https://bugzilla.tianocore.org/show_bug.cgi?id=3177
Add ContainedElementCount, ContainedElementRecordLength and
ContainedElements for smbiosview type 3.
Signed-off-by: Mars CC Lin
Cc: Zhichao Gao
Cc: Philippe Mathieu-Daude
Cc: Liming Gao
---
.../SmbiosView/PrintInfo.c|
This commit adds the standalone MM build instruction
to enable UEFI secure boot.
Signed-off-by: Masahisa Kojima
---
Platform/Qemu/SbsaQemu/Readme.md | 35
1 file changed, 35 insertions(+)
diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md
index
Fix typo in Readme.md
Signed-off-by: Masahisa Kojima
Reviewed-by: Leif Lindholm
---
Platform/Qemu/SbsaQemu/Readme.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md
index 50f61b6e3bf4..cef98383884a 100644
--
This implements support for UEFI secure boot on SbsaQemu using
the standalone MM framework. This moves all of the software handling
of the UEFI authenticated variable store into the standalone MM
context residing in a secure partition.
Secure variable storage is located at 0x0100 in secure NOR
Add the build infrastructure for compilation of StandaloneMm image.
SbsaQemu.fdf is modified to extend the FLASH0 region enough big to
contain StandaloneMM image(BL32).
Signed-off-by: Masahisa Kojima
---
Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 132
Platform/Qemu/Sb
This patch series implment the UEFI secure boot on SbsaQemu.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Graeme Gregory
Cc: Radoslaw Biernacki
Cc: Shashi Mallela
v3:
- create device-tree parsing helper functions
- update the .dsc file layout to minimize the modification
- remove unnesessary
On Tue, 2 Mar 2021 at 02:22, Leif Lindholm wrote:
>
> On Mon, Mar 01, 2021 at 14:19:50 +0900, Masahisa Kojima wrote:
> > This implements support for UEFI secure boot on SbsaQemu using
> > the standalone MM framework. This moves all of the software handling
> > of the UEFI authenticated variable st
Hi Mars,
I still cannot extract your patch thru this email. But I got it from the BZ
link. There still some problems I missed last time.
You should add a length check before showing the contained elements.
Thanks,
Zhichao
From: Mars CC Lin
Sent: Tuesday, March 2, 2021 11:14 AM
To: devel@edk2.g
Currently the struct parser for StructPcd Generation does not
fliter the types such as UINT8 which should be ignored successfully.
This patch modifies this issue.
Cc: Bob Feng
Cc: Liming Gao
Signed-off-by: Yuwei Chen
---
BaseTools/Scripts/ConvertFceToStructurePcd.py | 2 ++
1 file changed, 2 i
Reviewed-by: Jiewen Yao
> -Original Message-
> From: Kun Qin
> Sent: Wednesday, March 3, 2021 4:05 AM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J ;
> Zhang, Qi1 ; Kumar, Rahul1
> Subject: [PATCH v4 6/7] SecurityPkg: Tcg2Smm: Added support for Standalone
> Mm
>
> https:/
On Tue, 2 Mar 2021 at 23:13, Leif Lindholm wrote:
>
> On Tue, Mar 02, 2021 at 21:45:26 +0900, Masahisa Kojima wrote:
> > Hi Leif,
> >
> > Thank you for you comments.
> >
> > On Tue, 2 Mar 2021 at 02:05, Leif Lindholm wrote:
> > >
> > > On Mon, Mar 01, 2021 at 14:19:49 +0900, Masahisa Kojima wrote
Hello Tobin,
Just a high level question, why is this patch included in this
patch series, i don't think you are supporting SEV-ES platform
migration in this patch-set ?
Thanks,
Ashish
On Tue, Mar 02, 2021 at 03:48:27PM -0500, Tobin Feldman-Fitzthum wrote:
> From: Ashish Kalra
>
> Mark the SEC
The migration handler communicates with the hypervisor
via a shared mailbox page. The MH can perform four functions
at the behest of the HV: init, save page, restore page, and
reset.
Signed-off-by: Tobin Feldman-Fitzthum
---
.../ConfidentialMigrationDxe.inf | 1 +
.../ConfidentialM
This code is for demonstration purposes only. It is not secure or
robust. The purpose is to show where encryption will be incorporated
and to get a sense of the performance impact of adding encryption.
We plan to use AES-GCM to encrypt the pages as a stream. This will
also allow us to verify the G
When restoring pages, the Migration Handler shoudl avoid overwriting
its own stack.
Signed-off-by: Tobin Feldman-Fitzthum
---
.../ConfidentialMigrationDxe.inf | 2 +
OvmfPkg/AmdSev/ConfidentialMigration/MpLib.h | 235 ++
.../ConfidentialMigrationDxe.c
From: Dov Murik
The migration handler builds its own page tables and switches
to them. The MH pagetables are reserved as runtime memory.
When the hypervisor asks the MH to import/export a page, the HV
writes the guest physical address of the page in question to the
mailbox. The MH uses an identi
Reserve IDT and other exception-related memory as runtime so
it won't be overwritten by the OS while the MH is running.
Signed-off-by: Tobin Feldman-Fitzthum
---
UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeException.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/U
From: Ashish Kalra
Detect for KVM hypervisor and check for SEV live migration
feature support via KVM_FEATURE_CPUID, if detected setup a new
UEFI enviroment variable to indicate OVMF support for SEV
live migration.
Signed-off-by: Ashish Kalra
---
OvmfPkg/OvmfPkg.dec | 1 +
Ov
From: Brijesh Singh
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track the unencrypted pages. The information will be used during
guest l
The Migration Handdler is started using the Mp Service, which
is only designed to function during boot time. The MH needs
to run continuously. In the abscence of a generalized persitent
Mp Service, temporary alterations were made to keep the MH running.
Here, we skip registering the ExitBootServic
Confidential Migration relies on two boolean PCDs set from FW_CFG
Signed-off-by: Tobin Feldman-Fitzthum
---
OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++
OvmfPkg/PlatformPei/Platform.c | 10 ++
2 files changed, 12 insertions(+)
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf
b/Ovm
Base enablement of DXE driver that supports confidential migration.
Signed-off-by: Tobin Feldman-Fitzthum
---
OvmfPkg/OvmfPkg.dec | 5 ++
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 +
.../ConfidentialMigrati
This is a demonstration of fast migration for encrypted virtual machines
using a Migration Handler that lives in OVMF. This demo uses AMD SEV,
but the ideas may generalize to other confidential computing platforms.
With AMD SEV, guest memory is encrypted and the hypervisor cannot access
or move it.
From: Ashish Kalra
Mark the SEC GHCB page that is mapped as unencrypted in
ResetVector code in the hypervisor page encryption bitmap.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Signed-off-by: Ashish Kalra
---
OvmfPkg/PlatformPei/AmdSev.c | 10 ++
1 file changed, 10 inser
The migration handler communicates with the hypervisor using a
special mailbox, a page of shared memory where pending commands
can be written. Another shared page is used to pass the incoming
or outgoing guest memory pages. These pages are set aside in MEMFD,
which this patch expands, and reserved
Another temporary change to support the persistence of the MH.
The Mp buffer needs to be allocated as runtime memory or it
may be overwritten by the OS.
Signed-off-by: Tobin Feldman-Fitzthum
---
UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 2 ++
UefiCpuPkg/Library/MpInitLib/MpLib.c |
While restoring pages, the MH should avoid overwriting its
pagetables or the mailbox it uses to communicate with the HV.
Signed-off-by: Tobin Feldman-Fitzthum
---
.../ConfidentialMigrationDxe.c| 22 +--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git
This changes added usage of MmUnblockMemoryLib to explicitly request
allocated NVS region to be accessible from MM environment. It will bring
in compatibility with architectures that supports full memory blockage
inside MM.
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Cc: Rahul Kumar
Signed-of
https://bugzilla.tianocore.org/show_bug.cgi?id=3169
This change added Standalone MM instance of Tcg2. The notify function for
Standalone MM instance is left empty.
A dependency DXE driver with a Depex of gEfiMmCommunication2ProtocolGuid
was created to indicate the readiness of Standalone MM Tcg2
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3169
This change separated the original Tcg2Smm module into 2 drivers: the
SMM driver that registers callback for physical presence and memory
clear; the Tcg2Acpi driver that patches and publishes ACPI table for
runtime use.
Tcg2Smm introduced a
This changes added usage of MmUnblockMemoryLib to explicitly request
runtime cache regions(and its indicators) to be accessible from MM
environment when PcdEnableVariableRuntimeCache is enabled. It will bring
in compatibility with architectures that supports full memory blockage
inside MM.
Cc: Jia
This change replaced gSmst with gMmst to support broader compatibility
under MM environment for Tcg2Smm driver.
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Cc: Rahul Kumar
Signed-off-by: Kun Qin
Reviewed-by: Jiewen Yao
---
Notes:
v4:
- Previously reviewed, no change.
v3:
-
This change added NULL MmUnblockMemoryLib instance in dsc files of
OvmfPkg to pass CI build. When SMM_REQUIRE flag is set, the library
interface is consumed by VariableSmmRuntimeDxe to better support variable
runtime cache feature.
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Cc: Jordan Justen
Signed-o
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3168
This interface provides an abstration layer to allow MM modules to access
requested areas that are outside of MMRAM. On MM model that blocks all
non-MMRAM accesses, areas requested through this API will be mapped or
unblocked for accessibili
This patch series is a follow up of previous submission:
https://edk2.groups.io/g/devel/message/72239
The module changes are validated on two different physical platforms and
QEMU based Q35 plastform. Standalone and traditional MM are both tested
to be functional on these systems.
v4 patches main
W dniu 02.03.2021 o 15:14, Graeme Gregory pisze:
On 02/03/2021 13:38, Leif Lindholm wrote:
Commit 822634fc1bf1 ("SbsaQemu: Update SbsaQemuAcpiDxe to use
FdtHelperLib")
replaced the CountCpusFromFdt() function in SbsaQemuAcpiDxe with a
call to
FdtHelperCountCpus() in FdtHelperLib. This ended up
Reviewed-by: G Edhaya Chandran
> -Original Message-
> From: Heinrich Schuchardt
> Sent: 26 February 2021 18:10
> To: EDK II Development
> Cc: Eric Jin ; G Edhaya Chandran
> ; Barton Gao ; Arvin
> Chen ; Samer El-Haj-Mahmoud mahm...@arm.com>; Heinrich Schuchardt
> Subject: [PATCH edk2-t
On Tue, Mar 02, 2021 at 15:10:16 +0100, Marcin Juszkiewicz wrote:
> Tanmay is no longer at Linaro
>
> Signed-off-by: Marcin Juszkiewicz
Reviewed-by: Leif Lindholm
Thanks!
Pushed as db922e1253cb.
> ---
> Maintainers.txt | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git Maintainers.txt Ma
On Tue, Mar 02, 2021 at 16:01:56 +0100, Marcin Juszkiewicz wrote:
> W dniu 02.03.2021 o 15:14, Graeme Gregory pisze:
> > On 02/03/2021 13:38, Leif Lindholm wrote:
> > > Commit 822634fc1bf1 ("SbsaQemu: Update SbsaQemuAcpiDxe to use
> > > FdtHelperLib")
> > > replaced the CountCpusFromFdt() function
Tanmay is no longer at Linaro
Signed-off-by: Marcin Juszkiewicz
---
Maintainers.txt | 1 -
1 file changed, 1 deletion(-)
diff --git Maintainers.txt Maintainers.txt
index 2e6e87bb6d..afbd2cff0e 100644
--- Maintainers.txt
+++ Maintainers.txt
@@ -295,7 +295,6 @@ M: Ard Biesheuvel
M: Leif Lindhol
On 02/03/2021 13:38, Leif Lindholm wrote:
Commit 822634fc1bf1 ("SbsaQemu: Update SbsaQemuAcpiDxe to use FdtHelperLib")
replaced the CountCpusFromFdt() function in SbsaQemuAcpiDxe with a call to
FdtHelperCountCpus() in FdtHelperLib. This ended up leaving static variables
FdtFirstCpuOffset and FdtC
On Tue, Mar 02, 2021 at 21:45:26 +0900, Masahisa Kojima wrote:
> Hi Leif,
>
> Thank you for you comments.
>
> On Tue, 2 Mar 2021 at 02:05, Leif Lindholm wrote:
> >
> > On Mon, Mar 01, 2021 at 14:19:49 +0900, Masahisa Kojima wrote:
> > > Add the build infrastructure for compilation of StandaloneM
On Tue, 2 Mar 2021 at 14:38, Leif Lindholm wrote:
>
> Commit 822634fc1bf1 ("SbsaQemu: Update SbsaQemuAcpiDxe to use FdtHelperLib")
> replaced the CountCpusFromFdt() function in SbsaQemuAcpiDxe with a call to
> FdtHelperCountCpus() in FdtHelperLib. This ended up leaving static variables
> FdtFirstC
Good catch.
BdsAfterConsoleReadyBeforeBootOptionCallback() in BoardModulePkg is not
implemented properly.
It should only do the boot option sort either:
1. in the first boot after flashing the firmware, or
2. in BOOT_WITH_FULL_CONFIGURATION boot path if the platform PEI can correctly
changes the
Commit 822634fc1bf1 ("SbsaQemu: Update SbsaQemuAcpiDxe to use FdtHelperLib")
replaced the CountCpusFromFdt() function in SbsaQemuAcpiDxe with a call to
FdtHelperCountCpus() in FdtHelperLib. This ended up leaving static variables
FdtFirstCpuOffset and FdtCpuNodeSize uninitialised, such that the GetM
Hi Leif,
Thank you for you comments.
On Tue, 2 Mar 2021 at 02:05, Leif Lindholm wrote:
>
> On Mon, Mar 01, 2021 at 14:19:49 +0900, Masahisa Kojima wrote:
> > Add the build infrastructure for compilation of StandaloneMm image.
> >
> > Signed-off-by: Masahisa Kojima
> > ---
> > .../Qemu/SbsaQemu
Hi Ray,
I just think of that if we always do the sort, it may cause the changed boot
order (by the user of the platform) resort again. That's unexpected.
Thanks,
Zhichao
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Ni, Ray
> Sent: Tuesday, March 2, 2021 5:12 PM
> To:
Zhiguang,
Reviewed-by: Ray Ni
I think you can add a third reason in commit message:
3. Below change in UefiBootManagerLib puts setup in the end
MdeModulePkg/UefiBootManagerLib: Put BootMenu at the end of BootOrder
SHA-1: 7f34681c488aee2563eaa2afcc6a2c8aa7c5b912
> -Original Message-
Currently, load option is only sorted when setup is the first priority in boot
option.
This condition is not needed because the below reasons:
1. Setup option may have different string name depending on platform side.
It shouldn't be hardcoded here.
2. Always sorting meets the needs that setup
On 03/01/21 20:03, Kun Qin wrote:
> Hi Laszlo,
>
> The library is intended to allow MM modules to access requested areas that
> are outside of MMRAM. The idea behind this library is to create an MM model
> that will block access to all non-MMRAM regions except the requested areas
> for isolatio
VFR successfully compiles if we forget to include a header that defines
a macro. In that case the HII option was hidden when it shouldn't be
just because the macro was used but not defined.
The behaviour is totally intended by the C/PP standard. When a macro is
undefined it evaluates to 0.
GCC, MS
VFR successfully compiles if we forget to include a header that defines
a macro. In that case the HII option was hidden when it shouldn't be
just because the macro was used but not defined.
The behaviour is totally intended by the C/PP standard. When a macro is
undefined it evaluates to 0.
GCC, MS
See the individual commit descriptions.
I split it up into GCC/CLANG and MSVC commits but feel free to squash
them if you think they belong together.
We found a few bugs and lots of dead code with this in our internal
code-base.
I only tested GCC5, CLANBPDB and VS2015 toolchains. Not 100% sure if
53 matches
Mail list logo
