Date   

[PATCH] MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP

Bassa, Damian <damian.bassa@...>
 

Before trying to access parent root port to check ARI capabilities,

enumerator should see if Endpoint device is not Root Complex integrated

to avoid undefined parent register accesses in these cases.

 

Signed-off-by: Damian Bassa damian.bassa@...

 

---

.../Bus/Pci/PciBusDxe/PciEnumeratorSupport.c         | 12 +++++++++++-

1 file changed, 11 insertions(+), 1 deletion(-)

 

diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c

index db1b35f8ef..6451fb8af9 100644

--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c

+++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciEnumeratorSupport.c

@@ -2153,6 +2153,7 @@ CreatePciIoDevice (

   PCI_IO_DEVICE        *PciIoDevice;

   EFI_PCI_IO_PROTOCOL  *PciIo;

   EFI_STATUS           Status;

+  PCI_REG_PCIE_CAPABILITY Capability;

   PciIoDevice = AllocateZeroPool (sizeof (PCI_IO_DEVICE));

   if (PciIoDevice == NULL) {

@@ -2229,7 +2230,16 @@ CreatePciIoDevice (

     return NULL;

   }

-  if (PcdGetBool (PcdAriSupport)) {

+  PciIo->Pci.Read (

+                PciIo,

+                EfiPciIoWidthUint16,

+                PciIoDevice->PciExpressCapabilityOffset + OFFSET_OF (PCI_CAPABILITY_PCIEXP, Capability),

+                1,

+                &Capability.Uint16

+                );

+

+  if (PcdGetBool (PcdAriSupport) &&

+    Capability.Bits.DevicePortType != PCIE_DEVICE_PORT_TYPE_ROOT_COMPLEX_INTEGRATED_ENDPOINT) {

     //

     // Check if the device is an ARI device.

     //

--

2.27.0.windows.1

 


Intel Technology Poland sp. z o.o.
ul. Słowackiego 173 | 80-298 Gdańsk | Sąd Rejonowy Gdańsk Północ | VII Wydział Gospodarczy Krajowego Rejestru Sądowego - KRS 101882 | NIP 957-07-52-316 | Kapitał zakładowy 200.000 PLN.

Ta wiadomość wraz z załącznikami jest przeznaczona dla określonego adresata i może zawierać informacje poufne. W razie przypadkowego otrzymania tej wiadomości, prosimy o powiadomienie nadawcy oraz trwałe jej usunięcie; jakiekolwiek przeglądanie lub rozpowszechnianie jest zabronione.
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.


[PATCH] ArmPkg/GicV3Dxe: Don't signal EOI on arbitrary interrupts

Ard Biesheuvel
 

Currently, at ExitBootServices() time, the GICv3 driver signals
End-Of-Interrupt (EOI) on all interrupt lines that are supported by the
interrupt controller. This appears to have been carried over from the
GICv2 version, but has been turned into something that violates the GIC
spec, and may trigger SError exceptions on some implementations.

Marc puts it as follows:

The GIC interrupt state machine is pretty strict. An interrupt can
only be deactivated (with or without prior priority drop) if it has
been acknowledged first. In GIC speak, this means that only the
following sequences are valid:

With EOImode=3D=3D0:
x =3D ICC_IAR{0,1}_EL1;
ICC_EOIR{0,1}_EL1 =3D x;

With EOImode=3D=3D1:
x =3D ICC_IAR{0,1}_EL1;
ICC_EOIR{0,1}_EL1 =3D x;
ICC_DIR_EL1 =3D x;

Any write to ICC_EOIR{0,1}_EL1 that isn't the direct consequence of
the same value being read from ICC_IAR{0,1}_EL1, and with the correct
nesting, breaks the state machine and leads to unpredictable results
that affects *all* interrupts in the system (most likely, the priority
system is dead). See Figure 4-3 ("Interrupt handling state machine")
in Arm IHI 0069F for a description of the acceptable transitions.

Additionally, on implementations that have ICC_CTLR_EL1.SEIS=3D=3D1, a
SError may be generated to signal the error. See the various

<quote>
IMPLEMENTATION_DEFINED "SError ....";
</quote>

that are all over the pseudocode contained in the same architecture
spec. Needless to say, this is pretty final for any SW that would do
silly things on such implementations (which do exist).

Given that in our implementation, every signalled interrupt is acked,
handled and EOId in sequence, there is no reason to EOI all interrupts
at ExitBootServices() time in the first place, so let's just drop this
code. This fixes an issue reported by Marc where an SError is triggered
by this code, bringing down the system.

Reported-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
This is a clear bugfix, but given how late we are in the cycle, I will
leave it up to Liming to decide whether we can still take this for the
upcoming stable tag.

ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c | 4 ----
1 file changed, 4 deletions(-)

diff --git a/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c b/ArmPkg/Drivers/Arm=
Gic/GicV3/ArmGicV3Dxe.c
index 85ee4c87b6d1..fa515d1a01ba 100644
--- a/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c
+++ b/ArmPkg/Drivers/ArmGic/GicV3/ArmGicV3Dxe.c
@@ -344,10 +344,6 @@ GicV3ExitBootServicesEvent (
GicV3DisableInterruptSource (&gHardwareInterruptV3Protocol, Index);=0D
}=0D
=0D
- for (Index =3D 0; Index < mGicNumInterrupts; Index++) {=0D
- GicV3EndOfInterrupt (&gHardwareInterruptV3Protocol, Index);=0D
- }=0D
-=0D
// Disable Gic Interface=0D
ArmGicV3DisableInterruptInterface ();=0D
=0D
--=20
2.30.2


回复: [edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 08/24/2021 #cal-reminder

gaoliming
 

Many new issues will be reviewed this week.

 

3582

EDK2

Code

unassigned@...

UNCO

Reset loop encountered when running with OVMF and Windows2012R2 guest

Mon 18:18

aaron.young@...

3581

EDK2

Code

unassigned@...

UNCO

shell invocation might cause inconsistencies in memory maps presented to a operating system

Mon 08:44

pspacek@...

3580

Tianocor

Code

unassigned@...

UNCO

TerminalDxe doesn't follow expected output for different terminal types.

Sun 22:27

cadenkline9@...

3579

EDK2 Cod

Specific

unassigned@...

UNCO

ACPI spec - PMTT memory device definitions do not match code

Fri 16:49

samer.el-haj-mahmoud@...

3578

EDK2 Pla

MinPlatf

unassigned@...

UNCO

MinPlatformPkg: Break up BoardInitLib functions

Fri 15:25

michael.kubacki@...

3577

EDK2

Tools

unassigned@...

UNCO

Structure Pcd and Structure Array Pcd is not working properly

Fri 07:26

rabishar@...

3576

EDK2 Pla

IntelSil

ray.ni@...

UNCO

IntelSiliconPkg: PeiInstallSmmAccessPpi() documentation is inaccurate

Thu 15:14

michael.kubacki@...

3575

EDK2 Pla

IntelSil

ray.ni@...

UNCO

PeiSmmAccessLib: Fix synchronization issue with EFI_SMRAM_HOB_DESCRIPTOR_BLOCK

Thu 15:09

michael.kubacki@...

3569

EDK2

Code

dandan.bi@...

UNCO

CoreValidateHandle has the risk of invalid memory access

Thu 08:08

774207616@...

3574

EDK2

Code

unassigned@...

UNCO

Missing QemuKernelLoaderFsDxe in OvmfXen

Thu 03:30

gary.lin@...

3573

EDK2

Code

unassigned@...

UNCO

OvmfXen boot failed at SaveS3BootScript()

Thu 03:19

gary.lin@...

3572

EDK2

Code

unassigned@...

UNCO

edk2-libc: Remove use of weak symbols from StdLib to resolve conflict with /WHOLEARCHIVE when building SocketDxe

Wed 17:22

michael.d.kinney@...

3571

EDK2

Code

unassigned@...

UNCO

setup browser stucked when frequently plug and unplug usb storege

2021-08-18

xiewenyi0201@...

3570

Tianocor

Code

unassigned@...

UNCO

Support ACPI 6.4 in Acpiview HMAT parser

2021-08-18

christopher.jones@...

3568

Tianocor

Code

unassigned@...

UNCO

Support ACPI 6.4 in DynamicTables FADT parser

2021-08-17

christopher.jones@...

3567

EDK2

Code

tung.lun.loo@...

UNCO

Enable Config Editor tool support for config file and binary delta comparison

2021-08-17

tung.lun.loo@...

3566

EDK2

Tools

unassigned@...

UNCO

edk2-stable202108 - Change FV Header to FileSystemGuid3 when using GenFv/GenFds

2021-08-17

yuwei.chen@...

3501

EDK2

Code

unassigned@...

UNCO

Add AARCH64 support for GdbStub

2021-08-16

zhangshuzhen@...

3512

EDK2

Code

unassigned@...

UNCO

Pointer size mismatch in EvacuateTempRam()

2021-08-16

terry.lee@...

3542

EDK2

Code

unassigned@...

UNCO

[MdePkg/BaseLib] Unaligned APIs cannot be called safely

2021-08-09

mhaeuser@...

3528

EDK2

Code

unassigned@...

UNCO

Add SMM NV variable support in universal UEFI payload

2021-08-05

guo.dong@...

3524

Tianocor

Code

unassigned@...

UNCO

Update Openssl to the latest version 1.1.1k

2021-08-03

gaoliming@...

 

Thanks

Liming

发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 devel@edk2.groups.io Calendar
发送时间: 2021824 9:30
收件人: devel@edk2.groups.io
主题: [edk2-devel] Event: TianoCore Bug Triage - APAC / NAMO - 08/24/2021 #cal-reminder

 

Reminder: TianoCore Bug Triage - APAC / NAMO

When:
08/24/2021
6:30pm to 7:30pm
(UTC-07:00) America/Los Angeles

Where:
https://teams.microsoft.com/l/meetup-join/19%3ameeting_OTUyZTg2NjgtNDhlNS00ODVlLTllYTUtYzg1OTNjNjdiZjFh%40thread.v2/0?context=%7b%22Tid%22%3a%2246c98d88-e344-4ed4-8496-4ed7712e255d%22%2c%22Oid%22%3a%22b286b53a-1218-4db3-bfc9-3d4c5aa7669e%22%7d

Organizer: Liming Gao gaoliming@...

View Event

Description:

TianoCore Bug Triage - APAC / NAMO

Hosted by Liming Gao

 

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Join with a video conferencing device

teams@...

Video Conference ID: 116 062 094 0

Alternate VTC dialing instructions

Or call in (audio only)

+1 916-245-6934,,77463821#   United States, Sacramento

Phone Conference ID: 774 638 21#

Find a local number | Reset PIN

Learn More | Meeting options


Re: [PATCH 18/23] OvmfPkg: Enable Tdx in SecMain.c

Ard Biesheuvel
 

On Tue, 24 Aug 2021 at 14:07, Xu, Min M <min.m.xu@intel.com> wrote:

On August 20, 2021 3:23 PM, Gerd Hoffmann wrote:
On Thu, Aug 19, 2021 at 02:27:16PM +0000, Min Xu wrote:
On August 19, 2021 2:50 PM, Gerd Hoffmann wrote:
+/**
+ In Tdx guest, some information need to be passed from host VMM
+to
guest
+ firmware. For example, the memory resource, etc. These
+ information are prepared by host VMM and put in HobList which
+ is described in
TdxMetadata.

What kind of information is passed to the guest here?
Please see
https://software.intel.com/content/dam/develop/external/us/en/document
s/tdx-virtual-firmware-design-guide-rev-1.pdf
Section 4.2 TD Hand-Off Block (HOB)
So basically the physical memory map.
qemu has etc/e820 for that.

qemu has fw_cfg to pass information from the VMM to the guest
firmware.
What are the reasons to not use fw_cfg?
Not all the VMM support fw_cfg. Cloud-Hypervisor is the example.
I can't see any support for Cloud-Hypervisor in OVMF.
Right that currently OVMF is not supported by Cloud-Hypervisor in Td guest. But we're
planning to support Cloud-Hypervisor to launch OVMF in Td guest and have done
some POC.
If cloud hypervisor support is coming to OVMF, please contribute those
patches first, so they can be discussed in public. Adding special
facilities here to accommodate out of tree functionality that may look
completely differently after review is not the right way to approach
this.

--
Ard.



Also FreeBSD's bhyve doesn't support fw_cfg either and has its own ways to
detect memory. Cloud-Hypervisor can surely do that too.

So, why does this matter?
Yes, Cloud-Hypervisor has some POC to launch OVMF in Non-Td guest. In that POC
Cloud-Hypervisor leverage a 4k page in MEMFD and pass ACPI data to guest
Firmware in that memory.
https://github.com/cloud-hypervisor/edk2 "ch" branch
https://github.com/cloud-hypervisor/edk2/commit/52cb72a748ef70833100ca664f6c2a704c28a93f

https://github.com/cloud-hypervisor/cloud-hypervisor
TD Hob list gives Cloud-Hypervisor a chance to pass information to guest
firmware.
For example, ACPI can be downloaded from QEMU via fw_cfg to firmware.
But Cloud-Hypervisor cannot pass ACPI via fw_cfg. In this situation,
TD Hob can resolve this problem.
Sure, but again, why does this matter? For qemu?
I don't quite understand the question here(For qumu?).
What I mean in my last answer is that TD Hob can resolve the problem when the host VMM
doesn't support fw_cfg communication mechanism.
For the host VMMs which doesn't support fw_cfg, when ACPI data need to be passed to guest
firmware, a 4k page (to hold ACPI data) is added in MEMFD. Then when SMBIOS is needed,
shall we add another page in MEMFD? If the ACPI data is too big to be held in a 4k page, then
the size of the reserved memory region in MEMFD is the restriction.

I don't like the idea to have TDX take a completely different code paths.
That increases the code complexity and makes testing harder for no good
reason.
TD Hob is not a completely different code path. This is a useful supplement to the fw_cfg which
is not supported by some host VMM.
From another perspective TD Hob can be treated as a set of launch parameter by host VMM.
It provides the flexibility for the host VMM to bring up the guest firmware with more parameters.
Another benefit is that TD Hob can be measured into some secure register (for example, in TD guest
it is RTMR registers, like the TPM PCR) so that attestation can be done based on the measurement.

Thanks Gerd for the comments. I am not sure if my explanation addressed your concern. Your comments
is always welcomed.
Thanks!
Min


Re: [PATCH v8 02/11] SecurityPkg: Create library for enrolling Secure Boot variables.

Grzegorz Bernacki
 

Hi Patrick,

Yes, I tested the dbx enrollment, but with my own data. Please let me
try that dbx.

thanks,
greg

wt., 24 sie 2021 o 14:22 Patrick Rudolph
<patrick.rudolph@9elements.com> napisał(a):


Hi Grzegorz,
I tried this patch, but I cannot enroll the DBX downloaded from here:
https://uefi.org/revocationlistfile

Is it even possible with current code? Did you test DBX enrollment as well using the revocation list file?

Regards,
Patrick

On Mon, Aug 2, 2021 at 12:47 PM Grzegorz Bernacki <gjb@semihalf.com> wrote:

This commits add library, which consist functions to
enrolll Secure Boot keys and initialize Secure Boot
default variables. Some of the functions was moved
from SecureBootConfigImpl.c file.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
Reviewed-by: Sunny Wang <sunny.wang@arm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
SecurityPkg/SecurityPkg.dec | 4 +
SecurityPkg/SecurityPkg.dsc | 1 +
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf | 80 ++++
SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h | 134 ++++++
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c | 482 ++++++++++++++++++++
SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni | 16 +
6 files changed, 717 insertions(+)
create mode 100644 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
create mode 100644 SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
create mode 100644 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
create mode 100644 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 8f3710e59f..e30c39f321 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -91,6 +91,10 @@
## @libraryclass Provides helper functions related to creation/removal Secure Boot variables.
#
SecureBootVariableLib|Include/Library/SecureBootVariableLib.h
+
+ ## @libraryclass Provides support to enroll Secure Boot keys.
+ #
+ SecureBootVariableProvisionLib|Include/Library/SecureBootVariableProvisionLib.h
[Guids]
## Security package token space guid.
# Include/Guid/SecurityPkgTokenSpace.h
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 854f250625..99c227dad2 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -71,6 +71,7 @@
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+ SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf

[LibraryClasses.ARM]
#
diff --git a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
new file mode 100644
index 0000000000..a09abd29ce
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
@@ -0,0 +1,80 @@
+## @file
+# Provides initialization of Secure Boot keys and databases.
+#
+# Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+# Copyright (c) 2021, Semihalf All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SecureBootVariableLib
+ MODULE_UNI_FILE = SecureBootVariableLib.uni
+ FILE_GUID = 18192DD0-9430-45F1-80C7-5C52061CD183
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = SecureBootVariableProvisionLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ SecureBootVariableProvisionLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ BaseCryptLib
+ DxeServicesLib
+ SecureBootVariableLib
+
+[Guids]
+ ## CONSUMES ## Variable:L"SetupMode"
+ ## PRODUCES ## Variable:L"SetupMode"
+ ## CONSUMES ## Variable:L"SecureBoot"
+ ## PRODUCES ## Variable:L"SecureBoot"
+ ## PRODUCES ## Variable:L"PK"
+ ## PRODUCES ## Variable:L"KEK"
+ ## CONSUMES ## Variable:L"PKDefault"
+ ## CONSUMES ## Variable:L"KEKDefault"
+ ## CONSUMES ## Variable:L"dbDefault"
+ ## CONSUMES ## Variable:L"dbxDefault"
+ ## CONSUMES ## Variable:L"dbtDefault"
+ gEfiGlobalVariableGuid
+
+ ## SOMETIMES_CONSUMES ## Variable:L"DB"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBX"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBT"
+ gEfiImageSecurityDatabaseGuid
+
+ ## CONSUMES ## Variable:L"SecureBootEnable"
+ ## PRODUCES ## Variable:L"SecureBootEnable"
+ gEfiSecureBootEnableDisableGuid
+
+ ## CONSUMES ## Variable:L"CustomMode"
+ ## PRODUCES ## Variable:L"CustomMode"
+ gEfiCustomModeEnableGuid
+
+ gEfiCertTypeRsa2048Sha256Guid ## CONSUMES
+ gEfiCertX509Guid ## CONSUMES
+ gEfiCertPkcs7Guid ## CONSUMES
+
+ gDefaultPKFileGuid
+ gDefaultKEKFileGuid
+ gDefaultdbFileGuid
+ gDefaultdbxFileGuid
+ gDefaultdbtFileGuid
+
diff --git a/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h b/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
new file mode 100644
index 0000000000..ba8009b5cd
--- /dev/null
+++ b/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
@@ -0,0 +1,134 @@
+/** @file
+ Provides a functions to enroll keys based on default values.
+
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
+Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+Copyright (c) 2021, Semihalf All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef SECURE_BOOT_VARIABLE_PROVISION_LIB_H_
+#define SECURE_BOOT_VARIABLE_PROVISION_LIB_H_
+
+/**
+ Sets the content of the 'db' variable based on 'dbDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollDbFromDefault (
+ VOID
+);
+
+/**
+ Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollDbxFromDefault (
+ VOID
+);
+
+/**
+ Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollDbtFromDefault (
+ VOID
+);
+
+/**
+ Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollKEKFromDefault (
+ VOID
+);
+
+/**
+ Sets the content of the 'PK' variable based on 'PKDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollPKFromDefault (
+ VOID
+);
+
+/**
+ Initializes PKDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitPKDefault (
+ IN VOID
+ );
+
+/**
+ Initializes KEKDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitKEKDefault (
+ IN VOID
+ );
+
+/**
+ Initializes dbDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitDbDefault (
+ IN VOID
+ );
+
+/**
+ Initializes dbtDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitDbtDefault (
+ IN VOID
+ );
+
+/**
+ Initializes dbxDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitDbxDefault (
+ IN VOID
+ );
+#endif
diff --git a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
new file mode 100644
index 0000000000..848f7ce929
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
@@ -0,0 +1,482 @@
+/** @file
+ This library provides functions to set/clear Secure Boot
+ keys and databases.
+
+ Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
+ Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+ Copyright (c) 2021, Semihalf All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <Guid/GlobalVariable.h>
+#include <Guid/AuthenticatedVariableFormat.h>
+#include <Guid/ImageAuthentication.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/SecureBootVariableLib.h>
+#include <Library/SecureBootVariableProvisionLib.h>
+
+/**
+ Enroll a key/certificate based on a default variable.
+
+ @param[in] VariableName The name of the key/database.
+ @param[in] DefaultName The name of the default variable.
+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable
+
+ @retval EFI_OUT_OF_RESOURCES Out of memory while allocating AuthHeader.
+ @retval EFI_SUCCESS Successful enrollment.
+ @return Error codes from GetTime () and SetVariable ().
+**/
+STATIC
+EFI_STATUS
+EnrollFromDefault (
+ IN CHAR16 *VariableName,
+ IN CHAR16 *DefaultName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ VOID *Data;
+ UINTN DataSize;
+ EFI_STATUS Status;
+
+ Status = EFI_SUCCESS;
+
+ DataSize = 0;
+ Status = GetVariable2 (DefaultName, &gEfiGlobalVariableGuid, &Data, &DataSize);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "error: GetVariable (\"%s): %r\n", DefaultName, Status));
+ return Status;
+ }
+
+ CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));
+ return Status;
+ }
+
+ //
+ // Allocate memory for auth variable
+ //
+ Status = gRT->SetVariable (
+ VariableName,
+ VendorGuid,
+ (EFI_VARIABLE_NON_VOLATILE |
+ EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ EFI_VARIABLE_RUNTIME_ACCESS |
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
+ DataSize,
+ Data
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "error: %a (\"%s\", %g): %r\n", __FUNCTION__, VariableName,
+ VendorGuid, Status));
+ }
+
+ if (Data != NULL) {
+ FreePool (Data);
+ }
+
+ return Status;
+}
+
+/** Initializes PKDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitPKDefault (
+ IN VOID
+ )
+{
+ EFI_SIGNATURE_LIST *EfiSig;
+ UINTN SigListsSize;
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+
+ //
+ // Check if variable exists, if so do not change it
+ //
+ Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+ if (Status == EFI_SUCCESS) {
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+ FreePool (Data);
+ return EFI_UNSUPPORTED;
+ }
+
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+ return Status;
+ }
+
+ //
+ // Variable does not exist, can be initialized
+ //
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+
+ Status = SecureBootFetchData (&gDefaultPKFileGuid, &SigListsSize, &EfiSig);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+ return Status;
+ }
+
+ Status = gRT->SetVariable (
+ EFI_PK_DEFAULT_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ SigListsSize,
+ (VOID *)EfiSig
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+ }
+
+ FreePool (EfiSig);
+
+ return Status;
+}
+
+/** Initializes KEKDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitKEKDefault (
+ IN VOID
+ )
+{
+ EFI_SIGNATURE_LIST *EfiSig;
+ UINTN SigListsSize;
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+
+ //
+ // Check if variable exists, if so do not change it
+ //
+ Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+ if (Status == EFI_SUCCESS) {
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
+ FreePool (Data);
+ return EFI_UNSUPPORTED;
+ }
+
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+ return Status;
+ }
+
+ //
+ // Variable does not exist, can be initialized
+ //
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
+
+ Status = SecureBootFetchData (&gDefaultKEKFileGuid, &SigListsSize, &EfiSig);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
+ return Status;
+ }
+
+
+ Status = gRT->SetVariable (
+ EFI_KEK_DEFAULT_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ SigListsSize,
+ (VOID *)EfiSig
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
+ }
+
+ FreePool (EfiSig);
+
+ return Status;
+}
+
+/** Initializes dbDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitDbDefault (
+ IN VOID
+ )
+{
+ EFI_SIGNATURE_LIST *EfiSig;
+ UINTN SigListsSize;
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+
+ Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+ if (Status == EFI_SUCCESS) {
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME));
+ FreePool (Data);
+ return EFI_UNSUPPORTED;
+ }
+
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+ return Status;
+ }
+
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DB_DEFAULT_VARIABLE_NAME));
+
+ Status = SecureBootFetchData (&gDefaultdbFileGuid, &SigListsSize, &EfiSig);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = gRT->SetVariable (
+ EFI_DB_DEFAULT_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ SigListsSize,
+ (VOID *)EfiSig
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DB_DEFAULT_VARIABLE_NAME));
+ }
+
+ FreePool (EfiSig);
+
+ return Status;
+}
+
+/** Initializes dbxDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitDbxDefault (
+ IN VOID
+ )
+{
+ EFI_SIGNATURE_LIST *EfiSig;
+ UINTN SigListsSize;
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+
+ //
+ // Check if variable exists, if so do not change it
+ //
+ Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+ if (Status == EFI_SUCCESS) {
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+ FreePool (Data);
+ return EFI_UNSUPPORTED;
+ }
+
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+ return Status;
+ }
+
+ //
+ // Variable does not exist, can be initialized
+ //
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+
+ Status = SecureBootFetchData (&gDefaultdbxFileGuid, &SigListsSize, &EfiSig);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+ return Status;
+ }
+
+ Status = gRT->SetVariable (
+ EFI_DBX_DEFAULT_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ SigListsSize,
+ (VOID *)EfiSig
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+ }
+
+ FreePool (EfiSig);
+
+ return Status;
+}
+
+/** Initializes dbtDefault variable with data from FFS section.
+
+ @retval EFI_SUCCESS Variable was initialized successfully.
+ @retval EFI_UNSUPPORTED Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitDbtDefault (
+ IN VOID
+ )
+{
+ EFI_SIGNATURE_LIST *EfiSig;
+ UINTN SigListsSize;
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+
+ //
+ // Check if variable exists, if so do not change it
+ //
+ Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+ if (Status == EFI_SUCCESS) {
+ DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBT_DEFAULT_VARIABLE_NAME));
+ FreePool (Data);
+ return EFI_UNSUPPORTED;
+ }
+
+ if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+ return Status;
+ }
+
+ //
+ // Variable does not exist, can be initialized
+ //
+ DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBT_DEFAULT_VARIABLE_NAME));
+
+ Status = SecureBootFetchData (&gDefaultdbtFileGuid, &SigListsSize, &EfiSig);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = gRT->SetVariable (
+ EFI_DBT_DEFAULT_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ SigListsSize,
+ (VOID *)EfiSig
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DBT_DEFAULT_VARIABLE_NAME));
+ }
+
+ FreePool (EfiSig);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Sets the content of the 'db' variable based on 'dbDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollDbFromDefault (
+ VOID
+)
+{
+ EFI_STATUS Status;
+
+ Status = EnrollFromDefault (
+ EFI_IMAGE_SECURITY_DATABASE,
+ EFI_DB_DEFAULT_VARIABLE_NAME,
+ &gEfiImageSecurityDatabaseGuid
+ );
+
+ return Status;
+}
+
+/**
+ Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollDbxFromDefault (
+ VOID
+)
+{
+ EFI_STATUS Status;
+
+ Status = EnrollFromDefault (
+ EFI_IMAGE_SECURITY_DATABASE1,
+ EFI_DBX_DEFAULT_VARIABLE_NAME,
+ &gEfiImageSecurityDatabaseGuid
+ );
+
+ return Status;
+}
+
+/**
+ Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollDbtFromDefault (
+ VOID
+)
+{
+ EFI_STATUS Status;
+
+ Status = EnrollFromDefault (
+ EFI_IMAGE_SECURITY_DATABASE2,
+ EFI_DBT_DEFAULT_VARIABLE_NAME,
+ &gEfiImageSecurityDatabaseGuid);
+
+ return Status;
+}
+
+/**
+ Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollKEKFromDefault (
+ VOID
+)
+{
+ EFI_STATUS Status;
+
+ Status = EnrollFromDefault (
+ EFI_KEY_EXCHANGE_KEY_NAME,
+ EFI_KEK_DEFAULT_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid
+ );
+
+ return Status;
+}
+
+/**
+ Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.
+
+ @retval EFI_OUT_OF_RESOURCES If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+ while VendorGuid is NULL.
+ @retval other Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollPKFromDefault (
+ VOID
+)
+{
+ EFI_STATUS Status;
+
+ Status = EnrollFromDefault (
+ EFI_PLATFORM_KEY_NAME,
+ EFI_PK_DEFAULT_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid
+ );
+
+ return Status;
+}
diff --git a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni
new file mode 100644
index 0000000000..68d928ef30
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni
@@ -0,0 +1,16 @@
+// /** @file
+//
+// Provides initialization of Secure Boot keys and databases.
+//
+// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+// Copyright (c) 2021, Semihalf All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides functions to initialize PK, KEK and databases based on default variables."
+
+#string STR_MODULE_DESCRIPTION #language en-US "Provides functions to initialize PK, KEK and databases based on default variables."
+
--
2.25.1






Re: [PATCH v8 02/11] SecurityPkg: Create library for enrolling Secure Boot variables.

Patrick Rudolph
 

Hi Grzegorz,
I tried this patch, but I cannot enroll the DBX downloaded from here:

Is it even possible with current code? Did you test DBX enrollment as well using the revocation list file?

Regards,
Patrick


On Mon, Aug 2, 2021 at 12:47 PM Grzegorz Bernacki <gjb@...> wrote:
This commits add library, which consist functions to
enrolll Secure Boot keys and initialize Secure Boot
default variables. Some of the functions was moved
 from SecureBootConfigImpl.c file.

Signed-off-by: Grzegorz Bernacki <gjb@...>
Reviewed-by: Sunny Wang <sunny.wang@...>
Reviewed-by: Jiewen Yao <Jiewen.yao@...>
---
 SecurityPkg/SecurityPkg.dec                                                           |   4 +
 SecurityPkg/SecurityPkg.dsc                                                           |   1 +
 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf |  80 ++++
 SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h                          | 134 ++++++
 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c   | 482 ++++++++++++++++++++
 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni |  16 +
 6 files changed, 717 insertions(+)
 create mode 100644 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
 create mode 100644 SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
 create mode 100644 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
 create mode 100644 SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 8f3710e59f..e30c39f321 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -91,6 +91,10 @@
   ## @libraryclass  Provides helper functions related to creation/removal Secure Boot variables.
   #
   SecureBootVariableLib|Include/Library/SecureBootVariableLib.h
+
+  ## @libraryclass  Provides support to enroll Secure Boot keys.
+  #
+  SecureBootVariableProvisionLib|Include/Library/SecureBootVariableProvisionLib.h
 [Guids]
   ## Security package token space guid.
   # Include/Guid/SecurityPkgTokenSpace.h
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 854f250625..99c227dad2 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -71,6 +71,7 @@
   TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
   MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
   SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf
+  SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf

 [LibraryClasses.ARM]
   #
diff --git a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
new file mode 100644
index 0000000000..a09abd29ce
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
@@ -0,0 +1,80 @@
+## @file
+#  Provides initialization of Secure Boot keys and databases.
+#
+#  Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+#  Copyright (c) 2021, Semihalf All rights reserved.<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = SecureBootVariableLib
+  MODULE_UNI_FILE                = SecureBootVariableLib.uni
+  FILE_GUID                      = 18192DD0-9430-45F1-80C7-5C52061CD183
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = SecureBootVariableProvisionLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
+#
+
+[Sources]
+  SecureBootVariableProvisionLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
+  DxeServicesLib
+  SecureBootVariableLib
+
+[Guids]
+  ## CONSUMES            ## Variable:L"SetupMode"
+  ## PRODUCES            ## Variable:L"SetupMode"
+  ## CONSUMES            ## Variable:L"SecureBoot"
+  ## PRODUCES            ## Variable:L"SecureBoot"
+  ## PRODUCES            ## Variable:L"PK"
+  ## PRODUCES            ## Variable:L"KEK"
+  ## CONSUMES            ## Variable:L"PKDefault"
+  ## CONSUMES            ## Variable:L"KEKDefault"
+  ## CONSUMES            ## Variable:L"dbDefault"
+  ## CONSUMES            ## Variable:L"dbxDefault"
+  ## CONSUMES            ## Variable:L"dbtDefault"
+  gEfiGlobalVariableGuid
+
+  ## SOMETIMES_CONSUMES  ## Variable:L"DB"
+  ## SOMETIMES_CONSUMES  ## Variable:L"DBX"
+  ## SOMETIMES_CONSUMES  ## Variable:L"DBT"
+  gEfiImageSecurityDatabaseGuid
+
+  ## CONSUMES            ## Variable:L"SecureBootEnable"
+  ## PRODUCES            ## Variable:L"SecureBootEnable"
+  gEfiSecureBootEnableDisableGuid
+
+  ## CONSUMES            ## Variable:L"CustomMode"
+  ## PRODUCES            ## Variable:L"CustomMode"
+  gEfiCustomModeEnableGuid
+
+  gEfiCertTypeRsa2048Sha256Guid  ## CONSUMES
+  gEfiCertX509Guid               ## CONSUMES
+  gEfiCertPkcs7Guid              ## CONSUMES
+
+  gDefaultPKFileGuid
+  gDefaultKEKFileGuid
+  gDefaultdbFileGuid
+  gDefaultdbxFileGuid
+  gDefaultdbtFileGuid
+
diff --git a/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h b/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
new file mode 100644
index 0000000000..ba8009b5cd
--- /dev/null
+++ b/SecurityPkg/Include/Library/SecureBootVariableProvisionLib.h
@@ -0,0 +1,134 @@
+/** @file
+  Provides a functions to enroll keys based on default values.
+
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
+Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+Copyright (c) 2021, Semihalf All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef SECURE_BOOT_VARIABLE_PROVISION_LIB_H_
+#define SECURE_BOOT_VARIABLE_PROVISION_LIB_H_
+
+/**
+  Sets the content of the 'db' variable based on 'dbDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollDbFromDefault (
+  VOID
+);
+
+/**
+  Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollDbxFromDefault (
+  VOID
+);
+
+/**
+  Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollDbtFromDefault (
+  VOID
+);
+
+/**
+  Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollKEKFromDefault (
+  VOID
+);
+
+/**
+  Sets the content of the 'PK' variable based on 'PKDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2(), GetTime() and SetVariable()
+--*/
+EFI_STATUS
+EFIAPI
+EnrollPKFromDefault (
+  VOID
+);
+
+/**
+  Initializes PKDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitPKDefault (
+  IN VOID
+  );
+
+/**
+  Initializes KEKDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitKEKDefault (
+  IN VOID
+  );
+
+/**
+  Initializes dbDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitDbDefault (
+  IN VOID
+  );
+
+/**
+  Initializes dbtDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitDbtDefault (
+  IN VOID
+  );
+
+/**
+  Initializes dbxDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+--*/
+EFI_STATUS
+SecureBootInitDbxDefault (
+  IN VOID
+  );
+#endif
diff --git a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
new file mode 100644
index 0000000000..848f7ce929
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.c
@@ -0,0 +1,482 @@
+/** @file
+  This library provides functions to set/clear Secure Boot
+  keys and databases.
+
+  Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+  (C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
+  Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+  Copyright (c) 2021, Semihalf All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <Guid/GlobalVariable.h>
+#include <Guid/AuthenticatedVariableFormat.h>
+#include <Guid/ImageAuthentication.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/UefiLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/SecureBootVariableLib.h>
+#include <Library/SecureBootVariableProvisionLib.h>
+
+/**
+  Enroll a key/certificate based on a default variable.
+
+  @param[in] VariableName        The name of the key/database.
+  @param[in] DefaultName         The name of the default variable.
+  @param[in] VendorGuid          The namespace (ie. vendor GUID) of the variable
+
+  @retval EFI_OUT_OF_RESOURCES   Out of memory while allocating AuthHeader.
+  @retval EFI_SUCCESS            Successful enrollment.
+  @return                        Error codes from GetTime () and SetVariable ().
+**/
+STATIC
+EFI_STATUS
+EnrollFromDefault (
+  IN CHAR16   *VariableName,
+  IN CHAR16   *DefaultName,
+  IN EFI_GUID *VendorGuid
+  )
+{
+  VOID       *Data;
+  UINTN       DataSize;
+  EFI_STATUS  Status;
+
+  Status = EFI_SUCCESS;
+
+  DataSize = 0;
+  Status = GetVariable2 (DefaultName, &gEfiGlobalVariableGuid, &Data, &DataSize);
+  if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "error: GetVariable (\"%s): %r\n", DefaultName, Status));
+      return Status;
+  }
+
+  CreateTimeBasedPayload (&DataSize, (UINT8 **)&Data);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status));
+    return Status;
+  }
+
+  //
+  // Allocate memory for auth variable
+  //
+  Status = gRT->SetVariable (
+                  VariableName,
+                  VendorGuid,
+                  (EFI_VARIABLE_NON_VOLATILE |
+                   EFI_VARIABLE_BOOTSERVICE_ACCESS |
+                   EFI_VARIABLE_RUNTIME_ACCESS |
+                   EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
+                  DataSize,
+                  Data
+                  );
+
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "error: %a (\"%s\", %g): %r\n", __FUNCTION__, VariableName,
+      VendorGuid, Status));
+  }
+
+  if (Data != NULL) {
+    FreePool (Data);
+  }
+
+  return Status;
+}
+
+/** Initializes PKDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitPKDefault (
+  IN VOID
+  )
+{
+  EFI_SIGNATURE_LIST *EfiSig;
+  UINTN               SigListsSize;
+  EFI_STATUS          Status;
+  UINT8               *Data;
+  UINTN               DataSize;
+
+  //
+  // Check if variable exists, if so do not change it
+  //
+  Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+  if (Status == EFI_SUCCESS) {
+    DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+    FreePool (Data);
+    return EFI_UNSUPPORTED;
+  }
+
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+    return Status;
+  }
+
+  //
+  // Variable does not exist, can be initialized
+  //
+  DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+
+  Status = SecureBootFetchData (&gDefaultPKFileGuid, &SigListsSize, &EfiSig);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+    return Status;
+  }
+
+  Status = gRT->SetVariable (
+                  EFI_PK_DEFAULT_VARIABLE_NAME,
+                  &gEfiGlobalVariableGuid,
+                  EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+                  SigListsSize,
+                  (VOID *)EfiSig
+                  );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+  }
+
+  FreePool (EfiSig);
+
+  return Status;
+}
+
+/** Initializes KEKDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitKEKDefault (
+  IN VOID
+  )
+{
+  EFI_SIGNATURE_LIST *EfiSig;
+  UINTN               SigListsSize;
+  EFI_STATUS          Status;
+  UINT8              *Data;
+  UINTN               DataSize;
+
+  //
+  // Check if variable exists, if so do not change it
+  //
+  Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+  if (Status == EFI_SUCCESS) {
+    DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
+    FreePool (Data);
+    return EFI_UNSUPPORTED;
+  }
+
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+    return Status;
+  }
+
+  //
+  // Variable does not exist, can be initialized
+  //
+  DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
+
+  Status = SecureBootFetchData (&gDefaultKEKFileGuid, &SigListsSize, &EfiSig);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
+    return Status;
+  }
+
+
+  Status = gRT->SetVariable (
+                  EFI_KEK_DEFAULT_VARIABLE_NAME,
+                  &gEfiGlobalVariableGuid,
+                  EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+                  SigListsSize,
+                  (VOID *)EfiSig
+                  );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
+  }
+
+  FreePool (EfiSig);
+
+  return Status;
+}
+
+/** Initializes dbDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitDbDefault (
+  IN VOID
+  )
+{
+  EFI_SIGNATURE_LIST *EfiSig;
+  UINTN               SigListsSize;
+  EFI_STATUS          Status;
+  UINT8              *Data;
+  UINTN               DataSize;
+
+  Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+  if (Status == EFI_SUCCESS) {
+    DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME));
+    FreePool (Data);
+    return EFI_UNSUPPORTED;
+  }
+
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+    return Status;
+  }
+
+  DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DB_DEFAULT_VARIABLE_NAME));
+
+  Status = SecureBootFetchData (&gDefaultdbFileGuid, &SigListsSize, &EfiSig);
+  if (EFI_ERROR (Status)) {
+      return Status;
+  }
+
+  Status = gRT->SetVariable (
+                  EFI_DB_DEFAULT_VARIABLE_NAME,
+                  &gEfiGlobalVariableGuid,
+                  EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+                  SigListsSize,
+                  (VOID *)EfiSig
+                  );
+  if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DB_DEFAULT_VARIABLE_NAME));
+  }
+
+  FreePool (EfiSig);
+
+  return Status;
+}
+
+/** Initializes dbxDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitDbxDefault (
+  IN VOID
+  )
+{
+  EFI_SIGNATURE_LIST *EfiSig;
+  UINTN               SigListsSize;
+  EFI_STATUS          Status;
+  UINT8              *Data;
+  UINTN               DataSize;
+
+  //
+  // Check if variable exists, if so do not change it
+  //
+  Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+  if (Status == EFI_SUCCESS) {
+    DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+    FreePool (Data);
+    return EFI_UNSUPPORTED;
+  }
+
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+    return Status;
+  }
+
+  //
+  // Variable does not exist, can be initialized
+  //
+  DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+
+  Status = SecureBootFetchData (&gDefaultdbxFileGuid, &SigListsSize, &EfiSig);
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_INFO, "Content for %s not found\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+    return Status;
+  }
+
+  Status = gRT->SetVariable (
+                  EFI_DBX_DEFAULT_VARIABLE_NAME,
+                  &gEfiGlobalVariableGuid,
+                  EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+                  SigListsSize,
+                  (VOID *)EfiSig
+                  );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+  }
+
+  FreePool (EfiSig);
+
+  return Status;
+}
+
+/** Initializes dbtDefault variable with data from FFS section.
+
+  @retval  EFI_SUCCESS           Variable was initialized successfully.
+  @retval  EFI_UNSUPPORTED       Variable already exists.
+**/
+EFI_STATUS
+SecureBootInitDbtDefault (
+  IN VOID
+  )
+{
+  EFI_SIGNATURE_LIST *EfiSig;
+  UINTN               SigListsSize;
+  EFI_STATUS          Status;
+  UINT8              *Data;
+  UINTN               DataSize;
+
+  //
+  // Check if variable exists, if so do not change it
+  //
+  Status = GetVariable2 (EFI_DBT_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+  if (Status == EFI_SUCCESS) {
+    DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBT_DEFAULT_VARIABLE_NAME));
+    FreePool (Data);
+    return EFI_UNSUPPORTED;
+  }
+
+  if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) {
+    return Status;
+  }
+
+  //
+  // Variable does not exist, can be initialized
+  //
+  DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBT_DEFAULT_VARIABLE_NAME));
+
+  Status = SecureBootFetchData (&gDefaultdbtFileGuid, &SigListsSize, &EfiSig);
+  if (EFI_ERROR (Status)) {
+      return Status;
+  }
+
+  Status = gRT->SetVariable (
+                  EFI_DBT_DEFAULT_VARIABLE_NAME,
+                  &gEfiGlobalVariableGuid,
+                  EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+                  SigListsSize,
+                  (VOID *)EfiSig
+                  );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_INFO, "Failed to set %s\n", EFI_DBT_DEFAULT_VARIABLE_NAME));
+  }
+
+  FreePool (EfiSig);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Sets the content of the 'db' variable based on 'dbDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollDbFromDefault (
+  VOID
+)
+{
+  EFI_STATUS Status;
+
+  Status = EnrollFromDefault (
+             EFI_IMAGE_SECURITY_DATABASE,
+             EFI_DB_DEFAULT_VARIABLE_NAME,
+             &gEfiImageSecurityDatabaseGuid
+             );
+
+  return Status;
+}
+
+/**
+  Sets the content of the 'dbx' variable based on 'dbxDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollDbxFromDefault (
+  VOID
+)
+{
+  EFI_STATUS Status;
+
+  Status = EnrollFromDefault (
+             EFI_IMAGE_SECURITY_DATABASE1,
+             EFI_DBX_DEFAULT_VARIABLE_NAME,
+             &gEfiImageSecurityDatabaseGuid
+             );
+
+  return Status;
+}
+
+/**
+  Sets the content of the 'dbt' variable based on 'dbtDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollDbtFromDefault (
+  VOID
+)
+{
+  EFI_STATUS Status;
+
+  Status = EnrollFromDefault (
+             EFI_IMAGE_SECURITY_DATABASE2,
+             EFI_DBT_DEFAULT_VARIABLE_NAME,
+             &gEfiImageSecurityDatabaseGuid);
+
+  return Status;
+}
+
+/**
+  Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollKEKFromDefault (
+  VOID
+)
+{
+  EFI_STATUS Status;
+
+  Status = EnrollFromDefault (
+             EFI_KEY_EXCHANGE_KEY_NAME,
+             EFI_KEK_DEFAULT_VARIABLE_NAME,
+             &gEfiGlobalVariableGuid
+             );
+
+  return Status;
+}
+
+/**
+  Sets the content of the 'KEK' variable based on 'KEKDefault' variable content.
+
+  @retval EFI_OUT_OF_RESOURCES      If memory allocation for EFI_VARIABLE_AUTHENTICATION_2 fails
+                                    while VendorGuid is NULL.
+  @retval other                     Errors from GetVariable2 (), GetTime () and SetVariable ()
+**/
+EFI_STATUS
+EFIAPI
+EnrollPKFromDefault (
+  VOID
+)
+{
+  EFI_STATUS Status;
+
+  Status = EnrollFromDefault (
+             EFI_PLATFORM_KEY_NAME,
+             EFI_PK_DEFAULT_VARIABLE_NAME,
+             &gEfiGlobalVariableGuid
+             );
+
+  return Status;
+}
diff --git a/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni
new file mode 100644
index 0000000000..68d928ef30
--- /dev/null
+++ b/SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.uni
@@ -0,0 +1,16 @@
+// /** @file
+//
+// Provides initialization of Secure Boot keys and databases.
+//
+// Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+// Copyright (c) 2021, Semihalf All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides functions to initialize PK, KEK and databases based on default variables."
+
+#string STR_MODULE_DESCRIPTION          #language en-US "Provides functions to initialize PK, KEK and databases based on default variables."
+
--
2.25.1







Re: [PATCH v4 00/10] Added support for FT2000/4 chip

Leif Lindholm
 

Hi Ling,

Many thanks for this.
I have accrued a huge review backlog, but I hope to be able to have a
look at this set before the end of this week.

Best Regards,

Leif

On Wed, Aug 18, 2021 at 17:40:14 +0800, Ling Jia wrote:
This series added packages to support FT2000/4 chip.
Platform/Phytium: Added DurianPkg, include DurianPkg.dsc and DurianPkg.fdf.
Silicon/Phytium: Added FT2000-4Pkg and PhytiumCommonPkg.

The modules could be runed at the silicon of FT2000/4.
They supported Acpi parameter configuration, Pci bus scaning,
flash read-write and erase abd operating system boot function.
Maintainers.txt: Added maintainers and reviewers for the DurianPkg.

The public git repository is :
https://github.com/jialing2020/edk2-platforms/tree/Phytium_Opensource_For_FT2000-4_v4

Ling Jia (10):
Silicon/Phytium: Added PlatformLib to FT2000/4
Silicon/Phytium: Added Acpi support to FT2000/4
Silicon/Phytium: Added SMBIOS support to FT2000/4
Silicon/Phytium: Added PciSegmentLib to FT2000/4
Silicon/Phytium: Added PciHostBridgeLib to FT2000/4
Silicon/Phytium: Added Spi driver support to FT2000/4
Silicon/Phytium: Added flash driver support to Phytium Silicon
Silicon/Phytium: Added fvb driver for norflash
Silicon/Phytium: Added Rtc driver to FT2000/4
Maintainers.txt: Added maintainers and reviewers for the DurianPkg

Silicon/Phytium/PhytiumCommonPkg/PhytiumCommonPkg.dec | 52 +
Silicon/Phytium/PhytiumCommonPkg/PhytiumCommonPkg.dsc.inc | 345 +++++
Platform/Phytium/DurianPkg/DurianPkg.dsc | 331 +++++
Platform/Phytium/DurianPkg/DurianPkg.fdf | 235 ++++
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/AcpiTables.inf | 56 +
Silicon/Phytium/FT2000-4Pkg/Drivers/SmbiosPlatformDxe/SmbiosPlatformDxe.inf | 47 +
Silicon/Phytium/FT2000-4Pkg/Drivers/SpiDxe/SpiDxe.inf | 44 +
Silicon/Phytium/FT2000-4Pkg/Drivers/SpiNorFlashDxe/SpiNorFlashDxe.inf | 48 +
Silicon/Phytium/FT2000-4Pkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf | 47 +
Silicon/Phytium/FT2000-4Pkg/Library/PciSegmentLib/PciSegmentLib.inf | 28 +
Silicon/Phytium/FT2000-4Pkg/Library/PlatformLib/PlatformLib.inf | 55 +
Silicon/Phytium/FT2000-4Pkg/Library/RealTimeClockLib/RealTimeClockLib.inf | 39 +
Silicon/Phytium/PhytiumCommonPkg/Drivers/AcpiPlatformDxe/AcpiPlatformDxe.inf | 53 +
Silicon/Phytium/PhytiumCommonPkg/Drivers/FlashFvbDxe/FlashFvbDxe.inf | 61 +
Silicon/Phytium/FT2000-4Pkg/Drivers/SpiDxe/SpiDxe.h | 59 +
Silicon/Phytium/FT2000-4Pkg/Drivers/SpiNorFlashDxe/SpiNorFlashDxe.h | 95 ++
Silicon/Phytium/FT2000-4Pkg/Library/RealTimeClockLib/RealTimeClockLib.h | 24 +
Silicon/Phytium/PhytiumCommonPkg/Drivers/FlashFvbDxe/FlashFvbDxe.h | 104 ++
Silicon/Phytium/PhytiumCommonPkg/Include/Platform.h | 80 ++
Silicon/Phytium/PhytiumCommonPkg/Include/Protocol/SpiNorFlashProtocol.h | 74 +
Silicon/Phytium/PhytiumCommonPkg/Include/Protocol/SpiProtocol.h | 51 +
Silicon/Phytium/PhytiumCommonPkg/Include/SystemServiceInterface.h | 112 ++
Silicon/Phytium/FT2000-4Pkg/Drivers/SmbiosPlatformDxe/SmbiosPlatformDxe.c | 943 +++++++++++++
Silicon/Phytium/FT2000-4Pkg/Drivers/SpiDxe/SpiDxe.c | 202 +++
Silicon/Phytium/FT2000-4Pkg/Drivers/SpiNorFlashDxe/SpiNorFlashDxe.c | 412 ++++++
Silicon/Phytium/FT2000-4Pkg/Library/PciHostBridgeLib/PciHostBridgeLib.c | 181 +++
Silicon/Phytium/FT2000-4Pkg/Library/PciSegmentLib/PciSegmentLib.c | 1434 ++++++++++++++++++++
Silicon/Phytium/FT2000-4Pkg/Library/PlatformLib/PlatformLib.c | 137 ++
Silicon/Phytium/FT2000-4Pkg/Library/PlatformLib/PlatformLibMem.c | 156 +++
Silicon/Phytium/FT2000-4Pkg/Library/RealTimeClockLib/RealTimeClockLib.c | 462 +++++++
Silicon/Phytium/PhytiumCommonPkg/Drivers/AcpiPlatformDxe/AcpiPlatform.c | 250 ++++
Silicon/Phytium/PhytiumCommonPkg/Drivers/FlashFvbDxe/FlashFvbDxe.c | 1304 ++++++++++++++++++
Maintainers.txt | 8 +
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/AcpiSsdtRootPci.asl | 209 +++
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Dbg2.aslc | 80 ++
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Dsdt/Cpu.asl | 85 ++
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Dsdt/Dsdt.asl | 15 +
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Dsdt/Uart.asl | 65 +
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Fadt.aslc | 77 ++
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Gtdt.aslc | 83 ++
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Iort.aslc | 89 ++
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Madt.aslc | 67 +
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Mcfg.aslc | 65 +
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Pptt.aslc | 219 +++
Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Spcr.aslc | 73 +
Silicon/Phytium/FT2000-4Pkg/Library/PlatformLib/AArch64/PhytiumPlatformHelper.S | 76 ++
Silicon/Phytium/PhytiumCommonPkg/PhytiumCommonPkg.fdf.inc | 119 ++
47 files changed, 8851 insertions(+)
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/PhytiumCommonPkg.dec
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/PhytiumCommonPkg.dsc.inc
create mode 100644 Platform/Phytium/DurianPkg/DurianPkg.dsc
create mode 100644 Platform/Phytium/DurianPkg/DurianPkg.fdf
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/AcpiTables.inf
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/SmbiosPlatformDxe/SmbiosPlatformDxe.inf
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/SpiDxe/SpiDxe.inf
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/SpiNorFlashDxe/SpiNorFlashDxe.inf
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/PciHostBridgeLib/PciHostBridgeLib.inf
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/PciSegmentLib/PciSegmentLib.inf
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/PlatformLib/PlatformLib.inf
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/RealTimeClockLib/RealTimeClockLib.inf
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/Drivers/AcpiPlatformDxe/AcpiPlatformDxe.inf
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/Drivers/FlashFvbDxe/FlashFvbDxe.inf
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/SpiDxe/SpiDxe.h
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/SpiNorFlashDxe/SpiNorFlashDxe.h
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/RealTimeClockLib/RealTimeClockLib.h
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/Drivers/FlashFvbDxe/FlashFvbDxe.h
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/Include/Platform.h
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/Include/Protocol/SpiNorFlashProtocol.h
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/Include/Protocol/SpiProtocol.h
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/Include/SystemServiceInterface.h
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/SmbiosPlatformDxe/SmbiosPlatformDxe.c
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/SpiDxe/SpiDxe.c
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/SpiNorFlashDxe/SpiNorFlashDxe.c
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/PciHostBridgeLib/PciHostBridgeLib.c
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/PciSegmentLib/PciSegmentLib.c
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/PlatformLib/PlatformLib.c
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/PlatformLib/PlatformLibMem.c
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/RealTimeClockLib/RealTimeClockLib.c
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/Drivers/AcpiPlatformDxe/AcpiPlatform.c
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/Drivers/FlashFvbDxe/FlashFvbDxe.c
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/AcpiSsdtRootPci.asl
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Dbg2.aslc
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Dsdt/Cpu.asl
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Dsdt/Dsdt.asl
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Dsdt/Uart.asl
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Fadt.aslc
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Gtdt.aslc
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Iort.aslc
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Madt.aslc
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Mcfg.aslc
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Pptt.aslc
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Drivers/AcpiTables/Spcr.aslc
create mode 100644 Silicon/Phytium/FT2000-4Pkg/Library/PlatformLib/AArch64/PhytiumPlatformHelper.S
create mode 100644 Silicon/Phytium/PhytiumCommonPkg/PhytiumCommonPkg.fdf.inc

--
2.25.1


Re: [PATCH 18/23] OvmfPkg: Enable Tdx in SecMain.c

Min Xu
 

On August 20, 2021 3:23 PM, Gerd Hoffmann wrote:
On Thu, Aug 19, 2021 at 02:27:16PM +0000, Min Xu wrote:
On August 19, 2021 2:50 PM, Gerd Hoffmann wrote:
+/**
+ In Tdx guest, some information need to be passed from host VMM
+to
guest
+ firmware. For example, the memory resource, etc. These
+ information are prepared by host VMM and put in HobList which
+ is described in
TdxMetadata.

What kind of information is passed to the guest here?
Please see
https://software.intel.com/content/dam/develop/external/us/en/document
s/tdx-virtual-firmware-design-guide-rev-1.pdf
Section 4.2 TD Hand-Off Block (HOB)
So basically the physical memory map.
qemu has etc/e820 for that.

qemu has fw_cfg to pass information from the VMM to the guest
firmware.
What are the reasons to not use fw_cfg?
Not all the VMM support fw_cfg. Cloud-Hypervisor is the example.
I can't see any support for Cloud-Hypervisor in OVMF.
Right that currently OVMF is not supported by Cloud-Hypervisor in Td guest. But we're
planning to support Cloud-Hypervisor to launch OVMF in Td guest and have done
some POC.

Also FreeBSD's bhyve doesn't support fw_cfg either and has its own ways to
detect memory. Cloud-Hypervisor can surely do that too.

So, why does this matter?
Yes, Cloud-Hypervisor has some POC to launch OVMF in Non-Td guest. In that POC
Cloud-Hypervisor leverage a 4k page in MEMFD and pass ACPI data to guest
Firmware in that memory.
https://github.com/cloud-hypervisor/edk2 "ch" branch
https://github.com/cloud-hypervisor/edk2/commit/52cb72a748ef70833100ca664f6c2a704c28a93f

https://github.com/cloud-hypervisor/cloud-hypervisor
TD Hob list gives Cloud-Hypervisor a chance to pass information to guest
firmware.
For example, ACPI can be downloaded from QEMU via fw_cfg to firmware.
But Cloud-Hypervisor cannot pass ACPI via fw_cfg. In this situation,
TD Hob can resolve this problem.
Sure, but again, why does this matter? For qemu?
I don't quite understand the question here(For qumu?).
What I mean in my last answer is that TD Hob can resolve the problem when the host VMM
doesn't support fw_cfg communication mechanism.
For the host VMMs which doesn't support fw_cfg, when ACPI data need to be passed to guest
firmware, a 4k page (to hold ACPI data) is added in MEMFD. Then when SMBIOS is needed,
shall we add another page in MEMFD? If the ACPI data is too big to be held in a 4k page, then
the size of the reserved memory region in MEMFD is the restriction.

I don't like the idea to have TDX take a completely different code paths.
That increases the code complexity and makes testing harder for no good
reason.
TD Hob is not a completely different code path. This is a useful supplement to the fw_cfg which
is not supported by some host VMM.
From another perspective TD Hob can be treated as a set of launch parameter by host VMM.
It provides the flexibility for the host VMM to bring up the guest firmware with more parameters.
Another benefit is that TD Hob can be measured into some secure register (for example, in TD guest
it is RTMR registers, like the TPM PCR) so that attestation can be done based on the measurement.

Thanks Gerd for the comments. I am not sure if my explanation addressed your concern. Your comments
is always welcomed.
Thanks!
Min


[edk2-non-osi] [PATCH] Maintainers.txt: Modify maintainer role for EHL

jinjhuli
 

Modify my role to be one of the EHL maintainers.

Signed-off-by: jinjhuli <jin.jhu.lim@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Sai Chaganty <rangasai.v.chaganty@intel.com>
---
Maintainers.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Maintainers.txt b/Maintainers.txt
index d5865ba..b8a4140 100644
--- a/Maintainers.txt
+++ b/Maintainers.txt
@@ -56,7 +56,7 @@ M: Sai Chaganty <rangasai.v.chaganty@intel.com>
Silicon/Intel/ElkhartlakeSiliconBinPkg
M: Nate DeSimone <nathaniel.l.desimone@intel.com>
M: Sai Chaganty <rangasai.v.chaganty@intel.com>
-R: Jin Jhu Lim <jin.jhu.lim@intel.com>
+M: Jin Jhu Lim <jin.jhu.lim@intel.com>

Silicon/Intel/KabylakeSiliconBinPkg
M: Chasel Chiu <chasel.chiu@intel.com>
--
2.28.0.windows.1


Re: [PATCH] UefiPayloadPkg: Add FV Guid for DXEFV and PLDFV

Ni, Ray
 

It seems like the coreboot cannot support FV that contains GUID in its header.

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of King Sumo
Sent: Tuesday, August 24, 2021 1:02 AM
To: devel@edk2.groups.io; Dong, Guo <guo.dong@...>
Cc: Liu, Zhiguang <zhiguang.liu@...>
Subject: Re: [edk2-devel] [PATCH] UefiPayloadPkg: Add FV Guid for DXEFV and PLDFV

 

Hi All,

 

This patch broke the coreboot payload loading. Tested with:

build -a IA32 -a X64 -p UefiPayloadPkg/UefiPayloadPkg.dsc -b RELEASE -t GCC5 -D BOOTLOADER=COREBOOT


Basically the coreboot cbfstool reports the following error when creating the CBFS / flash image:

"Not a usable UEFI firmware volume"

 

Trying to boot coreboot results in an exception and the following error message:

"Payload not loaded"


Probably it broke the interface.

 

commit 4bac086e8e007c7143e33f87bb96238326d1d6ba
Author: Zhiguang Liu <zhiguang.liu@...>
Date:   Wed Jul 14 14:24:45 2021 +0800

    UefiPayloadPkg: Add FV Guid for DXEFV and PLDFV

    Signed-off-by: Zhiguang Liu <zhiguang.liu@...>
    Reviewed-by: Ray Ni <ray.ni@...>
    Reviewed-by: Guo Dong <guo.dong@...>

 

 

Kind regards,

Sumo

 

On Wed, Jul 14, 2021 at 1:08 PM Guo Dong <guo.dong@...> wrote:


Signed-off-by: Guo Dong <guo.dong@...>

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> Zhiguang Liu
> Sent: Tuesday, July 13, 2021 11:25 PM
> To: devel@edk2.groups.io
> Subject: [edk2-devel] [PATCH] UefiPayloadPkg: Add FV Guid for DXEFV and
> PLDFV
>
> Signed-off-by: Zhiguang Liu <zhiguang.liu@...>
> ---
>  UefiPayloadPkg/UefiPayloadPkg.fdf | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf
> b/UefiPayloadPkg/UefiPayloadPkg.fdf
> index 2d51fdbacb..041fed842c 100644
> --- a/UefiPayloadPkg/UefiPayloadPkg.fdf
> +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
> @@ -34,6 +34,7 @@ FV = PLDFV
>
>
>
> ##########################################################
> ######################
>
>  [FV.PLDFV]
>
> +FvNameGuid         = 96E75986-6FDD-491E-9FD5-35E21AC45B45
>
>  BlockSize          = $(FD_BLOCK_SIZE)
>
>  FvAlignment        = 16
>
>  ERASE_POLARITY     = 1
>
> @@ -62,6 +63,7 @@ FILE FV_IMAGE = 4E35FD93-9C72-4c15-8C4B-
> E77F1DB2D793 {
>
> ##########################################################
> ######################
>
>
>
>  [FV.DXEFV]
>
> +FvNameGuid         = 8063C21A-8E58-4576-95CE-089E87975D23
>
>  BlockSize          = $(FD_BLOCK_SIZE)
>
>  FvForceRebase      = FALSE
>
>  FvAlignment        = 16
>
> --
> 2.30.0.windows.2
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#77762): https://edk2.groups.io/g/devel/message/77762
> Mute This Topic: https://groups.io/mt/84196221/1781375
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [guo.dong@...]
> -=-=-=-=-=-=
>






Re: [edk2-platforms PATCH v2] Marvell: Armada7k8k/OcteonTx: Add missing _STA methods in ACPI tables

Ard Biesheuvel
 

On Tue, 24 Aug 2021 at 08:00, Marcin Wojtas <mw@semihalf.com> wrote:

Hi Ard,

śr., 11 sie 2021 o 12:58 Marcin Wojtas <mw@semihalf.com> napisał(a):

Hi Ard,

śr., 11 sie 2021 o 12:42 Ard Biesheuvel <ardb@kernel.org> napisał(a):

On Wed, 11 Aug 2021 at 00:04, Marcin Wojtas <mw@semihalf.com> wrote:

BBR 1.0 spec says that _STA is required for each device in DSDT or SSDT.
Fix that for all platforms with the Marvell SoC's.

Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Did you add back the _STA methods that I removed from the secondary
UARTs you introduced in the original series?
Yes, this patch adds _STA to the relevant COM2 nodes in
Armada80x0McBin and Cn913xDbA DSDT files.
Do you have any further comments to this patch?
Pushed as 75899d2a8f97..17e0c2f6f79b

Thanks,



---
Changelog:
v1->v2:
* Rebase on top of tree

Silicon/Marvell/Armada7k8k/AcpiTables/Armada70x0Db/Dsdt.asl | 56 +++++++++++++++
Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0Db/Dsdt.asl | 76 ++++++++++++++++++++
Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0McBin/Dsdt.asl | 76 ++++++++++++++++++++
Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn9131DbA/Ssdt.asl | 12 ++++
Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn913xDbA/Dsdt.asl | 60 ++++++++++++++++
5 files changed, 280 insertions(+)

diff --git a/Silicon/Marvell/Armada7k8k/AcpiTables/Armada70x0Db/Dsdt.asl b/Silicon/Marvell/Armada7k8k/AcpiTables/Armada70x0Db/Dsdt.asl
index 345c1e4dd6..88e38efeeb 100644
--- a/Silicon/Marvell/Armada7k8k/AcpiTables/Armada70x0Db/Dsdt.asl
+++ b/Silicon/Marvell/Armada7k8k/AcpiTables/Armada70x0Db/Dsdt.asl
@@ -20,21 +20,37 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x000) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU1)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x001) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU2)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x100) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU3)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x101) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}

Device (AHC0)
@@ -42,6 +58,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
Name (_HID, "LNRO001E") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CLS, Package (0x03) // _CLS: Class Code
{
0x01,
@@ -67,6 +87,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
Name (_HID, "MRVL0002") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -96,6 +120,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
Name (_HID, "MRVL0004") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -123,6 +151,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -142,6 +174,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -160,6 +196,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
{
Name (_HID, "MRVL0001") // _HID: Hardware ID
Name (_CID, "HISI0031") // _CID: Compatible ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_ADR, FixedPcdGet64(PcdSerialRegisterBase)) // _ADR: Address
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -186,6 +226,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
{
Name (_HID, "MRVL0100") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite,
@@ -208,6 +252,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
Name (_HID, "MRVL0110") // _HID: Hardware ID
Name (_CCA, 0x01) // Cache-coherent controller
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xf2000000 , 0x100000)
@@ -286,6 +334,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
{
Name (_HID, "PRP0001") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xF2760000, 0x7D)
@@ -312,6 +364,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA7K", 3)
Name (_SEG, 0x00) // _SEG: PCI Segment
Name (_BBN, 0x00) // _BBN: BIOS Bus Number
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_PRT, Package () // _PRT: PCI Routing Table
{
Package () { 0xFFFF, 0x0, 0x0, 0x40 },
diff --git a/Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0Db/Dsdt.asl b/Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0Db/Dsdt.asl
index 91401c74c8..77d3aebaf1 100644
--- a/Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0Db/Dsdt.asl
+++ b/Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0Db/Dsdt.asl
@@ -20,21 +20,37 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x000) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU1)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x001) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU2)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x100) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU3)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x101) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}

Device (AHC0)
@@ -42,6 +58,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "LNRO001E") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CLS, Package (0x03) // _CLS: Class Code
{
0x01,
@@ -67,6 +87,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "LNRO001E") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CLS, Package (0x03) // _CLS: Class Code
{
0x01,
@@ -92,6 +116,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0002") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -122,6 +150,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0004") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -151,6 +183,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -170,6 +206,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -189,6 +229,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x02) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -207,6 +251,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "MRVL0001") // _HID: Hardware ID
Name (_CID, "HISI0031") // _CID: Compatible ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_ADR, FixedPcdGet64(PcdSerialRegisterBase)) // _ADR: Address
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -233,6 +281,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "MRVL0100") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite,
@@ -251,6 +303,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0110") // _HID: Hardware ID
Name (_CCA, 0x01) // Cache-coherent controller
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xf2000000 , 0x100000)
@@ -309,6 +365,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "MRVL0100") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite,
@@ -327,6 +387,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0110") // _HID: Hardware ID
Name (_CCA, 0x01) // Cache-coherent controller
Name (_UID, 0x01) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xf4000000 , 0x100000)
@@ -385,6 +449,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "PRP0001") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xF2760000, 0x7D)
@@ -405,6 +473,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "PRP0001") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xF4760000, 0x7D)
@@ -431,6 +503,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_SEG, 0x00) // _SEG: PCI Segment
Name (_BBN, 0x00) // _BBN: BIOS Bus Number
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_PRT, Package () // _PRT: PCI Routing Table
{
Package () { 0xFFFF, 0x0, 0x0, 0x40 },
diff --git a/Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0McBin/Dsdt.asl b/Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0McBin/Dsdt.asl
index 7931dc3ef8..a7d1c76e07 100644
--- a/Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0McBin/Dsdt.asl
+++ b/Silicon/Marvell/Armada7k8k/AcpiTables/Armada80x0McBin/Dsdt.asl
@@ -20,21 +20,37 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x000) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU1)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x001) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU2)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x100) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU3)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x101) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}

Device (AHC0)
@@ -42,6 +58,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "LNRO001E") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CLS, Package (0x03) // _CLS: Class Code
{
0x01,
@@ -92,6 +112,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0002") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -123,6 +147,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0004") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -151,6 +179,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -170,6 +202,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -189,6 +225,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x02) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -208,6 +248,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0001") // _HID: Hardware ID
Name (_CID, "HISI0031") // _CID: Compatible ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_ADR, FixedPcdGet64(PcdSerialRegisterBase)) // _ADR: Address
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -235,6 +279,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0001") // _HID: Hardware ID
Name (_CID, "HISI0031") // _CID: Compatible ID
Name (_UID, 0x01) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_ADR, ARMADA80X0_MCBIN_DBG2_UART_REG_BASE) // _ADR: Address
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -261,6 +309,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "MRVL0100") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite,
@@ -278,6 +330,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "MRVL0101") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite,
@@ -312,6 +368,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0110") // _HID: Hardware ID
Name (_CCA, 0x01) // Cache-coherent controller
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xf2000000 , 0x100000)
@@ -351,6 +411,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_HID, "MRVL0110") // _HID: Hardware ID
Name (_CCA, 0x01) // Cache-coherent controller
Name (_UID, 0x01) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xf4000000 , 0x100000)
@@ -429,6 +493,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "PRP0001") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xF2760000, 0x7D)
@@ -449,6 +517,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
{
Name (_HID, "PRP0001") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xF4760000, 0x7D)
@@ -475,6 +547,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "ARMADA8K", 3)
Name (_SEG, 0x00) // _SEG: PCI Segment
Name (_BBN, 0x00) // _BBN: BIOS Bus Number
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_PRT, Package () // _PRT: PCI Routing Table
{
Package () { 0xFFFF, 0x0, 0x0, 0x40 },
diff --git a/Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn9131DbA/Ssdt.asl b/Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn9131DbA/Ssdt.asl
index 8377b13763..d6619e367b 100644
--- a/Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn9131DbA/Ssdt.asl
+++ b/Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn9131DbA/Ssdt.asl
@@ -20,6 +20,10 @@ DefinitionBlock ("Cn9131DbASsdt.aml", "SSDT", 2, "MVEBU ", "CN9131", 3)
Name (_HID, "LNRO001E") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CLS, Package (0x03) // _CLS: Class Code
{
0x01,
@@ -45,6 +49,10 @@ DefinitionBlock ("Cn9131DbASsdt.aml", "SSDT", 2, "MVEBU ", "CN9131", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x02) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -63,6 +71,10 @@ DefinitionBlock ("Cn9131DbASsdt.aml", "SSDT", 2, "MVEBU ", "CN9131", 3)
Name (_HID, "MRVL0110") // _HID: Hardware ID
Name (_CCA, 0x01) // Cache-coherent controller
Name (_UID, 0x01) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xf4000000 , 0x100000)
diff --git a/Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn913xDbA/Dsdt.asl b/Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn913xDbA/Dsdt.asl
index 8c098cd14c..7335e443c6 100644
--- a/Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn913xDbA/Dsdt.asl
+++ b/Silicon/Marvell/OcteonTx/AcpiTables/T91/Cn913xDbA/Dsdt.asl
@@ -21,21 +21,37 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x000) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU1)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x001) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU2)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x100) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}
Device (CPU3)
{
Name (_HID, "ACPI0007" /* Processor Device */) // _HID: Hardware ID
Name (_UID, 0x101) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
}

Device (AHC0)
@@ -43,6 +59,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
Name (_HID, "LNRO001E") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CLS, Package (0x03) // _CLS: Class Code
{
0x01,
@@ -68,6 +88,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
Name (_HID, "MRVL0003") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -99,6 +123,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
Name (_HID, "MRVL0004") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -127,6 +155,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -146,6 +178,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
Name (_HID, "PNP0D10") // _HID: Hardware ID
Name (_UID, 0x01) // _UID: Unique ID
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }

Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -165,6 +201,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
Name (_HID, "MRVL0001") // _HID: Hardware ID
Name (_CID, "HISI0031") // _CID: Compatible ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_ADR, FixedPcdGet64(PcdSerialRegisterBase)) // _ADR: Address
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -192,6 +232,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
Name (_HID, "MRVL0001") // _HID: Hardware ID
Name (_CID, "HISI0031") // _CID: Compatible ID
Name (_UID, 0x01) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_ADR, CN913X_DBG2_UART_REG_BASE) // _ADR: Address
Name (_CRS, ResourceTemplate () // _CRS: Current Resource Settings
{
@@ -218,6 +262,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
{
Name (_HID, "MRVL0100") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite,
@@ -240,6 +288,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
Name (_HID, "MRVL0110") // _HID: Hardware ID
Name (_CCA, 0x01) // Cache-coherent controller
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xf2000000 , 0x100000)
@@ -318,6 +370,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
{
Name (_HID, "PRP0001") // _HID: Hardware ID
Name (_UID, 0x00) // _UID: Unique ID
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_CRS, ResourceTemplate ()
{
Memory32Fixed (ReadWrite, 0xF2760000, 0x7D)
@@ -344,6 +400,10 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, "MVEBU ", "CN9130", 3)
Name (_SEG, 0x00) // _SEG: PCI Segment
Name (_BBN, 0x00) // _BBN: BIOS Bus Number
Name (_CCA, 0x01) // _CCA: Cache Coherency Attribute
+ Method (_STA) // _STA: Device status
+ {
+ Return (0xF)
+ }
Name (_PRT, Package () // _PRT: PCI Routing Table
{
Package () { 0xFFFF, 0x0, 0x0, 0x40 },
--
2.29.0


Re: [PATCH 2/2] .azurepipelines: Add UefiPayloadPkg in gate-build-job.yml and CISetting.py

duntan
 

Hi all,
Since the CI for UefiPayloadPkg is important to our develop progress, would you please speed up the review process? Thanks a lot!

Thanks,
Dun Tan

-----Original Message-----
From: Tan, Dun <dun.tan@intel.com>
Sent: Friday, August 20, 2021 2:44 PM
To: devel@edk2.groups.io
Cc: Sean Brogan <sean.brogan@microsoft.com>; Bret Barkelew <Bret.Barkelew@microsoft.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Tan, Dun <dun.tan@intel.com>
Subject: [PATCH 2/2] .azurepipelines: Add UefiPayloadPkg in gate-build-job.yml and CISetting.py

Add UefiPayloadPkg in gate-build-job.yml to enable Core ci for UefiPayloadPkg.
Add UefiPayloadPkg to supported Packages in CISettings.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: DunTan <dun.tan@intel.com>
---
.azurepipelines/templates/pr-gate-build-job.yml | 3 +++
.pytool/CISettings.py | 3 ++-
2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.azurepipelines/templates/pr-gate-build-job.yml b/.azurepipelines/templates/pr-gate-build-job.yml
index 207acc7631..d5b16c127f 100644
--- a/.azurepipelines/templates/pr-gate-build-job.yml
+++ b/.azurepipelines/templates/pr-gate-build-job.yml
@@ -48,6 +48,9 @@ jobs:
TARGET_SECURITY:
Build.Pkgs: 'SecurityPkg'
Build.Targets: 'DEBUG,RELEASE,NO-TARGET'
+ TARGET_UEFIPAYLOAD:
+ Build.Pkgs: 'UefiPayloadPkg'
+ Build.Targets: 'DEBUG,RELEASE,NO-TARGET'
TARGET_PLATFORMS:
# For Platforms only check code. Leave it to Platform CI
# to build them.
diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py index 96e6baa519..ce330e2c73 100644
--- a/.pytool/CISettings.py
+++ b/.pytool/CISettings.py
@@ -67,7 +67,8 @@ class Settings(CiBuildSettingsManager, UpdateSettingsManager, SetupSettingsManag
"CryptoPkg",
"UnitTestFrameworkPkg",
"OvmfPkg",
- "RedfishPkg"
+ "RedfishPkg",
+ "UefiPayloadPkg"
)

def GetArchitecturesSupported(self):
--
2.31.1.windows.1


Re: [PATCH v3 4/4] OvmfPkg/SmmControl2Dxe: use PcdAcpiS3Enable to detect S3 support

Gerd Hoffmann
 

On Mon, Aug 23, 2021 at 03:09:25PM +0800, Lin, Gary (HPS OE-Linux) wrote:
https://bugzilla.tianocore.org/show_bug.cgi?id=3573

To avoid the potential inconsistency between PcdAcpiS3Enable and
QemuFwCfgS3Enabled(), this commit modifies SmmControl2Dxe to detect
S3 support by PcdAcpiS3Enable as modules in MdeModulePkg do.
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>


Re: [PATCH v3 3/4] OvmfPkg/PlatformBootManagerLib: use PcdAcpiS3Enable to detect S3 support

Gerd Hoffmann
 

On Mon, Aug 23, 2021 at 03:09:24PM +0800, Lin, Gary (HPS OE-Linux) wrote:
https://bugzilla.tianocore.org/show_bug.cgi?id=3573

To avoid the potential inconsistency between PcdAcpiS3Enable and
QemuFwCfgS3Enabled(), this commit modifies PlatformBootManagerLib to
detect S3 support by PcdAcpiS3Enable as modules in MdeModulePkg do.
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>


Re: [PATCH v3 2/4] OvmfPkg/LockBoxLib: use PcdAcpiS3Enable to detect S3 support

Gerd Hoffmann
 

On Mon, Aug 23, 2021 at 03:09:23PM +0800, Lin, Gary (HPS OE-Linux) wrote:
https://bugzilla.tianocore.org/show_bug.cgi?id=3573

To avoid the potential inconsistency between PcdAcpiS3Enable and
QemuFwCfgS3Enabled(), this commit modifies LockBoxLib to detect
S3 support by PcdAcpiS3Enable as modules in MdeModulePkg do.
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>


Re: [PATCH v3 1/4] OvmfPkg/OvmfXen: set PcdAcpiS3Enable at initialization

Gerd Hoffmann
 

+++ b/OvmfPkg/XenPlatformPei/Platform.c
+ //
+ // This S3 conditional test is mainly for HVM Direct Kernel Boot since
+ // QEMU fwcfg isn't really supported other than that.
+ //
+ if (QemuFwCfgS3Enabled ()) {
+ DEBUG ((DEBUG_INFO, "S3 support was detected on QEMU\n"));
+ Status = PcdSetBoolS (PcdAcpiS3Enable, TRUE);
+ ASSERT_EFI_ERROR (Status);
+ }
OvmfPkg/PlatformPei/Platform.c already does that, so this makes kvm and
xen more consistent.

Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
Gerd


Re: [PATCH v3] OvmfPkg/OvmfXen: add QemuKernelLoaderFsDxe

Gerd Hoffmann
 

On Mon, Aug 23, 2021 at 03:08:14PM +0800, Lin, Gary (HPS OE-Linux) wrote:
https://bugzilla.tianocore.org/show_bug.cgi?id=3574

Without QemuKernelLoaderFsDxe, QemuLoadKernelImage() couldn't download
the kernel, initrd, and kernel command line from QEMU's fw_cfg.

v3:
Add the bugzilla link
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>


[edk2-platforms][PATCH v3 5/5] Platform/Sgi: Add platform error handling driver

Omkar Anand Kulkarni
 

Enables firmware first error handling on the given platform. Installs
and publishes the SDEI and HEST ACPI tables required for firmware first
error handling.

Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
---
Platform/ARM/SgiPkg/SgiPlatform.dsc.inc =
| 10 ++
Platform/ARM/SgiPkg/SgiPlatform.fdf =
| 7 +
Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe/PlatformErrorHandler=
Dxe.inf | 51 ++++++
Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe/PlatformErrorHandler=
Dxe.c | 171 ++++++++++++++++++++
4 files changed, 239 insertions(+)

diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc b/Platform/ARM/SgiPk=
g/SgiPlatform.dsc.inc
index 102d7926bde1..20f003b96cdb 100644
--- a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
+++ b/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
@@ -24,6 +24,9 @@
# To allow firmware first error handling, set this to TRUE.
DEFINE ENABLE_GHES_MM =3D FALSE
=20
+ # To allow firmware first error handling, set this to TRUE.
+ DEFINE ENABLE_FIRWARE_FIRST =3D FALSE
+
[BuildOptions]
*_*_*_CC_FLAGS =3D -D DISABLE_NEW_DEPRECATED_INTERFACES
=20
@@ -326,6 +329,13 @@
#
Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.inf
=20
+ #
+ # platform error handler driver
+ #
+!if $(ENABLE_FIRMWARE_FIRST) =3D=3D TRUE
+ Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe/PlatformErrorHandl=
erDxe.inf
+!endif
+
#
# FAT filesystem + GPT/MBR partitioning
#
diff --git a/Platform/ARM/SgiPkg/SgiPlatform.fdf b/Platform/ARM/SgiPkg/Sg=
iPlatform.fdf
index d6e942e19b81..b1d088610c4c 100644
--- a/Platform/ARM/SgiPkg/SgiPlatform.fdf
+++ b/Platform/ARM/SgiPkg/SgiPlatform.fdf
@@ -190,6 +190,13 @@ READ_LOCK_STATUS =3D TRUE
#
INF Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.inf
=20
+ #
+ # platform error handler driver
+ #
+!if $(ENABLE_FIRMWARE_FIRST) =3D=3D TRUE
+ INF Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe/PlatformErrorH=
andlerDxe.inf
+!endif
+
#
# Bds
#
diff --git a/Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe/Platform=
ErrorHandlerDxe.inf b/Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe=
/PlatformErrorHandlerDxe.inf
new file mode 100644
index 000000000000..fe9ed4175b0b
--- /dev/null
+++ b/Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe/PlatformErrorHa=
ndlerDxe.inf
@@ -0,0 +1,51 @@
+## @file
+# Dxe driver to handle platform errors.
+#
+# This driver installs SDEI and HEST ACPI tables required for firmware =
first
+# error handling.
+#
+# Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION =3D 0x0001001A
+ BASE_NAME =3D PlatformErrorHandlerDxe
+ FILE_GUID =3D a3187ea4-feb4-415f-b11e-2312623ffa6=
f
+ MODULE_TYPE =3D DXE_DRIVER
+ VERSION_STRING =3D 1.0
+ ENTRY_POINT =3D PlatformErrorHandlerEntryPoint
+
+[Sources.common]
+ PlatformErrorHandlerDxe.c
+
+[Packages]
+ ArmPlatformPkg/ArmPlatformPkg.dec
+ EmbeddedPkg/EmbeddedPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ Platform/ARM/SgiPkg/SgiPlatform.dec
+
+[LibraryClasses]
+ AcpiLib
+ BaseLib
+ DebugLib
+ UefiDriverEntryPoint
+
+[Guids]
+ gArmSgiAcpiTablesGuid
+
+[Protocols]
+ gEfiAcpiTableProtocolGuid ## PROTOCOL ALWAYS_CONSUMED
+ gHestTableProtocolGuid ## PROTOCOL ALWAYS_CONSUMED
+
+[FixedPcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId
+
+[Depex]
+ AFTER gArmPlatformHestErrorSourcesGuid
diff --git a/Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe/Platform=
ErrorHandlerDxe.c b/Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe/P=
latformErrorHandlerDxe.c
new file mode 100644
index 000000000000..25b29152f1bb
--- /dev/null
+++ b/Platform/ARM/SgiPkg/Drivers/PlatformErrorHandlerDxe/PlatformErrorHa=
ndlerDxe.c
@@ -0,0 +1,171 @@
+/** @file
+ Driver to handle and support all platform errors.
+
+ Installs the SDEI and HEST ACPI tables for firmware first error handli=
ng.
+
+ Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Specification Reference:
+ - ACPI 6.3, Table 18-382, Hardware Error Source Table
+ - SDEI Platform Design Document, revision b, 10 Appendix C, ACPI tab=
le
+ definitions for SDEI
+**/
+
+#include <IndustryStandard/Acpi.h>
+
+#include <Library/AcpiLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+
+#include <Protocol/AcpiTable.h>
+#include <Protocol/HestTable.h>
+
+
+/**
+ Build and install the SDEI ACPI table.
+
+ For platforms that allow firmware-first platform error handling, SDEI =
is used
+ as the notification mechanism for those errors.
+
+ @retval EFI_SUCCESS SDEI table installed successfully.
+ @retval Other For any error during installation.
+**/
+STATIC
+EFI_STATUS
+InstallSdeiTable (VOID)
+{
+ EFI_ACPI_TABLE_PROTOCOL *mAcpiTableProtocol =3D NULL;
+ EFI_ACPI_DESCRIPTION_HEADER Header;
+ EFI_STATUS Status;
+ UINTN AcpiTableHandle;
+
+ Header =3D
+ (EFI_ACPI_DESCRIPTION_HEADER) {
+ EFI_ACPI_6_3_SOFTWARE_DELEGATED_EXCEPTIONS_INTERFACE_TABLE_SIGNATUR=
E,
+ sizeof (EFI_ACPI_DESCRIPTION_HEADER), // Length
+ 0x01, // Revision
+ 0x00, // Checksum
+ {'A', 'R', 'M', 'L', 'T', 'D'}, // OemId
+ 0x4152464e49464552, // OemTableId:"REFINFRA"
+ 0x20201027, // OemRevision
+ 0x204d5241, // CreatorId:"ARM "
+ 0x00000001, // CreatorRevision
+ };
+
+ Header.Checksum =3D CalculateCheckSum8 ((UINT8 *)&Header, Header.Lengt=
h);
+ Status =3D gBS->LocateProtocol (
+ &gEfiAcpiTableProtocolGuid,
+ NULL,
+ (VOID **)&mAcpiTableProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Failed to locate ACPI table protocol, status: %r\n",
+ __FUNCTION__,
+ Status
+ ));
+ return Status;
+ }
+
+ Status =3D mAcpiTableProtocol->InstallAcpiTable (
+ mAcpiTableProtocol,
+ &Header,
+ Header.Length,
+ &AcpiTableHandle
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Failed to install SDEI ACPI table, status: %r\n",
+ __FUNCTION__,
+ Status
+ ));
+ }
+
+ return Status;
+}
+
+/**
+ Install the HEST ACPI table.
+
+ HEST ACPI table is used to list the platform errors for which the erro=
r
+ handling has been supported. Use the HEST table generation protocol to
+ install the HEST table.
+
+ @retval EFI_SUCCESS HEST table installed successfully.
+ @retval Other For any error during installation.
+**/
+STATIC
+EFI_STATUS
+InstallHestTable (VOID)
+{
+ HEST_TABLE_PROTOCOL *HestProtocol;
+ EFI_STATUS Status;
+
+ Status =3D gBS->LocateProtocol (
+ &gHestTableProtocolGuid,
+ NULL,
+ (VOID **)&HestProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Failed to locate HEST DXE Protocol, status: %r\n",
+ __FUNCTION__,
+ Status
+ ));
+ return Status;
+ }
+
+ Status =3D HestProtocol->InstallHestTable ();
+ if (EFI_ERROR (Status)) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: Failed to install HEST table, status: %r\n",
+ __FUNCTION__,
+ Status
+ ));
+ }
+
+ return Status;
+}
+
+/**
+ Entry point for the DXE driver.
+
+ This function installs the HEST ACPI table, using the HEST table gener=
ation
+ protocol. Also creates and installs the SDEI ACPI table required for f=
irmware
+ first error handling.
+
+ @param[in] ImageHandle Handle to the EFI image.
+ @param[in] SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS On successful installation of ACPI tables
+ @retval Other On Failure
+**/
+EFI_STATUS
+EFIAPI
+PlatformErrorHandlerEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ // Build and install SDEI table.
+ Status =3D InstallSdeiTable ();
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ // Install the created HEST table.
+ Status =3D InstallHestTable ();
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ return EFI_SUCCESS;
+}
--=20
2.17.1


[edk2-platforms][PATCH v3 4/5] Platform/Sgi: Define values for ACPI table header

Omkar Anand Kulkarni
 

For ACPI tables that are generated dynamically, define the ACPI table
header values that have to be used to build the table header.

Co-authored-by: Thomas Abraham <thomas.abraham@arm.com>
Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
---
Platform/ARM/SgiPkg/SgiPlatform.dsc.inc | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc b/Platform/ARM/SgiPk=
g/SgiPlatform.dsc.inc
index 5307280ef9a3..102d7926bde1 100644
--- a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
+++ b/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
@@ -221,6 +221,13 @@
gArmPlatformTokenSpaceGuid.PcdGhesGenericErrorDataMmBufferSize|0x20000
!endif
=20
+ # ACPI Table Header IDs
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId|"ARMLTD"
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId|0x4152464e4946=
4552 # REFINFRA
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision|0x20200831
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId|0x204d5241 # AR=
M
+ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision|1
+
########################################################################=
########
#
# Components Section - list of all EDK II Modules needed by this Platfor=
m
--=20
2.17.1


[edk2-platforms][PATCH v3 3/5] Platform/Sgi: define memory region for GHES error status block

Omkar Anand Kulkarni
 

Allow platforms to define the base address and size of the memory region
that is reserved for MM drivers to populate the GHES generic error
status block with information about the platform error.

Co-authored-by: Thomas Abraham <thomas.abraham@arm.com>
Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
---
Platform/ARM/SgiPkg/SgiPlatform.dec | 1 +
Platform/ARM/SgiPkg/SgiPlatform.dsc.inc | 4 ++++
Platform/ARM/SgiPkg/Library/PlatformLib/PlatformLib.inf | 6 ++++++
Platform/ARM/SgiPkg/Library/PlatformLib/PlatformLibMem.c | 13 ++++++++++=
+--
4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dec b/Platform/ARM/SgiPkg/Sg=
iPlatform.dec
index 8cd818a9bf64..e46fa5d9a1d5 100644
--- a/Platform/ARM/SgiPkg/SgiPlatform.dec
+++ b/Platform/ARM/SgiPkg/SgiPlatform.dec
@@ -31,6 +31,7 @@
[PcdsFeatureFlag.common]
gArmSgiTokenSpaceGuid.PcdVirtioBlkSupported|FALSE|BOOLEAN|0x00000001
gArmSgiTokenSpaceGuid.PcdVirtioNetSupported|FALSE|BOOLEAN|0x00000010
+ gArmSgiTokenSpaceGuid.PcdGhesMmSupported|FALSE|BOOLEAN|0x00000027
=20
[PcdsFixedAtBuild]
gArmSgiTokenSpaceGuid.PcdDramBlock2Base|0|UINT64|0x00000002
diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc b/Platform/ARM/SgiPk=
g/SgiPlatform.dsc.inc
index bb32584de63d..5307280ef9a3 100644
--- a/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
+++ b/Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
@@ -107,6 +107,10 @@
gArmSgiTokenSpaceGuid.PcdVirtioNetSupported|TRUE
gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
=20
+!if $(ENABLE_GHES_MM) =3D=3D TRUE
+ gArmSgiTokenSpaceGuid.PcdGhesMmSupported|TRUE
+!endif
+
[PcdsFixedAtBuild.common]
gArmTokenSpaceGuid.PcdVFPEnabled|1
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
diff --git a/Platform/ARM/SgiPkg/Library/PlatformLib/PlatformLib.inf b/Pl=
atform/ARM/SgiPkg/Library/PlatformLib/PlatformLib.inf
index 22e247ea4fae..8cc362ea194f 100644
--- a/Platform/ARM/SgiPkg/Library/PlatformLib/PlatformLib.inf
+++ b/Platform/ARM/SgiPkg/Library/PlatformLib/PlatformLib.inf
@@ -79,10 +79,16 @@
gArmSgiTokenSpaceGuid.PcdWdogBase
gArmSgiTokenSpaceGuid.PcdWdogSize
=20
+ gArmPlatformTokenSpaceGuid.PcdGhesGenericErrorDataMmBufferBase
+ gArmPlatformTokenSpaceGuid.PcdGhesGenericErrorDataMmBufferSize
+
gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase
=20
+[FeaturePcd]
+ gArmSgiTokenSpaceGuid.PcdGhesMmSupported
+
[Guids]
gArmSgiPlatformIdDescriptorGuid
gEfiHobListGuid ## CONSUMES ## SystemTable
diff --git a/Platform/ARM/SgiPkg/Library/PlatformLib/PlatformLibMem.c b/P=
latform/ARM/SgiPkg/Library/PlatformLib/PlatformLibMem.c
index 8139b75d8ee4..fd4a90bbc0ef 100644
--- a/Platform/ARM/SgiPkg/Library/PlatformLib/PlatformLibMem.c
+++ b/Platform/ARM/SgiPkg/Library/PlatformLib/PlatformLibMem.c
@@ -1,6 +1,6 @@
/** @file
*
-* Copyright (c) 2018-2020, ARM Limited. All rights reserved.
+* Copyright (c) 2018-2021, ARM Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-2-Clause-Patent
*
@@ -17,7 +17,8 @@
=20
// Total number of descriptors, including the final "end-of-table" descr=
iptor.
#define MAX_VIRTUAL_MEMORY_MAP_DESCRIPTORS \
- (14 + (FixedPcdGet32 (PcdChipCount) * 2))
+ (14 + (FixedPcdGet32 (PcdChipCount) * 2)) + \
+ (FeaturePcdGet (PcdGhesMmSupported))
=20
/**
Returns the Virtual Memory Map of the platform.
@@ -239,6 +240,14 @@ ArmPlatformGetVirtualMemoryMap (
VirtualMemoryTable[Index].Length =3D PcdGet64 (PcdMmBufferSiz=
e);
VirtualMemoryTable[Index].Attributes =3D ARM_MEMORY_REGION_ATTRIB=
UTE_UNCACHED_UNBUFFERED;
=20
+ if (FeaturePcdGet (PcdGhesMmSupported)) {
+ // GHESv2 Generic Error Memory Space
+ VirtualMemoryTable[++Index].PhysicalBase =3D PcdGet64 (PcdGhesGener=
icErrorDataMmBufferBase);
+ VirtualMemoryTable[Index].VirtualBase =3D PcdGet64 (PcdGhesGener=
icErrorDataMmBufferBase);
+ VirtualMemoryTable[Index].Length =3D PcdGet64 (PcdGhesGener=
icErrorDataMmBufferSize);
+ VirtualMemoryTable[Index].Attributes =3D ARM_MEMORY_REGION_ATTR=
IBUTE_DEVICE;
+ }
+
// End of Table
VirtualMemoryTable[++Index].PhysicalBase =3D 0;
VirtualMemoryTable[Index].VirtualBase =3D 0;
--=20
2.17.1

10201 - 10220 of 89896