCore PATCH 2/3] RedfishClientPkg/RedfishFeatureCoreDxe: Redfish Feature Core DXE driver

Abner Chang
 

EDKII Redfish Feature Core DXE driver provides the protocol interface to
the auto-generated Redfish feature driver to register itself for the
Redfish resource URI it manages. Refer to the Readme.md for the details.

Signed-off-by: Abner Chang <abner.chang@hpe.com>
Cc: Nickle Wang <nickle.wang@hpe.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
---
RedfishClientPkg/RedfishClientPkg.dec | 13 +-
.../RedfishClientComponents.dsc.inc | 2 +
RedfishClientPkg/RedfishClient.fdf.inc | 1 +
.../RedfishFeatureCoreDxe.inf | 49 +++
.../Include/Protocol/EdkIIRedfishFeature.h | 116 ++++++
.../RedfishFeatureCoreDxe.h | 43 ++
.../RedfishFeatureCoreDxe.c | 382 ++++++++++++++++++
RedfishClientPkg/Readme.md | 36 ++
8 files changed, 641 insertions(+), 1 deletion(-)
create mode 100644 RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
create mode 100644 RedfishClientPkg/Include/Protocol/EdkIIRedfishFeature.h
create mode 100644 RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.h
create mode 100644 RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.c

diff --git a/RedfishClientPkg/RedfishClientPkg.dec b/RedfishClientPkg/RedfishClientPkg.dec
index 4038a47bd5..6da0468e65 100644
--- a/RedfishClientPkg/RedfishClientPkg.dec
+++ b/RedfishClientPkg/RedfishClientPkg.dec
@@ -15,10 +15,21 @@
[Includes]
Include

-
[LibraryClasses]

[Protocols]
+ ## Include/Protocol/EdkIIRedfishFeature.h
+ gEdkIIRedfishFeatureProtocolGuid = { 0x785CC694, 0x4930, 0xEFBF, { 0x2A, 0xCB, 0xA4, 0xB6, 0xA1, 0xCC, 0xAA, 0x34 } }

[Guids]
gEfiRedfishClientPkgTokenSpaceGuid = { 0x8c444dae, 0x728b, 0x48ee, { 0x9e, 0x19, 0x8f, 0x0a, 0x3d, 0x4e, 0x9c, 0xc8 } }
+
+[PcdsFixedAtBuild]
+ gEfiRedfishClientPkgTokenSpaceGuid.PcdMaxRedfishSchemaStringSize|32|UINT32|0x10000001
+ gEfiRedfishClientPkgTokenSpaceGuid.PcdMaxRedfishSchemaVersionSize|8|UINT32|0x10000002
+ #
+ # gEfiEventReadyToBootGuid is the default event to startup Redfish feature drivers.
+ # { 0x7CE88FB3, 0x4BD7, 0x4679, { 0x87, 0xA8, 0xA8, 0xD8, 0xDE, 0xE5, 0x0D, 0x2B }}
+ #
+ gEfiRedfishClientPkgTokenSpaceGuid.PcdEdkIIRedfishFeatureDriverStartupEventGuid|{0xB3, 0x8F, 0xE8, 0x7C, 0xD7, 0x4B, 0x79, 0x46, 0x87, 0xA8, 0xA8, 0xD8, 0xDE, 0xE5, 0x0D, 0x2B}|VOID*|0x10000003
+
diff --git a/RedfishClientPkg/RedfishClientComponents.dsc.inc b/RedfishClientPkg/RedfishClientComponents.dsc.inc
index 0648fa9d54..e4e2619bfb 100644
--- a/RedfishClientPkg/RedfishClientComponents.dsc.inc
+++ b/RedfishClientPkg/RedfishClientComponents.dsc.inc
@@ -13,4 +13,6 @@
##

!if $(REDFISH_CLIENT) == TRUE
+ RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
!endif
+
diff --git a/RedfishClientPkg/RedfishClient.fdf.inc b/RedfishClientPkg/RedfishClient.fdf.inc
index 4f0714004e..d4c5874787 100644
--- a/RedfishClientPkg/RedfishClient.fdf.inc
+++ b/RedfishClientPkg/RedfishClient.fdf.inc
@@ -11,4 +11,5 @@
#
##
!if $(REDFISH_CLIENT) == TRUE
+ INF RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
!endif
diff --git a/RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf b/RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
new file mode 100644
index 0000000000..5a2cd7fecc
--- /dev/null
+++ b/RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.inf
@@ -0,0 +1,49 @@
+## @file
+# RedfishFeatureCoreDxe is the DXE driver which provides
+# EdkIIRedfishFeatureCoreProtocol to EDK2 Redfish Feature
+# drivers for the registration.
+#
+# (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x0001000b
+ BASE_NAME = RedfishFeatureCoreDxe
+ FILE_GUID = 1E01A624-4161-F1F1-25BC-D28E77420D8E
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = RedfishFeatureCoreEntryPoint
+
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 RISCV64
+#
+
+[Sources]
+ RedfishFeatureCoreDxe.c
+ RedfishFeatureCoreDxe.h
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ RedfishClientPkg/RedfishClientPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ PrintLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ UefiLib
+
+[Protocols]
+ gEdkIIRedfishFeatureProtocolGuid ## BY_START
+
+[Pcd]
+ gEfiRedfishClientPkgTokenSpaceGuid.PcdEdkIIRedfishFeatureDriverStartupEventGuid
+
+[Depex]
+ TRUE
diff --git a/RedfishClientPkg/Include/Protocol/EdkIIRedfishFeature.h b/RedfishClientPkg/Include/Protocol/EdkIIRedfishFeature.h
new file mode 100644
index 0000000000..036622128d
--- /dev/null
+++ b/RedfishClientPkg/Include/Protocol/EdkIIRedfishFeature.h
@@ -0,0 +1,116 @@
+/** @file
+ This file defines the EDKII_REDFISH_FEATURE_PROTOCOL interface.
+
+ (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef EDKII_REDFISH_FEATURE_H_
+#define EDKII_REDFISH_FEATURE_H_
+
+typedef struct _EDKII_REDFISH_FEATURE_PROTOCOL EDKII_REDFISH_FEATURE_PROTOCOL;
+
+#define EDKII_REDFISH_FEATURE_PROTOCOL_GUID \
+ { \
+ 0x785CC694, 0x4930, 0xEFBF, { 0x2A, 0xCB, 0xA4, 0xB6, 0xA1, 0xCC, 0xAA, 0x34 } \
+ }
+
+typedef enum {
+ CallbackActionNone = 0, ///< Invalid action
+ CallbackActionStartOperation, ///< Start the operations on Redfish resource
+ CallbackActionMax
+} FEATURE_CALLBACK_ACTION;
+
+typedef enum {
+ InformationTypeNone = 0, ///< Invalid information.
+ InformationTypeCollectionMemberUri, ///< URI to the new created collection member.
+ InformationTypeMax
+} FEATURE_RETURNED_INFORMATION_TYPE;
+
+typedef struct {
+ FEATURE_RETURNED_INFORMATION_TYPE Type;
+} FEATURE_RETURNED_INFORMATION;
+
+/**
+ The callback function provided by Redfish Feature driver.
+
+ @param[in] This Pointer to EDKII_REDFISH_FEATURE_PROTOCOL instance.
+ @param[in] FeatureAction The action Redfish feature driver should take.
+ @param[in] Context The context of Redfish feature driver.
+ @param[in,out] InformationReturned The pointer to retrive the pointer to
+ FEATURE_RETURNED_INFOMATION. The memory block of this
+ information should be freed by caller.
+
+ @retval EFI_SUCCESS Redfish feature driver callback is executed successfully.
+ @retval Others Some errors happened.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *REDFISH_FEATURE_CALLBACK) (
+ IN EDKII_REDFISH_FEATURE_PROTOCOL *This,
+ IN FEATURE_CALLBACK_ACTION FeatureAction,
+ IN VOID *Context,
+ IN OUT FEATURE_RETURNED_INFORMATION **InformationReturned
+);
+/**
+ The registration function for the Redfish Feature driver.
+
+ @param[in] This Pointer to EDKII_REDFISH_FEATURE_PROTOCOL instance.
+ @param[in] FeatureManagedUri The URI represents the hierarchy path of the Redfish
+ resource in the entire Redfish data model that managed
+ by Redfish feature driver . Each node in the hierarchy
+ path is the property name defined in the schema of the
+ resource.
+ @param[in] Callback Callback routine associated with this registration that
+ provided by Redfish feature driver to execute the action
+ on Redfish resource which is managed by this Redfish
+ feature driver.
+ @param[in] Context The context of the registering feature driver. The pointer
+ to the conext is delivered through callback function.
+ @retval EFI_SUCCESS Redfish feature driver is registered successfully.
+ @retval Others Some error happened.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *REDFISH_FEATURE_REGISTER) (
+ IN EDKII_REDFISH_FEATURE_PROTOCOL *This,
+ IN EFI_STRING FeatureManagedUri,
+ IN REDFISH_FEATURE_CALLBACK Callback,
+ IN VOID *Context
+);
+
+/**
+ The unregistration function for the Redfish Feature driver.
+
+ @param[in] This Pointer to EDKII_REDFISH_FEATURE_PROTOCOL instance.
+ @param[in] FeatureManagedUri The URI represents the hierarchy path of the Redfish
+ resource in the entire Redfish data model that managed
+ by Redfish feature driver . Each node in the hierarchy
+ path is the property name defined in the schema of the
+ resource.
+ @param[in] Context The context used for the previous feature driver
+ registration.
+ @retval EFI_SUCCESS Redfish feature driver is registered successfully.
+ @retval Others Some error happened.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *REDFISH_FEATURE_UNREGISTER) (
+ IN EDKII_REDFISH_FEATURE_PROTOCOL *This,
+ IN EFI_STRING FeatureManagedUri,
+ IN VOID *Context
+);
+
+struct _EDKII_REDFISH_FEATURE_PROTOCOL {
+ REDFISH_FEATURE_REGISTER Register;
+ REDFISH_FEATURE_UNREGISTER Unregister;
+};
+
+extern EFI_GUID gEdkIIRedfishFeatureProtocolGuid;
+
+#endif
diff --git a/RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.h b/RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.h
new file mode 100644
index 0000000000..7b1778b038
--- /dev/null
+++ b/RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.h
@@ -0,0 +1,43 @@
+/** @file
+ Definitions of RedfishFeatureCoreDxe
+
+ (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+#ifndef EDKII_REDFISH_FEATURE_CORE_DXE_H_
+#define EDKII_REDFISH_FEATURE_CORE_DXE_H_
+
+#include <Protocol/EdkIIRedfishFeature.h>
+
+#include <Base.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/PrintLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+
+#define MaxNodeNameLength 64
+#define NodeSeperator L'/'
+#define NodeIsCollectionLeftBracket '{'
+#define NodeIsCollectionRightBracket '}'
+
+typedef struct _REDFISH_FEATURE_INTERNAL_DATA REDFISH_FEATURE_INTERNAL_DATA;
+struct _REDFISH_FEATURE_INTERNAL_DATA {
+ REDFISH_FEATURE_INTERNAL_DATA *SiblingList; ///< Next same level in hierarchy of resource URI.
+ REDFISH_FEATURE_INTERNAL_DATA *ChildList; ///< Next level in hierarchy of resource URI.
+ EFI_STRING NodeName; ///< Name of the node in hierarchy of resource URI.
+ REDFISH_FEATURE_CALLBACK Callback; ///< Callback function of Redfish feature driver.
+ VOID *Context; ///< Context of feature driver.
+ FEATURE_RETURNED_INFORMATION *ReturnedInformation; ///< Information returned from Redfish feature driver.
+ UINT32 Flags;
+};
+#define REDFISH_FEATURE_INTERNAL_DATA_IS_COLLECTION 0x00000001
+
+typedef struct {
+ EDKII_REDFISH_FEATURE_PROTOCOL *This;
+ FEATURE_CALLBACK_ACTION Action;
+} REDFISH_FEATURE_STARTUP_CONTEXT;
+#endif
diff --git a/RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.c b/RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.c
new file mode 100644
index 0000000000..e5dcc3de8e
--- /dev/null
+++ b/RedfishClientPkg/RedfishFeatureCoreDxe/RedfishFeatureCoreDxe.c
@@ -0,0 +1,382 @@
+/** @file
+ RedfishFeatureCoreDxe produces EdkIIRedfishFeatureCoreProtocol
+ for EDK2 Redfish Feature driver registration.
+
+ (C) Copyright 2021 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <RedfishFeatureCoreDxe.h>
+
+EFI_EVENT mEdkIIRedfishFeatureDriverStartupEvent;
+REDFISH_FEATURE_STARTUP_CONTEXT mFeatureDriverStartupContext;
+REDFISH_FEATURE_INTERNAL_DATA *ResourceUriNodeList;
+
+/**
+ Startup child feature drivers and it's sibing feature drivers.
+
+ @param[in] HeadList Head list of this feature driver
+ @param[in] ThisFeatureDriverList This feature driver list.
+ @param[in] StartupContext Start up information
+
+**/
+VOID
+StartUpFeatureDriver (
+ IN REDFISH_FEATURE_INTERNAL_DATA *ThisFeatureDriverList,
+ IN REDFISH_FEATURE_STARTUP_CONTEXT *StartupContext
+)
+{
+ EFI_STATUS Status;
+ REDFISH_FEATURE_INTERNAL_DATA *ThisList;
+
+ ThisList = ThisFeatureDriverList;
+ while (TRUE) {
+ if (ThisList->Callback != NULL) {
+ Status = ThisList->Callback(
+ StartupContext->This,
+ StartupContext->Action,
+ ThisList->Context,
+ &ThisList->ReturnedInformation
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG((DEBUG_ERROR, "%a: Callback to EDK2 Redfish feature driver fail.", __FUNCTION__));
+ }
+ }
+ if (ThisList->ChildList != NULL) {
+ StartUpFeatureDriver (ThisList->ChildList, StartupContext);
+ }
+ //
+ // Check sibling Redfish feature driver.
+ //
+ if (ThisList->SiblingList == NULL) {
+ break;
+ }
+ //
+ // Go next sibling Redfish feature driver.
+ //
+ ThisList = ThisList->SiblingList;
+ };
+}
+
+/**
+ Callback routine when mEdkIIRedfishFeatureDriverStartupEvent
+ is signaled.
+
+ @param[in] Event Event whose notification function is being invoked.
+ @param[in] Context The pointer to the notification function's context,
+ which is implementation-dependent.
+
+**/
+VOID
+RedfishFeatureDriverStartup(
+ IN EFI_EVENT Event,
+ IN VOID *Context
+ )
+{
+ REDFISH_FEATURE_STARTUP_CONTEXT *StartupContext;
+
+ StartupContext = (REDFISH_FEATURE_STARTUP_CONTEXT *)Context;
+ //
+ // Invoke EDK2 Redfish feature driver callback to start up
+ // the Redfish operations.
+ //
+ if (ResourceUriNodeList == NULL) {
+ return;
+ }
+ //
+ // Invoke the callback by the hierarchy level
+ //
+ StartUpFeatureDriver (ResourceUriNodeList, StartupContext);
+}
+
+/**
+ Create new internal data instance.
+
+ @param[in,out] PtrToNewInternalData Pointer to receive new instance of
+ REDFISH_FEATURE_INTERNAL_DATA.
+ @param[in] NodeName Name of URI node.
+
+ @retval EFI_SUCCESS New entry is inserted successfully.
+ @retval EFI_INVALID_PARAMETER Improper given parameters.
+ @retval EFI_OUT_OF_RESOURCES Lack of memory for the internal data structure.
+
+**/
+EFI_STATUS
+NewInternalInstance (
+ IN OUT REDFISH_FEATURE_INTERNAL_DATA **PtrToNewInternalData,
+ IN EFI_STRING NodeName
+ )
+{
+ REDFISH_FEATURE_INTERNAL_DATA *NewInternalData;
+
+ if (PtrToNewInternalData == NULL || NodeName == NULL) {
+ DEBUG((DEBUG_ERROR, "%a: Inproper given parameters\n", __FUNCTION__));
+ return EFI_INVALID_PARAMETER;
+ }
+
+ *PtrToNewInternalData = NULL;
+ NewInternalData = AllocateZeroPool (sizeof (REDFISH_FEATURE_INTERNAL_DATA));
+ if (NewInternalData == NULL) {
+ DEBUG((DEBUG_ERROR, "%a: No memory for REDFISH_FEATURE_INTERNAL_DATA\n", __FUNCTION__));
+ return EFI_OUT_OF_RESOURCES;
+ }
+ NewInternalData->NodeName = AllocateZeroPool (StrSize (NodeName));
+ StrnCpyS (NewInternalData->NodeName, StrSize (NodeName), (CONST CHAR16 *)NodeName, StrLen (NodeName));
+ NewInternalData->SiblingList = NULL;
+ NewInternalData->ChildList = NULL;
+ if (NodeName[0] == (UINT16)NodeIsCollectionLeftBracket &&
+ NodeName [StrLen (NodeName) - 1] == (UINT16)NodeIsCollectionRightBracket) {
+ NewInternalData->Flags |= REDFISH_FEATURE_INTERNAL_DATA_IS_COLLECTION;
+ }
+ *PtrToNewInternalData = NewInternalData;
+ return EFI_SUCCESS;
+}
+
+/**
+ Insert the URI node into internal data structure
+
+ @param[in] HeadEntryToInsert The head entry to start the searching.
+ @param[in] NodeName Name of URI node.
+ @param[in] NextNodeEntry Pointer to receive the pointer of next head
+ entry for inserting the follow up nodes.
+ The returned LIST_ENTRY is the address of
+ ChildList link list.
+ @retval EFI_SUCCESS New entry is inserted successfully.
+ @retval EFI_INVALID_PARAMETER Improper given parameters.
+ @retval EFI_OUT_OF_RESOURCES Lack of memory for the internal data structure.
+
+**/
+EFI_STATUS
+InsertRedfishFeatureUriNode (
+ IN REDFISH_FEATURE_INTERNAL_DATA *HeadEntryToInsert,
+ IN EFI_STRING NodeName,
+ IN OUT REDFISH_FEATURE_INTERNAL_DATA **NextNodeEntry
+ )
+{
+ EFI_STATUS Status;
+ REDFISH_FEATURE_INTERNAL_DATA *NewInternalData;
+ REDFISH_FEATURE_INTERNAL_DATA *ThisInternalData;
+ REDFISH_FEATURE_INTERNAL_DATA *SiblingList;
+
+ if (NodeName == NULL) {
+ DEBUG((DEBUG_ERROR, "%a: Node name is NULL.\n", __FUNCTION__));
+ return EFI_INVALID_PARAMETER;
+ }
+ if (NextNodeEntry == NULL) {
+ DEBUG((DEBUG_ERROR, "%a: NextNodeEntry can't be NULL.\n", __FUNCTION__));
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (HeadEntryToInsert == NULL || HeadEntryToInsert->ChildList == NULL) {
+ Status = NewInternalInstance (&NewInternalData, NodeName);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ if (HeadEntryToInsert == NULL) {
+ ResourceUriNodeList = NewInternalData;
+ } else {
+ HeadEntryToInsert->ChildList = NewInternalData;
+ }
+ *NextNodeEntry = NewInternalData;
+ return EFI_SUCCESS;
+ }
+ //
+ // Go through sibling list to find the entry.
+ //
+ ThisInternalData = HeadEntryToInsert;
+ SiblingList = ThisInternalData->SiblingList;
+ while (TRUE) {
+ if (StrCmp((CONST CHAR16 *)ThisInternalData->NodeName, (CONST CHAR16 *)NodeName) == 0) {
+ *NextNodeEntry = ThisInternalData->ChildList;
+ return EFI_SUCCESS;
+ }
+ //
+ // If sibing exist?
+ //
+ if (SiblingList == NULL) {
+ Status = NewInternalInstance (&NewInternalData, NodeName);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ ThisInternalData->SiblingList = NewInternalData;
+ *NextNodeEntry = NewInternalData->ChildList;
+ return EFI_SUCCESS;
+ }
+ SiblingList = SiblingList->SiblingList;
+ };
+ return EFI_SUCCESS;
+}
+
+/**
+ The registration function for the Redfish Feature driver.
+
+ @param[in] This Pointer to EDKII_REDFISH_FEATURE_PROTOCOL instance.
+ @param[in] FeatureManagedUri The URI represents the hierarchy path of the Redfish
+ resource in the entire Redfish data model that managed
+ by Redfish feature driver . Each node in the hierarchy
+ path is the property name defined in the schema of the
+ resource.
+ e.g. "ServiceRoot/" - Managed by ServiceRoot feature driver
+ "ServiceRoot/Systems[]/" - Managed by ComputerSystemCollection feature driver
+ "ServiceRoot/Systems[1]/" - Managed by ComputerSystem feature driver
+ "ServiceRoot/Systems[2]/Bios/" - Managed by Bios feature driver
+ @param[in] Callback Callback routine associated with this registration that
+ provided by Redfish feature driver to execute the action
+ on Redfish resource which is managed by this Redfish
+ feature driver.
+ @param[in] Context The context of the registering feature driver. The pointer
+ to the conext is delivered through callback function.
+ @retval EFI_SUCCESS Redfish feature driver is registered successfully.
+ @retval EFI_SUCCESS Redfish feature driver is registered successfully.
+ @retval EFI_INVALID_PARAMETER Improper given parameters or fail to register
+ feature driver.
+ @retval EFI_OUT_OF_RESOURCES Lack of memory for the internal data structure.
+ @retval Others Some error happened.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishFeatureRegister (
+ IN EDKII_REDFISH_FEATURE_PROTOCOL *This,
+ IN EFI_STRING FeatureManagedUri,
+ IN REDFISH_FEATURE_CALLBACK Callback,
+ IN VOID *Context
+)
+{
+ CHAR16 NodeName [MaxNodeNameLength];
+ EFI_STATUS Status;
+ UINTN Index;
+ UINTN AnchorIndex;
+ UINTN UriLength;
+ REDFISH_FEATURE_INTERNAL_DATA *ThisUriNode;
+
+ if (FeatureManagedUri == NULL || Callback == NULL) {
+ DEBUG((DEBUG_ERROR, "%a: The given parameter is invalid\n", __FUNCTION__));
+ return EFI_INVALID_PARAMETER;
+ }
+ //
+ // Walk through URI which managed by this EDK2 Redfish feature driver.
+ //
+ UriLength = StrLen (FeatureManagedUri) + 1; // Add one NULL for the last node.
+ Index = 0;
+ AnchorIndex = 0;
+ ThisUriNode = ResourceUriNodeList;
+ do {
+ if ((Index - AnchorIndex + 1) >= MaxNodeNameLength) { // Increase one for the NULL terminator
+ DEBUG((DEBUG_ERROR, "%a: the length of node name is >= MaxNodeNameLength\n", __FUNCTION__));
+ ASSERT (FALSE);
+ }
+ NodeName[Index - AnchorIndex] = *(FeatureManagedUri + Index);
+ if (NodeName [Index - AnchorIndex] == NodeSeperator || NodeName [Index - AnchorIndex] == (CHAR16)0) {
+ NodeName [Index - AnchorIndex] = 0;
+ AnchorIndex = Index + 1;
+ //
+ // Insert node
+ //
+ if (StrLen(NodeName) != 0) {
+ Status = InsertRedfishFeatureUriNode(ThisUriNode, NodeName, &ThisUriNode);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+ }
+ Index ++;
+ } while ((Index < UriLength));
+
+ if (ThisUriNode == NULL) {
+ //
+ // No URI node was created
+ //
+ DEBUG((DEBUG_ERROR, "%a: No URI node is added\n", __FUNCTION__));
+ return EFI_INVALID_PARAMETER;
+ }
+ //
+ // Add feature driver info to internal data instance.
+ //
+ ThisUriNode->Callback = Callback;
+ ThisUriNode->Context = Context;
+ return EFI_SUCCESS;
+}
+
+/**
+ The unregistration function for the Redfish Feature driver.
+
+ @param[in] This Pointer to EDKII_REDFISH_FEATURE_PROTOCOL instance.
+ @param[in] FeatureManagedUri The URI represents the hierarchy path of the Redfish
+ resource in the entire Redfish data model that managed
+ by Redfish feature driver . Each node in the hierarchy
+ path is the property name defined in the schema of the
+ resource.
+ @param[in] Context The context used for the previous feature driver
+ registration.
+ @retval EFI_SUCCESS Redfish feature driver is registered successfully.
+ @retval Others Some error happened.
+
+**/
+EFI_STATUS
+RedfishFeatureUnregister (
+ IN EDKII_REDFISH_FEATURE_PROTOCOL *This,
+ IN EFI_STRING FeatureManagedUri,
+ IN VOID *Context
+)
+{
+ return EFI_UNSUPPORTED;
+}
+
+EDKII_REDFISH_FEATURE_PROTOCOL mRedfishFeatureProtocol = {
+ RedfishFeatureRegister,
+ RedfishFeatureUnregister
+};
+
+/**
+ Main entry for this driver.
+
+ @param ImageHandle Image handle this driver.
+ @param SystemTable Pointer to SystemTable.
+
+ @retval EFI_SUCESS This function always complete successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+RedfishFeatureCoreEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE Handle;
+ EFI_GUID *EventGuid;
+
+ Handle = NULL;
+ ResourceUriNodeList = NULL;
+ EventGuid = (EFI_GUID *)PcdGetPtr (PcdEdkIIRedfishFeatureDriverStartupEventGuid);
+
+ ZeroMem ((VOID *)&mFeatureDriverStartupContext, sizeof (REDFISH_FEATURE_STARTUP_CONTEXT));
+ mFeatureDriverStartupContext.This = &mRedfishFeatureProtocol;
+
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ RedfishFeatureDriverStartup,
+ (CONST VOID *)&mFeatureDriverStartupContext,
+ EventGuid,
+ &mEdkIIRedfishFeatureDriverStartupEvent
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Install the RedfishCredentialProtocol onto Handle.
+ //
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &Handle,
+ &gEdkIIRedfishFeatureProtocolGuid,
+ &mRedfishFeatureProtocol,
+ NULL
+ );
+ return Status;
+}
diff --git a/RedfishClientPkg/Readme.md b/RedfishClientPkg/Readme.md
index 9e56fb9039..18a27633cf 100644
--- a/RedfishClientPkg/Readme.md
+++ b/RedfishClientPkg/Readme.md
@@ -119,6 +119,42 @@ struct _EDKII_REDFISH_PLATFORM_CONFIG_PROTOCOL {
For those Non-EDK2 HII-based platform configuration formats, the driver instance
can provide its own implementation to get or set the platform configurations.

+### EDKII Redfish Feature Core DXE Driver ***[[12]](#[0])***
+EDKII Redfish Feature Core DXE driver provides the protocol interface to
+the auto-generated Redfish feature driver to register itself for the
+Redfish resource URI it manages.
+
+```C
+struct _EDKII_REDFISH_FEATURE_PROTOCOL {
+ REDFISH_FEATURE_REGISTER Register;
+ REDFISH_FEATURE_UNREGISTER Unregister;
+};
+```
+
+Redfish Feature Core DXE driver records the
+URI according to the URI hierarchy, and then it starts up the Redfish
+feature drivers based on the hierarchy when the particular event
+***[[11]](#[0])*** is triggered. This makes sure the upper-level Redfish
+resource is built up before the lower-level resource. For example,
+ComputerSystem resource must be ready before the Memory resource managed
+by MemoryCollection because the Memory resource is part of ComputerSystem
+resource.
+
+### Start-Up Event to Trigger EDKII Redfish Feature Core ***[[11]](#[0])***
+This is an EFI event for triggering EDKII Redfish Feature Core to travel
+URIs in the database and execute the callback that registered by Redfish feature
+drivers. The event GUID is defined in below PCD and is default set to
+**gEfiEventReadyToBootGuid**.
+
+```C
+PcdEdkIIRedfishFeatureDriverStartupEventGuid
+```
+
+This PCD can be overridden to any events based on the platform
+implementation. EDKII Redfish Feature Core can be triggered earlier,
+for example before the BDS or in the early DXE phase if the platform provides
+the EFI REST EX protocol which is available before the BDS phase.
+
### EDK2 HII VFR Form ***[[8]](#[0])***
According to **UEFI spec 2.9 section 35.6 Form Browser Protocol**,
**EFI_HII_REST_STYLE_FORMSET_GUID** is used on HII form to indicate that HII
--
2.17.1

7941 - 7960 of 86113