| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Kvmtool always generates a PCI host device tree node. Thus PCI related
ACPI tables are always generated. Rely on the presence of PCI devices
in the interrupt-map information instead.
Reported-by: Sarah Walker <sarah.walker2@arm.com>
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
|
kvmtool advertises 4 serial ports. The DynamicTablesPkg advertises:
- the first port as the console port / SPCR table
- the second port as the debug port / DBG2 table
- the other ports are currently ignored
Advertise the last 2 serial port to the OS by describing them in SSDT
tables. New serial devices can be seen at:
Before patch:
$ ls /sys/devices/pnp0
00:00 00:01 00:02 power uevent
After patch:
$ ls /sys/devices/pnp0
00:00 00:01 00:02 00:03 00:04 power uevent
The EStdAcpiTableIdSsdtSerialPort entry is placed before the
last 3 PCI related tables as they might be dynamically removed
depending on kvmtool parameters.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
|
Add reviewers for the TPM2 code under SecurityPkg/
related to SVSM vTPM.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
Switch over to Tpm2InstanceLibDTpmSvsm as the Tpm2 implementation to
support vTPMs provided by an SVSM.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
SEV-SNP provides a feature known as VM Privilege Level (VMPL), which
allows for services to be run in the guest at different privilege
levels. By running at VMPL0 (most privileged VM level), the SVSM can be
used to provide privileged services, e.g. a virtual TPM, for the guest
rather than trust such services from the hypervisor.
This patch adds a DTpm driver to communicate with a virtual TPM running
in the SVSM. The driver follows the vTPM protocol documented in the SVSM
specification.
SVSM vTPM functionality is available as new device and instance
libraries, which can be consumed optionally, keeping changes to the
regular TPM implementation minimal.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Co-authored-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
A some of functions implemented in Tpm2Ptp.c are forward declared in a
couple of places. To clean this up, introduce a header that contains
these declarations in a central place and use it instead.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
Fix some spelling/grammar mistakes in the documentation comments.
Suggested-by: Dionna Glaze <dionnaglaze@google.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
As described in the SVSM specification, guest components can call to the
SVSM vTPM through the vTPM protocol (protocol-id 2).
The SVSM vTPM protocol follows the Microsoft TPM Simulator interface
(MSSIM) and supports two services:
- SVSM_VTPM_QUERY (call-id 0): query MSSIM commands and vTPM features
supported.
- SVSM_VTPM_CMD (call-id 1): send a MSSIM command to be run by the vTPM
and get the result.
This patch adds support for SVSM_VTPM_QUERY and SVSM_VTPM_CMD to invoke
a SVSM when the guest is running at VMPL0.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Co-authored-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
Add call numbers for the SVSM vTPM protocol, as defined in the "Secure
VM Service Module for SEV-SNP Guests" Publication # 58019 Revision: 1.00
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
We need to stub the SVSM vTPM protocol in the UefiCpuPkg in order to
support a SEV-SNP guest running under a SVSM at VMPL1 or lower.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Co-authored-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
Make use of the named protocol and call constants for SVSM
communication.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
Add protocol and call numbers as defined in the "Secure VM Service
Module for SEV-SNP Guests" Publication # 58019 Revision: 1.00
https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58019.pdf
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
Periodically, mergify rebase operations will fail because
an account is selected to perform the rebase that does
not have permissions to do the rebase.
Insetad, use the tianocore-issues account to perform the
rebase operation.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
For AARCH64 using StandaloneMmPkg, gMmCommBufferHobGuid will not exist.
Aarch64 makes use of their own Root MmiHandler that will get the
communication buffer out of a separate buffer, and will call
MmiMange directly with the information.
For x64, where gMmCommBufferHobGuid is expected to be supplied
in the hob list passed to StandaloneCore, if the hob does not
exist, print out a debug message describing the failure scenario.
Its important to note that a mising gMmCommBufferHobGuid will
mean non-root MmiHandlers will not be dispatched in the x64
scenario, but that root MmiHandlers will still be dispatched.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Co-authored-by: Aaron Pop <aaronpop@microsoft.com>
|
|
There are duplicate library function names between 2 Unit Test libraries
(UnitTestPeiServicesTablePointerLib and UnitTestUefiBootServicesTableLib).
There are 3 functions (UnitTestAllocatePages, UnitTestAllocatePool and
UnitTestFreePage). This update avoids the duplication and prevents a build
error when building a Unit Test application that links the libraries based
on UnitTestFrameworkPkg.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
|
|
Prior to this change, OVMF considers opt/ovmf/X-PciMmio64Mb the
minimum aperture size, allowing us to force the window to be larger
but not smaller than what PlatformDynamicMmioWindow calculates.
Adjust OVMF so that a smaller value for the aperture is honored.
Context:
Due to an inefficiency in the way older host kernels manage
pfnmaps for guest VM memory ranges [0], guests with large-BAR
GPUs passed-through have a very long (multiple minutes) initialization
time when the MMIO window advertised by OVMF is sufficiently sized for
the passed-through BARs (i.e., the correct OVMF behavior). However, on
older distro series such as Ubuntu Jammy, users have benefited from fast
guest boot times when OVMF advertised an MMIO window that was too small
to accommodate the full BAR, since this resulted in the long PCI initialization
process being skipped (and retried later, if pci=realloc pci=nocrs were set).
While the root cause is being fully addressed in the upstream kernel [1],
the solution relies on huge pfnmap support, which is a substantial series
with many ABI changes that is unlikely to land in many LTS and legacy distro kernels,
including those of Ubuntu Noble. As a result, the only kernel improvement
supported on those kernels is this patch [2], which reduces the extra boot
time by about half. Unfortunately, that boot time is still an average of
1-3 minutes longer per-VM-boot than what can be achieved when the host is
running a version of OVMF without PlatformDynamicMmioWindow (PDMW) support
(introduced in [3])
Since there is no way to force the use of the classic MMIO window size[4]
in any version of OVMF after [3], and since we have a use case for such
functionality on legacy distro kernels that would yield significant,
recurring compute time savings across all impacted VMs, this change to
this knob's behavior seems appropriate.
[0]: https://lore.kernel.org/all/CAHTA-uYp07FgM6T1OZQKqAdSA5JrZo0ReNEyZgQZub4mDRrV5w@mail.gmail.com/
[1]: https://lore.kernel.org/all/20250205231728.2527186-1-alex.williamson@redhat.com/
[2]: https://lore.kernel.org/all/20250111210652.402845-1-alex.williamson@redhat.com/
[3]: ecb778d
[4]: https://edk2.groups.io/g/devel/topic/109651206?p=Created,,,20,1,0,0
Signed-off-by: Mitchell Augustin <mitchell.augustin@canonical.com>
|
|
When FDT based DTB is parsed, variables mPciRootBridgeInfo and
mUplPciSegmentInfoHob are always dereferenced. If there is no PCI
RB Bridge info or RB Segment info provided in FDT, it leads to
NULL pointer dereferenced.
To address this issue, parse PCI RB and Segment information only
when they are available at FDT. If they are unavailable, skip it
and allow the PciBusDxe and PciHostBridgeDxe to handle them.
Signed-off-by: Ajan Zhong <ajan.zhong@newfw.com>
|
|
- In the commit 42a141800c0c26a09d2344e84a89ce4097a263ae
there was a misuse of "is_dir" method.
- Treating it as an object rather than function call,
which caused if-condition to always as "false".
- No files would be added to scanning list due to incorrect usage.
- This patch corrects the issue by properly using "is_dir()".
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
|
|
- This patch is intended to fix the debug macro issue reported from
the Debug Macro Checking.
- Remove the redundant comma between two debug message string.
Signed-off-by: Jason1 Lin <jason1.lin@intel.com>
|
|
Introduce gUiAppFileGuid: it has the same value of UiApp guid defined in
the .inf file. This is used to register UiApp as a boot entry in the
BootManagerMenu.
This registration is done in PlatformBootManagerBeforeConsole because
it must be done before the hotkeys are registered. This is because
in a system with hotkeys still bound to UiApp, but with firmware disabled,
you can still boot into the latter by hitting ESC or F2 during boot.
UiApp can be enabled/disabled using fw_cfg option FirmwareSetupSupport
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
|
|
Setting the LOAD_OPTION_CATEGORY_APP flag for EFI Shell prevents the
boot loader from using it as a fallback if all other entries fail to
boot.
With a boot manager menu available, it can be annoying to enter the EFI
Shell directly, because from the menu, the user can try to boot again
(e.g. temporary network problem) or enter the shell/firmware config only
if necessary.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
|
|
This is part of the effort to enable/disable firmware configuration
(UiApp) from the QEMU CLI.
Because the UiApp can be disabled at runtime and it's currently the
default BootManagerMenu, change the default from UiApp to
BootManagerMenuApp.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
|
|
Add BootManagerMenuApp to all OvmfPkg dependencies.
To make UiApp optional, switch from UiApp to BootManagerMenuApp
as default BootManagerMenu.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
|
|
Reserve a new device type ID for Virtio MMIO devices intended to be used by
the Secure VM Service Module (SVSM).
Coconut SVSM will be using a Virtio-Blk device via the MMIO transport to
persist state, when running under Qemu. The guest OS shall not try to use the device.
The HardwareInfoLib is an ideal channel to communicate the device
information to the SVSM, due to its simplicity and flexibility to
include arbitrary information, and since it does not interfere with
regular hardware configuration mechanisms of the guest OS.
This device type is intended for the SVSM only and no code is added
to EDK2 that makes use of it.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
Relocate StaToken detection and _STA method generation logic
within the loop for each processor object.
Signed-off-by: Abdul Lateef Attar <AbdulLateef.Attar@amd.com>
|
|
Transfer Ray's Reviewer role on BDS/Disk modules to Dandan.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
|
|
After a failed capsule updated it returns 0 and not Status failure.
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Javier Tia <javier.tia@linaro.org>
|
|
- Add HTTP CONNECT flow to connect to Proxy Server
- Provide Proxy URL to HTTP GET/HEAD Requests
Implementation based on UEFI Specification v2.11
- Section 24.7.10 to use HTTP CONNECT method to connect to Proxy
Server and use it to forward the HEAD/GET request to Endpoint Server's
BootURI.
- Section 29.6.6 to use EFI_HTTP_CONNECT_REQUEST_DATA structure for
HttpMethodConnect usage in EFI_HTTP_PROTOCOL.Request()
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
Update HTTP Boot Start/Stop to handle ProxyUri
Implementation based on UEFI Specification v2.11 section 24.7.10 to
use HTTP CONNECT method to connect to Proxy Server and use it to
forward the HEAD/GET request to Endpoint Server's BootURI.
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
Update device path parser to detect device path with Proxy URI
Implementation based on UEFI Specification v2.11 Section 24.7.3.1
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
Update HTTP_BOOT_PRIVATE_DATA structure to include ProxyUri
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
Update library to handle HTTP Boot device paths with Proxy URI
Implementation based on UEFI Specification v2.11 Section 24.7.3.1
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
Build boot option with HII provided ProxyUri by utilizing URI
validation path in HII callback for ProxyUri.
Implementation based on UEFI Specification v2.11 Section 24.7.3.1 to
use device path with ProxyURI included
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
Add Proxy URI field to HTTP Boot HII
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
1. In EfiHttpRequest():
a) Decision to use HTTPS in HTTP CONNECT is based on Proxy URL.
b) Support PUT/POST with no headers when connected to proxy.
2. In HttpConnectTcp4/6():
a) Add new argument to provide new TLS session establishment indication
(TlsConfigure).
a) Create HTTP connection only when not connected to proxy.
b) Do not create new HTTP connection when client is connected to proxy.
3. In HttpInitSession(), pass TlsConfigure to HttpConnectTcp4 calls.
4. In TlsConfigureSession(), when connected to proxy, use recorded
endpoint's host name for TLS VerifyHost.
Implementation based on UEFI Specification v2.11 section 24.7.10 to
use HTTP CONNECT method to connect to Proxy Server and use it to
forward the HEAD/GET request to Endpoint Server's BootURI.
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
1. Store information in HttpInstance.
a) Proxy URL from last HTTP CONNECT request (ProxyUrl) and its length
(ProxyUrlLen).
b) State of connection to proxy server (ProxyConnected) - TRUE after
HTTP CONNECT success.
c) Host name extracted from endpoint URL (EndPointHostName).
2. Modified EfiHttpRequest() flow to handle HTTP CONNECT request.
a) Treating request's URL as "endpoint URL". In case of HTTP CONNECT
request, directing it to Proxy URL with Host set to "endpoint URL".
3. Added PrintLib instance to cover AsciiSPrint() call.
Implementation based on UEFI Specification v2.11
- Section 24.7.10 to use HTTP CONNECT method to connect to Proxy
Server and use it to forward the HEAD/GET request to Endpoint
Server's BootURI.
- Section 29.6.6 to use EFI_HTTP_CONNECT_REQUEST_DATA structure
for HttpMethodConnect usage in EFI_HTTP_PROTOCOL.Request()
Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
|
Introduce EFI_HTTP_CONNECT_REQUEST_DATA structure to handle HTTP
CONNECT requests
Implementation based on UEFI Specification v2.11 Section 29.6.6
Added EFI_HTTP_CONNECT_REQUEST_DATA structure for HttpMethodConnect
usage in EFI_HTTP_PROTOCOL.Request()
Signed-off-by: Saloni Kasbekar <saloni.kasbear@intel.com>
|
|
Add structures for the ACPI table CEDT as defined in the CXL 3.0
specification
Signed-off-by: Nick Graves <nicholasgraves@google.com>
|
|
edk2's PRM Data Buffer Signature is 'PRMD', however
PRM spec 1.0 section 4.2.1 Static Data Buffer indicates
that the signature should be 'PRMS'.
This commit aligns edk2's signature definition with the spec.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
|
|
This is regarding PRM modules that are describing MMIO ranges.
When PrmConfigDxe is calling GetMemorySpaceDescriptor() with
a memory range that is visible to the boot processor but has
not been added to the memory map GetMemorySpaceDescriptor()
will return EFI_SUCCESS and then return a memory descriptor
indicating that the region is non-existent. This causes
SetRuntimeMemoryRangeAttributes() to believe that the region
has already been added to the memory map and will eventually
cause an ASSERT.
This PR allows for SetRuntimeMemoryRangeAttributes() to treat
a non-existent MMIO range the same as a range that triggered
a EFI_NOT_FOUND error response from GetMemorySpaceDescriptor().
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
|
|
Removing Chinni from maintainer list of IntelFsp2Pkg and
IntelFsp2WrapperPkg.
Signed-off-by: Aravind P R <aravind.p.r@intel.com>
|
|
In some failure legs of BuildMadtTable (), we could end up in
FreeMadtTableResources () with (*Table == NULL). That's a valid error
state and should be tolerated by FreeMadtTableResources () instead of
ASSERTing.
Signed-off-by: Jake Garver <jake@nvidia.com>
Reviewed-by: Jeff Brasen <jbrasen@nvidia.com>
Reviewed-by: Jeshua Smith <jeshuas@nvidia.com>
|
|
The CREATE_CM_OBJECT_ID() and CREATE_TABLE_GEN_ID() macros shift an enum
by 31 bits. As enums are signed integers, this generates a portability
finding from cppcheck. To resolve the finding, we'll cast the enum values
to the type expected as output from the macro.
Signed-off-by: Jake Garver <jake@nvidia.com>
Reviewed-by: Girish Mahadevan <gmahadevan@nvidia.com>
|
|
VS2019/VS2022 ARM/AARCH64 is not a widely used toolchain, for one
thing edk2 can't be built with it, it will break. Downstream
platforms rarely use it and if they do, they must have heavy edits
in order to support building edk2. In particular, edk2 does not
have support for the assembly files that this toolchain uses fully.
As a result, the corresponding StackCheckLib does not have the assembly
file needed to satisfy the definitions the compiler expects.
Unfortunately, the VS ARM/AARCH64 compiler has a different ABI than
the IA32/X64 VS toolchain for stack cookies, so this also needs more
investigation.
For now, disable stack cookie checking in VS ARM/AARCH64 as this does
not affect many platforms. However, it does allow for the use case
reported in the bug mentioning this, which is building a shell and
attempting to boot to it.
When VS ARM/AARCH64 support is revisited in edk2 (or if there is a
clean way to add stack cookie support without the full support), this
will be revisted.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
|
|
Add /wd4200 to all visual studio builds of C tools in BaseTools.
This disables warnings for use of flexible array members that
are allowed in edk2 include files. Some tools use include files
from MdePkg that use flexible array members.
This matches the warning disables used to build structured PCD in
BaseTools/Source/Python/Workspace/DscBuildData.py where flexible
array members are more widely used.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
Commit c6f47e6 removed BUILDRULEFAMILY for CLANGDWARF. Adding
CLANGDWARF back as a BUILDRULEFAMILY to match CLANGPDB.
Add CLANGDWARF specific build rules - based on GCC, and remove steps
not required for CLANGDWARF.
Remove following irrelevant steps and logs:
...
"objcopy not needed ..."
"--strip-unneded ..."
"--add-gnu-debuglink ..."
...
Signed-off-by: Vishal Oliyil Kunnil <quic_vishalo@quicinc.com>
|
|
This patch is to print the warning message if GUID HOB not found
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
|
PR #6408 introduced a regression by removing /WHOLEARCHIVE
from VS20xx DLINK_FLAGS when building host based unit tests.
PR #5098 added /WHOLEARCHIVE to resolve issues when building
host based unit tests with GoogleTest.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
As per IPMI spec, fru string can be maximum of 16 bytes length
and fru length field can take 5 bits (to hold values up to 16 -
10000b).
Current implementation allocates only 4 bits for Fru String Length
and this is causing an error when 16 bytes length fru string needs
to be copied as the first 4 bits in 0x10 is 0.
Fixed the structure IPMI_SDR_RECORD_DEV_ID_STR_TYPE_LENGTH, by
allocating 5 bits for Length field as per the spec instead of 4.
Signed-off-by: Thejaswani Putta <tputta@nvidia.com>
|
|
Add UPL fit binary build
Add UPL elf binary build
Signed-off-by: Gua Guo <gua.guo@intel.com>
|
