On Mon, 18 Oct 2021 at 22:51, Jeremy Linton wrote:
>
> From: Jeremy Linton
>
> This set is a few patches I've been collecting to fix minor issues I've seen
> while debugging other problems, or just various things I think should probably
> be changed. It also includes the patch to adjust the PCIe/
Add build test for OvmfPkg/Bhyve.
Signed-off-by: Gerd Hoffmann
---
.../.azurepipelines/Ubuntu-GCC5.yml | 9 +
OvmfPkg/PlatformCI/BhyveBuild.py | 37 +++
2 files changed, 46 insertions(+)
create mode 100644 OvmfPkg/PlatformCI/BhyveBuild.py
diff --git
Building grub.efi for AmdSev is difficult because it depends on patches
not yet merged to upstream grub. So shortcut the grub build by simply
creating an empty grub.efi file. That allows to at least build-test the
AmdSev variant.
Signed-off-by: Gerd Hoffmann
---
OvmfPkg/PlatformCI/AmdSevBuild.
Gerd Hoffmann (6):
OvmfPkg/PlatformCI: factor out PlatformBuildLib.py
OvmfPkg/PlatformCI: add QEMU_SKIP
OvmfPkg/PlatformCI: add BhyveBuild.py
OvmfPkg/PlatformCI: add MicrovmBuild.py
OvmfPkg/PlatformCI: add AmdSevBuild.py
OvmfPkg/PlatformCI: dummy grub.efi for AmdSev
.../.azurepipel
Move SettingsManager and PlatformBuilder classes to PlatformBuildLib.py
file, keep only CommonPlatform class in PlatformBuild.py. Allows
reusing these classes for other builds. Pure code motion, no functional
change.
Signed-off-by: Gerd Hoffmann
---
OvmfPkg/PlatformCI/PlatformBuild.py
Add build test for OvmfPkg/AmdSev.
Signed-off-by: Gerd Hoffmann
---
.../.azurepipelines/Ubuntu-GCC5.yml | 10 +
OvmfPkg/PlatformCI/AmdSevBuild.py | 37 +++
2 files changed, 47 insertions(+)
create mode 100644 OvmfPkg/PlatformCI/AmdSevBuild.py
diff --gi
Add build test for OvmfPkg/Microvm.
Signed-off-by: Gerd Hoffmann
---
.../.azurepipelines/Ubuntu-GCC5.yml | 10 +
OvmfPkg/PlatformCI/MicrovmBuild.py| 37 +++
2 files changed, 47 insertions(+)
create mode 100644 OvmfPkg/PlatformCI/MicrovmBuild.py
diff --
Skip the qemu boot test in case QEMU_SKIP is set to true.
Signed-off-by: Gerd Hoffmann
---
OvmfPkg/PlatformCI/PlatformBuildLib.py | 5 +
1 file changed, 5 insertions(+)
diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py
b/OvmfPkg/PlatformCI/PlatformBuildLib.py
index 90ac0b29a892..bfef9849
Hi Khasim,
2 minor comments:
On 10/10/21 19:29, Khasim Mohammed via groups.io wrote:
> This patch creates Dsdt.asl, SsdtPci.asl and SsdtRemotePci.asl files
> to provide the platform specific APCI table entries.
>
> Three PCI root ports are available on N1Sdp, PCI0 is the default root port
> PCI1
Thanks Gerd. I like the idea to add more platforms to CI.
Series: Acked-by: Jiewen Yao
I am not CI person. We need CI expert to review the detail.
Thank you
Yao Jiewen
> -Original Message-
> From: Gerd Hoffmann
> Sent: Tuesday, October 19, 2021 4:08 PM
> To: devel@edk2.groups.io
> Cc:
Hi Khasim,
2 minor comments,
On 10/10/21 19:29, Khasim Mohammed via groups.io wrote:
> The dynamic tables framework utilizes the configuration manager
> protocol to get the platform specific information required for
> building the firmware tables.
>
> The configuration manager is a platform speci
Hi Khasim,
On 10/10/21 19:29, Khasim Mohammed via groups.io wrote:
> This patch enables ACPI tables and configuration manager for N1SDP
>
> Signed-off-by: Sami Mujawar
> Signed-off-by: Khasim Syed Mohammed
> ---
> Platform/ARM/N1Sdp/Include/N1SdpAcpiHeader.h | 35
> Platfor
SystemTableInfo GUID is not a Spec defined GUID.
The latest CBL and SBL produces ACPI and SMBIOS table information
according to the Spec.
So removing the SystemTableInfo GUID implementation.
Cc: Maurice Ma
Cc: Guo Dong
Cc: Ray Ni
Cc: Benjamin You
Cc: Zhiguang Liu
Signed-off-by: Guo Dong
Sig
On Tue, 19 Oct 2021 at 10:21, Yao, Jiewen wrote:
>
> Thanks Gerd. I like the idea to add more platforms to CI.
> Series: Acked-by: Jiewen Yao
>
Agreed.
For the series,
Acked-by: Ard Biesheuvel
> I am not CI person. We need CI expert to review the detail.
>
> Thank you
> Yao Jiewen
>
> >
This is the patch set to incorporate opensbi v0.9 with edk2
RISC-V port. There are many architecture changes to compliant
with the RISC-V SBI implementation (opensbi) and also provide the
flexibility to OEM platform.
Below is the summary of major changes. You can also refer to patch (1/31)
to unde
The library to provide the platform PPI descriptors in
PEI core entry before executing PEI core.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../RISC-V/PlatformPkg/RiscVPlatformPkg.dsc | 2 ++
.../PlatformSecPpiLibNull.inf | 36 +++
.../
Incorporate with opensbi to create three firmware domains,
- Boot firmware domain, which built with opensbi library as
M-mode access only region.
- Firmware domain which includes PEI and DXE regions, the
PMP attribute is readable, wriable and executable.
- EFI Variable region which is readable
- Add RISC-V PeiCoreEntryPoint library that incorporates with
opensbi next phase switching mechanism.
- Use RiscVFirmwareContext library to get the pointer of
opensbi FirmwareContext.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../RISC-V/PlatformPkg/RiscVPlatformPkg.
1. Use RISC-V PeiCoreEntryPoint library instance for opensbi
to switch to the next phase with arg0 as HART Id and arg1
as the SEC to PEI handoff data.
2. Introduce EDK2 opensbi platform operation functions.
With this, OEM can has its won platform initialization code
before and/or after
Add CLINT to Device Tree on U540 platform for
M-mode timer and IPI.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../DeviceTree/fu540-c000.dtsi| 591 +-
1 file changed, 304 insertions(+), 287 deletions(-)
diff --git
a/Platform/SiFive/U5Ser
Provide PlatormSecPpiLib instance for U540
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../FreedomU540HiFiveUnleashedBoard/U540.dsc | 1 +
.../PlatformSecPpiLib/PlatformSecPpiLib.inf | 43 +
.../PlatformSecPpiLib/PlatformSecPpiLib.c | 148 ++
This is the library instance to provide platform_override for the
special RISC-V platform. This module incorporates with
OpensbiPlatformLib and RISC-V Opensbi library.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../RISC-V/ProcessorPkg/RiscVProcessorPkg.dec | 1 +
.../RI
CoreInfoHob uses RiscVFirmwareContextLib to get the
pointer of FirmwareContext.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../Library/PeiCoreInfoHobLib/PeiCoreInfoHobLib.inf | 3 ++-
Silicon/SiFive/U54/Library/PeiCoreInfoHobLib/CoreInfoHob.c | 6 +++---
2 files
Use PlatformSecPpiLib to get PPI descriptor and
remove PPI descriptor related code from SEC.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../PeiCoreEntryPoint/PeiCoreEntryPoint.inf | 1 +
.../PlatformPkg/Universal/Sec/SecMain.inf | 4 -
.../PlatformPkg/Universal/S
Remove platform code from generic OpensbiPlatfomLib.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../Library/OpensbiPlatformLib/Platform.c | 25 ++-
1 file changed, 7 insertions(+), 18 deletions(-)
diff --git a/Platform/RISC-V/PlatformPkg/Library/Open
Remove Null instance of OpensbilatformLibNull,
OpensbilatformLib is the generic one for RsicVPlatformPkg.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../RISC-V/PlatformPkg/RiscVPlatformPkg.dsc | 2 +-
.../OpensbiPlatformLibNull.inf| 38 --
This is the generic library for all RISC-V platforms. Remove
the dependencies of SiFive U540 platform.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../OpensbiPlatformLib/OpensbiPlatformLib.inf | 3 +-
.../OpensbiPlatformLib/PlatformOverride.h | 30
.../L
Initial hart index to Id array by invoking OpenSBI
fw_platform_init function.
Introduce PcdBootableHartIndexToId PCD which could be
used to overwrite the hart_index2Id arrary built
from Devie tree according to platform demand.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
Rename RiscVSpecialPlatformLib to RiscVSpecialPlatformLibNull
because this is the NULL instance for RiscVPlatformPkg.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
Platform/RISC-V/PlatformPkg/RiscVPlatformPkg.dsc | 4 ++--
.../RiscVSpecialPlatformLibNull.inf}
Only use four harts on U540 reference code. This
overwrites the bootable harts declared in Device Tree.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../FreedomU540HiFiveUnleashedBoard/U540.fdf.inc| 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
di
Add SortLib to run ram disk. Need to override generic library.
Cc: Daniel Schaefer
Cc: Sunil V L
Signed-off-by: Daniel Schaefer
---
.../U5SeriesPkg/FreedomU540HiFiveUnleashedBoard/U540.dsc | 3 +++
1 file changed, 3 insertions(+)
diff --git
a/Platform/SiFive/U5SeriesPkg/FreedomU540HiF
Provide platform_override of U540 platform.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../FreedomU540HiFiveUnleashedBoard/U540.dsc | 1 +
.../RiscVSpecialPlatformLib.inf | 36
.../RiscVSpecialPlatformLib/SifiveFu540.c | 56 ++
Update opensbi library to a731c7e36988c3308e1978ecde491f2f6182d490,
which is based on v0.9.
Cc: Daniel Schaefer
Cc: Sunil V L
Signed-off-by: Daniel Schaefer
---
Silicon/RISC-V/ProcessorPkg/Library/RiscVOpensbiLib/opensbi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Sili
Check Coldboot or Warmboot hart in SEC OpenSBI platform function.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../RISC-V/PlatformPkg/Universal/Sec/SecMain.c| 15 ++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/Platform/RISC-V/PlatformPkg/
Remove hart count check because the bootable hart count
may be varied according to the harts declared in Device
tree and PcdBootableHartNumber PCD.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../U5SeriesPkg/Library/PeiCoreInfoHobLib/CoreInfoHob.c | 9 +
1 file c
Create library instances of reading Machine mode timer.
- MacineModeTimerLib is used to read mtime CSR through
platfrom library.
- EmulatedMacineModeTimerLib is used to read mtime CSR
through shadow CSR.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../RISC-V/Processor
Use mtime CSR library interface to access mtime
CSR in Timer DXE driver.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../FreedomU540HiFiveUnleashedBoard/U540.dsc | 2 ++
.../Universal/Dxe/TimerDxe/TimerDxe.inf| 1 +
.../U5SeriesPkg/Universal/Dxe/TimerD
Remove global variable from SerialPortLib because this
module is not necessarily executed in memory.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../SiFive/U5SeriesPkg/Include/SifiveU5Uart.h | 1 +
.../Library/SerialIoLib/SerialPortLib.c | 58 +++
2
Code changes to incorporate with OpenSBI commit ID:
a731c7e36988c3308e1978ecde491f2f6182d490
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../OpensbiPlatformLib/OpensbiPlatformLib.inf | 10 +-
.../PlatformPkg/Universal/Sec/SecMain.inf | 4 +
.../Library/OpensbiPlatf
Separate EDK2 Opensbi platform operations hooks from
Secmain as an individual library which can be override
by OEM platform.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../RISC-V/PlatformPkg/RiscVPlatformPkg.dec | 1 +
.../RISC-V/PlatformPkg/RiscVPlatformPkg.dsc |
Add more comments to SecMain.c
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
Platform/RISC-V/PlatformPkg/Universal/Sec/SecMain.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/Platform/RISC-V/PlatformPkg/Universal/Sec/SecMain.c
b/Platform/RISC
Determine total number of hart from DTB instead of
using PCD.
Signed-off-by: Abner Chang
Cc: Daniel Schaefer
Cc: Sunil V L
---
.../U540.fdf.inc | 1 -
.../OpensbiPlatformLib/OpensbiPlatformLib.inf | 3 -
.../PlatformPkg/Universal/Sec/SecMain.inf | 1 -
.../P
Use mtime CSR library interface to access mtime
CSR.
Cc: Sunil V L
Cc: Daniel Schaefer
Signed-off-by: Abner Chang
---
.../Library/RiscVTimerLib/BaseRiscVTimerLib.inf | 3 ++-
Silicon/RISC-V/ProcessorPkg/Universal/CpuDxe/CpuDxe.inf | 1 +
.../ProcessorPkg/Library/RiscVTimerLib/
Add PCI CpuIo protocol to RISC-V.
Signed-off-by: Abner Chang
Cc: Daniel Schaefer
Cc: Sunil V L
---
.../RISC-V/ProcessorPkg/RiscVProcessorPkg.dsc | 1 +
.../Universal/PciCpuIo2Dxe/PciCpuIo2Dxe.inf | 47 ++
.../Universal/PciCpuIo2Dxe/PciCpuIo2Dxe.c | 554 ++
3 files chan
Hi Jiewen,
I will start providing the feedback for this series starting today.
I may need some help to understand the sequence of the various patch series
that enable this feature and would be grateful if you could point me to a
Github branch that I can refer.
Regards,
Sami Mujawar
On 18/10
From: Pierre Gondois
Bugzilla: 3259 (https://bugzilla.tianocore.org/show_bug.cgi?id=3259)
The Platform/ARM/ARM.dec file implies that the Platform/ARM/ folder is
a package. This folder however hosts other packages describing
platforms (JunoPkg, SgiPkg, ...) and packages describing drivers
(BootMo
From: Pierre Gondois
The Platform/ARM/ARM.dec file implies that the Platform/ARM/ folder
is a package. This folder however hosts other packages describing
platforms (JunoPkg, SgiPkg, ...) and packages describing drivers
(BootMonFs, FdtPlatformDxe).
As the Dec specification mention:
"EDK II Pack
From: Pierre Gondois
The Platform/ARM/ARM.dec file implies that the Platform/ARM/ folder
is a package. This folder however hosts other packages describing
platforms (JunoPkg, SgiPkg, ...) and packages describing drivers
(BootMonFs, FdtPlatformDxe).
As the Dec specification mention:
"EDK II Pack
From: Pierre Gondois
The Platform/ARM/ARM.dec file implies that the Platform/ARM folder
is a package. This folder however host other packages describing
platforms (JunoPkg, SgiPkg, ...) and packages describing drivers
(BootMonFs, FdtPlatformDxe).
As the Dec specification mention:
"EDK II Packag
From: Pierre Gondois
The Platform/ARM/ARM.dec file implies that the Platform/ARM/ folder
is a package. This folder however hosts other packages describing
platforms (JunoPkg, SgiPkg, ...) and packages describing drivers
(BootMonFs, FdtPlatformDxe).
As the Dec specification mention:
"EDK II Pack
From: Pierre Gondois
The Platform/ARM/ARM.dec file implies that the Platform/ARM/ folder
is a package. This folder however hosts other packages describing
platforms (JunoPkg, SgiPkg, ...) and packages describing drivers
(BootMonFs, FdtPlatformDxe).
As the Dec specification mention:
"EDK II Pack
On Tue, 19 Oct 2021 at 12:25, wrote:
>
> From: Pierre Gondois
>
> Bugzilla: 3259 (https://bugzilla.tianocore.org/show_bug.cgi?id=3259)
>
> The Platform/ARM/ARM.dec file implies that the Platform/ARM/ folder is
> a package. This folder however hosts other packages describing
> platforms (JunoPkg,
Hi Ard,
On 10/19/21 12:17, Ard Biesheuvel wrote:
> On Tue, 19 Oct 2021 at 12:25, wrote:
>> From: Pierre Gondois
>>
>> Bugzilla: 3259 (https://bugzilla.tianocore.org/show_bug.cgi?id=3259)
>>
>> The Platform/ARM/ARM.dec file implies that the Platform/ARM/ folder is
>> a package. This folder howeve
Hi Min, Jiewen,
Thank you for this patch.
I think the protocol definition can be made architecturally neutral with
a few modifications marked inline as [SAMI].
I am fine with renaming the protocol to either
EFI_TEE_MEASUREMENT_PROTOCOL or EFI_CCAM_PROTOCOL. Similarly, some of
the data struc
Hi Min, Jiewen,
Thank you for this patch.
I think this patch would need updating based on the changes done to
patch 1/3.
Other than that I have some general feedback marked inline as [SAMI].
Regards,
Sami Mujawar
On 08/10/2021 06:21 AM, Min Xu via groups.io wrote:
BZ: https://bugzilla.ti
Hi Min, Jiewen,
I believe this patch would need updating based on the changes done to
patch 1/3 to make the measurment protocol architecture neutral. Other
than that the code changes in this patch look good to me.
Regards,
Sami Mujawar
On 08/10/2021 06:21 AM, Min Xu via groups.io wrote:
BZ
On October 19, 2021 5:52 PM, Sami Mujawar wrote:
> I will start providing the feedback for this series starting today.
> I may need some help to understand the sequence of the various patch
> series that enable this feature and would be grateful if you could point me to
> a Github branch that I can
On 10/18/21 1:01 AM, Gerd Hoffmann wrote:
> Hi,
>
>> The MEMFD range is outside of the firmware image map, MEMFD begins with
>> 0x80 [1] and in my boots I don't see it reserved in e820.
> Ah, ok.
>
>> Here is the snippet.
>>
>> [ ... ]
>> [ 0.00] BIOS-e820: [mem 0x0080-0
Good feedback. Thank you very much, Sami.
Response inline.
I proposed some naming change. Please let us know if that is OK.
Thank you
Yao, Jiewen
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Sami
> Mujawar
> Sent: Tuesday, October 19, 2021 9:21 PM
> To: devel@edk2.g
Enhance RelocateCapsuleToRam() to skip creation of the Capsule on Disk
file name capsule if PcdSupportUpdateCapsuleReset feature is not enabled.
This avoids an EFI_UNSUPPORTED return status from UpdateCapsule() when the
file name capsule is encountered and PcdSupportUpdateCapsuleReset is FALSE.
Cc
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
new hardware-based memory protections. SEV-SNP adds strong memory integrity
protection to help prevent malicious hypervisor-based attacks like data
replay, memory re-mappi
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Move all the SEV specific function in AmdSev.c.
No functional change intended.
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesh
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
In preparation for SEV-SNP support move clearing of the GHCB memory from
the ResetVector/AmdSev.asm to SecMain/AmdSev.c. The GHCB page is not
accessed until SevEsProtocolCheck() switch to full GHCB. So, the move
does not make any changes in t
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Move all the SEV specific function in AmdSev.c.
No functional change intended.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
A
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that private memory (aka pages mapped encrypted)
must be validated before being accessed.
The validation process consist of the following sequence:
1) Set the memory encryption attribute in the page table (aka C-bi
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can poten
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Create a function that can be used to determine if VM is running as an
SEV-SNP guest.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffm
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The OvmfPkgX86 build reserves memory regions in MEMFD. The memory regions
get accessed in the SEC phase. AMD SEV-SNP require that the guest's
private memory be accepted or validated before access.
Introduce a Guided metadata structure that d
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
From: Michael Roth
CPUID instructions are issued during early boot to do things like probe
for SEV support. Currently these are handled by a minimal #VC handler
that uses the MSR-based GHCB protocol to fetch the CPUID values from
the hypervisor. When SEV-SNP is enabled, use the firmware-validated
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure
that MMIO is only performed against the un-encrypted memory. If MMIO
is performed against encrypted memory, a #GP is raised.
The AmdSevDxe uses the functions provided by
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Virtual Machine Privilege Level (VMPL) feature in the SEV-SNP
architecture allows a guest VM to divide its address space into four
levels. The level can be used to provide the hardware isolated
abstraction layers with a VM. The VMPL0 is the h
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
From: Michael Roth
SEV-SNP firmware allows a special guest page to be populated with
guest CPUID values so that they can be validated against supported
host features before being loaded into encrypted guest memory to be
used instead of hypervisor-provided values [1].
Add handling for this in the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Many of the integrity guarantees of SEV-SNP are enforced through the
Reverse Map Table (RMP). Each RMP entry contains the GPA at which a
particular page of DRAM should be mapped. The guest can request the
hypervisor to add pages in the RMP ta
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the
system RAM. As the boot progress, each phase validates a fixed region of
the RAM. In the PEI phase, the PlatformPei detects all the available RAM
and calls to pre-valid
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
During the SNP guest launch sequence, a special secrets page needs to be
inserted by the VMM. The PSP will populate the page; it will contain the
VM Platform Communication Key (VMPCKs) used by the guest to send and
receive secure messages to
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
When SEV-SNP is active, a memory region mapped encrypted in the page
table must be validated before access. There are two approaches that
can be taken to validate the system RAM detected during the PEI phase:
1) Validate on-demand
OR
2) Vali
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
While initializing APs, the MpInitLib may need to know whether the
guest is running with active AMD SEV or Intel TDX memory encryption.
Add a new ConfidentialComputingGuestAttr PCD that can be used to query
the memory encryption attribute.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The VMM launch sequence should have pre-validated all the data pages used
in the Reset vector. The range does not cover the data pages used during
the SEC phase (mainly PEI and DXE firmware volume decompression memory).
When SEV-SNP is activ
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Previous commit introduced a generic confidential computing PCD that can
determine whether AMD SEV-ES is enabled. Update the MpInitLib to drop the
PcdSevEsIsEnabled in favor of PcdConfidentialComputingAttr.
Cc: Michael Roth
Cc: Ray Ni
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Version 2 of the GHCB specification added the support to query the
hypervisor feature bitmap. The feature bitmap provide information
such as whether to use the AP create VmgExit or use the AP jump table
approach to create the APs. The MpInitL
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that OvmfPkg supports version 2 of the GHCB specification, bump the
protocol version.
Cc: Michael Roth
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MpInitLib uses the ConfidentialComputingAttr PCD to determine whether
AMD SEV is active so that it can use the VMGEXITs defined in the GHCB
specification to create APs.
Cc: Michael Roth
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: Ja
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that the physical address of the GHCB must
be registered with the hypervisor before using it. See the GHCB
specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or
clear the memory encryption attribute in the page table. When SEV-SNP
is active, we also need to change the page state in the RMP table so that
it is in sync with the memo
The SetMemoryEncDec() is used by the higher level routines to set or clear
the page encryption mask for system RAM and Mmio address. When SEV-SNP is
active, in addition to set/clear page mask it also updates the RMP table.
The RMP table updates are required for the system RAM address and not
the Mm
From: Michael Roth
During AP bringup, just after switching to long mode, APs will do some
cpuid calls to verify that the extended topology leaf (0xB) is available
so they can fetch their x2 APIC IDs from it. In the case of SEV-ES,
these cpuid instructions must be handled by direct use of the GHCB
When SEV-SNP is active, the CPUID and Secrets memory range contains the
information that is used during the VM boot. The content need to be persist
across the kexec boot. Mark the memory range as Reserved in the EFI map
so that guest OS or firmware does not use the range as a system RAM.
Cc: Micha
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The initial page built during the SEC phase is used by the
MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The
page validation process requires using the PVALIDATE instruction; the
instruction accepts a virtual address of
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that both the secrets and cpuid pages are reserved in the HOB,
extract the location details through fixed PCD and make it available
to the guest OS through the configuration table.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: J
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Use the SEV-SNP AP Creation NAE event to create and launch APs under
SEV-SNP. This capability will be advertised in the SEV Hypervisor
Feature Support PCD (PcdSevEsHypervisorFeatures).
Cc: Michael Roth
Cc: Eric Dong
Cc
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Version 2 of the GHCB specification added a new VMGEXIT that the guest
could use for querying the hypervisor features. One of the immediate
users for it will be an AP creation code. When SEV-SNP is enabled, the
guest can use the newly added A
Adds optional support for processing FMP capusle images after
ExitBootServices() if the ImageTypeIdGuid is mentioned in the new
PcdRuntimeFmpCapsuleImageTypeIdGuid list.
Cc: Jian J Wang
Cc: Liming Gao
Cc: Guomin Jiang
Signed-off-by: Bob Morgan
---
.../Library/DxeCapsuleLibFmp/DxeCapsuleLib.c
Add functions ArmCallSmc0/1/2/3 to do SMC calls with 0, 1, 2 or 3
arguments.
The functions return up to 3 values.
Signed-off-by: Rebecca Cran
---
ArmPkg/Include/Library/ArmSmcLib.h | 73
ArmPkg/Library/ArmSmcLib/ArmSmc.c| 122
ArmPkg/Libra
On 9/9/21 03:09, Philippe Mathieu-Daudé wrote:
On 9/3/21 7:26 AM, Devon Bautista wrote:
The largest size flash image currently available for OVMF builds, 4MiB,
is too small to insert a Linux kernel and initramfs into the DXEFV, and
is thus insufficient for testing Linuxboot builds via OVMF.
Int
Can you rely on the PciRootBridgeIo protocol instances instead of this library?
It will make the driver usable in platforms that don't produce the
PciHostBridgeLib.
Thanks,
Rya
> -Original Message-
> From: Sheng, W
> Sent: Monday, October 18, 2021 4:43 PM
> To: devel@edk2.groups.io
> C
+ SmbiosHob.Raw = GetFirstGuidHob(&gUniversalPayloadSmbiosTableGuid);
+ if (SmbiosHob.Raw == NULL) {
+SmBiosTableHob = BuildGuidHob (&gUniversalPayloadSmbiosTableGuid, sizeof
(UNIVERSAL_PAYLOAD_SMBIOS_TABLE));
In non-universal payload, there is no gUniversalPayloadSmbiosTableGuid in UEFI
What new change is made in new version patch?
Thanks
Liming
> -邮件原件-
> 发件人: Kuo, IanX
> 发送时间: 2021年10月19日 10:09
> 收件人: devel@edk2.groups.io; Kuo, IanX ; Liming Gao
>
> 抄送: Chan, Amy ; Ni, Ray ; Wang,
> Jian J
> 主题: RE: [edk2-devel] [PATCH v6 1/3] MdeModulePkg/SortLib: Add
> QuickSort fu
Jie:
Thanks for your update. I also miss this typo. Reviewed-by: Liming Gao
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Yang Jie
> 发送时间: 2021年10月19日 11:11
> 收件人: devel@edk2.groups.io
> 抄送: gaolim...@byosoft.com.cn; michael.d.kin...@intel.com;
> guomin.ji...@intel.com; wei6...
1 - 100 of 115 matches
Mail list logo
