diff options
| author | Gerd Hoffmann <kraxel@redhat.com> | 2024-04-22 12:47:27 +0200 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-04-22 13:05:21 +0000 |
| commit | ddc43e7a41fac5b1dc93b1d0bb1e71319acfba4e (patch) | |
| tree | b24aa5a2ed02e410dfacf3bfb35f5faa6c6d8ac4 /OvmfPkg/VirtHstiDxe/VirtHstiDxe.h | |
| parent | 538b8944c1befbd5ed8b7723c52085242ff780b1 (diff) | |
| download | edk2-ddc43e7a41fac5b1dc93b1d0bb1e71319acfba4e.zip edk2-ddc43e7a41fac5b1dc93b1d0bb1e71319acfba4e.tar.gz edk2-ddc43e7a41fac5b1dc93b1d0bb1e71319acfba4e.tar.bz2 | |
OvmfPkg/VirtHstiDxe: add varstore flash check
Detects qemu config issue: vars pflash is not in secure mode (write
access restricted to smm). Applies to Q35 with SMM only.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Diffstat (limited to 'OvmfPkg/VirtHstiDxe/VirtHstiDxe.h')
| -rw-r--r-- | OvmfPkg/VirtHstiDxe/VirtHstiDxe.h | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.h b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.h index cf0d77f..ceff41c 100644 --- a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.h +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.h @@ -6,7 +6,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define VIRT_HSTI_SECURITY_FEATURE_SIZE 2
-#define VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK BIT0
+#define VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK BIT0
+#define VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH BIT1
typedef struct {
// ADAPTER_INFO_PLATFORM_SECURITY
@@ -65,3 +66,16 @@ VOID VirtHstiQemuPCVerify (
VOID
);
+
+/* Flash.c */
+
+#define QEMU_FIRMWARE_FLASH_UNKNOWN 0
+#define QEMU_FIRMWARE_FLASH_IS_ROM 1
+#define QEMU_FIRMWARE_FLASH_IS_RAM 2
+#define QEMU_FIRMWARE_FLASH_READ_ONLY 3
+#define QEMU_FIRMWARE_FLASH_WRITABLE 4
+
+UINT32
+VirtHstiQemuFirmwareFlashCheck (
+ UINT32 Address
+ );
|