Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: d0906f602ba3939c1d5d46c6cead17b7b4232161
https://github.com/tianocore/edk2/commit/d0906f602ba3939c1d5d46c6cead17b7b4232161
Author: Konstantin Kostiuk <[email protected]>
Date: 2024-04-22 (Mon, 22 Apr 2024)
Changed paths:
A OvmfPkg/VirtHstiDxe/QemuPC.c
A OvmfPkg/VirtHstiDxe/QemuQ35.c
A OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
A OvmfPkg/VirtHstiDxe/VirtHstiDxe.h
A OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
Log Message:
-----------
OvmfPkg: Add VirtHstiDxe driver
The driver supports qemu machine types 'pc' and 'q35'.
This patch adds some helper functions to manage the bitmasks.
The implemented features depend on both OVMF build configuration
and qemu VM configuration.
For q35 a single security feature is supported and checked: In
SMM-enabled builds the driver will verify smram is properly locked.
That test should never fail.
Cc: Ard Biesheuvel <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Konstantin Kostiuk <[email protected]>
Initial-patch-by: Konstantin Kostiuk <[email protected]>
Signed-off-by: Gerd Hoffmann <[email protected]>
Reviewed-by: Jiewen Yao <[email protected]>
Commit: 538b8944c1befbd5ed8b7723c52085242ff780b1
https://github.com/tianocore/edk2/commit/538b8944c1befbd5ed8b7723c52085242ff780b1
Author: Konstantin Kostiuk <[email protected]>
Date: 2024-04-22 (Mon, 22 Apr 2024)
Changed paths:
M OvmfPkg/OvmfPkgIa32.dsc
M OvmfPkg/OvmfPkgIa32.fdf
M OvmfPkg/OvmfPkgIa32X64.dsc
M OvmfPkg/OvmfPkgIa32X64.fdf
M OvmfPkg/OvmfPkgX64.dsc
M OvmfPkg/OvmfPkgX64.fdf
Log Message:
-----------
OvmfPkg: Add VirtHstiDxe to OVMF firmware build
Cc: Ard Biesheuvel <[email protected]>
Cc: Jiewen Yao <[email protected]>
Signed-off-by: Konstantin Kostiuk <[email protected]>
Signed-off-by: Gerd Hoffmann <[email protected]>
Reviewed-by: Jiewen Yao <[email protected]>
Commit: ddc43e7a41fac5b1dc93b1d0bb1e71319acfba4e
https://github.com/tianocore/edk2/commit/ddc43e7a41fac5b1dc93b1d0bb1e71319acfba4e
Author: Gerd Hoffmann <[email protected]>
Date: 2024-04-22 (Mon, 22 Apr 2024)
Changed paths:
A OvmfPkg/VirtHstiDxe/Flash.c
M OvmfPkg/VirtHstiDxe/QemuQ35.c
M OvmfPkg/VirtHstiDxe/VirtHstiDxe.h
M OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
Log Message:
-----------
OvmfPkg/VirtHstiDxe: add varstore flash check
Detects qemu config issue: vars pflash is not in secure mode (write
access restricted to smm). Applies to Q35 with SMM only.
Cc: Ard Biesheuvel <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Konstantin Kostiuk <[email protected]>
Signed-off-by: Gerd Hoffmann <[email protected]>
Reviewed-by: Jiewen Yao <[email protected]>
Commit: 506740982bba199f12e75f6cfda510c30aa4e7c6
https://github.com/tianocore/edk2/commit/506740982bba199f12e75f6cfda510c30aa4e7c6
Author: Gerd Hoffmann <[email protected]>
Date: 2024-04-22 (Mon, 22 Apr 2024)
Changed paths:
A OvmfPkg/VirtHstiDxe/QemuCommon.c
M OvmfPkg/VirtHstiDxe/VirtHstiDxe.c
M OvmfPkg/VirtHstiDxe/VirtHstiDxe.h
M OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
Log Message:
-----------
OvmfPkg/VirtHstiDxe: add code flash check
Detects qemu config issue: code pflash is writable.
Checked for both PC and Q35.
Cc: Ard Biesheuvel <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Konstantin Kostiuk <[email protected]>
Signed-off-by: Gerd Hoffmann <[email protected]>
Reviewed-by: Jiewen Yao <[email protected]>
Commit: f29160a89699ddbe3dbc03d29857fd6fa2719e8e
https://github.com/tianocore/edk2/commit/f29160a89699ddbe3dbc03d29857fd6fa2719e8e
Author: Gerd Hoffmann <[email protected]>
Date: 2024-04-22 (Mon, 22 Apr 2024)
Changed paths:
A OvmfPkg/VirtHstiDxe/README.md
Log Message:
-----------
OvmfPkg/VirtHstiDxe: add README.md
Cc: Ard Biesheuvel <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Konstantin Kostiuk <[email protected]>
Signed-off-by: Gerd Hoffmann <[email protected]>
Reviewed-by: Jiewen Yao <[email protected]>
Commit: 7dd7b890582b4d696ca5fd436dbc5fb4bc30e385
https://github.com/tianocore/edk2/commit/7dd7b890582b4d696ca5fd436dbc5fb4bc30e385
Author: Ard Biesheuvel <[email protected]>
Date: 2024-04-22 (Mon, 22 Apr 2024)
Changed paths:
M ArmVirtPkg/ArmVirtQemu.dsc
Log Message:
-----------
ArmVirtPkg/ArmVirtQemu: always build XIP code with strict alignment
The optimization that enabled entry with MMU and caches enabled at EL1
removed the strict alignment requirement for XIP code (roughly, any code
that might execute with the MMU and caches off, which means SEC and PEI
phase modules but also *all* BASE libraries), on the basis that QEMU can
only run guest payloads at EL2 in TCG emulation, which used to ignore
alignment violations, and execution at EL1 would always occur with the
MMU enabled.
This assumption no longer holds: not only does QEMU now enforce strict
alignment for memory accesses with device semantics, there are also
cases where this code might execute at EL2 under virtualization (i.e.,
under NV2 nested virtualization) where the strict alignment is required
too.
The latter case could be optimized too, by enabling VHE and pretending
execution is occurring at EL1, which would allow the existing logic for
entry with the MMU enabled to be reused. However, this would leave
non-VHE CPUs behind.
So in summary, strict alignment needs to be enforced for any code that
may execute with the MMU off, so drop the override that sets the XIP
flags to the empty string.
Cc: Ard Biesheuvel <[email protected]>
Signed-off-by: Ard Biesheuvel <[email protected]>
Tested-by: Jonathan Cameron <[email protected]>
Reviewed-by: Jonathan Cameron <[email protected]>
Compare: https://github.com/tianocore/edk2/compare/be92e09206c2...7dd7b890582b
To unsubscribe from these emails, change your notification settings at
https://github.com/tianocore/edk2/settings/notifications
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
