Reviewed-by: Guo Dong
-Original Message-
From: Tom Lendacky
Sent: Friday, March 8, 2024 8:30 AM
To: devel@edk2.groups.io
Cc: Ard Biesheuvel ; Aktas, Erdem
; Gerd Hoffmann ; Yao, Jiewen
; Laszlo Ersek ; Liming Gao
; Kinney, Michael D ; Xu,
Min M ; Liu, Zhiguang ; Kumar,
Rahul R ;
On 4/12/24 10:05, Ard Biesheuvel wrote:
On Fri, 12 Apr 2024 at 16:02, Tom Lendacky wrote:
Re-pinging the list/maintainers, again. I need reviews from the
maintainers on patches #2, #7, #10, #11 and #13.
Once I get final approval, I'll submit the change to edk2-platforms for
the new library as
This v2 series enables the Arm Confidential Compute Architecture (CCA)
support for the Kvmtool guest firmware and is aligned with the ARM CCA
RMM 1.0-eac5 specification.
The feedback received for the RFC v1 series has been addressed in this
series and the intention is to integrate the Arm CCA supp
The RMM 1.0-eac4 introduces a new FID RSI_FEATURES
to query the RSI features supported that have been
implemented.
Therefore, introduce a new function RsiGetFeatures
to query the features supported by the RSI.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Gerd Hoffmann
Signed-off-by: Sami Mujawar
The RMM 1.0-eac5 specification updates the RSI version command
to return the highest interface revision which is supported by
the RMM and the lower revision value which indicates:
a. The RMM supports an interface revision which is compatible
with the requested revision and the lower revision
IsRealm() probes to check if the code is executing
in a Realm context by checking if RME is supported
and then issuing a RSI_VERSION command to check it
is supported.
Instead of calling RSI_VERSION command every time the
IsRealm() is called, cache the world value we are
running in, to return the v
The patch at "049695a0b1e2 MdeModulePkg/PciBusDxe: Add feedback
status for PciIoMap" adds support to propagate the error code
following the invocation of the IoMmu protocol SetAttribute()
operation.
Since the ArmCcaIoMmuDxe implementation of the SetAttribute()
function returned EFI_UNSUPPORTED, it
The RsiInterfaceVersion fieldset contains an RSI interface
version and the width of this fieldset is 64 bits.
The bits 15:0 of this fieldset represent the RSI minor
revision number and the bits 30:16 represent the major
revision number. The remaining bits 63:31 are reserved
and should be zero.
Th
Hi Yanbo,
Can you help me understand the memory layout which causes this issue?
If a single EfiRuntimeServicesCode descriptor needs to be split because
an image is within the memory range. I think that descriptor is split
like so in the case you're encountering:
--- ---
On Fri, 12 Apr 2024 at 16:02, Tom Lendacky wrote:
>
> Re-pinging the list/maintainers, again. I need reviews from the
> maintainers on patches #2, #7, #10, #11 and #13.
>
> Once I get final approval, I'll submit the change to edk2-platforms for
> the new library as a reply to this series for a qui
The RMM specification 1.0-eac2 updates the RSI_IPA_STATE_SET
interface to add a new parameter RsiRipasChangeFlags.
The RsiRipasChangeFlags fieldset is 64 bits and the bit 0
describes the RsiRipasChangeDestroyed type which is used
to indicate if a RIPAS change from DESTROYED should be
permitted or
The RMM specification 1.0-eac2 updates the RIPAS state
to add a new DESTROYED state for an address which is
inaccessible to the Realm due to an action taken by
the Host.
Therefore, update the RSI RIPAS state enum to add the
new RIPAS_DESTROYED state.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Ger
The RMM 1.0-bet2 spec expands the set of GPRs for RSI host call
to X0-X30.
Therefore, update the RSI HOST_CALL_ARGS structure to reflect
these changes.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Gerd Hoffmann
Signed-off-by: Sami Mujawar
---
ArmVirtPkg/Include/Library/ArmCcaRsiLib.h | 29 +
The RMM 1.0-eac3 specification removed the restriction that
attestation token size must not exceed 4KB. Further it also
extended the RSI_ATTESTATION_TOKEN_CONTINUE command so as to
return up to a granule worth of the attestation token data.
The RMM 1.0-eac5 specification simplified the attestation
The RMM 1.0-eac3 specification extends the RSI_IPA_STATE_SET
command to return a new RsiResponse value to indicate if the
Host accepts or rejects the IPA state change request to RAM.
Therefore, define the RsiResponse enum and return an error
RETURN_ACCESS_DENIED if the Host rejects the RIPAS chang
The RMM 1.0-eac1 relaxed the RSI_HOST_CALL alignment requirement
from 4KB to 256B.
Therefore, update the alignment check for the address parameter
of the RSI_HOST_CALL command to relax the alignment requirement
to 256 bytes.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Gerd Hoffmann
Signed-off-by:
When a VMM creates a Realm, a small amount of DRAM (which contains
the firmware image) and the initial content is configured as Protected
RAM. The remaining System Memory is in the Protected Empty state. The
firmware must then initialise the remaining System Memory as Protected
RAM before it can be
The BaseRngLib library constructor for AArch64 asserts if the
RNDR instruction is not supported by the CPU. This approach to
warn about the unsupported instruction may be suitable for the
host platform firmware. However, for a guest firmware the only
mechanism to discover the supported RNG interfac
On Arm CCA systems the access to pages inside the Realm is protected.
However, software executing in a Realm needs to interact with the
external world. This may be done using para virtualisation of the
disk, network interfaces, etc. For this to work the buffers in the
Realm need to be shared with
The RMM 1.0-bet1 updates the width of the RsiHostCall
structure to 256 (0x100) bytes.
Therefore, update the RSI HOST_CALL_ARGS structure to reflect
these changes.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Gerd Hoffmann
Signed-off-by: Sami Mujawar
---
ArmVirtPkg/Include/Library/ArmCcaRsiLib.h
The RMM 1.0-eac0 specification updates the parameter usage for the
RSI_IPA_STATE_SET command to change the parameter 3 from IPA region
size to Top of target IPA region.
Therefore, update the RseSetIpaState () implementation to reflect
this change.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Gerd H
The RMM 1.0-eac2 specification updates the RsiRealmConfig
structure to add a new member to identify the Realm hash
algorithm.
Therefore, update the REALM_CONFIG structure to add a
new member HashAlgorithm that represents the Realm hash
value. Also add macros to define the RsiHashAlgorithm
enumerat
The Realm Aperture Management Protocol (RAMP) is used to manage
the sharing of buffers between the Guest and Host. It configures
the memory regions as Protected EMPTY or Protected RAM by calling
RSI_IPA_STATE_SET command. The RAMP provides interfaces that device
drivers can use to open/close apertu
The RMM specification 1.0-eac2 updates the RSI_IPA_STATE_SET
interface to add a new parameter RsiRipasChangeFlags.
The RsiRipasChangeFlags fieldset is 64 bits and the bit 0
describes the RsiRipasChangeDestroyed type which is used
to indicate if a RIPAS change from DESTROYED should be
permitted or
Arm CCA Realms protect the access to memory from outside the
Realm. For Virtio to work the Realm Guest and the Host should
be able to share buffers.
Realm Aperture Management protocol (RAMP) manages the sharing
of buffers between the Realm Guest and the Host, while the
ArmCcaIoMmuDxe implements th
The section B4.4.2 'RsiHostCall type' of the RMM specification
version A-bet0 specifies the Imm field in HostCallArgs structure
as a 16 bit wide value and the offset for the gprs[0] field is
0x8, which means the 6 bytes after the Imm field are padded.
Therefore, define the Imm field as UINT16 and
To support Arm CCA, a hook function ArmCcaConfigureMmio () has
been added to the ArmVirtMemInfoLib library.
Since, Arm CCA has not been enabled for the Qemu guest firmware,
update the QemuVirtMemInfoLib library to add a NULL implementation
for ArmCcaConfigureMmio () that returns RETURN_UNSUPPORTED
The kvmtool guest firmware is using the default RNG library
defined in ArmVirtPkg.dsc.inc which is BaseRngLibTimerLib.
BaseRngLibTimerLib is only present to use for test purposes on
platforms that do not have a suitable RNG source and must not be
used for production purposes.
Armv8.5 introduces r
The patch at "6c8a08bd8a680 ArmVirtPkg/PrePi: Ensure timely
execution of library constructors" moved the processing of
library constructors before the MMU is initialised.
This resulted in the BaseDebugLibSerialPort library constructor
BaseDebugLibSerialPortConstructor () which initialises the ser
The IPA space of a Realm is divided into two halves: Protected IPA space
and Unprotected IPA space. Software in a Realm should treat the most
significant bit of an IPA as a protection attribute. A Protected IPA is
an address in the lower half of a Realm's IPA space. An Unprotected IPA
is an address
To support Arm CCA, a hook function ArmCcaConfigureMmio () has
been added to the ArmVirtMemInfoLib library.
Since, Arm CCA has not been enabled for the Cloud Hypervisor guest
firmware, update the CloudHvVirtMemInfoLib library to add a NULL
implementation for ArmCcaConfigureMmio () that returns
RET
The IPA space of a Realm is divided into two halves:
- Protected IPA space and
- Unprotected IPA space.
Software in a Realm should treat the most significant bit of an
IPA as a protection attribute.
The Unprotected IPA space is used for sharing memory and for performing
MMIO accesses with the
ArmMonitorLib provides an abstraction for invoking monitor calls
using a SMC or HVC conduit based on the value configured in the
PCD PcdMonitorConduitHvc.
The monitor call conduit is fixed for a platform firmware in
most scenarios. For a normal virtual machine guest firmware,
the default conduit i
The following libraries have been introduced for Arm CCA:
* ArmCcaInitPeiLib - provides functions for ARM CCA
initialisations in early PEI phase.
* ArmCcaLib- provides the necessary helper functions
for Arm CCA
* ArmCcaRsiLib - implements f
The Section A4.5 Host call, RMM Specification, version A-bet0
describes the programming model for Realm communication with
the Host and specifies the following:
DYDJWT - A Host call is a call made by the Realm to the Host, by
execution of the RSI_HOST_CALL command.
IXNFKZ - A Host ca
The IPA space of a Realm is divided into two halves:
- Protected IPA space and
- Unprotected IPA space.
Software in a Realm should treat the most significant bit of an
IPA as a protection attribute.
The Unprotected IPA space is used for sharing memory and for performing
MMIO accesses with the
Add ArmCcaInitialize () to perform Arm CCA specific initialisation
like:
- Reading the Realm Config by calling the RSI interface.
- Storing the IPA width of the Realm in PcdArmCcaEarlyIpaWidth.
- Configuring the MMIO regions to update the page tables to set
the protection attribute as Unprote
To support Arm CCA, a hook function ArmCcaConfigureMmio () has
been added to the ArmVirtMemInfoLib library.
Since, Arm CCA has not been enabled for the Xen guest firmware,
update the XenVirtMemInfoLib library to add a NULL implementation
for ArmCcaConfigureMmio () that returns RETURN_UNSUPPORTED.
The Realm Management Monitor (RMM) is a software component which
forms part of a system which implements the Arm Confidential Compute
Architecture (CCA) and is responsible for management of Realms.
The RMM specification defines a Realm Service Interface (RSI) that
the Guest can use to request servi
Introduce ArmCcaLib library that implements helper
functions to:
- probe if the code is executing in a Realm context
- configure the protection attribute in page tables
for the memory regions shared with the host
- get the IPA width of the Realm which was stored in
the GUID HOB gArmCcaIpaWidthG
ArmVirtMonitorLib parses the device tree handed off by the VMM
to determine the conduit that must be used for monitor calls.
For a normal virtual machine guest firmware, the default conduit
is HVC. However, for Arm CCA the Realm code must use SMC as the
conduit. Kvmtool populates the correct condu
A CCA attestation token is a collection of claims about the state of a
Realm and of the CCA platform on which the Realm is running.
A CCA attestation token consists of two parts:
* Realm token - Contains attributes of the Realm, including:
# Realm Initial Measurement
# Realm Extensible Me
The Section A2.1.3 Realm attributes, RMM Specification, version A-bet0
introduces the concept of REMs as described below:
DGRFCS - A Realm Extensible Measurement (REM) is a measurement value
which can be extended during the lifetime of a Realm.
IFMPYL - Attributes of a Realm include
Add a NULL instance of ArmCcaInitPeiLib library that guest firmware
for VMMs that do not implement Arm CCA Realms can use.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Gerd Hoffmann
Signed-off-by: Sami Mujawar
---
ArmVirtPkg/ArmVirt.dsc.inc | 2 +
ArmVirtPkg
The IPA width of a Realm is read from the Realm Config by invoking
the RSI call RSI_REALM_CONFIG to read the Realm Config. The IPA width
is then stored in a GUID HOB gArmCcaIpaWidthGuid for subsequent use.
This GUID HOB is also useful to pass the IPA width of the Realm to the
DXE phase.
Cc: Ard B
Add a Null instance of ArmCcaLib so that guest firmware that does
not support Arm CCA can link to this Null version of the library.
Also include it in ArmVirt.dsc.inc so that it is linked for the
non-Arm CCA firmware builds.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Gerd Hoffmann
Signed-off-by:
The Realm Service Interface (RSI) commands use registers between
X1-X10 as parameters and between X0-X8 as return values for SMC
calls.
According to the SMCCC Section 2.6 SMC32/HVC32 argument passing
When an SMC32/HVC32 call is made from AArch32:
- Arguments are passed in registers R1-R7.
Add helper function to check if the Realm Management
Extension (RME) is implemented by the hardware.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Signed-off-by: Sami Mujawar
---
ArmPkg/Include/Chipset/AArch64.h | 3 ++-
ArmPkg/Include/Library/ArmLib.h| 15 ++-
ArmPkg
Add ArmCcaInitPeiLib library that performs the Arm CCA specific
initialisation in the PEI phase like:
- Configuring the system memory as Protected RAM.
- Reading the Realm Config and storing the IPA width in
a GUID HOB i.e., gArmCcaIpaWidthGuid for subsequent use.
- Calling ArmCcaConfigureMmi
Arm CCA requires the software in a Realm to treat the most
significant bit of an IPA as a protection attribute. To
enable/disable sharing of memory regions with the host, the
protection attribute needs to be set/cleared accordingly.
Therefore, introduce SetMemoryProtectionAttribute() so that
the m
Hi,
> > And tell which of platforms is a good example of using those?
>
> Juno, FVP, Morello, N1SDP, one NXP platform and ArmVirt use them. Probably
> the last one would be best to look at but who knows...
Probably not ArmVirt. At least not the qemu variant, maybe the kvmtool
version.
On qem
Re-pinging the list/maintainers, again. I need reviews from the
maintainers on patches #2, #7, #10, #11 and #13.
Once I get final approval, I'll submit the change to edk2-platforms for
the new library as a reply to this series for a quick review.
Thanks,
Tom
On 4/2/24 13:16, Lendacky, Thomas
W dniu 8.10.2023 o 19:25, Marcin Juszkiewicz via groups.io pisze:
I hate replying to myself after half a year of not seeing any answer. So
added some people from repo to Cc:
Can someone point me to documentation on how to use ACPI table
generators and ConfigurationManagerProtocol?
https://g
Hi experts,
On Fri, Apr 12, 2024 at 03:25:56PM +0800, Lee, Chun-Yi wrote:
> From: Chun-Yi Lee
>
> RISC-V ovmf used VirtualRealTimeClockLib but the default epoch is a
> compilation time. It causes that the RISC-V ovmf binary image is NOT
> reproducible.
>
> This patch added the support of SOURCE
From: Chun-Yi Lee
RISC-V ovmf used VirtualRealTimeClockLib but the default epoch is a
compilation time. It causes that the RISC-V ovmf binary image is NOT
reproducible.
This patch added the support of SOURCE_DATE_EPOCH by printenv command.
If SOURCE_DATE_EPOCH be found then we use it as BUILD_EP
Hi Gerd,
Thanks,
Chao
On 2024/3/15 17:22, Gerd Hoffmann wrote:
On Mon, Mar 11, 2024 at 02:39:02AM -0700, Chao Li wrote:
This Library is used to collect APs resources, but is currently NULL
for OvmfPkg, because it is not used by the LoongArch virtual machine.
What is the point of having this l
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4735
When change callback action from FORM_OPEN to RETRIEVE, it is observed
that NVNE disks will not be displayed when the user enters the formset
at the first time. Revisit the formset can see the update.
1. Add HiiUpdateForm() to force reparsi
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4735
Should not call HiiGetBrowserData() and HiiSetBrowserData() in FORM_OPEN
call back function.
Those APIs are called within OpalHiiSetBrowserData/OpalHiiGetBrowserData
which have been used by OpalHii.c.
Change callback action from FORM_OPEN t
LoongArch64 requires CpuMmio2Dxe, add it into LoongArch64 field.
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
---
UefiCpuPkg/UefiCpuPkg.dsc | 1 +
1 file changed, 1 insertion(+)
diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
index e92ceb6466..1af5a0
Added LoongArch64 CPU driver into CpuDxe.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4734
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
Co-authored-by: Baoqi Zhang
Co-authored-by: Dongyan Qian
Acked-by: Gerd Hoffmann
---
UefiCpuPkg/CpuDxe/CpuDxe.inf
Added LoongArch multiprocessor initialization instance into MpInitLib.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4734
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
Acked-by: Gerd Hoffmann
Reviewed-by: Ray Ni
---
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |
On a multi-processor system, if the BSP dose not know how many APs are
online or cannot wake up the AP via broadcast, it can collect AP
resouces before wakeing up the AP and add a new HOB to save the
processor resouces.
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
---
.
Add a new base library named CpuMmuLib and add a LoongArch64 instance
with in the library.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4734
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
Co-authored-by: Baoqi Zhang
Co-authored-by: Dongyan Qian
Co-authored-by: Xia
Added PcdLoongArchExceptionVectorBaseAddress use for storing the CPU
exception vector base address. This PCD can be populated at build time
or changed at runtime, and is used only by LoongArch.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4734
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Add a new header file CpuMmuLib.h, whitch is referenced from
ArmPkg/Include/Library/ArmMmuLib.h. Currently, only support for
LoongArch64 is added, and more architectures can be accommodated in the
future.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4734
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Ger
Added LoongArch exception handler into CpuExceptionHandlerLib.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4734
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
Co-authored-by: Baoqi Zhang
Acked-by: Gerd Hoffmann
Reviewed-by: Ray Ni
---
.../DxeCpuExceptionHandler
Add the LoongArch64 CPU Timer instance to CpuTimerLib, using CPUCFG 0x4
and 0x5 for Stable Counter frequency.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4734
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
Acked-by: Gerd Hoffmann
Reviewed-by: Ray Ni
---
.../Libr
Some of the order is not in alphabetical, reorder.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4726
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
Acked-by: Gerd Hoffmann
Reviewed-by: Ray Ni
---
UefiCpuPkg/CpuDxe/CpuDxe.inf | 16
1 file changed,
Some of the order is not in alphabetical, reorder.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4726
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
Acked-by: Gerd Hoffmann
Reviewed-by: Ray Ni
---
UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 29 ++--
Some of the order is not in alphabetical, reorder.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4726
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
Acked-by: Gerd Hoffmann
Reviewed-by: Ray Ni
---
.../DxeCpuExceptionHandlerLib.inf | 20 +---
Some of the order is not in alphabetical, reorder.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4726
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Chao Li
Acked-by: Gerd Hoffmann
Reviewed-by: Ray Ni
---
UefiCpuPkg/Library/CpuTimerLib/BaseCpuTimerLib.inf | 2 +-
1 file c
This patch set adjusted some order in UefiCpuPig alphabetically, added
LoongArch libraries and drivers into UefiCpuPkg, it is a continuation of
the first patch series v8 submitted at
https://edk2.groups.io/g/devel/message/114526.
And also separated from https://edk2.groups.io/g/devel/message/11658
This patch set adjusted some order in UefiCpuPig alphabetically, added
LoongArch libraries and drivers into UefiCpuPkg, it is a continuation of
the first patch series v8 submitted at
https://edk2.groups.io/g/devel/message/114526.
And also separated from https://edk2.groups.io/g/devel/message/11658
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731
TCG2 configuration UI shows all the hash algorithms that TPM hardware
supports in the checkbox. If user only selects one algorithm that is
supported by TPM hardware but not supported by BIOS and uncheck the
others, the SyncPcrAllocationsAndP
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731
V1:
The patch is to hide BIOS unsupported hash algorithm from UI to avoid user to
the select wrong hash algorithm which may cause an assert.
V2:
Rename BiosHashAlgBitmap to Tcg2HashAlgBitmap to avoid confusion. Beacuse it
not legacy BIOS
Hi Jiewen,
As you comment, I'll split them into two patch and upload later.
And here is the test I've done for the patch.
1. Enter and exit Opal setup main menu and sub-menu disk info page, and make
sure no latency issue is observed.
2. Set password for Opal device and check boot successfully whe
76 matches
Mail list logo
