Date   

Re: [PATCH v4] UefiCpuPkg: VTF0 Linear-Address Translation to a 1-GByte Page till 512GB

Ni, Ray
 

Ashraf,

Thanks for creating a common PageTable.inc. It looks great to me.

I just noticed that you generated 4 sets of binaries:
1. PageTable1G + IA32
2. PageTabel1G + X64
3. PageTable2M + IA32
4. PageTable2M + X64

But in fact for IA32 arch, page table is not needed.

So, we only need 3 sets of binaries:
1. IA32 (reset vector that calls SEC in 32bit mode)
2. X64 + PageTable2M (reset vector that calls SEC in 64bit mode)
3. X64 + PageTabel1G (reset vector that calls SEC in 64bit mode)

I can think of two approaches to put the new binaries:
1. flat mode: directly put ResetVector.x64.1g.(port80.|serial.)raw in Bin folder. Create new ResetVector.1G.inf for X64 + PageTable1G only.
2. hierarchy mode: create Ia32 and X64 folder under Bin folder. Put ResetVector.x64.1g.(port80.|serial.)raw in Bin/X64 folder.

Thanks,
Ray

-----Original Message-----
From: S, Ashraf Ali <ashraf.ali.s@intel.com>
Sent: Tuesday, September 14, 2021 7:47 PM
To: devel@edk2.groups.io
Cc: S, Ashraf Ali <ashraf.ali.s@intel.com>; Ni, Ray <ray.ni@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>; De, Debkumar <debkumar.de@intel.com>; Han, Harry <harry.han@intel.com>; West, Catharine <catharine.west@intel.com>; V, Sangeetha <sangeetha.v@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>; Dureja, Sahil <sahil.dureja@intel.com>
Subject: [PATCH v4] UefiCpuPkg: VTF0 Linear-Address Translation to a 1-GByte Page till 512GB

[edk2-devel] [PATCH V4]
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3473

X64 Reset Vector Code can access the memory range till 4GB using the
Linear-Address Translation to a 2-MByte Page, when user wants to use
more than 4G using 2M Page it will leads to use more number of Page
table entries. using the 1-GByte Page table user can use more than
4G Memory by reducing the page table entries using 1-GByte Page,
this patch attached can access memory range till 512GByte via Linear-
Address Translation to a 1-GByte Page.

Build Tool: if the nasm is not found it will throw Build errors like
FileNotFoundError: [WinError 2]The system cannot find the file specified
run the command wil try except block to get meaningful error message

Test Result: Tested in both Simulation environment and Hardware
both works fine without any issues.

Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Cc: Sangeetha V <sangeetha.v@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Cc: Sahil Dureja <sahil.dureja@intel.com>
Signed-off-by: Ashraf Ali S <ashraf.ali.s@intel.com>
---
.../PageTable1G/ResetVector.ia32.port80.raw | Bin 0 -> 484 bytes
.../Vtf0/Bin/PageTable1G/ResetVector.ia32.raw | Bin 0 -> 468 bytes
.../PageTable1G/ResetVector.ia32.serial.raw | Bin 0 -> 868 bytes
.../PageTable1G/ResetVector.x64.port80.raw | Bin 0 -> 12292 bytes
.../Vtf0/Bin/PageTable1G/ResetVector.x64.raw | Bin 0 -> 12292 bytes
.../PageTable1G/ResetVector.x64.serial.raw | Bin 0 -> 12292 bytes
.../PageTable2M/ResetVector.ia32.port80.raw | Bin 0 -> 484 bytes
.../Vtf0/Bin/PageTable2M/ResetVector.ia32.raw | Bin 0 -> 468 bytes
.../PageTable2M/ResetVector.ia32.serial.raw | Bin 0 -> 868 bytes
.../ResetVector.x64.port80.raw | Bin 28676 -> 28676 bytes
.../Bin/{ => PageTable2M}/ResetVector.x64.raw | Bin 28676 -> 28676 bytes
.../ResetVector.x64.serial.raw | Bin 28676 -> 28676 bytes
.../Vtf0/Bin/ResetVector.ia32.port80.raw | Bin 516 -> 0 bytes
.../ResetVector/Vtf0/Bin/ResetVector.ia32.raw | Bin 484 -> 0 bytes
.../Vtf0/Bin/ResetVector.ia32.serial.raw | Bin 884 -> 0 bytes
.../ResetVector/Vtf0/Bin/ResetVector.inf | 4 +-
.../ResetVector/Vtf0/Bin/ResetVector1G.inf | 31 ++++++
UefiCpuPkg/ResetVector/Vtf0/Build.py | 91 ++++++++++++------
UefiCpuPkg/ResetVector/Vtf0/PageTables.inc | 20 ++++
UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt | 2 +-
UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb | 8 +-
.../ResetVector/Vtf0/X64/1GPageTables.asm | 53 ++++++++++
.../X64/{PageTables.asm => 2MPageTables.asm} | 14 +--
23 files changed, 177 insertions(+), 46 deletions(-)
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.ia32.port80.raw
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.ia32.raw
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.ia32.serial.raw
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.x64.port80.raw
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.x64.raw
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.x64.serial.raw
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.ia32.port80.raw
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.ia32.raw
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.ia32.serial.raw
rename UefiCpuPkg/ResetVector/Vtf0/Bin/{ => PageTable2M}/ResetVector.x64.port80.raw (56%)
rename UefiCpuPkg/ResetVector/Vtf0/Bin/{ => PageTable2M}/ResetVector.x64.raw (56%)
rename UefiCpuPkg/ResetVector/Vtf0/Bin/{ => PageTable2M}/ResetVector.x64.serial.raw (56%)
delete mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.port80.raw
delete mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.raw
delete mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.serial.raw
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector1G.inf
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/PageTables.inc
create mode 100644 UefiCpuPkg/ResetVector/Vtf0/X64/1GPageTables.asm
rename UefiCpuPkg/ResetVector/Vtf0/X64/{PageTables.asm => 2MPageTables.asm} (74%)

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.ia32.port80.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.ia32.port80.raw
new file mode 100644
index 0000000000000000000000000000000000000000..79b23c047bdc6e552d77d5c9e9aeae21ff04d91d
GIT binary patch
literal 484
zcmYk2!Alfz6vy8<IayG%i0DGXitWJ;8|{W-Y{r%pUBW$t3`U5Tfv)5HV2<-+SmEc&
z_=8U3ztCYiIbg8Am<;oh;GvDB*b)cVcTo_jh@F0e1bz?i@%TPI-^b&e^P(s~24D&R
z66-E?GS0!u3PI`&Of3)3ke}4au8p$=@|8NnwWzR1c0DH#WQRqnF+w7|76h>yHl)}V
zcG*_&Hg-ER3P7>NzOzHK{_>8}w92SftcjYiOP;uF74pB9jiIw>#6GG&9iTswB!MfR
z>~G3@yT|(CI{hlqFjo^qW81h>6zpT|jA+4e?AqPnMDkDNwGuY(iR``YMZ<N}jD17a
ze!Eo9(*2YtLo1$8t#bY^wmfmkq?6C)NI~B)?kf>3S04kAoH{**Icc)Uq~+N;a$TM7
z^Te3G@j|=R#NJTGK*yH2U@&(7Y{IeM+FVL*o4PV&hBpB!`lv9EUde?FgcS`yA8iMv
z*fqmG@SDEy+y0@yiw}4XxLlI&<|#6jJQ3ja=kvb)zpp~$Q5CN?9#*l}WFN2xf1}qi
ex=GS`BMWOMaSFL0+&dpq=Irw)z&XCVVDo<yIpul)

literal 0
HcmV?d00001

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.ia32.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.ia32.raw
new file mode 100644
index 0000000000000000000000000000000000000000..ce7faa502b858e99908bcdb397b776258205e1d5
GIT binary patch
literal 468
zcmYk2ze^)g5XWb;8h;dS5Fr7Dh^EjYViZM*LR8di#1tYyISz|ku3q=S79u{D6wk=I
zU?u(=f(r_HvMOqGf`yTwL`89(=88k^4$0mNLGfG6cVLFkcNp8Y?F5fQ2w)Tde661v
zA>(mlgCI3pM%UYB$vrh9+XHNgTvMYh>&7q1g=xfqoHJL>v=bK_oV*Y_#xgthrX_$x
zk=?RqHTShwDriZRQ`%sb>wPA#)8er|>zVMY+pfRlzO>Lg-}j;6Ouvy1^?-J@W;Dwr
zh~X?JL3WDg3C>QkuOy(Cz2D+G0r_U~$nfcMX3da8daJ0-dS5O=A1WLXmNL1lC1Y<`
zG<l6mhh`Q?T-nQvNG?sLCjm%Qp6J4;7&2F-$@vA+Bu~_vyi3_z40ac=))6t_tq9z|
zefVV+_gDQMRguD~(+QALI=K4sT?|9uq=EoSM@e<+!75nXDp}9g1y0#fu*HIS>xU}H
zio}TkTR*G5^X{9FA5UXrek_f(Dm%ge{zcRKQTBarR}@zApFT*{1~02#Vb0G@fo<c#
G=av6&joI)3

literal 0
HcmV?d00001

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.ia32.serial.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.ia32.serial.raw
new file mode 100644
index 0000000000000000000000000000000000000000..6503a988abdac06f9aa88f0a65f2525e12233b0a
GIT binary patch
literal 868
zcma)4L2DC16n>krZCZ#4rO<$dgqlM|B1ucd5-YJ)(Sw+Slu!}T!yY`YJFv$tYmjZq
zy5K>?Kj1O9hD6B7TCH9z^k5_?QBk@bSv|$5X~tQj(A|Ri4sZD8@xJ-K_r^3$v+@I#
zZaI~2s02=>jY@*!-V8W)A4-!XL;z+1fJsxT5>Y;^tYE4tBeTn67w|h(iQb#mui{s#
zGFGsXn|MQ05`drU7Rtx5MbC+q9rWozT>dJ$%-0+*PWf=ihliYUjfcKQyZV~9)lZf7
zweF>|vjKo~Lw}=hiN(t)p)Q@EC@akrh&-*40V$PeFXu;FR$SgLo*hx&GR9!=nfzLK
zBnPCIOUf|9gZ5oMi2}j>`Z|4@Ci;^?3(t9li9R9!_9%D%&hQ`Bt_!X#`HDuOGwV0<
zOA3m}2Y4QqCyP<_y=#U0&1wWmnM8*+G_p@rkDXt{$?$6axL~Q7+-U$DL-P|f#*4Zo
zs+omFydTX6H8K%iz0`lGPW#H-J=mQtW53thcDI^#cB7*n6!M@U=X({t7>(*pc0>#d
zqhk3WKsG#1#O=deV+6|Cet__J(>stU-$*BYc<-*oauAHVL5!xcWo*z>W(-XJ0RQYf
zToZ2ap#a=@(L3+|Id4O4E=NPPlQ|j`^~ZLzLj$yBhnW4j!<b#&VN7qbk3FhinQr!g
Q%eipz445W;xT|db1oCUYi~s-t

literal 0
HcmV?d00001

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.x64.port80.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.x64.port80.raw
new file mode 100644
index 0000000000000000000000000000000000000000..279ba03b0c01f552a0d3ed8900e06b91f2555901
GIT binary patch
literal 12292
zcmeI&+i#oo0mkts4Go0>4qZpX=tz11%2=TdhrvQ2P!8c7PF+^UX)tetZH!=pH%^Zg
z70DEZNZf$9;~&6W5#XW^3Pp^YRpNq96(~?GYU&$$gElnPylKDiKWus}#UDH0_!sB7
zvLnyT%*?Ex?{-yQ$_2^=$_2^=$_2^=$_2^=$_2^=$_2^=$_2^={;wA}z+YE5x^%P9
z7*tPjW2vJtsAY6C2GvVPV^GJ@(HPWnIvRuOqoXmX<LPJ&Y6TsQL7hNHV^Am3(HPVZ
z=x7Y;Bsv;{I+>2fpiZHqF{lb1jY0L((HPXJbTkIFl8(lpen>}SP^;)@4C+U8GzN7V
z9gRV)rlT>a0XiCkI-QQjpngn8V^C+%(HPVkIvRue2_20=ok>SyP=j<d1~o)SV^C}9
zXbfr{9gRV)r=u~b4RkaHbrv0sL7h!UV^HVN(HPW5IvRsImyX7ueo9AUQ0LLn7}U?`
zXbfr-9gRVqPe)@=7tqld)Mh#wgW5tzV^G6%GzN7c9gRU<L`P##7t_%g)FpH@2K93~
z8iTr&j>e!aqoXmXU(nGQ)Ce7oL0wKqV^CY^XbkEKIvRtzl8(lpM(Jn_>MA-KgSwiI
z#-O&*(HPV<bTkHaEgg+PT}MY_P}kGZ7}OXYjX~W&M`KVo($N^yO>{H{bu%4}LES<}
zV^Fu!(HPWibTkGvPDf)<x6{!W)E#s*26ZPLjX~W-M`KWT)6p2zb~+k^`XwEWK~2!n
z7}T%mXbfrx9gRWVLq}s!zow%xsC(&X4C+2Q8iTr@j>e!KprbLU2kB@G>Nj*W2K5jf
zjX^z3M`KXGrK2&ZDjkhM{f>^tpngwBV^DvfqcNyQ=x7Y;Q92rf`Xe2ULH&u2#-RR8
zM`KWr(a{*xU+8EI>Tx<6gPNqHF{mf#Xbh@GM`KWRIvRs|l8(lpo}!~Ms0JO4LH(7E
z#-RR2M`KV=)6p2zGjuct^(-BYK|M!DV^Gi2(U>K-6t5!tb@U}hck;q!qrdU5mtLxO
znvGRkUtDur{mW)!;I)fe57z(LY^>Qix9OAm-l@h0)jw{{^-c`c=Q=01+Y6rEU0hmw
zI!9W2+HWm*@ztK<;Qg)7TL-JV?%mw8Z*rv5J34vE&eVpda{T0`4gY>|V)fT^L$yP@
z##S}I=oTMAIN|TL&wAdkEt~w*jg`IizRuvz)caZ=bw1vb)`vU4uJ^UST5#=1`*3mo
z*5dr)u=}SnaM?#sOt{h8Upu3?URfL7HPAe;bYAgGN2k&|IkMruo&8feuG+lxmL2s?
zmA5A@@0n|kj9)9&2Ya_|><kvMHCJtpY~N8orFYwkscfvgeNW%H`#Q^Ki+!|MD~{`I
zsSM3m-aWXyvTptzOQ{SO_f}LkSB6sD7_6+zq4C4r?tt147timF;&HRu+wE4??d$Am
zpSIv{-qTmp``>%x@cGqB&+6*z`r_Xy#e=GcUML>bui4Q)sW`hmyx{8W3Qg~u&h-5B
z!Rfu78_!X@_?hCP8b>cnPig6L^ivzJ{NtFff9IRre_6Y)9`BsE`>OHI@@ngY&a%#b
z7N6=aR*rPLiw`Ybomc!(v&C0;Z0(0*Yxj(;{a~y$-(8rQId*z^T`o{AP%cm|P%cm|
pP%cm|P%cm|P%cm|@V~ae;x~uCf8V(MuIn^2vv}axcaFWE{1))d6p#P_

literal 0
HcmV?d00001

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.x64.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.x64.raw
new file mode 100644
index 0000000000000000000000000000000000000000..9b09a80f225736a413b7146b0e7bd4aafc73abe1
GIT binary patch
literal 12292
zcmeI&TaT0n0mkuXS=a)$%ob6$1>NOPOO>TS?QuaD5Zs;w6>+83+N$HB2ko-cj*9Y3
zR!jz(brR!+@k4mYS}u5+EluG@5-&uFW|e4I-W$1T)ELHh;oqd6p?N3S`Mop$*>`rH
ztC`JoI-Smjxo%h0rCOj`pjx0>pjx0>pjx0>pjx0>pjx0>pjx0>;C;QoWnNwB=)z&C
zF{qyMV4<Tis6})%2GvVPV^E9fXbfrz9gRWt(a{*xEp#*nwUmy=pqA0m7}Rn)8iV=(
z9gRWVN=IW*x6#oU)CxKpgR0Td7*szUjX~W`M`KVc>1Yh<gLE_owTh0$pgu%LV^ANa
zqcNz}bTkGvKu2RxchJ!o)SYxR2DOHc#-P^H(HPW6=x7Y;qjWR|HAqKeP(ySy2DOfk
z#-P^I(HPVQIvRu8NJnE(chS)p)W_&(4C-z=8iU$IM`KX;(9syw$LVMc>JxM{2DO=v
z#-N7jXbfr#9gRWVOGjf+Tj^*FY8xGmL2aj_F{u0KXbkF;bTkHaKOK!hJwQieP!H14
z7}P^_GzRrB9gRUfLPujzBXl$dwS$hvpmx&H7}TfeXbkGpbTkGvN=IW*yXa^PYBwE?
zLG7WVF{sbb(HPWTIvRu8M@M5&pQWQQs4+SkgL;&X#-JXfqcNz*>1Yh<2|5~sdXkRD
zpgu=OV^I6)XbkEA9gRVKo{q+#zCcG~P+z2@F{p!dGzRr0IvRsIL`P##U#6omsBt<P
zgZc^`jX@ozqcNzb=x7Y;t8_F5^)wxgL4A#m#-N^|qcNzj)6p2zvvf2D^&B0IL4AXc
z#-P4QM`KXmqN6dWIvtHceVdNPpuR&#V^H6vqcN!O(a{*x^K>)@^#UD@LA^*vV^A;A
z(HPYC>1Yh<2Xr(B^)eleK~2!n7}OCu8iSgoqcNxk9gRV~LPujzuhP*NRFjUzpngb4
zV^BY$qcNx-)6p2zQ92rf`UxG4LH(4D#-NVT(U=9dmG2_^b>l5YcjCTQv%mR|*IsKB
zt>&toC)Vz7{Jqs2`1SqmXB&TNHP;@W9sWb(!c=pk8t2=yz2ifT*<#tunex&;TU>9S
zoj=x7p72upuk9=KlTUB$xi~RW^o~wEa6FUSr*g~0@Wy|i7+?L)?9k-ZlVht|f9sZC
zJy>>b@-IDaOfH)Eqnj&x8-2y<<7xD@-!9H?OZ%<k?=%)oUZ3Awp0_;7GgBFO`0XR(
zZua(1t|_lqPHsOr(7L>Ep7O~?r_wtyvhjb#rKv2gw;p=(aAUZ3YJ5k}Y-{AeUa2wI
zyJu4|SjP5jy)|;^aAQU9o~2XSR6F%l-#r(LB{St7nm<~et{AQj&DCDNvZS_t?st|_
z+g{#UTH9J1N_j9?Tc4|=*Sg&S&Ht+Wof%!|c5CY|7U%wZTK}59bo%Glw$y7qtLrlx
z%72@b53XN*seE+5W=8v@@|^XVrJBAto$0yhE7KQ>y?3iq_VVi(orOPP;d0|!8NdAf
zO@H&QzvcEXbY}N~V)>a}2Z|;2_M63`;y=aD=C@w&cIS^ST<s`d!%X?p9b5O-*t)Z0
z>)sq|&vpO#p7Y;)mg>4%pjx0>pjx0>pjx0>pjx0>pjx0>pjzPlvcUYGuPuD6yz#m6
S(7}D`bmnJo-gD#b&i?@{82-Ef

literal 0
HcmV?d00001

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.x64.serial.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable1G/ResetVector.x64.serial.raw
new file mode 100644
index 0000000000000000000000000000000000000000..d9b051ff06d1d30b0dfd585e05e75c98ebd88b03
GIT binary patch
literal 12292
zcmeI&No<sL9LDjd3`;?ADxy?DDT|5=+Jc~nO9hv@f*V%cw{hR<jE?(n(hxJEwTTB~
zJbLjaH)}ocm<pm7Nj!)lnyS$-jA@J{h>9KGfv*W2je6GiJ<MnR^Ub{T{(sZMOf&uc
z{r&TXYc-`uI)QWo=>*aVq!UOdkWL_-KsteR0_g<O38WK9C-9%1z&GqJv9o?RG0>={
z<W9X~pi$%K7-&?6j)6vvr(>W|6X+Od)I>T48a0WIfkrjcG0>>VbPP0V3LOKDI*5*e
zMjcGYK%=J8G0><(=on~JmX3i&wa_ups6*)(Xw)=11{!r39RrP;PRBr_4yR+FQAf}*
z(5M-73^b~hj)6uUNyk8=j-q3rQ8VcnXw)n^1{!rV9RrOzhK_+o&8B0ZQEhY#G-?hV
z1C5$X$3Uaz(J|1d`E(34>R37k8g(2U1C2VKj)6ukpkts>C(tp_s1xZJXw*q`3^eLw
zItCiGkdA>yokGVzqfVt`pi%8~3^b~Pj)6ukqGO;@i|H6>)M<1KG-?SQ1C3fr$3UY_
zr(>W|XV5XwsAY5vH0n$`1{$@Tj)6v<MaMv+&Zc9aQRmPx(5Q3i7-&={9RrOzkB)&x
zt)OF|Q7h>fXw><13^eKjItChbAsqvax`>W}Ms?9K(5Q>)7--ZbbPP1=QaT12br~H4
zjk=tUfks_H$3UZ2(J|1d)pQIr>Pk8W8g&&N1C6?xj)6v9L&rd)uBBt3QETWJXw-Fd
z3^b~nj)6v9Psc!`*3vQ1s2k`QXw;2#3^eK{ItChbGaUnsx`mE`M%_xsK%;J>W1vyD
z(=pJfJLni_)SYw;H0mxo1{#&4W1vxY(=pJfd*~Qw)V*{JH0nM&1{!rg9RrPefR2Gi
zJxIquqaLDTpivLgG0><-=oo0!qjU^3s)vq&Mm<KyK%??>3^b}h$3UYVr(>W|PtY;Y
zs3IK$je3%ffkr(=$3UZ=remN{&(JZ@sAuUIXw-9b3^eL_ItIG#;IEktFN_TSoY|m}
z!9AG`O(XS3CXG~H&U7RnFk7_m(?_jmajDo+{Pv}n3e{3^`q?keT2=VERBU~HN%^+I
z=cVGTbwdk3Eo|*A&R5~%@=&I`tuR!*I5+rP=KHtW@;~M3XTE)8?7F>SJ+)yyWn^Gu
za+Eh!N6VYWKDF^w9Su+Y^QkIZ#z`I9%U_mv<ksKR-n6afoNA`CXW2UEm-Kp4Py75m
zFLuw^J=B)pxxQ<9>8o1utBA=T<-cfpKR>SLvnWo>6ed?*OXjuCg^A@Y)ek#d-n?#i
zVa3=B%QalcKkqR=`uAt}7hC(WseW1cTYBBPY|CTaQOvaDXC}AP@{88DmcFTPCE0Ih
zuQNT%=kKj<@Addx>5R+Q78YjT={~DzsI+|b1yW&lX61tF>?D?la;4>K))o%QtZeS}
zg6umtOgv#*b;3ZhdsX(1)@s!Uvu(rK!5tH_bBEsz$=OB8syW-9ZF6#Gc6P3J-uz>&
z)~d04TiP(4(;C))@wUxO_BNocwOV%WwrZKbr#<yQr;d>WS4+pNrjA)n8TsWs{m{4l
zy&HF(lFK&D$PLU({+X3rWNzp9UA0<^20AB7$zH}@?c#>3Thy@r^VQ}Cn$@?h&wayv
zJNmX(uRdOnB<D|lWOKk#A7cI3_p6&%KiTgafA}`*SF~}(>gv>u=dG?b=gJ>cy7yMc
zRd-iLM=N*lt<@@ve@kv2Pu_`v<jt*h&Dq>FXH(al54y_3weJpit@_>lua@4X6G$hJ
vP9U8?I)QWo=>*aVq!UOd@PC*<WpLNNZv^$duDRwy_4ila-2ce_FABc{a%3Ct

literal 0
HcmV?d00001

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.ia32.port80.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.ia32.port80.raw
new file mode 100644
index 0000000000000000000000000000000000000000..79b23c047bdc6e552d77d5c9e9aeae21ff04d91d
GIT binary patch
literal 484
zcmYk2!Alfz6vy8<IayG%i0DGXitWJ;8|{W-Y{r%pUBW$t3`U5Tfv)5HV2<-+SmEc&
z_=8U3ztCYiIbg8Am<;oh;GvDB*b)cVcTo_jh@F0e1bz?i@%TPI-^b&e^P(s~24D&R
z66-E?GS0!u3PI`&Of3)3ke}4au8p$=@|8NnwWzR1c0DH#WQRqnF+w7|76h>yHl)}V
zcG*_&Hg-ER3P7>NzOzHK{_>8}w92SftcjYiOP;uF74pB9jiIw>#6GG&9iTswB!MfR
z>~G3@yT|(CI{hlqFjo^qW81h>6zpT|jA+4e?AqPnMDkDNwGuY(iR``YMZ<N}jD17a
ze!Eo9(*2YtLo1$8t#bY^wmfmkq?6C)NI~B)?kf>3S04kAoH{**Icc)Uq~+N;a$TM7
z^Te3G@j|=R#NJTGK*yH2U@&(7Y{IeM+FVL*o4PV&hBpB!`lv9EUde?FgcS`yA8iMv
z*fqmG@SDEy+y0@yiw}4XxLlI&<|#6jJQ3ja=kvb)zpp~$Q5CN?9#*l}WFN2xf1}qi
ex=GS`BMWOMaSFL0+&dpq=Irw)z&XCVVDo<yIpul)

literal 0
HcmV?d00001

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.ia32.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.ia32.raw
new file mode 100644
index 0000000000000000000000000000000000000000..ce7faa502b858e99908bcdb397b776258205e1d5
GIT binary patch
literal 468
zcmYk2ze^)g5XWb;8h;dS5Fr7Dh^EjYViZM*LR8di#1tYyISz|ku3q=S79u{D6wk=I
zU?u(=f(r_HvMOqGf`yTwL`89(=88k^4$0mNLGfG6cVLFkcNp8Y?F5fQ2w)Tde661v
zA>(mlgCI3pM%UYB$vrh9+XHNgTvMYh>&7q1g=xfqoHJL>v=bK_oV*Y_#xgthrX_$x
zk=?RqHTShwDriZRQ`%sb>wPA#)8er|>zVMY+pfRlzO>Lg-}j;6Ouvy1^?-J@W;Dwr
zh~X?JL3WDg3C>QkuOy(Cz2D+G0r_U~$nfcMX3da8daJ0-dS5O=A1WLXmNL1lC1Y<`
zG<l6mhh`Q?T-nQvNG?sLCjm%Qp6J4;7&2F-$@vA+Bu~_vyi3_z40ac=))6t_tq9z|
zefVV+_gDQMRguD~(+QALI=K4sT?|9uq=EoSM@e<+!75nXDp}9g1y0#fu*HIS>xU}H
zio}TkTR*G5^X{9FA5UXrek_f(Dm%ge{zcRKQTBarR}@zApFT*{1~02#Vb0G@fo<c#
G=av6&joI)3

literal 0
HcmV?d00001

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.ia32.serial.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.ia32.serial.raw
new file mode 100644
index 0000000000000000000000000000000000000000..6503a988abdac06f9aa88f0a65f2525e12233b0a
GIT binary patch
literal 868
zcma)4L2DC16n>krZCZ#4rO<$dgqlM|B1ucd5-YJ)(Sw+Slu!}T!yY`YJFv$tYmjZq
zy5K>?Kj1O9hD6B7TCH9z^k5_?QBk@bSv|$5X~tQj(A|Ri4sZD8@xJ-K_r^3$v+@I#
zZaI~2s02=>jY@*!-V8W)A4-!XL;z+1fJsxT5>Y;^tYE4tBeTn67w|h(iQb#mui{s#
zGFGsXn|MQ05`drU7Rtx5MbC+q9rWozT>dJ$%-0+*PWf=ihliYUjfcKQyZV~9)lZf7
zweF>|vjKo~Lw}=hiN(t)p)Q@EC@akrh&-*40V$PeFXu;FR$SgLo*hx&GR9!=nfzLK
zBnPCIOUf|9gZ5oMi2}j>`Z|4@Ci;^?3(t9li9R9!_9%D%&hQ`Bt_!X#`HDuOGwV0<
zOA3m}2Y4QqCyP<_y=#U0&1wWmnM8*+G_p@rkDXt{$?$6axL~Q7+-U$DL-P|f#*4Zo
zs+omFydTX6H8K%iz0`lGPW#H-J=mQtW53thcDI^#cB7*n6!M@U=X({t7>(*pc0>#d
zqhk3WKsG#1#O=deV+6|Cet__J(>stU-$*BYc<-*oauAHVL5!xcWo*z>W(-XJ0RQYf
zToZ2ap#a=@(L3+|Id4O4E=NPPlQ|j`^~ZLzLj$yBhnW4j!<b#&VN7qbk3FhinQr!g
Q%eipz445W;xT|db1oCUYi~s-t

literal 0
HcmV?d00001

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.port80.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.x64.port80.raw
similarity index 56%
rename from UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.port80.raw
rename to UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.x64.port80.raw
index 6c0bcc47ebff84830b59047790c70d96e9488296..0e53a574fab74db6973d7ea41a6a495266a4d0ae 100644
GIT binary patch
literal 28676
zcmeI*`@iM)RoC&AhK2&t38m6#D@l_eMJzNyu#grOl$OXfa;c#Re7Fq?-biQcc!M>B
z0MnLqpei@Tk5z7pGAP<W)h<X=OGPQ55UAjS(Ae~-G@un~>A2H8;eP=3=kb{H+-GK9
z-+lIbe)vB2JRWoA;>C*>Z`hYF$MGB&I4*Ep;JCnXf#U+l1&#|G7dS3(T;RCCae?Ck
zzo!?t;nJh;|8Ho%fph$Of#1`A@W&T-T;RCCae?Ck#|4fH92Yn)a9rTHz;S`&0>7^o
zc)+WDAg+7YqX#0nSlnz5<BCTf9C{`fi<`}1JVwvtVsW!Mj4Sm_E*3YN!+1A6lZ(a8
z<}e<sXL7N)*&N1IdL|c(o6TXoyPnC#;%0LgkJB@`Slnz5<303DE*3YN!+1|UlZ(a8
z<}lt%&*WlpvpI}Epl5QixY-=Wd+V88EN(W3@pwIxi^a|6Fiz>2Tr6%jhjF!@$;IMk
za~SWVXL7N)*&N0b^h_=mH=DzFUp<qH#m(k0o~UPXvAEeB#vjx(xmet64&(jwOfD8T
zo5OgLp2@}HW^)+V=$TwBZZ?PUhxAM?7B`#2_``Z87mJ(CVLVyS<YIBNIgF?1nOrPx
zHiz*?^h_=mH=DzFe?60n#m(k0uGKTSSlnz5<2pT)i^a|6FrFHRbGZLAxmet64&!<~
zlZ(a8<}hy1Gr3sYY!2f_J(G*Y&E_yZK+oi2akDv$KdNVPvAEeB#s}(|Tr6%jhw(H$
zlZ(a8<}f};&*WlpvpI}Ere|`oxY-=W2kV(!EN(W3@yGQ{E*3YN!+5%$$;IMka~L0@
zXL7N)*&N1)>X}?DZZ?PU3_X*J#m(k0ZqhTkSlnz5<7PdRi^a|6Fg{Gr<YIBNIgCG{
zXL7N)*&N1)>zQ0EZZ?PU5qc&Ui<`}1{7F5Ni^a|6FrKMra<RDC9L7iLnOrPxHiz+1
zdL|c(o6TX|qGxikxY-=Wv-C_Z7B`#2c($I&#o}gj7$2=?a<RDC9LC4!nOrPxHiwaV
zCKrpF&0&0O9M0kX&*WlpvpI~9(=)kP+-wfxIeI1+i<`}1e7v5?#o}gj7|+!+xmet6
z4&!-xCKrpF&0&0kp2@}HW^)*~>X}?DZZ?PUr}RuN7B`#2_(VOEi^a|6Fg{7o<YIBN
zIgC%%Gr3sYY!2g7^h_=mH=D!wR6Uc6#m(k0K26W$VsW!MjN9}~E*3YN!}!yBCKrpF
z&0&1Hp2@}HW^)*yp=WZjxY-=WXX=?;EN(W3@mYE%7mJ(CVLV^Y<YIBNIgCG}XL7N)
z*&N30dL|c(o6TW-ww}qw;%0LgFVHi&Slnz5<8$;(E*3YN!}zm$CKrpF&0&15p2@}H
zW^)*yr)P4pxY-=W=j)kVEN(W3vGhzX7B`#2_<}f`!~LJh#o}gj7+<Joa<RDC9L5*v
znOrPxHiz-WdL|c(o6TW-iJr;D;%0Lgr}a!O7B`#2_)<NSi^a|6F#epL$;IMka~OYK
z&*WlpvpI|}(=)kP+-wfx%k@ky7B`#2_zQX_7mJ(CVf;lslZ(a8<}m(}p2@}HW^)*S
zS<mERakDv$zoKVyvAEeB##iW>Tr6%jhjE9V$;IMka~LnwGr3sYY!2g$p2@}HW^)*4
z^-L}nH=D!wt9m9Ei<`}1yhzXFVsW!MjB|P>7mJ(CVf-~clZ(a8<}m)cp2@}HW^)*S
zL(k-5akDv$zo}<(vAEeB#^2I2xmet64&y8JOfD8To5T1jJ(G*Y&E_yl&*WlpvpJ0O
zaX1gebxbZ6H=D!wYCV&S#m(k0?$k56Slnz5<7@OxE*3YN!?;V&<YIBNIgGE>Gr3sY
zY!2h=^h_=mH=D!wdOeei#m(k0F6fzDEN(W3@nSubi^a|6FkYf(a<RDC9L7uaOfD8T
zo5T19J(G*Y&E_!f)-$<S+-wfxWqKwTi<`}1T+}nUSlnz5;~Vu%E*3YN!}umWlZ(a8
z<}hBaXL7N)*&N2-)-$<S+-wfx@93FaEN(W3@ptu1E*3YN!}w-BlZ(a8<}kiR&*Wlp
zvpI}!)ib$R+-wfx+w@E>7B`#2_;x*$i^a|6F#evN$;IMka~OYL&*WlpvpJ0K&@;JM
z+-wfxALyA}EN(W3vGq(Y7B`#2_=j;ghx<R1i^a|6FkYc&a<RDC9L7J=Gr3sYY!2fe
z>zQ0EZZ?PUoq8r0i<`}1e3zcd#o}gj7~idDa<RDC9LD$PnOrPxHiz-OdL|c(o6TYT
z6FrlQ#m(k0{;8hH#o}gj7~iL7a<RDC9L7J>Gr3sYY!2g}>zQ0EZZ?PU{dy)Bi<`}1
zT+%bSSlnz5;|KIiE*3YN!}u3^CKrpF&0+jYJ(G*Y&E_zEP|xIIakDv$f2C(~vAEeB
z#=q7xxmet64&#-2CKrpF&0*Z5XL7N)*&N0X>6u(CZZ?PU!+Itci<`}1yh_jHVsW!M
zjDMqNa<RDC9LB%ZGr3sYY!2h!>6u(CZZ?PUYCV&S#m(k0TF>NSakDv$ABn>`-2a(e
zEN(W3@uPYs7mJ(CVce@{a<RDC9L8((OfD8To5Q$I&*WlpvpI~{>X}?DZZ?PU@AXVB
z7B`#2c%7cf#o}gj7(b?Ga<RDC9LDSQOfD8To5T1IdL|c(o6TYTxSq+y;%0Lg|54B6
zVsW!MjQ^x(a<RDC9L7)RnOrPxHiz*BJ(G*Y&E_zEQqSaKakDv$pVBkASlnz5<EQmZ
zE*3YN!}!m7CKrpF&0+i(J(G*Y&E_zEM$hD8akDv$pVc$DSlnz5<9<Dpi^a|6Fn&(Y
z<YIBNIgFpzGr3sYY!2g%dL|c(o6TYTS3Q%9#m(k0enHRVVsW!Mj9=6<xmet64&%S+
znOrPxHit2KCKrpF&0+jf9M0kX&*WlpvpI}k)-$<S+-wdHPyOigGr3sYY!2gB^h_=m
zH=DzFlb*@N;%0Lg59*m*EN(W3@!$1KE*3YN!+5iv$;IMka~KclnOrPxHiz*RJ(G*Y
z&E_yp^h_=mH=D!wA9^Mii<`}1{7*fTi^a|6F#eaG$;IMka~Qv>XL7N)*&N1O^-L}n
zH=DzFSkL5QakDv$U(++WSlnz5<Ja{}E*3YN!}#BNCKrpF&0+i>J(G*Y&E_!Pre|`o
zxY-=W|J5_OSlnz5<2Uq7E*3YN!}v`-lZ(a8<}lu_XL7N)*&N3I(=)kP+-wfx9eO4g
zi<`}1{Fa`{#o}gj81K|Gxmet64&$<($;IMkbKd1mhkuTAb;Pp|*SLJghn+un^|?2_
z^rdG{&YyeYvtRs_Pdod|=g(d9tsj2j3(o%B`EyUX>)xmT^w~GudG5wI`}zy_UU~a<
zXYW0E?@N~+tb1O4I2Z0adFO@uF8#oR_0YFm5pmNSFZ|+#H=lmV=RV_#`|r5r<jTC`
zBkt-mH{aRse#g^q{EZji{-n3vd)=A0yyVs=p8uuGhi^6b9zS;G7q0k`Gmp9BXY1S(
zt~`6y$+dU&*{d$R?&S41^@Z2o^|rHDU3%+-b>^Ly9zI<E*@x>NF829%_B9{*x)<JF
z=dQf^%##lvpK#{pmt1rHfk&=)c+$MHue{@y8{cvA#yk7nPM?3~r@Y|o(@(wf_Gevj
z@A+G9dv3(pYp;CH(@w5E{NjasPoKZ#`7b#8_$#0DxI6o4r(XFvSAEd^Cy%}7kzpS?
zbGY2eO{cD#Q$PIX$DX==eyAe))Xj&_9(U>)r>^V6gKJM+-*36?;men=iA!I6`1)RP
z=<bP&moJ~X{{EBuF1_D__4ZfATkn43t6uT&hnzlj#gk6ob3;TPqSJ5r+Cz19+>=*D
z9Ik!o<_GKaJ&%jK@4vh6p1a?C_Zv<=@dM-1;rAT=tA=--N4}&-&bz)l<I8{IQNR7S
z{eGXnEMEO_x1GG_t3UR(lgFOE@S2myoc!iPFS`8Dsdrw!{LmLY^5KIIFY2DdkIT0{
z^|iM?^}bu5`kGrW%;g6!UVQZG$B)Majtd+YI4*Ep;JCnXf#U+l1&#|G7dS5PyKRAo
b-v03Kyl;H|XFe}3UVP|*M}Owg_mlr0pwq8e

literal 28676
zcmeI*_qU~IRlxBbLjs685mBO|gop|%NU?wvx1boY0V*O`9^2Sk%;?zns8I(n#xB;!
z-gT@5QP~<mte{w;Shg)@hy_KlGoB<L*YZzL*Ll{O^Evn2_j}Hn=e~EpYwrATufP8K
z>t7jntXIYrx8HeXBo~XD&0$=0+nqzt<YIBNIgHoPGr3sYY!2gMJ(G*Y&E_!fq-S!m
zxY-=WC3+?oi<`}1T&ibsvAEeB#+~&{E*3YN!?=r{$;IMka~OBkGr3sYY!2f!^-L}n
zH=Dz_o1V$V;%0Lgucc>lvAEeB#%t@DTr6%jhw(akCKrpF&0(C-Gr3sYY!2fxJ(G*Y
z&E_y(SI^{PakDv$yX%=;EN(W3@p^hD7mJ(CVcbK{<YIBNIgHoWGr3sYY!2fM^h_=m
zH=Dz_r=H2h;%0Lgm+P5aEN(W3@rHUP7mJ(CVZ4!^$;IMka~N-|XL7N)*&N2b^h_=m
zH=DzF6FrlQ#m(k0-c--zVsW!MjC<>uTr6%jhjE3T$;IMka~SuD!#Z65nOrPxHivPg
zp2@}HW^)*Cre|`oxY-=Wef3N(7B`#2cym3Ii^a|6Fy2DX<YIBNIgGc|Gr3sYY!2go
zdL|c(o6TX|U(e)XakDv$x6(7YSlnz5<E`~fE*3YN!+0A#lZ(a8<}e<hXL7N)*&N0L
z^-L}nH=DzFTRoGD#m(k09;9b-vAEeB#)I`tE*3YN!+40E$;IMka~KcRGr3sYY!2h?
z^h_=mH=DzFdp(nj#m(k0-a*ggVsW!MjCa&Cxmet64&z~ZCKrpF&0#!T&*WlpvpI}+
z(lfbO+-wfx5qc&Ui<`}1JW|i(VsW!Mj7RC2Tr6%jhw*4VlZ(a8<}lt_&*WlpvpI~^
zGr3sYY!2gH;;;_ae<l};o6TW7M$hD8akDv$$Lg6}EN(W3@veF%7mJ(CVZ583$;IMk
za~O})Gr3sYY!2hy^-L}nH=Dz_O3&nCakDv$_s}!BSlnz5<MDbX7mJ(CVZ5iF$;IMk
za~SWXXL7N)*&N1u>zQ0EZZ?PUK6)k>i<`}1ysw_g#o}gj7*EhMxmet64&#Y>CKrpF
z&0#!A&*WlpvpJ0S(=)kP+-wfx{q;;P7B`#2_y9eVi^a|6FrKVua<RDC9L5LgnOrPx
zHiz*PJ(G*Y&E_yZNYCVAakDv$r|OwpEN(W3@iaY?i^a|6Fg{q%<YIBNIgAg{Gr3sY
zY!2f?^-L}nH=D!wFg=rt#m(k0mY&JQ;%0LgA0CHwxc)P_Slnz5<0JG;E*3YN!}v%&
zlZ(a8<}f}=&*WlpvpI~9)-$<S+-wfxq@Kye;%0LgAERe-vAEeB#>eWJTr6%jhw*WG
zCKrpF&0&1Jp2@}HW^)*ypl5QixY-=WC+eA8EN(W3@kx3n7mJ(CVSKWl$;IMka~PkZ
zXL7N)*&N2F>X}?DZZ?PUX?i9Xi<`}1T&-tvvAEeB#;5C<Tr6%jhjERb$;IMka~P-e
zOfD8To5T1FJ(G*Y&E_yZQ_tjLakDv$(|RTsi<`}1e3qWc#o}gj7@w_Ya<RDC9LDG9
znOrPxHiz-KdL|c(o6TW-o}S6Y;%0LgpRZ?fvAEeB#uw<BTr6%jhf#Va7mJ(CVVsG>
zI$ZymTr6%jhw+7aCKrpF&0&0zp2@}HW^)){tY>nuxY-=WwR$EOi<`}1e2JdP#o}gj
z7+<Pqa<RDC9LAUFnOrPxHivOm&*WlpvpI~X>zQ0EZZ?PU3_X*J#m(k0o~dVYvAEeB
z#+U1vTr6%jhjE>r$;IMka~NNtXL7N)*&N38dL|c(o6TW-rJl*f;%0LgU!`YqvAEeB
z##if^Tr6%jhw(LfCKrpF&0&14p2@}HW^)){r)P4pxY-=W*Xx;FEN(W3@eO(=7mJ(C
zVLVIE<YIBNIgD@AGr3sYY!2g_^h_=mH=D!wW<8UO#m(k0zD3XEVsW!MjBnL5xmet6
z4&&SOOfD8To5R?8CKrpF&0&0d9M<9b&*WlpvpJ0K&@;JM+-wfxJM~O17B`#2_%1z@
zi^a|6Fuq&Q<YIBNIgIboGr3sYY!2gl^-L}nH=D!wK0T9*#m(k0zF*JeVsW!Mj33Z5
zxmet64&w*)OfD8To5T1aJ(G*Y&E_zESkL5QakDv$AJH?pSlnz5<45&OE*3YN!#JmB
za<RDC9LA67nOrPxHiz-!dL|c(o6TYTgr3R8;%0LgKdEPOvAEeB#!u;)Tr6%jhw;;T
zCKrpF&0#!S&*WlpvpI|#^h_=mH=DzFj-JWI;%0LgKci=IvAEeB#&h*dE*3YN!}wV}
zlZ(a8<}iLv&*WlpvpI~P*E6|T+-wfxd3q)ni<`}1w4TYu;%0LgzYvFYxc)P_Slnz5
z;}`WzE*3YN!?;n;<YIBNIgID)nOrPxHiz*7J(G*Y&E_y(sAqDqxY-=WFX@?FEN(W3
z@ghBwi^a|6Fn(Fj<YIBNIgDS?Gr3sYY!2gB^-L}nH=D!wH9eDy#m(k0eqGPxVsW!M
zjNi~Rxmet64&%joCKrpF&0)Mm&*WlpvpJ04)HAtQ+-wfxxAaUd7B`#2c&VPr#o}gj
z7{9G&a<RDC9LDeHnOrPxHiz-MdL|c(o6TYTo}S6Y;%0LgH|d#NEN(W3@%wrv7mJ(C
zVf=xf$;IMka~LnvGr3sYY!2fO^-L}nH=D!wBR!Lg#m(k0{#eiCVsW!Mj6cycxmet6
z4rBC8E*3YN!}!xUti$!6$;IMka~OZ7XL7N)*&N27>zQ0EZZ?PU7kVZai<`}1{H31B
z#o}gj7&q&gTr6%jhw)c>CKrpF&0*Z4XL7N)*&N1sJ(G*Y&E_y(u4i(wxY-=Wt$HRG
zi<`}1{I#CR#o}gj7=NQ@a<RDC9LC@3nOrPxHiz+ddL|c(o6TXoLeJ!4akDv$zt=Ol
zSlnz5;~(@)E*3YN!^7w~ti$|aa<RDC9L7KDnOrPxHiz*~dL|c(o6TXoO3&nCakDv$
zf7Ua(Slnz5<6rblE*3YN!}wP{lZ(a8<}m(E&*WlpvpI}^*E6|T+-wfxKlDs47B`#2
z_)k5Pi^a|6FkY=^a<RDC9L5DblZ(a8=G^W>ufK4Io9Ea^Z`;?09{1sn^W(S=$9*_{
zKOE=5aSj~kz;O;7=fH6e9OuAs4jkveaSr_7o&zuO@BE{8d>xPbaNLL6u4~8h;CLP!
z&x7Ol!Ep{8=fH6e9OuAs4jkveaSj~k!2h#3aQGDf$93F+;|?5m;J5?F9XRg5aR-h&
zaNL384jgyjxC8$Sci_Q?UmtN<#G?*Binws~!_S<)?DStg^O>h^J#+dVk9zvO-uKj>
zojHB^v)=yfhoAcWGpFx$?Trt3>8Y2TIep*5!Ex%B&fa+OQ?5AG=MQ<DJ9l&4@Vvu1
z`-1cTe&ND}voARJV>j3N@4qPG!7n@e$7gRj`HT;F&_y?0{kZcNACAteAAN0K^G=uC
z`EdX0hu-&Jp8k}3zUsy+uDRtISKZ^xpC0PC>n~sPvWtG<n%B7cck1-rFFtkG^H&~@
zytYr>_3Vqz|Kj0*2lv?*Ui+$3m!5mY&2`PI&;9-3r5<~Dsl$_AeaYpALm&R4Pye_&
zeeq@2TyeO)`!$bz#^q=J{I=&kyn`oRa@#w&`tkSukMqBKc<7Ql9X>jF=3(#s)Kl+x
z;@MAm<V820dBhXm?eN#T|HY5J-}$#VeDd}q&fa+P%p;!s)Kjl_@ni3D$^8zGo_O}t
zF1`Ov=Px<jz2WdD&VT6P$!>_baN)$2H=Vd*PW;R*mz=nAo>LKh;vt8R?sDQmC$8wj
zoqM0SvS0py!_k+=xsN)$@vk`4=icDv`nTuCE3SLlb5CD*;K>sg-SgxPZ+6(H!=Wc%
z{y~RhFN+)U(!;A>Ip-d7bDg~5E^*yW*Y$OC-7VL><ou%#&v5Uk!(rE7f4F=5y8VCQ
zzxu^-yWjNR{%Ab!F;BSlZqIv{C)|4J$+OQtd@;`d^M&(u;ru`S=Y<RBpY-a(&BG2)
zbJY!po7;apch!Afc-4JgaMgXDf7RK!aP#5(z4gXBPU72M<jL><xHvrWL;v%%{x6Nr
BvabLD

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.x64.raw
similarity index 56%
rename from UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.raw
rename to UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.x64.raw
index a78d5b407c8a106c221af127216d073cf8fdb99d..865846da42a45c16b69746f16963d47a6c6e71b0 100644
GIT binary patch
literal 28676
zcmeI*_qU~YRmbriA`xs85hW^0AgEZPfZc#@MKpG77_ohAV{b8|qoVFHMjgO7_O4%h
z?}aETTLTE#ut%|MjfLUbuwZ9ANnWny-+<>?YtHN3d+z%=b3XTnXPvv&+_`Y!!i8)0
zrAu)<jtd+YI4*Ep;JCnXf#U+l1&#|G7dS3(T;RCCae<fW1+Mwgd*1(F(|jK1_;Z1m
z>Tmq<#T^$oE^u7nxWI9N;{wM8jtd+YI4*Ep;JCp5s|D`#YVVAz@4k0uBo~XD&0$=2
z*PTPp<YIBNIgEShnOrPxHivP!p2@}HW^))Xqi1rlxY-=Wz4c5k7B`#2xI)k5VsW!M
zjF;6jxmet64&y$0CKrpF&0*YE&*WlpvpI~H(=)kP+-wfx<@HQ17B`#2cm+L^i^a|6
zFkVs5<YIBNIgD4*Gr3sYY!2g;p2@}HW^))<>X}?DZZ?PU%6cXji<`}1+)vNsVsW!M
zj91Y!xmet64&(lMCKrpF&0)N%p2@}HW^)*?re|`oxY-=W1N2NT7B`#2xJu9DVsW!M
zj91q)xmet64&ycSOfD8To5OfbJ(G*Y&E_y3sAqDqxY-=WYw4L>EN(W3@!EPO7mJ(C
zVLV9B<YIBNIgG3IOfD8To5Of;9FD{FpUK7IW^))1(KESN+-wfx8a<PX#m(k09;#<@
zvAEeB#_Q;rTr6%jhw-|4CKrpF&0)Nrp2@}HW^))1(=)kP+-wfx_4Q0H7B`#2cmq9?
zi^a|6Fy2tl<YIBNIgB^bGr3sYY!2gEJ(G*Y&E_!PSkL5QakDv$H_<b>Slnz5<KcQH
z7mJ(CVLU?5<YIBNIgCf@nOrPxHiz-1dL|c(o6TXonV!kT;%0LgZ?0!@vAEeB##`u_
zTr6%jhw+wrCKrpF&0)Nip2@}HW^)*Ct!HwvxY-=W+vu5GEN(W3ah;yY#o}gj7?093
zxmet64&%{!CKrpF&0)N)p2@}HW^)*Cr)P4pxY-;=>X}?DZZ?PU_Hj54*MBA#i<`}1
zyn~*}#o}gj7?062xmet64&xp5OfD8To5Oglp2@}HW^)+tq-S!mxY-=WJL{QTEN(W3
zalM|&#o}gj81JHIa<RDC9LBrqnOrPxHiz+UdL|c(o6TXoyPnC#;%0Lg@1bXMvAEeB
z#(V0STr6%jhw)x|CKrpF&0#!F&*WlpvpJ0S)-$<S+-wfxee_H&7B`#2cwaq}i^a|6
zFy2qk<YIBNIgIz$Gr3sYY!2h`dL|c(o6TW-fS$?4;%0LgH|UvMEN(W3@qv0K7mJ(C
zVLU<4<YIBNIgAg|Gr3sYY!2gt^-L}nH=D!w5IvKN#m(k0K2*=-VsW!Mj1SW@xmet6
z4rA$=Tr6%jhw<TYI1bl;CKrpF&0&0mp2@}HW^))Hsb_MrxY-=WN9mbdEN(W3@zHuF
z7mJ(CVVu@8xmet64&!6=OfD8To5T26J(G*Y&E_yZPS50GakDv$kJmG~Slnz5;}i5u
zE*3YN!}vr!lZ(a8<}f}<&*WlpvpI}U)-$<S+-wfxQ}j$O7B`#2_*6ZUi^a|6Fg{Js
z<YIBNIgA_iOfD8To5T2YJ(G*Y&E_y}(lfbO+-wfxjGoEG;%0LgpP^@RvAEeB#%Jo8
zTr6%jhjCWV<YIBNIgHQJGr3sYY!2hI^-L}nH=D!w96ghZ#m(k0o~UPXvAEeB#^>sp
zTr6%jhw*uOCKrpF&0&1Lp2@}HW^)*&XL7N)*&N2XI2?Dz)l4oHH=D!w0zH$9#m(k0
zZq_roSlnz5;|ujnE*3YN!?;Dy<YIBNIgBsTGr3sYY!2g#^-L}nH=D!w5<QcP#m(k0
z&g+?6EN(W3@gzNyi^a|6FrKVua<RDC9L7`hOfD8To5T20J(G*Y&E_y})ib$R+-wfx
z%k)ex7B`#2xS(fpvAEeB#+U1vTr6%jhw&A9CKrpF&0&0{p2@}HW^)){rDt-nxY-=W
zSL>NvEN(W3@ilrT7mJ(CVSKHg$;IMka~NNzXL7N)*&N2#>zQ0EZZ?PU4SFUQi<`}1
ze50Pp#o}gj7~iC4a<RDC9L6{6nOrPxHiz*odL|c(o6TW-tDecl;%0LgThHWTakDv$
zZ;Qimxc)P_Slnz5<J<L2E*3YN!}tz8lZ(a8<}kif&*WlpvpJ0K(lfbO+-wfxyY);i
z7B`#2_#Qozi^a|6FuqsM<YIBNIgIbqGr3sYY!2i5^-L}nH=D!w0X>t8#m(k0eo)Wk
zVsW!Mj33f7xmet64&#UQOfD8To5T1KJ(G*Y&E_zERL|sMakDv$AJa3rSlnz5<Hz+(
zE*3YN!}tk3lZ(a8<}iLz&*WlpvpI~P(lfbO+-wfxr}a!O7B`#2c&eVs#o}gj7`N$}
zTr6%jhw(FdCKrpF&0+kkp2@}HW^))%(=)kP+-wfx=k!c27B`#2_<22(i^a|6Fn&SL
z<YIBNIgF?4nOrPxHiyxACKrpF&0+jv9FD{FpUK7IW^)+7q-S!mxY-=W?Rq8`i<`}1
zJVVdqVsW!MjA!bZTr6%jhw&^ulZ(a8<}iL)&*WlpvpI}s>zQ0EZZ?PU96ghZ#m(k0
zo~vhavAEeB#;@p^Tr6%jhw-a=CKrpF&0+kSp2@}HW^)+7u4i(wxY-=WZ|Ip^EN(W3
z@jN|~i^a|6Fn&|d<YIBNIgH=ZGr3sYY!2hM^-L}nH=D!w9X*qa#m(k0epk=rVsW!M
zjNj8Uxmet64&(RrOfD8To5Q$6&*WlpvpI}E&@;JM+-wfx5A{qg7B`#2c)p&=#o}gj
z7=NT^a<RDC9L68(nOrPxHiz*idL|c(o6TYTsh-Kj;%0Lgqi1rlxY-=WpT*%gT>qI|
zEN(W3@#lIb7mJ(C;o+(8d447ri<`}1{Dq#$#o}gj7=Ni}a<RDC9L8VinOrPxHiz-o
zdL|c(o6TXoK+oi2akDv$i+Uy(i<`}1yim{NVsW!Mj1xVRi^a|6F#bl*<YIBNIgG#6
zGr3sYY!2h^^h_=mH=D!wdp(nj#m(k0{z1>=VsW!Mj2G#dTr6%jhw+bkCKrpF&0+kL
zp2@}HW^)+-tY>nuxY-=Wzv!7<EN(W3@nSubi^a|6F#c7~<YIBNIgEePGr3sYY!2h!
z^-L}nH=D!w4?UBM#m(k0{!`E7VsW!MjQ`Rzxmet64&%S|OfD8To5OgCp2@}HW^)*q
z^h_=mH=A>}k2w5uq$?vHeK^OZ8{hQY*(=Zf<x`$==H%Sj`#<_g4}7mPe}3-lRbT(+
z=Rf?+ADlb;z*}y=_P5VG@8+`)jWf?ZfBWS(Tz%&Dll$KG^uuxfnI|tf|ICY@e_6yM
zo`3#N&cERFlRxC)m)&vWbtjkSjc;*F-}K0v`(<yu_M!jwq#GXa;@hvj>4i_e{{H9w
z?9$;^4Bq!SH~sNtzj)KVZv6c^d%w%iTygS%Tl&lu=bwG@+(-2JXWjDRGxxgbB^Tf5
zaNfg7KJ4bc>aCys={MBb%dfoYH4nG<yXlcnzUthacb(_(WO;L6e&cly{jZbf-`p>A
z`rKQ+#}m$6d+Mn-JnFLB&t3Pp$3~oa(B+SL*vW$q51zmM^ttOE|AaHIbopcMb8|oJ
z)Kfp`ir2s6<leX4HRQ!79!__1?WwEh)X%=)-lrZiKT{EX>XC<!?sMwlr>^e9od=zI
zNWU;&bm`Jnaq+7U&24ev(xp=mx#Q$H|M9f=hg+Zjv@d$m8=pRP*#l1Bc1=VczWDSD
zKl$+0SH^95Ma1Epr*FGY+<M2Yee2x%f?J<=^4Qml3x~%K{~g1HyZ#Dy9e4ls#jpI0
zd;G@#^+$aCW%2ZPc-+a$J^k$;cXIF3=bv$Muakd2`NE42f61jw7oT|7&7%&l;kLt{
zOV>a6S=T@Knb$w~8P}hmOMmr$&VSFd9B+>c92Yn)a9rTHz;S`&0>=f83mg|XE^u7n
irDcJOfB2%i-d5iIzVh+!_fB!)!o}O~`OMv)zVJWS51Etz

literal 28676
zcmeI*_qU~IRlxBb!cc4z0VOI*h=`z~ASxiBTM>*{07XO;eQaZIF{5MOqedOT7{y*6
z?7b^dRJH~XJN77+4YpijN3k=WBp=t(KS9@d*1G3&&YAan-kIl~yWchU{&26q{`%`*
z5x1{b#1*&Qc|{}_i<`}1TypE3L(k-5akDv$JLs8QEN(W3ajBlk#o}gj7<be&xmet6
z4&#)b$;IMka~OBhGr3sYY!2hjdL|c(o6TX|MbG47akDv$yXu)-EN(W3@oIV|7mJ(C
zVZ6GY$;IMka~Q9oXL7N)*&N1e>X}?DZZ?PUT6!iIi<`}1oYphBSlnz5<1#&yi^a|6
zFkV~F<YIBNIgGpMnOrPxHivO{J(G*Y&E_!fp=WZjxY-=W>*$$WEN(W3@w$2@7mJ(C
zVcb*C<YIBNIgHEoOfD8To5OfLJ(G*Y&E_y(U(e)XakDv$H_$V=Slnz5<6e3u7mJ(C
zVZ5Q9$;IMka~N-=XL7N)*&N2b^-L}nH=Dz_LeJ!4akDv$`@~@#uK!Ff7B`#2xKhvL
zVsW!Mj5pRZxmet64&%OhCKrpF&0)NWp2@}HW^)+#(=)kP+-wfxP4!GJ7B`#2xWAss
z#o}gj7!S}hxmet64&%-AOfD8To5Of>J(G*Y&E_!PLeJ!4akDv$2kMzzEN(W3@s@ff
z7mJ(CVZ4=|$;IMka~KcOGr3sYY!2hWdL|c(o6TXowVuhv;%0Lg579HZSlnz5<8Aaz
zE*3YN!+2XglZ(a8<}lt)&*WlpvpI~1>X}?DZZ?PUFg=rt#m(k09<FC{vAEeB#@p+e
zTr6%jhw%tKlZ(a8<}e<qXL7N)*&N2B^h_=mH=DzF2R)OE#m(k0-cirwVsW!MjMOu^
zSlnz5<DKHL4%dGs7mJ(CVZ5`R$;IMka~O}-Gr3sYY!2gH^h_=mH=DzFjGoEG;%0Lg
zkJU4|Slnz5<6ZSkE*3YN!?;S%<YIBNIgEGHGr3sYY!2gbdL|c(o6TXoyPnC#;%0Lg
z@1bXMvAEeB#(V0STr6%jhw)x|CKrpF&0#!V&*WlpvpI|>=$TwBZZ?PUL_L#>#m(k0
z-doS)VsW!MjQ7zqxmet64&zCBCKrpF&0)N+p2@}HW^))%)-$<S+-wfx{q#&O7B`#2
zc#59M#o}gj81JuVa<RDC9L7`iOfD8To5T13J(G*Y&E_yZP|xIIakDv$r|FqoEN(W3
z@j-ef7mJ(CVSKQj$;IMka~Mm{<YIBNIgAg9!#Z65nOrPxHiz+{dL|c(o6TW-n4ZbS
z;%0LgAFgL|vAEeB#z*LxTr6%jhjB*F<YIBNIgF3gGr3sYY!2h2^h_=mH=D!wXg!mQ
z#m(k0K1R>vVsW!MjE~hbxmet64&&qWOfD8To5T2cJ(G*Y&E_yZLC@r3akDv$Pt-HH
zSlnz5<CFAEE*3YN!}w%9lZ(a8<}j|-Gr3sYY!2g7^h_=mH=Dz_M$hD8akDv$vw9{M
zi<`}1e5#(w#o}gj7@wwRa<RDC9L704lZ(a8<}f~8&*WlpvpI~<&@;JM+-wfxGxba^
z7B`#2_$)n>i^a|6Fg{z)<YIBNIgHQIGr3sYY!2gd^-L}nH=DyKJ(G*Y&E_!9$6+0=
z|4c3xH=D!wJUx?(#m(k0K3~t|VsW!Mj4#kLxmet64&z!qlZ(a8<}kic&*WlpvpI|}
z(lfbO+-wfxi}g${7B`#2xS(fpvAEeB#?$poE*3YN!+3_C$;IMka~RLmGr3sYY!2f~
z^h_=mH=Dz_PS50GakDv$FV!=-Slnz5<9a=li^a|6FuqLB<YIBNIgBsYGr3sYY!2gD
zdL|c(o6TW-g`Ua9;%0LgU#VwuvAEeB##iZ?Tr6%jhw;^VCKrpF&0&0vp2@}HW^)){
zt7metxY-=W*XfyDEN(W3@%4Hp7mJ(CVSIz0$;IMka~R*KXL7N)*&N0<>6u(CZZ?PU
z&3Yymi<`}1Y(0~U#m(k0o*jpExc)P_Slnz5<6HDhE*3YN!}wM`lZ(a8<}kiZ&*Wlp
zvpI}!*E6|T+-wfxJM>I07B`#2_)a~Oi^a|6FuqIA<YIBNIgIbtGr3sYY!2gl^h_=m
zH=D!wUOkhG#m(k0zE98OVsW!MjPKVoxmet64&w*(OfD8To5T1)J(G*Y&E_zENYCVA
zakDv$AJ#LuSlnz5<45#NE*3YN!}w7>lZ(a8<}iLt&*WlpvpI|(*E6|T+-wfxC-h7%
z7B`#2c#fXQ#o}gj7&qvdTr6%jhw+noCKrpF&0+kMp2@}HW^)+N)ib$R+-wfxr}a!O
z7B`#2_!&Kui^a|6Fn(6g<YIBNIgID&nOrPxHiyxACKrpF&0+jp9M<9b&*WlpvpI~P
z*E6|T+-wfxMm>{@#m(k0p08(evAEeB#tZaJE*3YN!+4>d$;IMka~Qv%XL7N)*&N1;
z^h_=mH=D!wMLm;?#m(k0eo4>dVsW!Mj9=C>xmet64&zt!OfD8To5T23J(G*Y&E_zE
zP0!?FakDv$U)M9aSlnz5<HdR=7mJ(CVf==k$;IMka~Qv=XL7N)*&N1i>6u(CZZ?PU
z+j=G!i<`}1{EnW<#o}gj7{9A$a<RDC9LDeInOrPxHivPOp2@}HW^)+7uV-?xxY-=W
zALyA}EN(W3@e)0gi^a|6F#b@_<YIBNIgCHjGr3sYY!2g(^-L}nH=D!w6FrlQ#m(k0
zM$hD8akDv$m&RcouK!Ff7B`#2c$uEb#o}gj7=Nl~a<RDC9LAsNnOrPxHiz-&dL|c(
zo6TYTg`Ua9;%0Lgf2n73vAEeB#?5*r7mJ(CVVvlhTr6%jhw*YflZ(a8<}hy2Gr3sY
zY!2hE^h_=mH=D!wYdw>T#m(k0{zlK_VsW!MjK9@0xmet64&(3iOfD8To5T2fJ(G*Y
z&E_!vLC@r3akDu*jGn_f%pWEfi<`}1{G*=9#o}gj82_Yaa<RDC9L6j4OfD8To5T2L
zJ(G*Y&E_!vMbG47akDv$f7LU&Slnz5<KOg5E*3YN!}xbSlZ(a8<}m(4&*WlpvpJ0a
z)HAtQ+-wfxReB~Di<`}1T+}nUSln#RZ9e4si?_S^L+qos?(0L2`*8dF<G2sUeK>wS
z9OuDt4jkveaSj~kz;O;7=fH6e9OuAs4*cJq126Xf{G+#j9*_HQ+=pAQYsdG&@qKW7
z9~{39j&tBR2aa>#I0ue%;5Y}4bKp1!{-4c(!><51uHz0Ici^}K#~nECz;OqTJ8;~A
z;|?5m;J5?F9r!=60}np@I*H379(DNE#Ko&0e*WBL=l=Ye&pdm}`E&Pp)YI?v__HrN
zf9~?HecKBka`yMnpS#z!H$L#U&c68kx%(atj<dgT;l@j!a>dy`d5y!P8=iMq7hZ7k
z?-ws#Jn-yGA|Cvb3x9m!<}=TD+Ji2+>FURxTzWVvuYQMX`<k~ub?3wVs~>XTe|h>-
z?)l0auej#sXIyoU^DjM=ao1nG<|UW>+%<Q&`giKw-7Y<Q*OS*j9C>Y@z3YV+o&5aa
zfCu-57he0yvv;`WRVR-=oZ|3eSD(84aLB`7^eG=*=PteMnkx>scf011&$#^jpWga<
zhciF%)U9W}`f>ODkCWd$Jay`hhev15KkPl9diJ5GpYxPQUUK94M?B#%hkwokE`9X<
zPwsd4!`qIyaO0Wtk9hJ^&))sgN8jbt{SVKce$EHn=>a#LoI2dS;qVbBXAUoRL(IjC
zr?0%}^c8dZr*1xV`pWsqis;jCeRy=2(+@g*MIY|m`}CFl@&_J{zC2EzbtwPsx$$?`
zz2vzcckwOHoWA6qXKr}o!@e92IrH)-9*(&zZpb?w&UWRTx#2Ex-A&i^b#vX#*S+}U
zafkBWQHMkR_nYeQ^lj_5pTa-u*W)(7{=fafc-}id;g(l_-a9?vmOGuf@chFk;pCq$
zo_yBDlT)v{c=6<^x86ML@RC>EaJaec+jCdl=Y?0@=LJ{Y=lNG%n2UdLIMppT-hRGY
SPx9m^JvI){eBb~48~hhX6Rzk0

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.serial.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.x64.serial.raw
similarity index 56%
rename from UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.x64.serial.raw
rename to UefiCpuPkg/ResetVector/Vtf0/Bin/PageTable2M/ResetVector.x64.serial.raw
index 61c71349a8a599916f3eeae8c5dee92efb56db71..f1d6536cec924d0e167cf1ee4e9309ed5fd7ad60 100644
GIT binary patch
literal 28676
zcmeI*d-SE}RnYOBPA_S-OsLgHTW#7@C}J^bX{DCprWFh*Pz6gYw+Gb08;W5D$18h`
z5vMI70*Z*>qj<q90WS@y+Kp*T!3$MXf)(5l!A=K9Y_$|f^Ycveajj->sei+H{y3lW
z{APXM^S=9>wcd4Rt@+J8_uO;O&HLmej_Wvq;{=WqI8NX=f#U>@6F5%bIDz8?juSXe
z;5dQf1b$Xe;O2WD{r-P*^X;7D-wXV#e&df9cbvd+0>=p)Cvcp=aRSE)94By`z;Ob{
z2^=Tzb7}$)x!Q-~rVl)OD3XiC&E_z!yZYqNGr3sYY!2gbdL|c(o6TXI(lfbO+-wfx
z@p>i~i<`}1JVDRoVsW!Mj3?@uTr6%jhw&smlZ(a8<}j|;Gr3sYY!2hedL|c(o6TW7
zMbG47akDv$pQmSXvAEeB#?RL?xmet64&$kMCKrpF&0&0qp2@}HW^)*)^-L}nH=Dz_
zLC@r3akDv$57jfdSlnz5<7s*(7mJ(CVf+F;lZ(a8<}jYFXL7N)*&N0%)HAtQ+-wfx
z7wMT?EN(W3@eDnai^a|6FmBW{xmet64&xW=nOrPxHiz*`^h_=mH=DzFrk=^g;%0Lg
z&(brwSlnz5<Cp50Tr6%jhw;nwOfD8To5Ogvp2@}HW^))f>6u(CZZ?PUoH(q*{h!Ij
z;%0Lg&($-zSlnz5<7PdRi^a|6FrKGpa<RDC9L6u#Gr3sYY!2hY^h_=mH=D!wa6OZY
z#m(k0p08(evAEeB#z*LxTr6%jhw&@)OfD8To5T1>J(G*Y&E_zErJl*f;%0LgFVHi&
zSlnz5<D>LUE*3YN!}wKtCKrpF&0*Z4XL7N)*&N2LdL|c(o6TXoP|xIIakDv$7wMT?
zEN(W3@zHuF7mJ(CVZ2z+<YIBNIgFR+nOrPxHiz-6^-L}nH=D!w7(J7V#m(k0UaDtu
zvAEeB#;?&cxmet64&!BdCKrpF&0&13p2@}HW^))X*E6|T+-wfx<Md1}7B`#2__cZ_
z7mJ(CVWghP#o}gj7#|;pb-4dCxmet64&xPiCKrpF&0)M!&*WlpvpI}kr)P4pxY-=W
zC+L}6EN(W3@rimS7mJ(CVf=bMlZ(a8<}hy4Gr3sYY!2g-^h_=mH=D!wWIdCM#m(k0
zeuJLL#o}gj7{5`^<YIBNIgC%yGr3sYY!2g7^-L}nH=D!wG(D4x#m(k0UZrPpvAEeB
z#&6Oyxmet64&yiLnOrPxHiz-)dL|c(o6TW-hMvjA;%0LgzeUgFVsW!Mj92TKTr6%j
zhw+(uCKrpF&0*ZGXL7N)*&N1i)ib$R+-wfxHF_o&i<`}1e3qWc#o}gj7@w_Ya<RDC
z9LDG9nOrPxHiz-KdL|c(o6TW-o}S6Y;%0LgOV8wDakDv$&yT}8-2a(eEN(W3@dbJ&
z7mJ(CVf;2dlZ(a8<}iM{p2@}HW^)+7L(k-5akDv$GkPW$i<`}1e4(Dn#o}gj7{61`
z<YIBNIgH<>XL7N)*&N32)-$<S+-wfx_vo2iEN(W3@q6`5E*3YN!}uaSlZ(a8<}iMr
zp2@}HW^)+7U(e)XakDv$FV-`;Slnz5;}7VWTr6%jhjE9V$;IMka~NNuXL7N)*&N1M
zJ(G*Y&E_!9>6u(CZZ?PUrFte8i<`}1{6RgFi^a|6FwX0lTr6%jhw+E>OfD8To5T3S
zdL|c(o6TYT5j~TO#m(k0{-~bG#o}gj7=KL9<YIBNIgCH9XL7N)*&N1~>6u(CZZ?Ne
zdL|c(o6TWdh{Jj)Zent=xY-=WpU^Y8Slnz5<4!%3i^a|6F#e>T$;IMka~OB&nOrPx
zHiz-2^h_=mH=D!way^ra#m(k0{<NOS#o}gj7#H<SE*3YN!+5Qp$;IMka~QAFGr3sY
zY!2h~dL|c(o6TW-g`Ua9;%0Lgck7v4EN(W3@s)Ze7mJ(CVcer<a<RDC9LAr~Gr3sY
zY!2hA^h_=mH=D!wYCV&S#m(k0zDCdFVsW!Mj6bVqa<RDC9LAs1Gr3sYY!2gV^-L}n
zH=D!w^Li#1i<`}1e4U=j#o}gj7=J;}<YIBNIgGE@Gr3sYY!2fu>X}?DZZ?PU4SFUQ
zi<`}1e50Pp#o}gj7=KC6<YIBNIgG7ma<RDC9L8Uc!#dpmnOrPxHiz+7^h_=mH=D!w
zCOwmj#m(k0{;HnI#o}gj7=KOA<YIBNIgG!qXL7N)*&N2-&@;JM+-wfxoApdC7B`#2
z_?vnr7mJ(CVf-yUlZ(a8<}m)Yp2@}HW^)*SN6+M9akDv$zpH0*vAEeB#^2L3xmet6
z4&z(&OfD8To5Q$Q&*WlpvpI}!)ib$R+-wfx+w@E>7B`#2`1^V$7mJ(CVf+I<lZ(a8
z<}m)Dp2@}HW^)+-NYCVAakDv$H|UvMEN(W3ai5;a#o}gj7~igEa<RDC9LD{6CKrpF
z&0)Mz&*WlpvpI}^tY>nuxY-=WKhZO}Slnz5<Dcr8Tr6%jhw&yolZ(a8<}g~%<YIBN
zIgIa!!#dpmnOrPxHiz-g^h_=mH=DzFK+oi2akDv$H|v>PEN(W3@fJOki^a|6Fy5+X
za<RDC9L9I*nOrPxHiz*xJ(G*Y&E_z^OV8wDakDv$@76Q9Slnz5<Dcu9Tr6%jhw(4;
zOfD8To5T2*dL|c(o6TYTD?O8o#m(k0zDLjGVsW!MjJNBVTr6%jhw-oVOfD8To5T1w
zdL|c(o6TW-ub#=p;%0Lg|5nfBVsW!MjDM$Ra<RDC9LB%bGr3sYY!2i5^h_=mH=DzF
zP|xIIakDv$@7FWASlnz5<3H$`Tr6%jhw%<QlZ(a8<}m)Fp2@}HW^))npl5QixY-=W
z59*m*EN(W3@t^ceE*3YN!x%l2i^a|6Fn%Zw>u~>Pa<RDC9L5jpnOrPxHiw6oe)RR3
zTr6%jhw-2FOfD8To5T1KJ(G*Y&E_zERL|sMakDv$|DtDdvAEeB#yj;)E*3YN!?>hp
za<RDC9LBr!OfD8To5Q%QXL7N)*&N1?>6u(CZZ?PUU-e8b7B`#2xT0rrvAEeB#(&c@
zxmet64&%r5OfD8To5T3;dL|c(o6TXoThHWTakDv$_vo2iEN(W3@jvuTE*3YN!}y<i
zCKrpF&0)M(&*WlpvpI~P&@;JM+-wfxeR?Jri<`}1{G^`A#o}gj7(b<Fa<RDC9L7)U
znOrPxHiz-Bp2@}HW^)+t*E6|T+-wfx5j~TO#m(k0PV`JJ7B`#o0q_6mQ}=%PmHU74
z)V*=#{`Z}__qr=rfAXX&m%ifEt%rZ9bVJ0;4~IXw<3$(F-*Em%UjO=YmoJ=u`paMY
ztWP`l!xzrq_;oM7`1$9)|HAoa-Sxl=zW3bQ?>zs!IQQKbA2@aUP3IoC{7Gl-fB&f;
z`{tX@{=}K9NB)8<kKNyL&Hky^?4NSwzBe7##kX93<l<W%n_hdUTdzrf=AkaV?Qs#e
zzT@H#UVP`7*L}_{*FAX0$6Y>^cf9njKKtT3`$>1)^1S!G_V#DI_ko+vzUy_jJ^jKD
zog9Aq;gi4X><?V`9cLeR$M@Cwr=2?Y<V#<Bn8aOu?ui%QcKJJR?Tc@{>%He*@z@hP
zbIpnTzpwG^Bmeg!{C`~9yRW-?T4z7+&c5-bZ~Kzl>-?!3&OY<-__VVxeBF%~9=dud
zhwIHd`_vsTd)~vB-*IO@{>+7s`IOh3d%@{9-2SoGJ#gV=ulj_DbI(5Y%I9Bx_TdjN
zK5*v3%U=DOb02c*mDk_d&p-W!&wAoVJb3vD_g(#%U3&PDlatF|bo!<_eg8Y3aQeCP
z?G@3dUwGJEfBKfwH}&Dkvrj*_-}SlgJ~_ED9(!#sxn?>aea-&=@U}hkaBcU+Jtrrp
zpZnnDi#|{9yZUju^~wkDUh<gTQy;T?%9WpbWBmBt?|9>9zvrXQoWAZEXYRW>A`d5d
z=3S3}&&kORabG?$;&3gGJ=+&ub9OJhX8$wK_RM|P$K4O!-FMI3@4Wl%mp}c(<BJc+
zKl~>fAGEFx@#^}(Z`b_l?|Ia(|KEO#{a41DUh%5SPkqzJzv}Y!XD+_^((Mmle%$5v
zUV7w_OJDf#$;qV`z5np=rH6OozQdb)a@%v>dfRi}a@%v>eA~r2`Oy!0t*cKTeYNA`
zaRSE)94By`z;Ob{2^=SIoWOAc#|ivgn82m`-}8ZQ1Xr*1)t~W+anC)MzUk4QJo-i9
Fe*tvrwzvQQ

literal 28676
zcmeI*eb}aXS<vxw85UR+XGMz5D3%osDvf0oMZiuWX+=>iBf_koT4VNV>r74W=UAH!
z&^G!0-me$S%5r;UT`EppK(rT8)0QYZ)ueq`n=A}bUdDTNKOVMYNA+(W_wP97`P|n%
z*Z01!>vvzz?>e5DKb}jME?s(OJUreRH$U{?osnEDZZ?N;-PH$&p2@}HW^)*i(lfbO
z+-wfxl%C1O;%0LgkJdA}Slnz5<9a=li^a|6Fdn04a<RDC9L8hyOfD8To5OgVp2@}H
zW^))f=$TwBZZ?PUcs-Mg#m(k0K0wdpVsW!Mj1SZ^xmet64&w=WCKrpF&0&0yp2@}H
zW^)*)^-L}nH=Dz_QP1RJakDv$57sleSlnz5<B57E7mJ(CVSI?5$;IMka~Mz3Gr3sY
zY!2g>=$TwBZZ?PUOZ7}H7B`#2c(R_!#o}gj7&qyeTr6%jhw;nwOfD8To5T1}J(G*Y
z&E_zExt__z;%0LgPth~ESlnz5<5%dJTr6%jhw&@*OfD8To5Ogjp2@}HW^))f>zQ0E
zZZ?PUv^b2z{h!Ij;%0Lgx9FK%EN(W3@nL!<7mJ(CVLV;W<YIBNIgAh2Gr3sYY!2fi
z^h_=mH=D!wReB~Di<`}1JVVdqVsW!MjA!bZTr6%jhw-cROfD8To5T1udL|c(o6TYT
zT0N7C#m(k0K2p!*VsW!MjE~YYxmet64&&G9nOrPxHiz*nJ(G*Y&E_y})ib$R+-wfx
z*?J}yi<`}1+@@!8vAEeB#z*U!Tr6%jhw(9bCKrpF&0#!8&*WlpvpI~9)ib$R+-wfx
z<Md1}7B`#2c&?tw#o}gj7$2`^a<RDC9LDqXOfD8To5Og%p2@}HW^))X&@;JM+-wfx
z6ZA|j7B`#2`1N`w7mJ(CVWghP#o}gj7@ru2ak&38xmet64&#M-CKrpF&0)Mq&*Wlp
zvpJ04pl5QixY-=WC+V47EN(W3@nSubi^a|6Fn*(+$;IMka~QYlnOrPxHiz-adL|c(
zo6TXoM9<`6akDv$Pth~ESlnz5<5TraE*3YN!+5El$;IMka~PkdXL7N)*&N2F>zQ0E
zZZ?PUGCh-v#m(k0K10vsVsW!MjNhbZa<RDC9L8_fGr3sYY!2fy^-L}nH=D!wEqW#w
zi<`}1yj;)ZVsW!MjNhtfa<RDC9L6j3OfD8To5T2RdL|c(o6TXoQqSaKakDv$&(brw
zSlnz5<G1UXTr6%jhw<5ZCKrpF&0+iwJ(G*Y&E_zEr=H2h;%0LgOV8wDakDv$&xyl0
z-2a(eEN(W3@ws{?7mJ(CVSJvR$;IMka~Qu%&*WlpvpJ04t!HwvxY-=W89kGW#m(k0
zK3~t|VsW!MjNhYYa<RDC9L5*unOrPxHiz+h^-L}nH=D!weR?Jri<`}1{C+)?i^a|6
zF#dp^$;IMka~OY6&*WlpvpI}Eq-S!mxY-=W7wVZ@EN(W3@rU(HE*3YN!?;7w<YIBN
zIgBsTGr3sYY!2hBp2@}HW^)+l^h_=mH=D!wBYGwmi<`}1{82rVi^a|6FwX0lTr6%j
zhw;bsOfD8To5T3ydL|c(o6TYT2|bgG#m(k0{-mDC#o}gj7=KF7<YIBNIgCH8XL7N)
z*&N27(KESN+-we`^h_=mH=Dz_5QlNN|1-H*+-wfxi}g${7B`#2__KN@7mJ(CVf;Bg
zlZ(a8<}mKmGr3sYY!2hk>zQ0EZZ?PUC3+?oi<`}1`~^Lei^a|6FfQtuTr6%jhw&;s
zlZ(a8<}hBZXL7N)*&N1e^h_=mH=D!wi+Uy(i<`}1+@)u7vAEeB#$VDixmet64&#!Z
z$;IMka~OYF&*WlpvpI|})ib$R+-wfx%k)ex7B`#2_;Njyi^a|6Fup?1<YIBNIgGE=
zGr3sYY!2hA^h_=mH=D!wYCV&S#m(k0zDCdFVsW!MjIY%*xmet64&&?eOfD8To5T2e
zJ(G*Y&E_z^LC@r3akDv$Z`3onSlnz5<FDwMTr6%jhq3icE*3YN!}zOl7>D~mlZ(a8
z<}m)6p2@}HW^)*SUC-oVakDv$zoBPxvAEeB#y9DiTr6%jhw(S{OfD8To5T29dL|c(
zo6TW-v!2Pt;%0Lge_PMwVsW!MjK8C2a<RDC9LC?(Gr3sYY!2gF^h_=mH=D!wdwM1p
zi<`}1{Cz!>i^a|6FuqmK<YIBNIgGpYOfD8To5T1AdL|c(o6TYTLp_s=#m(k0{*j)^
z#o}gj82?z$<YIBNIgEdzXL7N)*&N0{)ib$R+-wfxwR$EOi<`}1+@oi5vAEeB#<%I2
zTr6%jhjFi-$;IMka~QAFGr3sYY!2g}>6u(CZZ?PU&-F|$7B`#2_!oL67mJ(CVZ2_?
z<YIBNIgHjbxmet64&&S7Fb?;BCKrpF&0&0pp2@}HW^)+#>6u(CZZ?PU20fFD#m(k0
z-l%7CvAEeB#+&p^E*3YN!}v};lZ(a8<}lu@XL7N)*&N1q>6u(CZZ?PU-FhY$i<`}1
z{7XHPi^a|6F#eUE$;IMka~S_x&*WlpvpI}^qi1rlxY-=W_vo2iEN(W3@fJOki^a|6
zFuqsM<YIBNIgIbqGr3sYY!2i5^-L}nH=D!ww|XWQi<`}1{D7Xx#o}gj7(b|Ia<RDC
z9LB%XGr3sYY!2goJ(G*Y&E_!Ps%LVsxY-=Wzt=OlSlnz5<868-7mJ(CVf+U@lZ(a8
z<}m)Fp2@}HW^))nq-S!mxY-=Wf6_C#Slnz5WAsce7B`#2_~AH=!~LJh#o}gj7(b$C
za<RDC9LA68nOrPxHiz+_^-L}nH=D!wF+G!u#m(k0-mYhIvAEeB#(&W>xmet64&wnm
zlZ(a8<}gn5OfD8To5OgAp2@}HW^))1>X}?DZZ?PU<9a3+i<`}1{8v4bi^a|6FfQwv
zTr6%jhw<O^OfD8To5T1CJ(G*Y&E_!vyPnC#;%0Lg|3lB@VsW!MJS;tjaaeztTr6%j
zhw+noCKrpF&0+jcJ(G*Y&E_!PrDt-nxY-=WPwAOlEN(W3@oqhni^a|6Fn(Ik<YIBN
zIgFptGr3sYY!2f+dL|c(o6TXoSI^{PakDv$_vx8jEN(W3@qRs%i^a|6Fs|sCTr6%j
z=OJ&qbmd_;?`9vpI<L1K=i%Y&<2Vn;c{qMQ9M^;6I&fSEj_bg29XPH7$93Si4jk8k
z<2vyF_d4(vKj$BP_;WnY!*L$2-q()T!SOmcUI)kTgX21ITnCQpz;PWot^>z);J6MP
z*MVPT>%iex03640297guoPpyE9B1G-1IHOS&cJa7jx+F!bO!Ey&#Ak=<np~ged_MG
zeDAwY-F@BVtIs_4^2s-yy7lmz32uyd!QrReD|bBi!ucD||JZ9@bMC<l=b!X~S3Tv^
z&;7`S^EZ9X$6WlJb8o$H{wa6f_mSU!?kyM2KmD+Cocqp;_nmsh&FA{$Qx98b?tR~>
zAOGf?&;HbztFQmLmmj(PtZTNPaLxAPFW>X}!?^gyllNS?a^>P1A6Z}fYPVif|H4;0
zdF!JhZhhOuAG-L!nOA@Iv#z`Uju)StIvi!*@d<bK*^j^ev4_WZ-1hW$zv>lFe%F0B
zpMBufw?FB^4<Ft+ZuqXVZ@cc>&pzsoAE@(BJaz7dldnDOd1s%y;o_T5zT>dNt$p!L
zcfRY~3m<uaXRbM*|NH5legFUY75*Pi@jcgFJ+iZRTz}Ky5TE<zFZzNyf9l4wHy^$}
z@$B<oeba>>y?Q=}Gyjb1ub%lGFM0ZVPk!+5)b)=(Y@NCAaW8%4xsN^l+E+aPy8A9X
z?`5BK_&A?=>P62u`G~_`KD5Wh`_5c=-pgNk?n6$!=yBIS<M8b1*M8Pxo_YVt^@oS|
z9R9?~+uwiX$~`exuAIK*{?j+l>3biz{`4*LZ57d{pMBVR-05eXzPS$%o_hM0e#iO4
z-Zx!yl|1K~Y5VAFw*NPu>jxZ8+LiY1s~6g>m;cwT=R9KT36I!%{N<l{UHrsdZ+qPr
zUiqjqr>}eRnR`C$a6KFj?aVu#beNVK<DPuX;Vf^NM}9E3U2{y&zGnLu9^;vN9v64r
ze^=i%cRg^|TTWhbn5#=qjXJ!?&o3@lC-CZc=zrnA?0X*e>weB}jn}{MWe<MP>p$^j
z58iO*;u}u#y@!kU<R`D3Jo?JXOW%9t%E>M7JAA3bjNX3F;bkBC7rNV@_NLpP_Qu<v
j_J-Rp&Xu=6c;CbCb@e@7{+Tb1OP3z}mY;w3OP78Y>oK+#

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.port80.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.port80.raw
deleted file mode 100644
index 2c6ff655ded2a5855ca8f4428d559a7727eb6983..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 516
zcmXYu&r2IY6vyAXZffw5pki|H5Mn5LNHL07>yK(hDFtZ?MS?}4mxbPR-GRMz=a9oB
zvMhKKFZ~nNlM5cQb+xr81!+kMl-SZG(_HkTQj62K>Vuhi^XB_L@6C*D+jh>&LL6WM
z0E9M5jkxi9eVsI^(KS)(c}ad!Be^-u-jeUs=qdWy6LL(A42pq#X1-iV5sza!I8I=?
z6*P9huZ0loz}XH=zA6FaYU~GVsO6;rsjAI!8P!wTWYN=~C=bxrhB8;BLgK<t>5cO9
zE_#aD5dEUpq>p-w_SG~xWD@0RR2DrFWrutZ1v!s>DqfI?a~7ETjdPBr+OZTuH6@AC
z(ZjWOrXk1m6wV#`csWUbg<S05l@fNKy~zCI-!P=K;!dTH=NHLHY^N|T`E)Eli`VOy
zXZrX<JiJvfU!`LUi=<PYX;b<z8ryjj>92AHT^9%NWrR81f%$hA&aB$5Egq>cDWST(
zc->gqQ~#`>AP(+S1e4QsXD~2Tw+*bS<ym#BVIA|Qh_Ms!0d@E>_ZG54!{z}tj_%g2
yBd9#fH`^=I`DR3A`}nB*Qt<bJXK#eyC7f7Y1R<hXy90%ch1YX{k^Ou0?eZVP-{Nrq

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.raw
deleted file mode 100644
index e34780a3a2c9b22bd10a1d5a405e344faaff94f3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 484
zcmX9*OG_g`5Uz2YXi!K{AwfI@4Wb8^4I;k92Z}6+5k#W02QLkK9j9Rq9_&L7ZDbtq
zqIePigaaNjIzCSdixLS)RFt&2cybqA?5!~cU5~H6s_N>tZQD+`9S{Z>1OTb`GBa#G
zt*_G(GaClinx^RkGo#yGe2LyNvnlO${H9mTj3XK78TZswjJl#0BPWZ(PsE3m63x5<
zkjV2pUL={H-<6y`Ayi}y>qBYR=+mmu*E{2X*HV!;FJ=@olMU=1D<ODc<ds9CLcd-$
z>r@&PjmS*9G|11z5fTzEKTW^U3gc6Jd}Rz>i=xwezWi&|RKrFLb)7MgiLyt(A5Nap
z{K@){_&;%jkXDHiVLej|v^%t)8c;mepB%?^+SRc((Td402KNZ-pIe~y>R7ebhG=Mi
zG0>h98oCZ15CogOAHb`XKiHDrNJxngrv+CGHM`_x1(RWLh67mGTp&(0SUJnJ3Rcm&
z65UvCM_?B@w(a-w1uqM*d0DnQmyjJzmTIyi$x?vuV|+aEM~V$8raq+<d#HFpKI8Y<
TrM$1pedcB-0FmP|Qr7<gpRvyd

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.serial.raw b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.ia32.serial.raw
deleted file mode 100644
index 6dfa68eabb48a44bc50a0b7fe678f80b5cdadfd5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 884
zcmbO*VZwx6znM3*zuWbbc>}|{T|byNFuntcu)ljL%WQZ+mqCDm!Ipu6;eU~3V}(G)
z)1IEv*Nqh-wp}v*rH>jbBxag+CYIi8tdMCvtb4iiLSuyrP%%U4@y^4{5elUTUitue
zX}kV1zgeMB@;wb?e$qQsz5yDa7md&LZpVHg=sf!J_y7O@JCCC3MmNn6O*f`#F9Vqv
z7z}TB-s^mk)*WlWc%#VeB{R^K4n=mY2TH71*@5gLW0fCW5#rwtE0nzG_7G`&2(+1j
z^JK|w#)BnHMOPatgqTY?U(N!mY&}rQ*?HpSA)o@o1D(fOzm+<nIxr2*L4>_q@(;fW
zM0l~75#+LxB322Y6D>~^XEszY3zR4TNud&(Zi&XnApZb;9>@yvd6AdOpO@EwLaZ!6
zURtAtZ&ax{|MmzQ#>0))0j|L4)MR$nc&P@I1gq#goYrU^7F8<D?99Qc0Tkum9?hnC
z<0UJQxdVt9UOxNx|35U+e}LlL@EtPG428#w!sB}PYd6D(zT3NJ{ntz5XB1D{p$v=~
zex(Cxuk3*?6kyolzy`EX=>cjO8KZ@=5gH#e8KmvtVCcKiccAY<-;2HrFU^6@7H3!h
z3Ku8<vnHQs0MoP2GwgQ?c+I!pG2k_4TIZ3MC;k8v&C4(UUyA>KdG*i#|1Vel1t!i1
c|DR2GeH)mmfB<AnScn_LgbA;YKtv!U0PUT%*8l(j

diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.inf b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.inf
index 8fc9564ebb..8c4de04bbc 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.inf
+++ b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector.inf
@@ -22,10 +22,10 @@
#

[Binaries.Ia32]
- RAW|ResetVector.ia32.raw|*
+ RAW|PageTable2M/ResetVector.ia32.raw|*

[Binaries.X64]
- RAW|ResetVector.x64.raw|*
+ RAW|PageTable2M/ResetVector.x64.raw|*

[UserExtensions.TianoCore."ExtraFiles"]
ResetVectorExtra.uni
diff --git a/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector1G.inf b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector1G.inf
new file mode 100644
index 0000000000..b457f42dd9
--- /dev/null
+++ b/UefiCpuPkg/ResetVector/Vtf0/Bin/ResetVector1G.inf
@@ -0,0 +1,31 @@
+## @file
+# Reset Vector binary
+#
+# Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = ResetVector
+ MODULE_UNI_FILE = ResetVector.uni
+ FILE_GUID = 1BA0062E-C779-4582-8566-336AE8F78F09
+ MODULE_TYPE = SEC
+ VERSION_STRING = 1.1
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Binaries.Ia32]
+ RAW|PageTable1G/ResetVector.ia32.raw|*
+
+[Binaries.X64]
+ RAW|PageTable1G/ResetVector.x64.raw|*
+
+[UserExtensions.TianoCore."ExtraFiles"]
+ ResetVectorExtra.uni
diff --git a/UefiCpuPkg/ResetVector/Vtf0/Build.py b/UefiCpuPkg/ResetVector/Vtf0/Build.py
index b791d32762..49de5a635b 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/Build.py
+++ b/UefiCpuPkg/ResetVector/Vtf0/Build.py
@@ -11,40 +11,73 @@ import os
import subprocess
import sys

+PAGE_TABLE_2M = 'PageTable2M'
+PAGE_TABLE_1G = 'PageTable1G'
+FILE_FORMAT = '.raw'
+
+# Pre-Define a Macros for Page Table
+PAGE_TABLES = {
+ PAGE_TABLE_2M : "PAGE_TABLE_2M",
+ PAGE_TABLE_1G : "PAGE_TABLE_1G"
+}
+
def RunCommand(commandLine):
#print ' '.join(commandLine)
return subprocess.call(commandLine)

-for filename in glob.glob(os.path.join('Bin', '*.raw')):
- os.remove(filename)
+for pageTable in PAGE_TABLES.keys():
+ for fileName in glob.glob(os.path.join('Bin', pageTable, FILE_FORMAT)):
+ os.remove(fileName)

for arch in ('ia32', 'x64'):
for debugType in (None, 'port80', 'serial'):
- output = os.path.join('Bin', 'ResetVector')
- output += '.' + arch
- if debugType is not None:
- output += '.' + debugType
- output += '.raw'
- commandLine = (
- 'nasm',
- '-D', 'ARCH_%s' % arch.upper(),
- '-D', 'DEBUG_%s' % str(debugType).upper(),
- '-o', output,
- 'Vtf0.nasmb',
- )
- print(f"Command : {' '.join(commandLine)}")
- ret = RunCommand(commandLine)
- if ret != 0:
- print(f"something went wrong while executing {commandLine[-1]}")
- sys.exit()
- print('\tASM\t' + output)
-
- commandLine = (
- 'python',
- 'Tools/FixupForRawSection.py',
- output,
- )
- print('\tFIXUP\t' + output)
- ret = RunCommand(commandLine)
- if ret != 0: sys.exit(ret)
+ for pageTable in PAGE_TABLES.keys():
+ ret = True
+ directory = os.path.join('Bin', pageTable)
+
+ # output raw binary name with arch type
+ fileName = 'ResetVector' + '.' + arch
+
+ if debugType is not None:
+ fileName += '.' + debugType
+ fileName += FILE_FORMAT
+
+ output = os.path.join(directory, fileName)
+
+ # if the directory not exists then create it
+ if not os.path.isdir(directory):
+ os.mkdir(directory)
+
+ # Prepare the command to execute the nasmb
+ commandLine = (
+ 'nasm',
+ '-D', 'ARCH_%s' % arch.upper(),
+ '-D', 'DEBUG_%s' % str(debugType).upper(),
+ '-D', PAGE_TABLES[pageTable].upper(),
+ '-o', output,
+ 'Vtf0.nasmb',
+ )
+
+ print(f"Command : {' '.join(commandLine)}")
+
+ try:
+ ret = RunCommand(commandLine)
+ except FileNotFoundError:
+ print("NASM not found")
+ except:
+ pass
+
+ if ret != 0:
+ print(f"something went wrong while executing {commandLine[-1]}")
+ sys.exit()
+ print('\tASM\t' + output)
+
+ commandLine = (
+ 'python',
+ 'Tools/FixupForRawSection.py',
+ output,
+ )
+ print('\tFIXUP\t' + output)
+ ret = RunCommand(commandLine)
+ if ret != 0: sys.exit(ret)

diff --git a/UefiCpuPkg/ResetVector/Vtf0/PageTables.inc b/UefiCpuPkg/ResetVector/Vtf0/PageTables.inc
new file mode 100644
index 0000000000..31958ae878
--- /dev/null
+++ b/UefiCpuPkg/ResetVector/Vtf0/PageTables.inc
@@ -0,0 +1,20 @@
+;------------------------------------------------------------------------------
+; @file
+; Definitions of Page Table Entry for the reset vector module
+;
+; Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;------------------------------------------------------------------------------
+
+%define PAGE_PRESENT 0x01
+%define PAGE_READ_WRITE 0x02
+%define PAGE_USER_SUPERVISOR 0x04
+%define PAGE_WRITE_THROUGH 0x08
+%define PAGE_CACHE_DISABLE 0x010
+%define PAGE_ACCESSED 0x020
+%define PAGE_DIRTY 0x040
+%define PAGE_SIZE 0x080
+%define PAGE_GLOBAL 0x0100
+%define PAGE_2M_PAT 0x01000
+
diff --git a/UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt b/UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt
index e6e5b54243..97f4600968 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt
+++ b/UefiCpuPkg/ResetVector/Vtf0/ReadMe.txt
@@ -29,7 +29,7 @@ EBP/RBP - Pointer to the start of the Boot Firmware Volume
=== HOW TO BUILD VTF0 ===

Dependencies:
-* Python 2.5~2.7
+* Python 3 or newer
* Nasm 2.03 or newer

To rebuild the VTF0 binaries:
diff --git a/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb b/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb
index 493738c79c..2cdaa14507 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb
+++ b/UefiCpuPkg/ResetVector/Vtf0/Vtf0.nasmb
@@ -35,8 +35,14 @@

%include "PostCodes.inc"

+%include "PageTables.inc"
+
%ifdef ARCH_X64
-%include "X64/PageTables.asm"
+ %ifdef PAGE_TABLE_1G
+ %include "X64/1GPageTables.asm"
+ %else
+ %include "X64/2MPageTables.asm"
+ %endif
%endif

%ifdef DEBUG_PORT80
diff --git a/UefiCpuPkg/ResetVector/Vtf0/X64/1GPageTables.asm b/UefiCpuPkg/ResetVector/Vtf0/X64/1GPageTables.asm
new file mode 100644
index 0000000000..19bd3d5a92
--- /dev/null
+++ b/UefiCpuPkg/ResetVector/Vtf0/X64/1GPageTables.asm
@@ -0,0 +1,53 @@
+;------------------------------------------------------------------------------
+; @file
+; Emits Page Tables for 1:1 mapping of the addresses 0 - 0x8000000000 (512GB)
+;
+; Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+; Linear-Address Translation to a 1-GByte Page
+;
+;------------------------------------------------------------------------------
+
+BITS 64
+
+%define ALIGN_TOP_TO_4K_FOR_PAGING
+
+%define PAGE_PDP_ATTR (PAGE_ACCESSED + \
+ PAGE_READ_WRITE + \
+ PAGE_PRESENT)
+
+%define PAGE_PDP_1G_ATTR (PAGE_ACCESSED + \
+ PAGE_READ_WRITE + \
+ PAGE_DIRTY + \
+ PAGE_PRESENT + \
+ PAGE_SIZE)
+
+%define PGTBLS_OFFSET(x) ((x) - TopLevelPageDirectory)
+%define PGTBLS_ADDR(x) (ADDR_OF(TopLevelPageDirectory) + (x))
+
+%define PDP(offset) (ADDR_OF(TopLevelPageDirectory) + (offset) + \
+ PAGE_PDP_ATTR)
+
+%define PDP_1G(x) ((x << 30) + PAGE_PDP_1G_ATTR)
+
+ALIGN 16
+
+TopLevelPageDirectory:
+
+ ;
+ ; Top level Page Directory Pointers (1 * 512GB entry)
+ ;
+ DQ PDP(0x1000)
+
+ TIMES 0x1000-PGTBLS_OFFSET($) DB 0
+ ;
+ ; Next level Page Directory Pointers (512 * 1GB entries => 512GB)
+ ;
+%assign i 0
+%rep 512
+ DQ PDP_1G(i)
+ %assign i i+1
+%endrep
+ TIMES 0x2000-PGTBLS_OFFSET($) DB 0
+
+EndOfPageTables:
diff --git a/UefiCpuPkg/ResetVector/Vtf0/X64/PageTables.asm b/UefiCpuPkg/ResetVector/Vtf0/X64/2MPageTables.asm
similarity index 74%
rename from UefiCpuPkg/ResetVector/Vtf0/X64/PageTables.asm
rename to UefiCpuPkg/ResetVector/Vtf0/X64/2MPageTables.asm
index 5bc3093f90..b97df384ac 100644
--- a/UefiCpuPkg/ResetVector/Vtf0/X64/PageTables.asm
+++ b/UefiCpuPkg/ResetVector/Vtf0/X64/2MPageTables.asm
@@ -11,19 +11,7 @@ BITS 64

%define ALIGN_TOP_TO_4K_FOR_PAGING

-%define PAGE_PRESENT 0x01
-%define PAGE_READ_WRITE 0x02
-%define PAGE_USER_SUPERVISOR 0x04
-%define PAGE_WRITE_THROUGH 0x08
-%define PAGE_CACHE_DISABLE 0x010
-%define PAGE_ACCESSED 0x020
-%define PAGE_DIRTY 0x040
-%define PAGE_PAT 0x080
-%define PAGE_GLOBAL 0x0100
-%define PAGE_2M_MBO 0x080
-%define PAGE_2M_PAT 0x01000
-
-%define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \
+%define PAGE_2M_PDE_ATTR (PAGE_SIZE + \
PAGE_ACCESSED + \
PAGE_DIRTY + \
PAGE_READ_WRITE + \
--
2.30.2.windows.1


Re: [PATCH V6 1/1] OvmfPkg: Enable TDX in ResetVector

Min Xu
 

On September 14, 2021 7:25 PM, Brijesh Singh wrote:

Hi Min,

A quick question below.

On 9/14/21 3:50 AM, Min Xu wrote:
RFC:

1. Definition of BFV & CFV
Tdx Virtual Firmware (TDVF) includes one Firmware Volume (FV) known as
the Boot Firmware Volume (BFV). The FV format is defined in the UEFI
Platform Initialization (PI) spec. BFV includes all TDVF components
required during boot.

TDVF also include a configuration firmware volume (CFV) that is
separated from the BFV. The reason is because the CFV is measured in
RTMR, while the BFV is measured in MRTD.

In practice BFV is the code part of Ovmf image (OVMF_CODE.fd). CFV is
the vars part of Ovmf image (OVMF_VARS.fd).

2. PcdOvmfImageSizeInKb
PcdOvmfImageSizeInKb indicates the size of Ovmf image. It is used to
calculate the offset of TdxMetadata in ResetVectorVtf0.asm.
In SEV-SNP v7 series, I implemented the metadata support. I did not see a
need for the PcdOvmfImageSizeInKB. Why do you need it? I think your
calculation below will not work if someone is using the OVMF_CODE.fd
instead of OVMF.fd. Have you tried booting with OVMF_CODE.fd ?
In the original PoC, TDVF is required to be launched with OVMF.fd (OVMF_CODE.fd and OVMF_VARS.fd is not supported) because of the TDX-QEMU limitation. So PcdOvmfImageSizeInKb is used to calculate the offset of Metadata (The offset is from fourGigabytes).
But you're right. PcdOvmfImageSizeInKB is not needed. The offset should be from the TDX Metadata offset block in GUIDed chain.
TDX-QEMU team is aware of the limitation that OVMF_CODE.fd&OVMF_VARS.fd should be supported too, otherwise the SecureBoot does not work with libvirt. They are working on this limitation.

I will remove PcdOvmfImageSizeInKB and update the Metadata offset like below:
tdxMetadataOffsetStart:
DD tdxMetadataOffsetStart - TdxMetadataGuid - 16
DW tdxMetadataOffsetEnd - tdxMetadataOffsetStart
DB 0x35, 0x65, 0x7a, 0xe4, 0x4a, 0x98, 0x98, 0x47
DB 0x86, 0x5e, 0x46, 0x85, 0xa7, 0xbf, 0x8e, 0xc2
tdxMetadataOffsetEnd:

Thanks!
Min


Re: [edk2-platforms][PATCH v1 1/1] MinPlatformPkg/AcpiTables: Update structures for ACPI 6.3

Nate DeSimone
 

Hi Michael,

I attempted to merge this patch, however the contents no longer apply. There was a refactor done to AcpiPlatform.c to eliminate the MAX_CPU_NUM macro:

https://github.com/tianocore/edk2-platforms/commit/353f3ed966abc267c4e77b46a3b5ab82a0a86488#diff-ae3eb6d7a13316e69709faeb1e624bc2f87ede0dba5148dc198d109e1190e0bb

After this refactor, there are several merge conflicts in this patch. Could you please rebase to latest master branch and re-send the patch?

Thanks,
Nate

-----Original Message-----
From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
Sent: Friday, August 6, 2021 12:54 PM
To: devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Dong, Eric <eric.dong@intel.com>; Maddy, Daniel <danmad@microsoft.com>; Michael Kubacki <michael.kubacki@microsoft.com>
Subject: [edk2-platforms][PATCH v1 1/1] MinPlatformPkg/AcpiTables: Update structures for ACPI 6.3

From: Daniel Maddy <danmad@microsoft.com>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3535

Updates ACPI table structures in MinPlatformPkg for ACPI 6.3.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Daniel Maddy <danmad@microsoft.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.c | 203 ++++++++++----------
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Facs/Facs.c | 11 +-
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Fadt/Fadt.c | 74 ++++---
3 files changed, 150 insertions(+), 138 deletions(-)

diff --git a/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.c b/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.c
index 2b51c34ef2fd..5e3c4c0672f9 100644
--- a/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.c
+++ b/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.c
@@ -2,6 +2,7 @@
ACPI Platform Driver

Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

**/
@@ -13,7 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #pragma pack(1)

typedef struct {
- UINT32 AcpiProcessorId;
+ UINT32 AcpiProcessorUid;
UINT32 ApicId;
UINT32 Flags;
UINT32 SwProcApicId;
@@ -27,9 +28,9 @@ typedef struct {
// Define Union of IO APIC & Local APIC structure; // typedef union {
- EFI_ACPI_4_0_PROCESSOR_LOCAL_APIC_STRUCTURE AcpiLocalApic;
- EFI_ACPI_4_0_IO_APIC_STRUCTURE AcpiIoApic;
- EFI_ACPI_4_0_PROCESSOR_LOCAL_X2APIC_STRUCTURE AcpiLocalx2Apic;
+ EFI_ACPI_6_3_PROCESSOR_LOCAL_APIC_STRUCTURE AcpiLocalApic;
+ EFI_ACPI_6_3_IO_APIC_STRUCTURE AcpiIoApic;
+ EFI_ACPI_6_3_PROCESSOR_LOCAL_X2APIC_STRUCTURE AcpiLocalx2Apic;
struct {
UINT8 Type;
UINT8 Length;
@@ -38,9 +39,9 @@ typedef union {

#pragma pack()

-extern EFI_ACPI_5_0_FIRMWARE_ACPI_CONTROL_STRUCTURE Facs; -extern EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt; -extern EFI_ACPI_HIGH_PRECISION_EVENT_TIMER_TABLE_HEADER Hpet;
+extern EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE Facs;
+extern EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE Fadt;
+extern EFI_ACPI_HIGH_PRECISION_EVENT_TIMER_TABLE_HEADER Hpet;
extern EFI_ACPI_WSMT_TABLE Wsmt;

VOID *mLocalTable[] = {
@@ -217,7 +218,7 @@ DebugDisplayReOrderTable(
DEBUG ((EFI_D_ERROR, "Index AcpiProcId ApicId Flags SwApicId Skt\n"));
for (Index=0; Index<MAX_CPU_NUM; Index++) {
DEBUG ((EFI_D_ERROR, " %02d 0x%02X 0x%02X %d 0x%02X %d\n",
- Index, mCpuApicIdOrderTable[Index].AcpiProcessorId,
+ Index,
+ mCpuApicIdOrderTable[Index].AcpiProcessorUid,
mCpuApicIdOrderTable[Index].ApicId,
mCpuApicIdOrderTable[Index].Flags,
mCpuApicIdOrderTable[Index].SwProcApicId,
@@ -232,31 +233,31 @@ AppendCpuMapTableEntry (
)
{
EFI_STATUS Status;
- EFI_ACPI_4_0_PROCESSOR_LOCAL_APIC_STRUCTURE *LocalApicPtr;
- EFI_ACPI_4_0_PROCESSOR_LOCAL_X2APIC_STRUCTURE *LocalX2ApicPtr;
+ EFI_ACPI_6_3_PROCESSOR_LOCAL_APIC_STRUCTURE *LocalApicPtr;
+ EFI_ACPI_6_3_PROCESSOR_LOCAL_X2APIC_STRUCTURE *LocalX2ApicPtr;
UINT8 Type;

Status = EFI_SUCCESS;
Type = ((ACPI_APIC_STRUCTURE_PTR *)ApicPtr)->AcpiApicCommon.Type;
- LocalApicPtr = (EFI_ACPI_4_0_PROCESSOR_LOCAL_APIC_STRUCTURE *)(&((ACPI_APIC_STRUCTURE_PTR *)ApicPtr)->AcpiLocalApic);
- LocalX2ApicPtr = (EFI_ACPI_4_0_PROCESSOR_LOCAL_X2APIC_STRUCTURE *)(&((ACPI_APIC_STRUCTURE_PTR *)ApicPtr)->AcpiLocalx2Apic);
+ LocalApicPtr = (EFI_ACPI_6_3_PROCESSOR_LOCAL_APIC_STRUCTURE
+ *)(&((ACPI_APIC_STRUCTURE_PTR *)ApicPtr)->AcpiLocalApic);
+ LocalX2ApicPtr = (EFI_ACPI_6_3_PROCESSOR_LOCAL_X2APIC_STRUCTURE
+ *)(&((ACPI_APIC_STRUCTURE_PTR *)ApicPtr)->AcpiLocalx2Apic);

- if(Type == EFI_ACPI_4_0_PROCESSOR_LOCAL_APIC) {
+ if(Type == EFI_ACPI_6_3_PROCESSOR_LOCAL_APIC) {
if(!mX2ApicEnabled) {
- LocalApicPtr->Flags = (UINT8)mCpuApicIdOrderTable[LocalApicCounter].Flags;
- LocalApicPtr->ApicId = (UINT8)mCpuApicIdOrderTable[LocalApicCounter].ApicId;
- LocalApicPtr->AcpiProcessorId = (UINT8)mCpuApicIdOrderTable[LocalApicCounter].AcpiProcessorId;
+ LocalApicPtr->Flags = (UINT8)mCpuApicIdOrderTable[LocalApicCounter].Flags;
+ LocalApicPtr->ApicId = (UINT8)mCpuApicIdOrderTable[LocalApicCounter].ApicId;
+ LocalApicPtr->AcpiProcessorUid =
+ (UINT8)mCpuApicIdOrderTable[LocalApicCounter].AcpiProcessorUid;
} else {
- LocalApicPtr->Flags = 0;
- LocalApicPtr->ApicId = 0xFF;
- LocalApicPtr->AcpiProcessorId = (UINT8)0xFF;
+ LocalApicPtr->Flags = 0;
+ LocalApicPtr->ApicId = 0xFF;
+ LocalApicPtr->AcpiProcessorUid = (UINT8)0xFF;
Status = EFI_UNSUPPORTED;
}
- } else if(Type == EFI_ACPI_4_0_PROCESSOR_LOCAL_X2APIC) {
+ } else if(Type == EFI_ACPI_6_3_PROCESSOR_LOCAL_X2APIC) {
if(mX2ApicEnabled) {
LocalX2ApicPtr->Flags = (UINT8)mCpuApicIdOrderTable[LocalApicCounter].Flags;
LocalX2ApicPtr->X2ApicId = mCpuApicIdOrderTable[LocalApicCounter].ApicId;
- LocalX2ApicPtr->AcpiProcessorUid = mCpuApicIdOrderTable[LocalApicCounter].AcpiProcessorId;
+ LocalX2ApicPtr->AcpiProcessorUid =
+ mCpuApicIdOrderTable[LocalApicCounter].AcpiProcessorUid;
} else {
LocalX2ApicPtr->Flags = 0;
LocalX2ApicPtr->X2ApicId = (UINT32)-1;
@@ -311,8 +312,8 @@ SortCpuLocalApicInTable (
CpuIdMapPtr->ApicId = (UINT32)ProcessorInfoBuffer.ProcessorId;
CpuIdMapPtr->Flags = ((ProcessorInfoBuffer.StatusFlag & PROCESSOR_ENABLED_BIT) != 0);
CpuIdMapPtr->SocketNum = (UINT32)ProcessorInfoBuffer.Location.Package;
- CpuIdMapPtr->AcpiProcessorId = (CpuIdMapPtr->SocketNum * FixedPcdGet32(PcdMaxCpuCoreCount) * FixedPcdGet32(PcdMaxCpuThreadCount)) + GetIndexFromApicId(CpuIdMapPtr->ApicId); //CpuIdMapPtr->ApicId;
- CpuIdMapPtr->SwProcApicId = ((UINT32)(ProcessorInfoBuffer.Location.Package << mNumOfBitShift) + (((UINT32)ProcessorInfoBuffer.ProcessorId) & CoreThreadMask));
+ CpuIdMapPtr->AcpiProcessorUid = (CpuIdMapPtr->SocketNum * FixedPcdGet32(PcdMaxCpuCoreCount) * FixedPcdGet32(PcdMaxCpuThreadCount)) + GetIndexFromApicId(CpuIdMapPtr->ApicId); //CpuIdMapPtr->ApicId;
+ CpuIdMapPtr->SwProcApicId = ((UINT32)(ProcessorInfoBuffer.Location.Package << mNumOfBitShift) + (((UINT32)ProcessorInfoBuffer.ProcessorId) & CoreThreadMask));
if(mX2ApicEnabled) { //if X2Apic, re-order the socket # so it starts from base 0 and contiguous
//may not necessory!!!!!
}
@@ -321,18 +322,18 @@ SortCpuLocalApicInTable (
if (CpuIdMapPtr->Flags == 1) {

if(mForceX2ApicId) {
- CpuIdMapPtr->SocketNum &= 0x7;
- CpuIdMapPtr->AcpiProcessorId &= 0xFF; //keep lower 8bit due to use Proc obj in dsdt
- CpuIdMapPtr->SwProcApicId &= 0xFF;
+ CpuIdMapPtr->SocketNum &= 0x7;
+ CpuIdMapPtr->AcpiProcessorUid &= 0xFF; //keep lower 8bit due to use Proc obj in dsdt
+ CpuIdMapPtr->SwProcApicId &= 0xFF;
}
}
} else { //not enabled
- CpuIdMapPtr = (EFI_CPU_ID_ORDER_MAP *)&mCpuApicIdOrderTable[Index];
- CpuIdMapPtr->ApicId = (UINT32)-1;
- CpuIdMapPtr->Flags = 0;
- CpuIdMapPtr->AcpiProcessorId = (UINT32)-1;
- CpuIdMapPtr->SwProcApicId = (UINT32)-1;
- CpuIdMapPtr->SocketNum = (UINT32)-1;
+ CpuIdMapPtr = (EFI_CPU_ID_ORDER_MAP *)&mCpuApicIdOrderTable[Index];
+ CpuIdMapPtr->ApicId = (UINT32)-1;
+ CpuIdMapPtr->Flags = 0;
+ CpuIdMapPtr->AcpiProcessorUid = (UINT32)-1;
+ CpuIdMapPtr->SwProcApicId = (UINT32)-1;
+ CpuIdMapPtr->SocketNum = (UINT32)-1;
} //end if PROC ENABLE
} //end for CurrentProcessor

@@ -366,9 +367,9 @@ SortCpuLocalApicInTable (
mCpuApicIdOrderTable[Index].SwProcApicId = mCpuApicIdOrderTable[0].SwProcApicId;
mCpuApicIdOrderTable[0].SwProcApicId = TempVal;
//swap AcpiProcId
- TempVal = mCpuApicIdOrderTable[Index].AcpiProcessorId;
- mCpuApicIdOrderTable[Index].AcpiProcessorId = mCpuApicIdOrderTable[0].AcpiProcessorId;
- mCpuApicIdOrderTable[0].AcpiProcessorId = TempVal;
+ TempVal = mCpuApicIdOrderTable[Index].AcpiProcessorUid;
+ mCpuApicIdOrderTable[Index].AcpiProcessorUid = mCpuApicIdOrderTable[0].AcpiProcessorUid;
+ mCpuApicIdOrderTable[0].AcpiProcessorUid = TempVal;

}

@@ -377,23 +378,23 @@ SortCpuLocalApicInTable (

if(mCpuApicIdOrderTable[CurrProcessor].Flags == 0) {
//make sure disabled entry has ProcId set to FFs
- mCpuApicIdOrderTable[CurrProcessor].ApicId = (UINT32)-1;
- mCpuApicIdOrderTable[CurrProcessor].AcpiProcessorId = (UINT32)-1;
- mCpuApicIdOrderTable[CurrProcessor].SwProcApicId = (UINT32)-1;
+ mCpuApicIdOrderTable[CurrProcessor].ApicId = (UINT32)-1;
+ mCpuApicIdOrderTable[CurrProcessor].AcpiProcessorUid = (UINT32)-1;
+ mCpuApicIdOrderTable[CurrProcessor].SwProcApicId = (UINT32)-1;

for(Index = CurrProcessor+1; Index < MAX_CPU_NUM; Index++) {
if(mCpuApicIdOrderTable[Index].Flags == 1) {
//move enabled entry up
- mCpuApicIdOrderTable[CurrProcessor].Flags = 1;
- mCpuApicIdOrderTable[CurrProcessor].ApicId = mCpuApicIdOrderTable[Index].ApicId;
- mCpuApicIdOrderTable[CurrProcessor].AcpiProcessorId = mCpuApicIdOrderTable[Index].AcpiProcessorId;
- mCpuApicIdOrderTable[CurrProcessor].SwProcApicId = mCpuApicIdOrderTable[Index].SwProcApicId;
- mCpuApicIdOrderTable[CurrProcessor].SocketNum = mCpuApicIdOrderTable[Index].SocketNum;
+ mCpuApicIdOrderTable[CurrProcessor].Flags = 1;
+ mCpuApicIdOrderTable[CurrProcessor].ApicId = mCpuApicIdOrderTable[Index].ApicId;
+ mCpuApicIdOrderTable[CurrProcessor].AcpiProcessorUid = mCpuApicIdOrderTable[Index].AcpiProcessorUid;
+ mCpuApicIdOrderTable[CurrProcessor].SwProcApicId = mCpuApicIdOrderTable[Index].SwProcApicId;
+ mCpuApicIdOrderTable[CurrProcessor].SocketNum = mCpuApicIdOrderTable[Index].SocketNum;
//disable moved entry
- mCpuApicIdOrderTable[Index].Flags = 0;
- mCpuApicIdOrderTable[Index].ApicId = (UINT32)-1;
- mCpuApicIdOrderTable[Index].AcpiProcessorId = (UINT32)-1;
- mCpuApicIdOrderTable[Index].SwProcApicId = (UINT32)-1;
+ mCpuApicIdOrderTable[Index].Flags = 0;
+ mCpuApicIdOrderTable[Index].ApicId = (UINT32)-1;
+ mCpuApicIdOrderTable[Index].AcpiProcessorUid = (UINT32)-1;
+ mCpuApicIdOrderTable[Index].SwProcApicId = (UINT32)-1;
break;
}
}
@@ -422,17 +423,17 @@ typedef struct {
} STRUCTURE_HEADER;

STRUCTURE_HEADER mMadtStructureTable[] = {
- {EFI_ACPI_4_0_PROCESSOR_LOCAL_APIC, sizeof (EFI_ACPI_4_0_PROCESSOR_LOCAL_APIC_STRUCTURE)},
- {EFI_ACPI_4_0_IO_APIC, sizeof (EFI_ACPI_4_0_IO_APIC_STRUCTURE)},
- {EFI_ACPI_4_0_INTERRUPT_SOURCE_OVERRIDE, sizeof (EFI_ACPI_4_0_INTERRUPT_SOURCE_OVERRIDE_STRUCTURE)},
- {EFI_ACPI_4_0_NON_MASKABLE_INTERRUPT_SOURCE, sizeof (EFI_ACPI_4_0_NON_MASKABLE_INTERRUPT_SOURCE_STRUCTURE)},
- {EFI_ACPI_4_0_LOCAL_APIC_NMI, sizeof (EFI_ACPI_4_0_LOCAL_APIC_NMI_STRUCTURE)},
- {EFI_ACPI_4_0_LOCAL_APIC_ADDRESS_OVERRIDE, sizeof (EFI_ACPI_4_0_LOCAL_APIC_ADDRESS_OVERRIDE_STRUCTURE)},
- {EFI_ACPI_4_0_IO_SAPIC, sizeof (EFI_ACPI_4_0_IO_SAPIC_STRUCTURE)},
- {EFI_ACPI_4_0_LOCAL_SAPIC, sizeof (EFI_ACPI_4_0_PROCESSOR_LOCAL_SAPIC_STRUCTURE)},
- {EFI_ACPI_4_0_PLATFORM_INTERRUPT_SOURCES, sizeof (EFI_ACPI_4_0_PLATFORM_INTERRUPT_SOURCES_STRUCTURE)},
- {EFI_ACPI_4_0_PROCESSOR_LOCAL_X2APIC, sizeof (EFI_ACPI_4_0_PROCESSOR_LOCAL_X2APIC_STRUCTURE)},
- {EFI_ACPI_4_0_LOCAL_X2APIC_NMI, sizeof (EFI_ACPI_4_0_LOCAL_X2APIC_NMI_STRUCTURE)}
+ {EFI_ACPI_6_3_PROCESSOR_LOCAL_APIC, sizeof (EFI_ACPI_6_3_PROCESSOR_LOCAL_APIC_STRUCTURE)},
+ {EFI_ACPI_6_3_IO_APIC, sizeof (EFI_ACPI_6_3_IO_APIC_STRUCTURE)},
+ {EFI_ACPI_6_3_INTERRUPT_SOURCE_OVERRIDE, sizeof (EFI_ACPI_6_3_INTERRUPT_SOURCE_OVERRIDE_STRUCTURE)},
+ {EFI_ACPI_6_3_NON_MASKABLE_INTERRUPT_SOURCE, sizeof (EFI_ACPI_6_3_NON_MASKABLE_INTERRUPT_SOURCE_STRUCTURE)},
+ {EFI_ACPI_6_3_LOCAL_APIC_NMI, sizeof (EFI_ACPI_6_3_LOCAL_APIC_NMI_STRUCTURE)},
+ {EFI_ACPI_6_3_LOCAL_APIC_ADDRESS_OVERRIDE, sizeof (EFI_ACPI_6_3_LOCAL_APIC_ADDRESS_OVERRIDE_STRUCTURE)},
+ {EFI_ACPI_6_3_IO_SAPIC, sizeof (EFI_ACPI_6_3_IO_SAPIC_STRUCTURE)},
+ {EFI_ACPI_6_3_LOCAL_SAPIC, sizeof (EFI_ACPI_6_3_PROCESSOR_LOCAL_SAPIC_STRUCTURE)},
+ {EFI_ACPI_6_3_PLATFORM_INTERRUPT_SOURCES, sizeof (EFI_ACPI_6_3_PLATFORM_INTERRUPT_SOURCES_STRUCTURE)},
+ {EFI_ACPI_6_3_PROCESSOR_LOCAL_X2APIC, sizeof (EFI_ACPI_6_3_PROCESSOR_LOCAL_X2APIC_STRUCTURE)},
+ {EFI_ACPI_6_3_LOCAL_X2APIC_NMI, sizeof (EFI_ACPI_6_3_LOCAL_X2APIC_NMI_STRUCTURE)}
};

/**
@@ -591,7 +592,7 @@ InitializeHeader (
**/
EFI_STATUS
InitializeMadtHeader (
- IN OUT EFI_ACPI_4_0_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER *MadtHeader
+ IN OUT EFI_ACPI_6_3_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER
+ *MadtHeader
)
{
EFI_STATUS Status;
@@ -603,8 +604,8 @@ InitializeMadtHeader (

Status = InitializeHeader (
&MadtHeader->Header,
- EFI_ACPI_4_0_MULTIPLE_APIC_DESCRIPTION_TABLE_SIGNATURE,
- EFI_ACPI_4_0_MULTIPLE_APIC_DESCRIPTION_TABLE_REVISION,
+ EFI_ACPI_6_3_MULTIPLE_APIC_DESCRIPTION_TABLE_SIGNATURE,
+ EFI_ACPI_6_3_MULTIPLE_APIC_DESCRIPTION_TABLE_REVISION,
0
);
if (EFI_ERROR (Status)) {
@@ -612,7 +613,7 @@ InitializeMadtHeader (
}

MadtHeader->LocalApicAddress = PcdGet32(PcdLocalApicAddress);
- MadtHeader->Flags = EFI_ACPI_4_0_PCAT_COMPAT;
+ MadtHeader->Flags = EFI_ACPI_6_3_PCAT_COMPAT;

return EFI_SUCCESS;
}
@@ -649,7 +650,7 @@ CopyStructure (
//
// Initialize the number of table entries and the table based on the table header passed in.
//
- if (Header->Signature == EFI_ACPI_4_0_MULTIPLE_APIC_DESCRIPTION_TABLE_SIGNATURE) {
+ if (Header->Signature ==
+ EFI_ACPI_6_3_MULTIPLE_APIC_DESCRIPTION_TABLE_SIGNATURE) {
TableNumEntries = sizeof (mMadtStructureTable) / sizeof (STRUCTURE_HEADER);
StructureTable = mMadtStructureTable;
} else {
@@ -759,7 +760,7 @@ BuildAcpiTable (
return EFI_INVALID_PARAMETER;
}

- if (AcpiHeader->Signature != EFI_ACPI_4_0_MULTIPLE_APIC_DESCRIPTION_TABLE_SIGNATURE) {
+ if (AcpiHeader->Signature !=
+ EFI_ACPI_6_3_MULTIPLE_APIC_DESCRIPTION_TABLE_SIGNATURE) {
DEBUG ((
DEBUG_ERROR,
"MADT header signature is expected, actually 0x%08x\n", @@ -850,15 +851,15 @@ InstallMadtFromScratch ( {
EFI_STATUS Status;
UINTN Index;
- EFI_ACPI_4_0_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER *NewMadtTable;
+ EFI_ACPI_6_3_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER *NewMadtTable;
UINTN TableHandle;
- EFI_ACPI_4_0_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER MadtTableHeader;
- EFI_ACPI_4_0_PROCESSOR_LOCAL_APIC_STRUCTURE ProcLocalApicStruct;
- EFI_ACPI_4_0_IO_APIC_STRUCTURE IoApicStruct;
- EFI_ACPI_4_0_INTERRUPT_SOURCE_OVERRIDE_STRUCTURE IntSrcOverrideStruct;
- EFI_ACPI_4_0_LOCAL_APIC_NMI_STRUCTURE LocalApciNmiStruct;
- EFI_ACPI_4_0_PROCESSOR_LOCAL_X2APIC_STRUCTURE ProcLocalX2ApicStruct;
- EFI_ACPI_4_0_LOCAL_X2APIC_NMI_STRUCTURE LocalX2ApicNmiStruct;
+ EFI_ACPI_6_3_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER MadtTableHeader;
+ EFI_ACPI_6_3_PROCESSOR_LOCAL_APIC_STRUCTURE ProcLocalApicStruct;
+ EFI_ACPI_6_3_IO_APIC_STRUCTURE IoApicStruct;
+ EFI_ACPI_6_3_INTERRUPT_SOURCE_OVERRIDE_STRUCTURE IntSrcOverrideStruct;
+ EFI_ACPI_6_3_LOCAL_APIC_NMI_STRUCTURE LocalApciNmiStruct;
+ EFI_ACPI_6_3_PROCESSOR_LOCAL_X2APIC_STRUCTURE ProcLocalX2ApicStruct;
+ EFI_ACPI_6_3_LOCAL_X2APIC_NMI_STRUCTURE LocalX2ApicNmiStruct;
STRUCTURE_HEADER **MadtStructs;
UINTN MaxMadtStructCount;
UINTN MadtStructsIndex;
@@ -915,11 +916,11 @@ InstallMadtFromScratch (
//
// Build Processor Local APIC Structures and Processor Local X2APIC Structures
//
- ProcLocalApicStruct.Type = EFI_ACPI_4_0_PROCESSOR_LOCAL_APIC;
- ProcLocalApicStruct.Length = sizeof (EFI_ACPI_4_0_PROCESSOR_LOCAL_APIC_STRUCTURE);
+ ProcLocalApicStruct.Type = EFI_ACPI_6_3_PROCESSOR_LOCAL_APIC;
+ ProcLocalApicStruct.Length = sizeof
+ (EFI_ACPI_6_3_PROCESSOR_LOCAL_APIC_STRUCTURE);

- ProcLocalX2ApicStruct.Type = EFI_ACPI_4_0_PROCESSOR_LOCAL_X2APIC;
- ProcLocalX2ApicStruct.Length = sizeof (EFI_ACPI_4_0_PROCESSOR_LOCAL_X2APIC_STRUCTURE);
+ ProcLocalX2ApicStruct.Type = EFI_ACPI_6_3_PROCESSOR_LOCAL_X2APIC;
+ ProcLocalX2ApicStruct.Length = sizeof
+ (EFI_ACPI_6_3_PROCESSOR_LOCAL_X2APIC_STRUCTURE);
ProcLocalX2ApicStruct.Reserved[0] = 0;
ProcLocalX2ApicStruct.Reserved[1] = 0;

@@ -930,9 +931,9 @@ InstallMadtFromScratch (
// use a processor local x2APIC structure.
//
if (!mX2ApicEnabled && mCpuApicIdOrderTable[Index].ApicId < MAX_UINT8) {
- ProcLocalApicStruct.Flags = (UINT8) mCpuApicIdOrderTable[Index].Flags;
- ProcLocalApicStruct.ApicId = (UINT8) mCpuApicIdOrderTable[Index].ApicId;
- ProcLocalApicStruct.AcpiProcessorId = (UINT8) mCpuApicIdOrderTable[Index].AcpiProcessorId;
+ ProcLocalApicStruct.Flags = (UINT8) mCpuApicIdOrderTable[Index].Flags;
+ ProcLocalApicStruct.ApicId = (UINT8) mCpuApicIdOrderTable[Index].ApicId;
+ ProcLocalApicStruct.AcpiProcessorUid = (UINT8)
+ mCpuApicIdOrderTable[Index].AcpiProcessorUid;

ASSERT (MadtStructsIndex < MaxMadtStructCount);
Status = CopyStructure (
@@ -943,7 +944,7 @@ InstallMadtFromScratch (
} else if (mCpuApicIdOrderTable[Index].ApicId != 0xFFFFFFFF) {
ProcLocalX2ApicStruct.Flags = (UINT8) mCpuApicIdOrderTable[Index].Flags;
ProcLocalX2ApicStruct.X2ApicId = mCpuApicIdOrderTable[Index].ApicId;
- ProcLocalX2ApicStruct.AcpiProcessorUid = mCpuApicIdOrderTable[Index].AcpiProcessorId;
+ ProcLocalX2ApicStruct.AcpiProcessorUid =
+ mCpuApicIdOrderTable[Index].AcpiProcessorUid;

ASSERT (MadtStructsIndex < MaxMadtStructCount);
Status = CopyStructure (
@@ -961,8 +962,8 @@ InstallMadtFromScratch (
//
// Build I/O APIC Structures
//
- IoApicStruct.Type = EFI_ACPI_4_0_IO_APIC;
- IoApicStruct.Length = sizeof (EFI_ACPI_4_0_IO_APIC_STRUCTURE);
+ IoApicStruct.Type = EFI_ACPI_6_3_IO_APIC; IoApicStruct.Length =
+ sizeof (EFI_ACPI_6_3_IO_APIC_STRUCTURE);
IoApicStruct.Reserved = 0;

PcIoApicEnable = PcdGet32(PcdPcIoApicEnable); @@ -1008,8 +1009,8 @@ InstallMadtFromScratch (
//
// Build Interrupt Source Override Structures
//
- IntSrcOverrideStruct.Type = EFI_ACPI_4_0_INTERRUPT_SOURCE_OVERRIDE;
- IntSrcOverrideStruct.Length = sizeof (EFI_ACPI_4_0_INTERRUPT_SOURCE_OVERRIDE_STRUCTURE);
+ IntSrcOverrideStruct.Type = EFI_ACPI_6_3_INTERRUPT_SOURCE_OVERRIDE;
+ IntSrcOverrideStruct.Length = sizeof
+ (EFI_ACPI_6_3_INTERRUPT_SOURCE_OVERRIDE_STRUCTURE);

//
// IRQ0=>IRQ2 Interrupt Source Override Structure @@ -1052,11 +1053,11 @@ InstallMadtFromScratch (
//
// Build Local APIC NMI Structures
//
- LocalApciNmiStruct.Type = EFI_ACPI_4_0_LOCAL_APIC_NMI;
- LocalApciNmiStruct.Length = sizeof (EFI_ACPI_4_0_LOCAL_APIC_NMI_STRUCTURE);
- LocalApciNmiStruct.AcpiProcessorId = 0xFF; // Applies to all processors
- LocalApciNmiStruct.Flags = 0x0005; // Flags - Edge-tiggered, Active High
- LocalApciNmiStruct.LocalApicLint = 0x1;
+ LocalApciNmiStruct.Type = EFI_ACPI_6_3_LOCAL_APIC_NMI;
+ LocalApciNmiStruct.Length = sizeof (EFI_ACPI_6_3_LOCAL_APIC_NMI_STRUCTURE);
+ LocalApciNmiStruct.AcpiProcessorUid = 0xFF; // Applies to all processors
+ LocalApciNmiStruct.Flags = 0x0005; // Flags - Edge-tiggered, Active High
+ LocalApciNmiStruct.LocalApicLint = 0x1;

ASSERT (MadtStructsIndex < MaxMadtStructCount);
Status = CopyStructure (
@@ -1073,8 +1074,8 @@ InstallMadtFromScratch (
// Build Local x2APIC NMI Structure
//
if (mX2ApicEnabled) {
- LocalX2ApicNmiStruct.Type = EFI_ACPI_4_0_LOCAL_X2APIC_NMI;
- LocalX2ApicNmiStruct.Length = sizeof (EFI_ACPI_4_0_LOCAL_X2APIC_NMI_STRUCTURE);
+ LocalX2ApicNmiStruct.Type = EFI_ACPI_6_3_LOCAL_X2APIC_NMI;
+ LocalX2ApicNmiStruct.Length = sizeof
+ (EFI_ACPI_6_3_LOCAL_X2APIC_NMI_STRUCTURE);
LocalX2ApicNmiStruct.Flags = 0x000D; // Flags - Level-tiggered, Active High
LocalX2ApicNmiStruct.AcpiProcessorUid = 0xFFFFFFFF; // Applies to all processors
LocalX2ApicNmiStruct.LocalX2ApicLint = 0x01; @@ -1099,7 +1100,7 @@ InstallMadtFromScratch (
//
Status = BuildAcpiTable (
(EFI_ACPI_DESCRIPTION_HEADER *) &MadtTableHeader,
- sizeof (EFI_ACPI_4_0_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER),
+ sizeof (EFI_ACPI_6_3_MULTIPLE_APIC_DESCRIPTION_TABLE_HEADER),
MadtStructs,
MadtStructsIndex,
(UINT8 **)&NewMadtTable
@@ -1222,7 +1223,7 @@ PlatformUpdateTables (
EFI_ACPI_DESCRIPTION_HEADER *TableHeader;
UINT8 *TempOemId;
UINT64 TempOemTableId;
- EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE *FadtHeader;
+ EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *FadtHeader;
EFI_ACPI_HIGH_PRECISION_EVENT_TIMER_TABLE_HEADER *HpetTable;
UINT32 HpetBaseAddress;
EFI_ACPI_HIGH_PRECISION_EVENT_TIMER_BLOCK_ID HpetBlockId;
@@ -1279,12 +1280,12 @@ PlatformUpdateTables (
//
switch (Table->Signature) {

- case EFI_ACPI_4_0_MULTIPLE_APIC_DESCRIPTION_TABLE_SIGNATURE:
+ case EFI_ACPI_6_3_MULTIPLE_APIC_DESCRIPTION_TABLE_SIGNATURE:
ASSERT(FALSE);
break;

- case EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE:
- FadtHeader = (EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE *) Table;
+ case EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE:
+ FadtHeader = (EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *) Table;

FadtHeader->PreferredPmProfile = PcdGet8 (PcdFadtPreferredPmProfile);
FadtHeader->IaPcBootArch = PcdGet16 (PcdFadtIaPcBootArch);
@@ -1329,7 +1330,7 @@ PlatformUpdateTables (
DEBUG(( EFI_D_ERROR, " Flags 0x%x\n", FadtHeader->Flags ));
break;

- case EFI_ACPI_3_0_HIGH_PRECISION_EVENT_TIMER_TABLE_SIGNATURE:
+ case EFI_ACPI_6_3_HIGH_PRECISION_EVENT_TIMER_TABLE_SIGNATURE:
HpetTable = (EFI_ACPI_HIGH_PRECISION_EVENT_TIMER_TABLE_HEADER *)Table;
HpetBaseAddress = PcdGet32 (PcdHpetBaseAddress);
HpetTable->BaseAddressLower32Bit.Address = HpetBaseAddress; @@ -1381,8 +1382,8 @@ IsHardwareChange (
UINTN HWChangeSize;
UINT32 PciId;
UINTN Handle;
- EFI_ACPI_2_0_FIRMWARE_ACPI_CONTROL_STRUCTURE *FacsPtr;
- EFI_ACPI_3_0_FIXED_ACPI_DESCRIPTION_TABLE *pFADT;
+ EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE *FacsPtr;
+ EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE *pFADT;

HandleCount = 0;
HandleBuffer = NULL;
@@ -1428,7 +1429,7 @@ IsHardwareChange (
//
Handle = 0;
Status = LocateAcpiTableBySignature (
- EFI_ACPI_1_0_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE,
+ EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE,
(EFI_ACPI_DESCRIPTION_HEADER **) &pFADT,
&Handle
);
@@ -1450,7 +1451,7 @@ IsHardwareChange (
//
// Set HardwareSignature value based on CRC value.
//
- FacsPtr = (EFI_ACPI_2_0_FIRMWARE_ACPI_CONTROL_STRUCTURE *)(UINTN)pFADT->FirmwareCtrl;
+ FacsPtr = (EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE
+ *)(UINTN)pFADT->FirmwareCtrl;
FacsPtr->HardwareSignature = CRC;
FreePool( HWChange );
}
diff --git a/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Facs/Facs.c b/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Facs/Facs.c
index cde6e478c6b9..8700c44e633d 100644
--- a/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Facs/Facs.c
+++ b/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Facs/Facs.c
@@ -1,9 +1,10 @@
/** @file
- This file contains a structure definition for the ACPI 5.0 Firmware ACPI
+ This file contains a structure definition for the ACPI 6.3 Firmware
+ ACPI
Control Structure (FACS). The contents of this file should only be modified
for bug fixes, no porting is required.

Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

**/
@@ -35,9 +36,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Please modify all values in Facs.h only.
//

-EFI_ACPI_5_0_FIRMWARE_ACPI_CONTROL_STRUCTURE Facs = {
- EFI_ACPI_5_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE,
- sizeof (EFI_ACPI_5_0_FIRMWARE_ACPI_CONTROL_STRUCTURE),
+EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE Facs = {
+ EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE_SIGNATURE,
+ sizeof (EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE),

//
// Hardware Signature will be updated at runtime @@ -48,7 +49,7 @@ EFI_ACPI_5_0_FIRMWARE_ACPI_CONTROL_STRUCTURE Facs = {
EFI_ACPI_GLOBAL_LOCK,
EFI_ACPI_FIRMWARE_CONTROL_STRUCTURE_FLAGS,
EFI_ACPI_X_FIRMWARE_WAKING_VECTOR,
- EFI_ACPI_5_0_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION,
+ EFI_ACPI_6_3_FIRMWARE_ACPI_CONTROL_STRUCTURE_VERSION,
{
EFI_ACPI_RESERVED_BYTE,
EFI_ACPI_RESERVED_BYTE,
diff --git a/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Fadt/Fadt.c b/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Fadt/Fadt.c
index 6efb38cda40d..38e767856de7 100644
--- a/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Fadt/Fadt.c
+++ b/Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Fadt/Fadt.c
@@ -1,9 +1,10 @@
/** @file
- This file contains a structure definition for the ACPI 5.0 Fixed ACPI
+ This file contains a structure definition for the ACPI 6.3 Fixed ACPI
Description Table (FADT). The contents of this file should only be modified
for bug fixes, no porting is required.

Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

**/
@@ -47,6 +48,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

#define EFI_ACPI_IAPC_BOOT_ARCH 0 // To be fixed

+//
+// ARM Boot Architecture Flags
+//
+
+#define EFI_ACPI_ARM_BOOT_ARCH 0 // To be fixed
+
//
// Fixed Feature Flags
//
@@ -55,7 +62,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // PM1A Event Register Block Generic Address Information // -#define EFI_ACPI_PM1A_EVT_BLK_ADDRESS_SPACE_ID EFI_ACPI_2_0_SYSTEM_IO
+#define EFI_ACPI_PM1A_EVT_BLK_ADDRESS_SPACE_ID EFI_ACPI_6_3_SYSTEM_IO
#define EFI_ACPI_PM1A_EVT_BLK_BIT_WIDTH 0x20
#define EFI_ACPI_PM1A_EVT_BLK_BIT_OFFSET 0x00
#define EFI_ACPI_PM1A_EVT_BLK_ADDRESS 0 // To be fixed
@@ -63,7 +70,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // PM1B Event Register Block Generic Address Information // -#define EFI_ACPI_PM1B_EVT_BLK_ADDRESS_SPACE_ID EFI_ACPI_2_0_SYSTEM_IO
+#define EFI_ACPI_PM1B_EVT_BLK_ADDRESS_SPACE_ID EFI_ACPI_6_3_SYSTEM_IO
#define EFI_ACPI_PM1B_EVT_BLK_BIT_WIDTH 0x00
#define EFI_ACPI_PM1B_EVT_BLK_BIT_OFFSET 0x00
#define EFI_ACPI_PM1B_EVT_BLK_ADDRESS 0 // To be fixed
@@ -71,7 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // PM1A Control Register Block Generic Address Information // -#define EFI_ACPI_PM1A_CNT_BLK_ADDRESS_SPACE_ID EFI_ACPI_2_0_SYSTEM_IO
+#define EFI_ACPI_PM1A_CNT_BLK_ADDRESS_SPACE_ID EFI_ACPI_6_3_SYSTEM_IO
#define EFI_ACPI_PM1A_CNT_BLK_BIT_WIDTH 0x10
#define EFI_ACPI_PM1A_CNT_BLK_BIT_OFFSET 0x00
#define EFI_ACPI_PM1A_CNT_BLK_ADDRESS 0 // To be fixed
@@ -79,7 +86,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // PM1B Control Register Block Generic Address Information // -#define EFI_ACPI_PM1B_CNT_BLK_ADDRESS_SPACE_ID EFI_ACPI_2_0_SYSTEM_IO
+#define EFI_ACPI_PM1B_CNT_BLK_ADDRESS_SPACE_ID EFI_ACPI_6_3_SYSTEM_IO
#define EFI_ACPI_PM1B_CNT_BLK_BIT_WIDTH 0x00
#define EFI_ACPI_PM1B_CNT_BLK_BIT_OFFSET 0x00
#define EFI_ACPI_PM1B_CNT_BLK_ADDRESS 0 // To be fixed
@@ -87,7 +94,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // PM2 Control Register Block Generic Address Information // -#define EFI_ACPI_PM2_CNT_BLK_ADDRESS_SPACE_ID EFI_ACPI_2_0_SYSTEM_IO
+#define EFI_ACPI_PM2_CNT_BLK_ADDRESS_SPACE_ID EFI_ACPI_6_3_SYSTEM_IO
#define EFI_ACPI_PM2_CNT_BLK_BIT_WIDTH 0x08
#define EFI_ACPI_PM2_CNT_BLK_BIT_OFFSET 0x00
#define EFI_ACPI_PM2_CNT_BLK_ADDRESS 0 // To be fixed
@@ -96,7 +103,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Power Management Timer Control Register Block Generic Address // Information // -#define EFI_ACPI_PM_TMR_BLK_ADDRESS_SPACE_ID EFI_ACPI_2_0_SYSTEM_IO
+#define EFI_ACPI_PM_TMR_BLK_ADDRESS_SPACE_ID EFI_ACPI_6_3_SYSTEM_IO
#define EFI_ACPI_PM_TMR_BLK_BIT_WIDTH 0x20
#define EFI_ACPI_PM_TMR_BLK_BIT_OFFSET 0x00
#define EFI_ACPI_PM_TMR_BLK_ADDRESS 0 // To be fixed
@@ -105,7 +112,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // General Purpose Event 0 Register Block Generic Address // Information // -#define EFI_ACPI_GPE0_BLK_ADDRESS_SPACE_ID EFI_ACPI_2_0_SYSTEM_IO
+#define EFI_ACPI_GPE0_BLK_ADDRESS_SPACE_ID EFI_ACPI_6_3_SYSTEM_IO
#define EFI_ACPI_GPE0_BLK_BIT_WIDTH 0 // size of R_PCH_ACPI_GPE0_STS_127_96 + R_PCH_ACPI_GPE0_EN_127_96
#define EFI_ACPI_GPE0_BLK_BIT_OFFSET 0x00
#define EFI_ACPI_GPE0_BLK_ADDRESS 0 // To be fixed
@@ -114,14 +121,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // General Purpose Event 1 Register Block Generic Address // Information // -#define EFI_ACPI_GPE1_BLK_ADDRESS_SPACE_ID EFI_ACPI_2_0_SYSTEM_IO
+#define EFI_ACPI_GPE1_BLK_ADDRESS_SPACE_ID EFI_ACPI_6_3_SYSTEM_IO
#define EFI_ACPI_GPE1_BLK_BIT_WIDTH 0x0
#define EFI_ACPI_GPE1_BLK_BIT_OFFSET 0x0
#define EFI_ACPI_GPE1_BLK_ADDRESS 0 // To be fixed
//
// Reset Register Generic Address Information // -#define EFI_ACPI_RESET_REG_ADDRESS_SPACE_ID EFI_ACPI_2_0_SYSTEM_IO
+#define EFI_ACPI_RESET_REG_ADDRESS_SPACE_ID EFI_ACPI_6_3_SYSTEM_IO
#define EFI_ACPI_RESET_REG_BIT_WIDTH 0x08
#define EFI_ACPI_RESET_REG_BIT_OFFSET 0x00
#define EFI_ACPI_RESET_REG_ADDRESS 0x00000CF9
@@ -162,11 +169,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // Please modify all values in Fadt.h only.
//

-EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
+EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
{
- EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE,
- sizeof (EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE),
- EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE_REVISION,
+ EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE_SIGNATURE,
+ sizeof (EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE),
+ EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE_REVISION,

//
// Checksum will be updated at runtime @@ -187,9 +194,9 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
//
// These addresses will be updated at runtime
//
- 0x00000000,
0x00000000,
-
+ 0x00000000,
+
EFI_ACPI_RESERVED_BYTE,
EFI_ACPI_PREFERRED_PM_PROFILE,
EFI_ACPI_SCI_INT,
@@ -198,7 +205,7 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_ACPI_DISABLE,
EFI_ACPI_S4_BIOS_REQ,
EFI_ACPI_PSTATE_CNT,
-
+
EFI_ACPI_PM1A_EVT_BLK_ADDRESS,
EFI_ACPI_PM1B_EVT_BLK_ADDRESS,
EFI_ACPI_PM1A_CNT_BLK_ADDRESS,
@@ -240,15 +247,13 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_RESET_REG_ADDRESS_SPACE_ID,
EFI_ACPI_RESET_REG_BIT_WIDTH,
EFI_ACPI_RESET_REG_BIT_OFFSET,
- EFI_ACPI_5_0_BYTE,
+ EFI_ACPI_6_3_BYTE,
EFI_ACPI_RESET_REG_ADDRESS
},
EFI_ACPI_RESET_VALUE,
- {
- EFI_ACPI_RESERVED_BYTE,
- EFI_ACPI_RESERVED_BYTE,
- EFI_ACPI_RESERVED_BYTE
- },
+
+ EFI_ACPI_ARM_BOOT_ARCH,
+ EFI_ACPI_6_3_FIXED_ACPI_DESCRIPTION_TABLE_MINOR_REVISION,

//
// These addresses will be updated at runtime @@ -263,7 +268,7 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_PM1A_EVT_BLK_ADDRESS_SPACE_ID,
EFI_ACPI_PM1A_EVT_BLK_BIT_WIDTH,
EFI_ACPI_PM1A_EVT_BLK_BIT_OFFSET,
- EFI_ACPI_5_0_WORD,
+ EFI_ACPI_6_3_WORD,
EFI_ACPI_PM1A_EVT_BLK_ADDRESS
},
{
@@ -273,7 +278,7 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_PM1B_EVT_BLK_ADDRESS_SPACE_ID,
EFI_ACPI_PM1B_EVT_BLK_BIT_WIDTH,
EFI_ACPI_PM1B_EVT_BLK_BIT_OFFSET,
- EFI_ACPI_5_0_WORD,
+ EFI_ACPI_6_3_WORD,
EFI_ACPI_PM1B_EVT_BLK_ADDRESS
},
{
@@ -283,7 +288,7 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_PM1A_CNT_BLK_ADDRESS_SPACE_ID,
EFI_ACPI_PM1A_CNT_BLK_BIT_WIDTH,
EFI_ACPI_PM1A_CNT_BLK_BIT_OFFSET,
- EFI_ACPI_5_0_WORD,
+ EFI_ACPI_6_3_WORD,
EFI_ACPI_PM1A_CNT_BLK_ADDRESS
},
{
@@ -293,7 +298,7 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_PM1B_CNT_BLK_ADDRESS_SPACE_ID,
EFI_ACPI_PM1B_CNT_BLK_BIT_WIDTH,
EFI_ACPI_PM1B_CNT_BLK_BIT_OFFSET,
- EFI_ACPI_5_0_WORD,
+ EFI_ACPI_6_3_WORD,
EFI_ACPI_PM1B_CNT_BLK_ADDRESS
},
{
@@ -303,7 +308,7 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_PM2_CNT_BLK_ADDRESS_SPACE_ID,
EFI_ACPI_PM2_CNT_BLK_BIT_WIDTH,
EFI_ACPI_PM2_CNT_BLK_BIT_OFFSET,
- EFI_ACPI_5_0_BYTE,
+ EFI_ACPI_6_3_BYTE,
EFI_ACPI_PM2_CNT_BLK_ADDRESS
},
{
@@ -313,7 +318,7 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_PM_TMR_BLK_ADDRESS_SPACE_ID,
EFI_ACPI_PM_TMR_BLK_BIT_WIDTH,
EFI_ACPI_PM_TMR_BLK_BIT_OFFSET,
- EFI_ACPI_5_0_DWORD,
+ EFI_ACPI_6_3_DWORD,
EFI_ACPI_PM_TMR_BLK_ADDRESS
},
{
@@ -323,7 +328,7 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_GPE0_BLK_ADDRESS_SPACE_ID,
EFI_ACPI_GPE0_BLK_BIT_WIDTH,
EFI_ACPI_GPE0_BLK_BIT_OFFSET,
- EFI_ACPI_5_0_BYTE,
+ EFI_ACPI_6_3_BYTE,
EFI_ACPI_GPE0_BLK_ADDRESS
},
{
@@ -333,7 +338,7 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
EFI_ACPI_GPE1_BLK_ADDRESS_SPACE_ID,
EFI_ACPI_GPE1_BLK_BIT_WIDTH,
EFI_ACPI_GPE1_BLK_BIT_OFFSET,
- EFI_ACPI_5_0_BYTE,
+ EFI_ACPI_6_3_BYTE,
EFI_ACPI_GPE1_BLK_ADDRESS
},
{
@@ -355,5 +360,10 @@ EFI_ACPI_5_0_FIXED_ACPI_DESCRIPTION_TABLE Fadt = {
0,
0,
0
- }
+ },
+
+ //
+ // Hypervisor Vendor Identity
+ //
+ 0x0000000000000000,
};
--
2.28.0.windows.1


Re: [edk2-platforms][PATCH v1 0/4] MinPlatformPkg: AcpiPlatform bug fixes and improvements

Nate DeSimone
 

The series has been pushed as 2bb0314~..d281e9e

-----Original Message-----
From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
Sent: Thursday, August 5, 2021 9:38 AM
To: devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Dong, Eric <eric.dong@intel.com>
Subject: [edk2-platforms][PATCH v1 0/4] MinPlatformPkg: AcpiPlatform bug fixes and improvements

From: Michael Kubacki <michael.kubacki@microsoft.com>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3532
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3533
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3534

This patch series groups together several bug fixes and improvements to AcpiPlatform.

Note that the following patch from a different series that is on the mailing list is currently required for MinPlatformPkg to
build:
https://edk2.groups.io/g/devel/message/78711

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (4):
MinPlatformPkg/AcpiPlatform: Use PCD for WSMT OEM revision
MinPlatformPkg/AcpiPlatform: Use CreatorId and CreatorRevision in
headers
MinPlatformPkg/AcpiPlatform: Set X_GPE1_BLK GAS structure to zeroes
MinPlatformPkg/AcpiPlatform: Remove unused BoardAcpiTableLib

Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.c | 7 ++++---
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Wsmt/Wsmt.c | 4 +---
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.h | 1 -
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.inf | 2 +-
4 files changed, 6 insertions(+), 8 deletions(-)

--
2.28.0.windows.1


Re: [edk2-platforms][PATCH v1 0/4] MinPlatformPkg: AcpiPlatform bug fixes and improvements

Nate DeSimone
 

For the series..

Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>

-----Original Message-----
From: mikuback@linux.microsoft.com <mikuback@linux.microsoft.com>
Sent: Thursday, August 5, 2021 9:38 AM
To: devel@edk2.groups.io
Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Dong, Eric <eric.dong@intel.com>
Subject: [edk2-platforms][PATCH v1 0/4] MinPlatformPkg: AcpiPlatform bug fixes and improvements

From: Michael Kubacki <michael.kubacki@microsoft.com>

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3532
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3533
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3534

This patch series groups together several bug fixes and improvements to AcpiPlatform.

Note that the following patch from a different series that is on the mailing list is currently required for MinPlatformPkg to
build:
https://edk2.groups.io/g/devel/message/78711

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (4):
MinPlatformPkg/AcpiPlatform: Use PCD for WSMT OEM revision
MinPlatformPkg/AcpiPlatform: Use CreatorId and CreatorRevision in
headers
MinPlatformPkg/AcpiPlatform: Set X_GPE1_BLK GAS structure to zeroes
MinPlatformPkg/AcpiPlatform: Remove unused BoardAcpiTableLib

Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.c | 7 ++++---
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/Wsmt/Wsmt.c | 4 +---
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.h | 1 -
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.inf | 2 +-
4 files changed, 6 insertions(+), 8 deletions(-)

--
2.28.0.windows.1


[PATCH v3 3/4] OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation

Stefan Berger
 

From: Stefan Berger <stefanb@linux.vnet.ibm.com>

Compile the Tcg2PlatformDxe related code now.

Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 4 ++++
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 4 ++++
OvmfPkg/OvmfPkgX64.fdf | 1 +
8 files changed, 20 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index e6cd10b759..3079f4b503 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -851,4 +851,8 @@
<LibraryClasses>=0D
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib=
DTpm.inf=0D
}=0D
+ SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {=0D
+ <LibraryClasses>=0D
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc=
hyLib/PeiDxeTpmPlatformHierarchyLib.inf=0D
+ }=0D
!endif=0D
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 0a89749700..a9f675303f 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -313,6 +313,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/Variabl=
eRuntimeDxe.inf
!if $(TPM_ENABLE) =3D=3D TRUE=0D
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf=0D
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf=0D
+INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf=0D
!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE=0D
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf=0D
!endif=0D
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d1d92c97ba..923a012f0c 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -1034,6 +1034,10 @@
<LibraryClasses>=0D
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib=
DTpm.inf=0D
}=0D
+ SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {=0D
+ <LibraryClasses>=0D
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc=
hyLib/PeiDxeTpmPlatformHierarchyLib.inf=0D
+ }=0D
!endif=0D
=0D
!if $(LOAD_X64_ON_IA32_ENABLE) =3D=3D TRUE=0D
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 04b41445ca..bb3b53626e 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -363,6 +363,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/Variabl=
eRuntimeDxe.inf
!if $(TPM_ENABLE) =3D=3D TRUE=0D
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf=0D
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf=0D
+INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf=0D
!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE=0D
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf=0D
!endif=0D
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a467ab7090..b907b36973 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -1049,4 +1049,8 @@
<LibraryClasses>=0D
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib=
DTpm.inf=0D
}=0D
+ SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {=0D
+ <LibraryClasses>=0D
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc=
hyLib/PeiDxeTpmPlatformHierarchyLib.inf=0D
+ }=0D
!endif=0D
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 02fd8f0c41..030638ae78 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -370,6 +370,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/Variabl=
eRuntimeDxe.inf
!if $(TPM_ENABLE) =3D=3D TRUE=0D
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf=0D
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf=0D
+INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf=0D
!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE=0D
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf=0D
!endif=0D
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e56b83d95e..8aca437a9b 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -1047,4 +1047,8 @@
<LibraryClasses>=0D
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib=
DTpm.inf=0D
}=0D
+ SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {=0D
+ <LibraryClasses>=0D
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc=
hyLib/PeiDxeTpmPlatformHierarchyLib.inf=0D
+ }=0D
!endif=0D
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 23936242e7..888363ff9d 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -389,6 +389,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/Variabl=
eRuntimeDxe.inf
!if $(TPM_ENABLE) =3D=3D TRUE=0D
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf=0D
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf=0D
+INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf=0D
!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE=0D
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf=0D
!endif=0D
--=20
2.31.1


[PATCH v3 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy

Stefan Berger
 

This series of patches adds support for disabling the TPM 2 platform
hierarchy to Ovmf. To be able to do this we have to handle TPM 2
physical presence interface (PPI) opcodes before the TPM 2 platform
hierarchy is disabled otherwise TPM 2 commands that are sent due to the
PPI opcodes may fail if the platform hierarchy is already disabled.
Therefore, we need to invoke the handler function
Tcg2PhysicalPresenceLibProcessRequest from within
PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may require
interaction with the user, we also move PlatformInitializeConsole
to before the handling of PPI codes so that the keyboard is available
when needed. The PPI handling code will activate the default consoles
only if it requires user interaction.

Regards,
Stefan

v3:
- Added Yao's R-b's
- Added Amd, Bhyve, and Ovmf maintainers and reviewers to Cc
=
v2:
- 1/4: Added missing link library
- 2/4: Modified other BdsPlatform.c files as well
- Added Yao's comments to 1/2 and 2/2


Stefan Berger (4):
OvmfPkg/TPM PPI: Connect default consoles for user interaction
OvmfPkg: Handle TPM 2 physical presence opcodes much earlier
OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
compilation
OvmfPkg: Reference new Tcg2PlatformPei in the build system

OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
.../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++--------
.../PlatformBootManagerLibBhyve/BdsPlatform.c | 17 ++++++++++-------
.../PlatformBootManagerLibGrub/BdsPlatform.c | 17 ++++++++++-------
.../DxeTcg2PhysicalPresenceLib.c | 5 +++++
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
13 files changed, 77 insertions(+), 22 deletions(-)

--
2.31.1


[PATCH v3 1/4] OvmfPkg/TPM PPI: Connect default consoles for user interaction

Stefan Berger
 

From: Stefan Berger <stefanb@linux.vnet.ibm.com>

Activate the default console when user interaction is required for
the processing of TPM 2 physical presence interface opcodes.

Background:
TPM 2 physical presence interface (PPI) opcodes need to be handled before
the TPM 2 platform hierarchy is disabled. Due to this requirement we will
move the function call to handle the PPI opcodes into
PlatformBootManagerBeforeConsole() which runs before the initialization
of the consoles. However, since for interaction with the user we need
the console to be available, activate it now before displaying any message
to the user.

Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
.../Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLib.c | 5 +++++
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
2 files changed, 6 insertions(+)

diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPre=
senceLib.c b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPre=
senceLib.c
index 00d76ba2c2..33a470f6d8 100644
--- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLi=
b.c
+++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLi=
b.c
@@ -32,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/UefiBootServicesTableLib.h>=0D
#include <Library/UefiLib.h>=0D
#include <Library/UefiRuntimeServicesTableLib.h>=0D
+#include <Library/UefiBootManagerLib.h>=0D
=0D
#include <Library/Tcg2PhysicalPresenceLib.h>=0D
=0D
@@ -591,6 +592,10 @@ Tcg2UserConfirm (
return FALSE;=0D
}=0D
=0D
+ // Console for user interaction=0D
+ // We need to connect all trusted consoles for TCG PP. Here we treat all=
consoles in OVMF to be trusted consoles.=0D
+ EfiBootManagerConnectAllDefaultConsoles ();=0D
+=0D
if (TpmPpCommand < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) {=0D
if (CautionKey) {=0D
TmpStr1 =3D Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAU=
TION_KEY));=0D
diff --git a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPre=
senceLib.inf b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalP=
resenceLib.inf
index 85ce0e2b29..5b5417c321 100644
--- a/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLi=
b.inf
+++ b/OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeTcg2PhysicalPresenceLi=
b.inf
@@ -59,6 +59,7 @@
PrintLib=0D
QemuFwCfgLib=0D
Tpm2CommandLib=0D
+ UefiBootManagerLib=0D
UefiBootServicesTableLib=0D
UefiLib=0D
UefiRuntimeServicesTableLib=0D
--=20
2.31.1


[PATCH v3 4/4] OvmfPkg: Reference new Tcg2PlatformPei in the build system

Stefan Berger
 

From: Stefan Berger <stefanb@linux.vnet.ibm.com>

Compile the Tcg2PlatformPei related code now to support TPM 2 platform
hierachy disablement if the TPM state cannot be resumed upon S3 resume.

Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 4 ++++
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 4 ++++
OvmfPkg/OvmfPkgX64.fdf | 1 +
8 files changed, 20 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 3079f4b503..5ee5445116 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -637,6 +637,10 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512=
.inf=0D
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf=0D
}=0D
+ SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {=0D
+ <LibraryClasses>=0D
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc=
hyLib/PeiDxeTpmPlatformHierarchyLib.inf=0D
+ }=0D
!endif=0D
=0D
#=0D
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index a9f675303f..542722ac6b 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -154,6 +154,7 @@ INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecrypt=
Pei.inf
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf=0D
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf=0D
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf=0D
+INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf=0D
!endif=0D
=0D
##########################################################################=
######=0D
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 923a012f0c..6a5be97c05 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -717,6 +717,10 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512=
.inf=0D
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf=0D
}=0D
+ SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {=0D
+ <LibraryClasses>=0D
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc=
hyLib/PeiDxeTpmPlatformHierarchyLib.inf=0D
+ }=0D
!endif=0D
=0D
#=0D
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index bb3b53626e..775ea2d710 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -166,6 +166,7 @@ INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecrypt=
Pei.inf
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf=0D
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf=0D
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf=0D
+INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf=0D
!endif=0D
=0D
##########################################################################=
######=0D
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b907b36973..71227d1b70 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -730,6 +730,10 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512=
.inf=0D
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf=0D
}=0D
+ SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {=0D
+ <LibraryClasses>=0D
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc=
hyLib/PeiDxeTpmPlatformHierarchyLib.inf=0D
+ }=0D
!endif=0D
=0D
[Components.X64]=0D
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 030638ae78..245ca94044 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -166,6 +166,7 @@ INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecrypt=
Pei.inf
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf=0D
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf=0D
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf=0D
+INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf=0D
!endif=0D
=0D
##########################################################################=
######=0D
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8aca437a9b..52f7598cf1 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -729,6 +729,10 @@
NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512=
.inf=0D
NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf=0D
}=0D
+ SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf {=0D
+ <LibraryClasses>=0D
+ TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc=
hyLib/PeiDxeTpmPlatformHierarchyLib.inf=0D
+ }=0D
!endif=0D
=0D
#=0D
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 888363ff9d..b6cc3cabdd 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -185,6 +185,7 @@ INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecrypt=
Pei.inf
INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf=0D
INF SecurityPkg/Tcg/TcgPei/TcgPei.inf=0D
INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf=0D
+INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf=0D
!endif=0D
=0D
##########################################################################=
######=0D
--=20
2.31.1


[PATCH v3 2/4] OvmfPkg: Handle TPM 2 physical presence opcodes much earlier

Stefan Berger
 

From: Stefan Berger <stefanb@linux.vnet.ibm.com>

Handle the TPM 2 physical presence interface (PPI) opcodes in
PlatformBootManagerBeforeConsole() before the TPM 2 platform hierarchy
is disabled. Since the handling of the PPI opcodes may require inter-
action with the user, initialize the keyboard before handling PPI codes.

Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Peter Grehan <grehan@freebsd.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
.../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++--------
.../PlatformBootManagerLibBhyve/BdsPlatform.c | 17 ++++++++++-------
.../PlatformBootManagerLibGrub/BdsPlatform.c | 17 ++++++++++-------
3 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg=
/Library/PlatformBootManagerLib/BdsPlatform.c
index 71f63b2448..4448722e19 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -387,8 +387,19 @@ PlatformBootManagerBeforeConsole (
SaveS3BootScript ();=0D
}=0D
=0D
+ // We need to connect all trusted consoles for TCG PP. Here we treat all=
=0D
+ // consoles in OVMF to be trusted consoles.=0D
+ PlatformInitializeConsole (=0D
+ XenDetected() ? gXenPlatformConsole : gPlatformConsole);=0D
+=0D
+ //=0D
+ // Process TPM PPI request; this may require keyboard input=0D
+ //=0D
+ Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D
+=0D
//=0D
// Prevent further changes to LockBoxes or SMRAM.=0D
+ // Any TPM 2 Physical Presence Interface opcode must be handled before.=
=0D
//=0D
Handle =3D NULL;=0D
Status =3D gBS->InstallProtocolInterface (&Handle,=0D
@@ -402,9 +413,6 @@ PlatformBootManagerBeforeConsole (
//=0D
EfiBootManagerDispatchDeferredImages ();=0D
=0D
- PlatformInitializeConsole (=0D
- XenDetected() ? gXenPlatformConsole : gPlatformConsole);=0D
-=0D
FrontPageTimeout =3D GetFrontPageTimeoutFromQemu ();=0D
PcdStatus =3D PcdSet16S (PcdPlatformBootTimeOut, FrontPageTimeout);=0D
ASSERT_RETURN_ERROR (PcdStatus);=0D
@@ -1511,11 +1519,6 @@ PlatformBootManagerAfterConsole (
//=0D
PciAcpiInitialization ();=0D
=0D
- //=0D
- // Process TPM PPI request=0D
- //=0D
- Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D
-=0D
//=0D
// Process QEMU's -kernel command line option=0D
//=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c b/Ov=
mfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
index eaade4adea..513d2f00a7 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibBhyve/BdsPlatform.c
@@ -375,8 +375,18 @@ PlatformBootManagerBeforeConsole (
//=0D
EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);=0D
=0D
+ // We need to connect all trusted consoles for TCG PP. Here we treat all=
=0D
+ // consoles in OVMF to be trusted consoles.=0D
+ PlatformInitializeConsole (gPlatformConsole);=0D
+=0D
+ //=0D
+ // Process TPM PPI request=0D
+ //=0D
+ Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D
+=0D
//=0D
// Prevent further changes to LockBoxes or SMRAM.=0D
+ // Any TPM 2 Physical Presence Interface opcode must be handled before.=
=0D
//=0D
Handle =3D NULL;=0D
Status =3D gBS->InstallProtocolInterface (&Handle,=0D
@@ -390,8 +400,6 @@ PlatformBootManagerBeforeConsole (
//=0D
EfiBootManagerDispatchDeferredImages ();=0D
=0D
- PlatformInitializeConsole (gPlatformConsole);=0D
-=0D
PlatformRegisterOptionsAndKeys ();=0D
=0D
//=0D
@@ -1445,11 +1453,6 @@ PlatformBootManagerAfterConsole (
//=0D
PciAcpiInitialization ();=0D
=0D
- //=0D
- // Process TPM PPI request=0D
- //=0D
- Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D
-=0D
//=0D
// Perform some platform specific connect sequence=0D
//=0D
diff --git a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c b/Ovm=
fPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
index 7cceeea487..1c5405f620 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibGrub/BdsPlatform.c
@@ -338,8 +338,18 @@ PlatformBootManagerBeforeConsole (
//=0D
EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);=0D
=0D
+ // We need to connect all trusted consoles for TCG PP. Here we treat all=
=0D
+ // consoles in OVMF to be trusted consoles.=0D
+ PlatformInitializeConsole (gPlatformConsole);=0D
+=0D
+ //=0D
+ // Process TPM PPI request=0D
+ //=0D
+ Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D
+=0D
//=0D
// Prevent further changes to LockBoxes or SMRAM.=0D
+ // Any TPM 2 Physical Presence Interface opcode must be handled before.=
=0D
//=0D
Handle =3D NULL;=0D
Status =3D gBS->InstallProtocolInterface (&Handle,=0D
@@ -353,8 +363,6 @@ PlatformBootManagerBeforeConsole (
//=0D
EfiBootManagerDispatchDeferredImages ();=0D
=0D
- PlatformInitializeConsole (gPlatformConsole);=0D
-=0D
Status =3D gRT->SetVariable (=0D
EFI_TIME_OUT_VARIABLE_NAME,=0D
&gEfiGlobalVariableGuid,=0D
@@ -1310,11 +1318,6 @@ PlatformBootManagerAfterConsole (
//=0D
PciAcpiInitialization ();=0D
=0D
- //=0D
- // Process TPM PPI request=0D
- //=0D
- Tcg2PhysicalPresenceLibProcessRequest (NULL);=0D
-=0D
//=0D
// Process QEMU's -kernel command line option=0D
//=0D
--=20
2.31.1


Re: [PATCH V6 1/1] OvmfPkg: Enable TDX in ResetVector

Vishal Annapurve
 

Hi Min, Brijesh,

Regarding:
> diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
> ...
> +%ifdef ARCH_IA32
>     nop
>     nop
>     jmp     EarlyBspInitReal16
>
>+%else
>+
>+    smsw    ax

We are having intermittent VM crashes with running this code in AMD-SEV enabled VMs. As per the AMD64 manual section 15.8.1, executing "smsw" instruction doesn't result in bit 63 being set in EXITINFO1 and KVM ends up emulating "smsw" instruction by trying to read encrypted guest VM memory as per the code. Since KVM tries to make sense of different random cipher texts in different boots, it seems to intermittently result in visible issues.

Is this expected behavior or do we miss some configuration or patches that are recommended by AMD?

Regards,
Vishal

On Tue, Sep 14, 2021 at 4:54 PM Brijesh Singh via groups.io <brijesh.singh=amd.com@groups.io> wrote:
Hi Min,

A quick question below.

On 9/14/21 3:50 AM, Min Xu wrote:
> RFC: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3429&amp;data=04%7C01%7Cbrijesh.singh%40amd.com%7C2cca2f0a7fb44084da2b08d9775cb220%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637672062275443867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=4zfuIDvTGDNCt%2BD3u7uUR0n6hHDzv%2FI8NkqoUJhsx8Y%3D&amp;reserved=0
>
> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel technology
> that extends Virtual Machines Extensions (VMX) and Multi-Key Total Memory
> Encryption (MKTME) with a new kind of virutal machines guest called a
> Trust Domain (TD). A TD is desinged to run in a CPU mode that protects the
> confidentiality of TD memory contents and the TD's CPU state from other
> software, including the hosting Virtual-Machine Monitor (VMM), unless
> explicitly shared by the TD itself.
>
> Note: Intel TDX is only available on X64, so the Tdx related changes are
> in X64 path. In IA32 path, there may be null stub to make the build
> success.
>
> This patch includes below major changes.
>
> 1. Definition of BFV & CFV
> Tdx Virtual Firmware (TDVF) includes one Firmware Volume (FV) known
> as the Boot Firmware Volume (BFV). The FV format is defined in the
> UEFI Platform Initialization (PI) spec. BFV includes all TDVF components
> required during boot.
>
> TDVF also include a configuration firmware volume (CFV) that is separated
> from the BFV. The reason is because the CFV is measured in RTMR, while
> the BFV is measured in MRTD.
>
> In practice BFV is the code part of Ovmf image (OVMF_CODE.fd). CFV is the
> vars part of Ovmf image (OVMF_VARS.fd).
>
> 2. PcdOvmfImageSizeInKb
> PcdOvmfImageSizeInKb indicates the size of Ovmf image. It is used to
> calculate the offset of TdxMetadata in ResetVectorVtf0.asm.

In SEV-SNP v7 series, I implemented the metadata support. I did not see
a need for the PcdOvmfImageSizeInKB. Why do you need it? I think your
calculation below will not work if someone is using the OVMF_CODE.fd
instead of OVMF.fd. Have you tried booting with OVMF_CODE.fd ?

thanks








Re: [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.

Yao, Jiewen
 

OK. The interface ParallelHash256HashAll() seems OK for me.

 

Some comment:

1) Please add EFIAPI for ParallelHash256HashAll().

2) Please use BOOLEAN as return value.

3) Please remove LeftEncode() and RightEncode() from https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Include/Library/BaseCryptLib.h. They shall be internal functions.

4) Do we really need expose cSHAKE* API? If the request is just to support ParallelHash256, then cSHAKE API could be internal one.

5) I suggest to make this API work in non-MP case as well. In current version, it will fail for non-MP system, right? I think we can let BSP do all the work in that case.

 

  if (StartedApNum == 0) {

    ReturnValue = 1;

    goto Exit;

  }

 

 

Thank you

Yao Jiewen

 

 

From: Li, Zhihao <zhihao.li@...>
Sent: Tuesday, September 14, 2021 12:03 PM
To: Yao, Jiewen <jiewen.yao@...>; Andrew Fish <afish@...>; Ethin Probst <harlydavidsen@...>; Kinney, Michael D <michael.d.kinney@...>; edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; gaoliming@...; Fu, Siyuan <siyuan.fu@...>; Wu, Yidong <yidong.wu@...>; Li, Aaron <aaron.li@...>
Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.

 

Hi, Jiewen

Thanks for your suggestions.

In view of your advice, this RFC only talk about the new feature----Parallel hash.

Mainly modification in https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c

Others will be designed anew.

 

From: Yao, Jiewen <jiewen.yao@...>
Sent: Thursday, September 9, 2021 6:04 PM
To: Li, Zhihao <zhihao.li@...>; Andrew Fish <afish@...>; Ethin Probst <harlydavidsen@...>; Kinney, Michael D <michael.d.kinney@...>; edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; gaoliming@...; Fu, Siyuan <siyuan.fu@...>; Wu, Yidong <yidong.wu@...>; Li, Aaron <aaron.li@...>
Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.

 

Hi

AllowList and DenyList are *secure boot* concept.

FMP auth lib is for *signed capsule* and it does not consider secure boot – allow list and deny list.

 

In my mind, neither secure boot and FSP auth shall know the existence of parallel hash. The verification logic shall be isolated.

 

Sorry, I don’t understand the design.

 

I am worried that you put too many concept together.

 

Adding parallel hash is one thing.

Adding allow list and deny list to FMP is another thing.

Please don’t mix them together.

 

I would like to request a design review for this feature.

 

Thank you

Yao Jiewen

 

From: Li, Zhihao <zhihao.li@...>
Sent: Thursday, September 9, 2021 5:49 PM
To: Yao, Jiewen <jiewen.yao@...>; Andrew Fish <afish@...>; Ethin Probst <harlydavidsen@...>; Kinney, Michael D <michael.d.kinney@...>; edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; gaoliming@...; Fu, Siyuan <siyuan.fu@...>; Wu, Yidong <yidong.wu@...>; Li, Aaron <aaron.li@...>
Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.

 

I send this mail for asking that if there are any comments about parallel hash feature.

 

Mainly modification:

CryptoPkg: https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c

MdeMoudulePkg: https://github.com/zhihaoli1064/edk2/blob/master/MdeModulePkg/Include/Library/FmpAuthenticationLib.h              line59-67

SecurityPkg: https://github.com/zhihaoli1064/edk2/blob/master/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c line119-188,287-350

 

From: Li, Zhihao  
Sent: Friday, September 3, 2021 4:44 PM
To: Yao, Jiewen <jiewen.yao@...>; Andrew Fish <afish@...>; edk2-devel-groups-io <devel@edk2.groups.io>; Kinney, Michael D <michael.d.kinney@...>
Cc: Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Lu, XiaoyuX <XiaoyuX.Lu@...>; Jiang, Guomin <Guomin.Jiang@...>; gaoliming@...; Fu, Siyuan <siyuan.fu@...>; Wu, Yidong <yidong.wu@...>; Li, Aaron <aaron.li@...>
Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.

 

Hi, Jiewen

I try to explant what means “more than once authentication(e.g. VerifyImageWithDenylist and VerifyImageWithAllowlist)”.

When we confirm the image is effective, we have to confirm not only that image certificate is on the whitelist, but also that it is not on the blacklist.

So it have two steps in verification process(only talk about FmpAuthentication)­­----- VerifyImageWithDenylist and VerifyImageWithAllowlist.

VerifyImageWithDenylist confirms it not in blacklist while VerifyImageWithAllowlist confirms it in whitelist.

èVerifyImageWithDenylist should do FmpAuthentication and failed. VerifyImageWithAllowlist Should do FmpAuthentication and success.

In our design:

Result=parallelhash256(image);------

Status1= VerifyImageWithDenylist(image,result);---------

Status2= VerifyImageWithAllowlist(image,result);---------

Status1 is failed, status2 is successèimage is effective.

If do it inside of AuthenticateFmpImage

In step ②,it need do parallelhash256(image) .

And in step ③,it also need do parallelhash256(image) .

Because AuthenticateFmpImage Function is inside of VerifyImageWithDenylist And VerifyImageWithAllowlist.

Poc code link of edk2:

https://github.com/zhihaoli1064/edk2/blob/master/CryptoPkg/Library/BaseCryptLib/Hash/Smm/ParallelHashSmm.c

 

 

From: Yao, Jiewen <jiewen.yao@...>
Sent: Friday, September 3, 2021 3:07 PM
To: Li, Zhihao <zhihao.li@...>; Andrew Fish <afish@...>; edk2-devel-groups-io <devel@edk2.groups.io>; Kinney, Michael D <michael.d.kinney@...>
Cc: Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; gaoliming@...; Fu, Siyuan <siyuan.fu@...>; Wu, Yidong <yidong.wu@...>; Li, Aaron <aaron.li@...>
Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.

 

Sorry, I hardly understand the explanation.

Do you have a URL for the POC code?

 

 

From: Li, Zhihao <zhihao.li@...>
Sent: Friday, September 3, 2021 2:58 PM
To: Yao, Jiewen <jiewen.yao@...>; Andrew Fish <afish@...>; edk2-devel-groups-io <devel@edk2.groups.io>; Kinney, Michael D <michael.d.kinney@...>
Cc: Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; gaoliming@...; Fu, Siyuan <siyuan.fu@...>; Wu, Yidong <yidong.wu@...>; Li, Aaron <aaron.li@...>
Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.

 

Hi

Some explanation for confusion.

 

  1. Is the result of the parallel hash identical to the current hash?  

The result of parallelhash256 do not identical to the current hash. And we are not intention to let parallelhash256 replace the current hash(SHA-256). But doing the parallel hash before the current hash to reduce the size of current hash input. Otherwise, the parallel hash effect is compressing the size of FmpAuthentication input and the use of MP Services is the inseparable part of this algorithm. It’s a new hash algorithm. So it should not move to FmpAuthenticationLib.

  1. Why we cannot do it inside of AuthenticateFmpImage?

Because of more than once authentication(e.g. VerifyImageWithDenylist and VerifyImageWithAllowlist), if we do the parallel hash inside of AuthenticateFmpImage(Denylist auth), we have to do another parallel hash for Allowlist’s AuthenticateFmpImage. It’s repeat operation.

 

Poc code in branch named dev/sfu5/parallel_hash_ossl

The verify flow is:

  ImageParaHash = ParallelHash-256 (Image)

PKCS7_Verify (PublicKey, ImageParaHash)

 

In FmpAuthenticationLibPkcs7 ,the parameter Output of FmpAuthenticatedHandlerPkcs7WithParallelhash is image digest. It replace the original image.

 

FmpAuthenticatedHandlerPkcs7WithParallelhash (

  IN EFI_FIRMWARE_IMAGE_AUTHENTICATION  *Image,

  IN UINTN                              ImageSize,

  IN CONST UINT8                        *PublicKeyData,

  IN UINTN                              PublicKeyDataLength,

  IN UINT8                              *Output

  )

{

  RETURN_STATUS                             Status;

  BOOLEAN                                   CryptoStatus;

  VOID                                      *P7Data;

  UINTN                                     P7Length;

  VOID                                      *TempBuffer;

  UINTN                                     PayloadHeaderSize = 69;

  UINTN                                     ParallelhashSize = 64;

 

  P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData));

  P7Data = Image->AuthInfo.CertData;

 

  // It is a signature across the variable data and the Monotonic Count value.

  TempBuffer = AllocatePool(sizeof(Image->MonotonicCount) + ParallelhashSize + PayloadHeaderSize);

  CopyMem(

    (UINT8 *)TempBuffer,

    (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength,

    PayloadHeaderSize

    );

  CopyMem(

    (UINT8 *)TempBuffer + PayloadHeaderSize,

    Output,

    ParallelhashSize

    );

  CopyMem(

    (UINT8 *)TempBuffer + PayloadHeaderSize + ParallelhashSize,

    &Image->MonotonicCount,

    sizeof(Image->MonotonicCount)

    );

  CryptoStatus = Pkcs7Verify(

                   P7Data,

                   P7Length,

                   PublicKeyData,

                   PublicKeyDataLength,

                   (UINT8 *)TempBuffer,

                   PayloadHeaderSize + ParallelhashSize + sizeof(Image->MonotonicCount)

                   );

  FreePool(TempBuffer);

 

 

From: Yao, Jiewen <jiewen.yao@...>
Sent: Friday, September 3, 2021 9:02 AM
To: Andrew Fish <afish@...>; edk2-devel-groups-io <devel@edk2.groups.io>; Kinney, Michael D <michael.d.kinney@...>
Cc: Li, Zhihao <zhihao.li@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; gaoliming@...; Fu, Siyuan <siyuan.fu@...>; Wu, Yidong <yidong.wu@...>; Li, Aaron <aaron.li@...>
Subject: RE: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.

 

Hi

Comment on 2/3.

 

I am not sure if the a new function AuthenticateFmpImageWithParallelhash() is absolutely necessary.

Why you do the parallel hash before authentication and transfer the result to AuthenticateFmpImage?

Why we cannot do it inside of AuthenticateFmpImage?

 

Ideally, we hope to hide *algorithm* from *business logic*.

Do you have any POC link?

 

Thank you

Yao Jiewen

 

From: Andrew Fish <afish@...>
Sent: Friday, September 3, 2021 7:16 AM
To: edk2-devel-groups-io <devel@edk2.groups.io>; Kinney, Michael D <michael.d.kinney@...>
Cc: Li, Zhihao <zhihao.li@...>; Yao, Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; gaoliming@...; Fu, Siyuan <siyuan.fu@...>; Wu, Yidong <yidong.wu@...>; Li, Aaron <aaron.li@...>
Subject: Re: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib.

 

 

 

On Sep 2, 2021, at 8:50 AM, Michael D Kinney <michael.d.kinney@...> wrote:

 

Hi Zhihao,

 

Is the result of the parallel hash identical to the current hash?  If so, then can we simply have a new instance of the FmpAuthenticationLib and hide the ParallelHash256 digest inside this implementation of this new instance?

 

I do not think BaseCryptLib should depend on CPU MP Services Protocol.  Can the use of MP Services be moved up into the implementation of the new FmpAuthenticationLib?  If new BASE compatible primitives need to be added to BaseCryptLib to support parallel hash, then those likely make sense.

 

 

 

Mike,

 

Stupid question but the BaseCryptLib seems to really be DxeCryptLib[1]? So are you worried about adding the dependency to this DXE Lib? It depends on UefiRuntimeServicesTableLib. Looks like SysCall/TimerWrapper.c[2] uses gRT->GetTime(). It looks like if the time services are not available it returns 0 from time(), so there is only a quality of service implication to when it it is used but no Depex?

 

 

How do you decide how many CPU threads to use? 

 

 

If we end up splitting this up for “others” to handle the MP in DXE, PEI, or MM then I think we probably need a more robust API set that abstracts breaking up the work, and combining it back tougher. Well you would need the worker functions to processes the broken up data on the APs. So I would imagine and API that splits the work and you pass in the number of APs (or APs + BSP) and you get N buffers out to process? Those buffers should describe the chunk to the worker function, and when the worker function is done the get the answer function can calculate the results from that. 

 

 

[1] We don’t have a Base implementation of BaseCryptLib. 

CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf

LIBRARY_CLASS                  = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER

 

CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf

LIBRARY_CLASS                  = BaseCryptLib|PEIM PEI_CORE

 

 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf

LIBRARY_CLASS                  = BaseCryptLib|DXE_RUNTIME_DRIVER

 

CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf

  LIBRARY_CLASS                  = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE MM_STANDALONE

 

 

Thanks,

 

Andrew Fish

 

Thanks,

 

Mike

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Li, Zhihao
Sent: Wednesday, September 1, 2021 6:38 PM
To: devel@edk2.groups.io
Cc: Yao, Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>; Wu, Hao A <hao.a.wu@...>; Lu, XiaoyuX <xiaoyux.lu@...>; Jiang, Guomin <guomin.jiang@...>; gaoliming@...; Fu, Siyuan <siyuan.fu@...>; Wu, Yidong <yidong.wu@...>; Li, Aaron <aaron.li@...>
Subject: [edk2-devel] [RFC] Add parallel hash feature into CryptoPkg.BaseCryptLib

 

Hi, everyone.

We want to add new hash algorithm—cSHAKE256/ParallelHash256 defined by NIST SP 800-185—into BaseCryptLib of CryptoPkg. This feature can be applied for digital authentication functions like Capsule Update. It utilizes multi-processor to calculate the image digest in parallel for update capsule authentication so that lessen the time of capsule authentication.

 

 

[Background]

The intention of this change is to improve the capsule authentication performance.

Currently, the image is calculated to a hash value (usually by SHA-256), then the hash value be signed by a certificate. The header, certificate, and image binary be sealed to the capsule. In authentication phase, the program should calculate the hash using image binary in capsule and then perform authentication procedures.

 

[Proposal]

Now, we propose a new authentication flow, which firstly pre-calculates the ParallelHash256 digest of the image binary in parallel with multi-processors, then use the ParallelHash256 digest (instead of original image binary) in subsequent SHA-256 hash for sign/authentication.

Since the big size image be compressed to the ParallelHash256 digest that only have 256 bytes, the time of SHA-256 running would be less.

 

[Required Changes]

Mainly in CryptoPkg, MdeModulePkg, SecurityPkg:

1. CryptoPkg: need to add the new hash algorithm named cSHAKE256/ParallelHash256 in BaseCrypLib. The ParallelHash function will consume CPU MP Service Protocol, not sure if this is allowed in BaseCryptLib?

2. MdeMoudulePkg: Add new authenticate function AuthenticateFmpImageWithParallelhash() to FmpAuthenticationLib. This is because original AuthenticateFmpImage() interface only have 4 parameters  while the new have 5 parameters. The 5th parameter is ParallelHash256 digest raised above. We try to do the parallel hash before authentication and transfer the result to AuthenticateFmpImage function as parameter. So that we can do only once parallel hash externally in the case of multiple authentication which saves more time.

3. SecurityPkg: Add new function named FmpAuthenticatedHandlerPkcs7WithParallelhash() and AuthenticateFmpImageWithParallelhash() to FmpAuthenticationLibPkcs7. This is because original interfaces not have the formal parameter (ParallelHash256 digest) we need. We try to do the parallel hash before authentication and transfer the result to AuthenticateFmpImage and FmpAuthenticatedHandlerPkcs7 function as parameter. So that we can do only once parallel hash externally in the case of multiple authentication which saves more time.

 

Please let me know if you have any comment or concern on this proposed change.

 

Thanks for your time and feedback!

Best regards,
Zhihao

 

 


Re: [PATCH 0/3] Add support for gdb and lldb

Andrew Fish
 

Sorry the patches stalled out. I need to push them….

Thanks,

Andrew Fish

On Sep 14, 2021, at 4:47 PM, Rebecca Cran <rebecca@...> wrote:

I was wondering what your plan for committing these to the repo is? It would be nice to get them committed so people can start using them.


-- 
Rebecca Cran


On 8/8/21 3:46 PM, Andrew Fish via groups.io wrote:
This patch set adds debugging support for gdb and lldb.
It also adds generic debugging classes that use a file like object to
make it easy to import into any debugger that supports Python.

Since these debugging scripts don't depend on any EFI code I was thinking
we could place them in the root of the repo to be easy to discover.

I've tested gdb on Ubuntu and lldb on macOS for IA32 and X64.

Andrew Fish (3):
  efi_debugging.py: - Add debugger agnostic debugging Python Classes
  efi_gdb.py: - Add gdb EFI commands and pretty Print
  efi_lldb.py: - Add lldb EFI commands and pretty Print

 efi_debugging.py | 2187 ++++++++++++++++++++++++++++++++++++++++++++++
 efi_gdb.py       |  918 +++++++++++++++++++
 efi_lldb.py      | 1044 ++++++++++++++++++++++
 3 files changed, 4149 insertions(+)
 create mode 100755 efi_debugging.py
 create mode 100755 efi_gdb.py
 create mode 100755 efi_lldb.py






Re: [PATCH 0/3] Add support for gdb and lldb

Rebecca Cran
 

I was wondering what your plan for committing these to the repo is? It would be nice to get them committed so people can start using them.


--
Rebecca Cran

On 8/8/21 3:46 PM, Andrew Fish via groups.io wrote:
This patch set adds debugging support for gdb and lldb.
It also adds generic debugging classes that use a file like object to
make it easy to import into any debugger that supports Python.

Since these debugging scripts don't depend on any EFI code I was thinking
we could place them in the root of the repo to be easy to discover.

I've tested gdb on Ubuntu and lldb on macOS for IA32 and X64.

Andrew Fish (3):
efi_debugging.py: - Add debugger agnostic debugging Python Classes
efi_gdb.py: - Add gdb EFI commands and pretty Print
efi_lldb.py: - Add lldb EFI commands and pretty Print

efi_debugging.py | 2187 ++++++++++++++++++++++++++++++++++++++++++++++
efi_gdb.py | 918 +++++++++++++++++++
efi_lldb.py | 1044 ++++++++++++++++++++++
3 files changed, 4149 insertions(+)
create mode 100755 efi_debugging.py
create mode 100755 efi_gdb.py
create mode 100755 efi_lldb.py


Re: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy

Stefan Berger
 

On 9/14/21 6:26 PM, Yao, Jiewen wrote:
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

I will wait for a week, to see if there is any feedback from AMD or Bhyve reviewer.
I can repost as v3 with your Reviewed-by's cc'ing them.


    Stefan



Thank you
Yao Jiewen


-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Tuesday, September 14, 2021 10:18 PM
To: devel@edk2.groups.io
Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
<jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy

This series of patches adds support for disabling the TPM 2 platform
hierarchy to Ovmf. To be able to do this we have to handle TPM 2
physical presence interface (PPI) opcodes before the TPM 2 platform
hierarchy is disabled otherwise TPM 2 commands that are sent due to the
PPI opcodes may fail if the platform hierarchy is already disabled.
Therefore, we need to invoke the handler function
Tcg2PhysicalPresenceLibProcessRequest from within
PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may
require
interaction with the user, we also move PlatformInitializeConsole
to before the handling of PPI codes so that the keyboard is available
when needed. The PPI handling code will activate the default consoles
only if it requires user interaction.

Regards,
Stefan

v2:
- 1/4: Added missing link library
- 2/4: Modified other BdsPlatform.c files as well
- Added Yao's comments to 1/2 and 2/2

Stefan Berger (4):
OvmfPkg/TPM PPI: Connect default consoles for user interaction
OvmfPkg: Handle TPM 2 physical presence opcodes much earlier
OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
compilation
OvmfPkg: Reference new Tcg2PlatformPei in the build system

OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
.../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++--------
.../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++-------
.../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++-------
.../DxeTcg2PhysicalPresenceLib.c | 5 +++++
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
13 files changed, 75 insertions(+), 22 deletions(-)

--
2.31.1



Re: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy

Yao, Jiewen
 

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

I will wait for a week, to see if there is any feedback from AMD or Bhyve reviewer.

Thank you
Yao Jiewen

-----Original Message-----
From: Stefan Berger <stefanb@linux.ibm.com>
Sent: Tuesday, September 14, 2021 10:18 PM
To: devel@edk2.groups.io
Cc: mhaeuser@posteo.de; spbrogan@outlook.com;
marcandre.lureau@redhat.com; kraxel@redhat.com; Yao, Jiewen
<jiewen.yao@intel.com>; Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v2 0/4] OvmfPkg: Disable the TPM 2 platform hierarchy

This series of patches adds support for disabling the TPM 2 platform
hierarchy to Ovmf. To be able to do this we have to handle TPM 2
physical presence interface (PPI) opcodes before the TPM 2 platform
hierarchy is disabled otherwise TPM 2 commands that are sent due to the
PPI opcodes may fail if the platform hierarchy is already disabled.
Therefore, we need to invoke the handler function
Tcg2PhysicalPresenceLibProcessRequest from within
PlatformBootManagerBeforeConsole. Since handling of PPI opcodes may
require
interaction with the user, we also move PlatformInitializeConsole
to before the handling of PPI codes so that the keyboard is available
when needed. The PPI handling code will activate the default consoles
only if it requires user interaction.

Regards,
Stefan

v2:
- 1/4: Added missing link library
- 2/4: Modified other BdsPlatform.c files as well
- Added Yao's comments to 1/2 and 2/2

Stefan Berger (4):
OvmfPkg/TPM PPI: Connect default consoles for user interaction
OvmfPkg: Handle TPM 2 physical presence opcodes much earlier
OvmfPkg: Reference new Tcg2PlatformDxe in the build system for
compilation
OvmfPkg: Reference new Tcg2PlatformPei in the build system

OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
.../PlatformBootManagerLib/BdsPlatform.c | 19 +++++++++++--------
.../PlatformBootManagerLibBhyve/BdsPlatform.c | 16 +++++++++-------
.../PlatformBootManagerLibGrub/BdsPlatform.c | 16 +++++++++-------
.../DxeTcg2PhysicalPresenceLib.c | 5 +++++
.../DxeTcg2PhysicalPresenceLib.inf | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 8 ++++++++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
13 files changed, 75 insertions(+), 22 deletions(-)

--
2.31.1


Re: Question about EDK2 and commit signing

Marvin Häuser
 

On 14/09/2021 20:02, James Bottomley wrote:
On Mon, 2021-09-13 at 19:31 +0000, Marvin Häuser wrote:
Hey Pedro,

Same point as before really, why would an attacker have access to
your SSH key but not your GPG key? This scenario leaves out the
possibly of an HTTPS over SSH attack, in which case as a security-
aware person you use 2FA of course ( :) ), which means this is not
possible without creating a personal access token. There is very
little reason to do this at all - I never did this before, and I
don't know anyone who does this with their private or work GitHub
account (I think a few use it for CI?), at least that I know of. And
even if you need one, and you give it push rights to actually push
with, and you require GPG signatures globally, you again are keeping
those two factors at least close together, if not in the same spot.
I think the scenario in question was someone hacking into github. They
can bypass your ssh login requirement without needing your key, because
that's enforced by github but they can't sign your commit unless they
compromise your laptop or token. There are many ways of hacking a
cloud service besides simply trying to fake the login or extract the
token from the user.
For the green "verified" tick it'd be sufficient to just enrol a new GPG key. There'd need to be some manual verification that it's always the same GPG key, which would require some trusted channel of transmission and updating it in case it is lost. To get literally anything out of this, a significant extra effort is required.

Best regards,
Marvin


The way we get around this in Linux is with signed tags, but github
doesn't support that workflow.

I still really don't think signed commits adds much, even to github,
because to be informationally useful, all commits have to be signed.
Plus, anyway, if the entire site is compromised there'll be bigger
problems than checking commit signatures ...

James


Re: [PATCH V6 1/1] OvmfPkg: Enable TDX in ResetVector

Brijesh Singh
 

Hi Vishal,

On 9/14/21 2:00 PM, Vishal Annapurve wrote:
Hi Min, Brijesh,
Regarding:
diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
...
+%ifdef ARCH_IA32
     nop
     nop
     jmp     EarlyBspInitReal16

+%else
+
+ smsw    ax
We are having intermittent VM crashes with running this code in AMD-SEV enabled VMs. As per the AMD64 manual <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&data=04%7C01%7Cbrijesh.singh%40amd.com%7C652023e953924957972a08d977b2031a%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637672430875783281%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=VFiIbcV6H4xx5XZd%2F0OZjerSfJwLfUjK7mPU9JHY05E%3D&reserved=0> section 15.8.1, executing "smsw" instruction doesn't result in bit 63 being set in EXITINFO1 and KVM ends up emulating "smsw" instruction by trying to read encrypted guest VM memory as per the code <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.kernel.org%2Fpub%2Fscm%2Fvirt%2Fkvm%2Fkvm.git%2Ftree%2Farch%2Fx86%2Fkvm%2Fsvm%2Fsvm.c%23n2495&data=04%7C01%7Cbrijesh.singh%40amd.com%7C652023e953924957972a08d977b2031a%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637672430875783281%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=jSw7PLfXjhB8utM7Dxx2P%2F5M3fqvO3q3DBaFW%2Bu03A8%3D&reserved=0>. Since KVM tries to make sense of different random cipher texts in different boots, it seems to intermittently result in visible issues.
The smsw does not provide decode assist, in those cases KVM reads the guest memory and tries to decode. With encrypted guest, the memory contains the ciphertext and hypervisor will not be able to decode the instruction.

But it brings a question to Min, why we are using the smsw ? why cannot use mov CRx. The smsw was meant for very old processors (286 or 8086 etc) and is used for legacy compatibility. The recommendation is to use the mov CRx. The mov CRx will provide the decode assist to HV.

I looked at the Intel architecture manual [1] and it also recommends using the mov CRx. The text from the Intel doc.

SMSW is only useful in operating-system software. However,
it is not a privileged instruction and can be used in
application programs if CR4.UMIP = 0. It is provided for
compatibility with the Intel 286 processor. Programs and
procedures intended to run on IA-32 and Intel 64 processors
beginning with the Intel386 processors should use the
MOV CR instruction to load the machine status word.


[1] https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf


Is this expected behavior or do we miss some configuration or patches that are recommended by AMD?
This is expected because the smsw does not provide a decode assist, and encrypted guest will have issues with it. Lets understand the reason behind using the smsw.

Regards,
Vishal
On Tue, Sep 14, 2021 at 4:54 PM Brijesh Singh via groups.io <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgroups.io%2F&data=04%7C01%7Cbrijesh.singh%40amd.com%7C652023e953924957972a08d977b2031a%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637672430875793279%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2Br4xRTlrqoERthTLJ2YNQAPrKzYX6fid2Q9WNyKybrw%3D&reserved=0> <brijesh.singh=amd.com@groups.io <mailto:amd.com@groups.io>> wrote:
Hi Min,
A quick question below.
On 9/14/21 3:50 AM, Min Xu wrote:
> RFC:
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3429&;data=04%7C01%7Cbrijesh.singh%40amd.com%7C2cca2f0a7fb44084da2b08d9775cb220%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637672062275443867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=4zfuIDvTGDNCt%2BD3u7uUR0n6hHDzv%2FI8NkqoUJhsx8Y%3D&amp;reserved=0
<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3429&data=04%7C01%7Cbrijesh.singh%40amd.com%7C652023e953924957972a08d977b2031a%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637672430875793279%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=E5bfIvEeyWTgUqnmllwKgSwxycqhzfNnZ72O0i0UKww%3D&reserved=0>
>
> Intel's Trust Domain Extensions (Intel TDX) refers to an Intel
technology
> that extends Virtual Machines Extensions (VMX) and Multi-Key
Total Memory
> Encryption (MKTME) with a new kind of virutal machines guest called a
> Trust Domain (TD). A TD is desinged to run in a CPU mode that
protects the
> confidentiality of TD memory contents and the TD's CPU state from
other
> software, including the hosting Virtual-Machine Monitor (VMM), unless
> explicitly shared by the TD itself.
>
> Note: Intel TDX is only available on X64, so the Tdx related
changes are
> in X64 path. In IA32 path, there may be null stub to make the build
> success.
>
> This patch includes below major changes.
>
> 1. Definition of BFV & CFV
> Tdx Virtual Firmware (TDVF) includes one Firmware Volume (FV) known
> as the Boot Firmware Volume (BFV). The FV format is defined in the
> UEFI Platform Initialization (PI) spec. BFV includes all TDVF
components
> required during boot.
>
> TDVF also include a configuration firmware volume (CFV) that is
separated
> from the BFV. The reason is because the CFV is measured in RTMR,
while
> the BFV is measured in MRTD.
>
> In practice BFV is the code part of Ovmf image (OVMF_CODE.fd).
CFV is the
> vars part of Ovmf image (OVMF_VARS.fd).
>
> 2. PcdOvmfImageSizeInKb
> PcdOvmfImageSizeInKb indicates the size of Ovmf image. It is used to
> calculate the offset of TdxMetadata in ResetVectorVtf0.asm.
In SEV-SNP v7 series, I implemented the metadata support. I did not see
a need for the PcdOvmfImageSizeInKB. Why do you need it? I think your
calculation below will not work if someone is using the OVMF_CODE.fd
instead of OVMF.fd. Have you tried booting with OVMF_CODE.fd ?
thanks


Re: [edk2-platforms] [PATCH V1] SimicsOpenBoardPkg: Fix GCC Build

Nate DeSimone
 

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Nate DeSimone
Sent: Tuesday, August 31, 2021 4:40 PM
To: devel@edk2.groups.io
Cc: Agyeman, Prince <prince.agyeman@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>
Subject: [edk2-devel] [edk2-platforms] [PATCH V1] SimicsOpenBoardPkg: Fix GCC Build

Cc: Agyeman Prince <prince.agyeman@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
---
.../SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkgPcd.dsc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkgPcd.dsc b/Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkgPcd.dsc
index 251f46f812..88009b8f10 100644
--- a/Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkgPcd.dsc
+++ b/Platform/Intel/SimicsOpenBoardPkg/BoardX58Ich10/OpenBoardPkgPcd.dsc
@@ -221,8 +221,6 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdSmiHandlerProfilePropertyMask|0x1
!endif
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
- gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|1024
- gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600
gPcAtChipsetPkgTokenSpaceGuid.PcdHpetBaseAddress|0xFED00000

######################################
@@ -238,6 +236,8 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|1024
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600

######################################
# Board Configuration
--
2.27.0.windows.1


Re: Question about EDK2 and commit signing

James Bottomley
 

On Mon, 2021-09-13 at 19:31 +0000, Marvin Häuser wrote:
Hey Pedro,

Same point as before really, why would an attacker have access to
your SSH key but not your GPG key? This scenario leaves out the
possibly of an HTTPS over SSH attack, in which case as a security-
aware person you use 2FA of course ( :) ), which means this is not
possible without creating a personal access token. There is very
little reason to do this at all - I never did this before, and I
don't know anyone who does this with their private or work GitHub
account (I think a few use it for CI?), at least that I know of. And
even if you need one, and you give it push rights to actually push
with, and you require GPG signatures globally, you again are keeping
those two factors at least close together, if not in the same spot.
I think the scenario in question was someone hacking into github. They
can bypass your ssh login requirement without needing your key, because
that's enforced by github but they can't sign your commit unless they
compromise your laptop or token. There are many ways of hacking a
cloud service besides simply trying to fake the login or extract the
token from the user.

The way we get around this in Linux is with signed tags, but github
doesn't support that workflow.

I still really don't think signed commits adds much, even to github,
because to be informationally useful, all commits have to be signed.
Plus, anyway, if the entire site is compromised there'll be bigger
problems than checking commit signatures ...

James

5381 - 5400 of 85991