Question: What is the value to provide an *empty* HSTI table?
IMHO, If the goal is to perform some security check, I think we need provide a
*real* HSTI table.
Thank you
Yao, Jiewen
> -----Original Message-----
> From: Konstantin Kostiuk <kkost...@redhat.com>
> Sent: Thursday, March 14, 2024 6:25 PM
> To: devel@edk2.groups.io
> Cc: Yan Vugenfirer <yvuge...@redhat.com>; Ard Biesheuvel
> <ardb+tianoc...@kernel.org>; Yao, Jiewen <jiewen....@intel.com>; Gerd
> Hoffmann <kra...@redhat.com>
> Subject: [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver
>
> The driver provides empty HSTI table.
>
> Signed-off-by: Konstantin Kostiuk <kkost...@redhat.com>
> ---
> OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 +++++++++++++++++++++++++++++
> OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 ++++++++++++++++++++++++
> 2 files changed, 139 insertions(+)
> create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
>
> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> new file mode 100644
> index 0000000000..b9ed189f33
> --- /dev/null
> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
> @@ -0,0 +1,75 @@
> +/** @file
>
> + This file contains DXE driver for publishing empty HSTI table
>
> +
>
> +Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
>
> +Copyright (c) 2024, Red Hat. Inc
>
> +
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include <PiDxe.h>
>
> +#include <Library/BaseLib.h>
>
> +#include <Library/DebugLib.h>
>
> +#include <Library/BaseMemoryLib.h>
>
> +#include <Library/MemoryAllocationLib.h>
>
> +#include <Library/UefiBootServicesTableLib.h>
>
> +#include <Library/UefiLib.h>
>
> +#include <IndustryStandard/Hsti.h>
>
> +#include <Library/HstiLib.h>
>
> +
>
> +#define HSTI_PLATFORM_NAME L"Intel(R) 9-Series v1"
>
> +#define HSTI_SECURITY_FEATURE_SIZE 1
>
> +
>
> +ADAPTER_INFO_PLATFORM_SECURITY mHstiBase = {
>
> + PLATFORM_SECURITY_VERSION_VNEXTCS,
>
> + PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
>
> + { HSTI_PLATFORM_NAME },
>
> + HSTI_SECURITY_FEATURE_SIZE,
>
> +};
>
> +
>
> +/**
>
> + The driver's entry point.
>
> +
>
> + @param[in] ImageHandle The firmware allocated handle for the EFI image.
>
> + @param[in] SystemTable A pointer to the EFI System Table.
>
> +
>
> + @retval EFI_SUCCESS The entry point is executed successfully.
>
> + @retval other Some error occurs when executing this entry point.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +VirtHstiDxeEntrypoint (
>
> + IN EFI_HANDLE ImageHandle,
>
> + IN EFI_SYSTEM_TABLE *SystemTable
>
> + )
>
> +{
>
> + EFI_STATUS Status;
>
> +
>
> + // Allocate memory for HSTI struct
>
> + // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays
>
> + // UINT8 SecurityFeaturesRequired[];
>
> + // UINT8 SecurityFeaturesImplemented[];
>
> + // UINT8 SecurityFeaturesVerified[];
>
> + // sizeof (CHAR16) is for the NULL terminator of ErrorString
>
> + // CHAR16 ErrorString[]
>
> + UINTN HstiSize = sizeof (ADAPTER_INFO_PLATFORM_SECURITY) +
>
> + 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE +
>
> + sizeof (CHAR16);
>
> + VOID *HstiStruct = AllocateZeroPool (HstiSize);
>
> +
>
> + if (HstiStruct == NULL) {
>
> + return EFI_OUT_OF_RESOURCES;
>
> + }
>
> +
>
> + CopyMem (HstiStruct, &mHstiBase, sizeof
> (ADAPTER_INFO_PLATFORM_SECURITY));
>
> +
>
> + Status = HstiLibSetTable (HstiStruct, HstiSize);
>
> + if (EFI_ERROR (Status)) {
>
> + if (Status != EFI_ALREADY_STARTED) {
>
> + ASSERT_EFI_ERROR (Status);
>
> + }
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> new file mode 100644
> index 0000000000..270aa60026
> --- /dev/null
> +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
> @@ -0,0 +1,64 @@
> +## @file
>
> +# Component description file for Virt Hsti Driver
>
> +#
>
> +# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) Microsoft Corporation.<BR>
>
> +# Copyright (c) 2024, Red Hat. Inc
>
> +#
>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +#
>
> +##
>
> +
>
> +[Defines]
>
> + INF_VERSION = 0x00010005
>
> + BASE_NAME = VirtHstiDxe
>
> + FILE_GUID = 60740CF3-D428-4500-80E6-04A5798241ED
>
> + MODULE_TYPE = DXE_DRIVER
>
> + VERSION_STRING = 1.0
>
> + ENTRY_POINT = VirtHstiDxeEntrypoint
>
> +
>
> +################################################################
> ################
>
> +#
>
> +# Sources Section - list of files that are required for the build to succeed.
>
> +#
>
> +################################################################
> ################
>
> +
>
> +[Sources]
>
> + VirtHstiDxe.c
>
> +
>
> +################################################################
> ################
>
> +#
>
> +# Package Dependency Section - list of Package files that are required for
>
> +# this module.
>
> +#
>
> +################################################################
> ################
>
> +
>
> +[Packages]
>
> + MdePkg/MdePkg.dec
>
> +
>
> +################################################################
> ################
>
> +#
>
> +# Library Class Section - list of Library Classes that are required for
>
> +# this module.
>
> +#
>
> +################################################################
> ################
>
> +
>
> +[LibraryClasses]
>
> + UefiDriverEntryPoint
>
> + UefiLib
>
> + BaseLib
>
> + BaseMemoryLib
>
> + MemoryAllocationLib
>
> + DebugLib
>
> + HstiLib
>
> + UefiBootServicesTableLib
>
> +
>
> +################################################################
> ################
>
> +#
>
> +# Protocol C Name Section - list of Protocol and Protocol Notify C Names
>
> +# that this module uses or produces.
>
> +#
>
> +################################################################
> ################
>
> +
>
> +[Depex]
>
> + TRUE
>
> --
> 2.44.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116737): https://edk2.groups.io/g/devel/message/116737
Mute This Topic: https://groups.io/mt/104923813/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
