Re: [edk2-devel] [PATCH 1/1] ArmPkg: Add Pcd to disable EFI_MEMORY_ATTRIBUTE_PROTOCOL
I think that is an interesting idea but I would expect some push back from OS loader maintainers. I would expect they don't want to be constrained by the lowest common capabilities of the platforms they still support/run on in the ecosystem. Not to mention the challenges around servicing and/or updating for bugs or features. Example: Shim would not have been able to implement their version of SBAT in said scenario. I know the Windows Boot team has been cautious about taking a dependency on the platform's UEFI and I would expect strong push back on them moving to using the platform's provided UEFI loader. But I do agree with your goals. Is there a better way using open source? Could the PE loader/authenticode be a library managed as it's own project and be integrated into other pre-boot applications? Would that help to eliminate bugs like this one and provide a better infrastructure to build on? Thanks Sean On 6/23/2023 9:26 AM, Ard Biesheuvel wrote: On Tue, 20 Jun 2023 at 19:07, Sean Brogan wrote: I don't think a MemoryAttributes2Protocol with a single API would have avoided the errors. The programming pattern that triggered this would still need multiple calls to any API and in the future where all memory is allocated as NX this possibility would still exist. A short term effort to minimize the compatibility problem in the ecosystem is documented here Memory Protections: Document compatibility challenges · Issue #18 · tianocore/projects (github.com) It does not address (and i don't see any reason to try to) a loader that uses the protocol incorrectly. We have provided virtual reference platforms with these features enabled (both arm and x86) and have been working with the relevant communities for multiple years now. The UEFI CA for option roms already have compliance requirements (UPDATED: UEFI Signing Requirements - Microsoft Community Hub). But there are and will continue to be compatibility challenges when enabling a more restrictive execution environment in uefi and the uefi ecosystem. The more things we make optional the longer this transition period will take."Memory Mitigations" were proposed and mostly coded over a decade ago. The code changes are not that difficult. To change our vast and unwieldy ecosystem is the hard part. Please help to "stay the course" for this very necessary industry change. If a production platform has requirements that force such a configuration option that is understandable but it is counter productive in open-source industry standard reference Edk2 code. Fair enough. But I will note that the only reason we are in this situation in the first place is because shim has to re-implement the PE loader, cert handling and all related crypto, and needs the memory attributes protocol to manipulate the RO/NX permissions. Now that we are taking these things seriously, wouldn't it be *much* better to get rid of all this cruft, and specify a method by which a loader can provide an ephemeral DB that the system firmware will authenticate against? That way, we can reduce shim to a single SetVariable() call that creates the ephemeral DB (and perhaps a call into the TPM code to measure it), which is arguably a lot easier to audit than the code we have today. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106310): https://edk2.groups.io/g/devel/message/106310 Mute This Topic: https://groups.io/mt/99631663/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 7/7] UefiCpuPkg: RISC-V: Support MMU with SV39/48/57 mode
During CpuDxe initialization, MMU will be setup with the highest mode that HW supports. Reviewed-by: Andrei Warkentin Signed-off-by: Tuan Phan --- OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 1 + UefiCpuPkg/CpuDxeRiscV64/CpuDxe.c | 9 +- UefiCpuPkg/CpuDxeRiscV64/CpuDxe.h | 2 + UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf| 2 + UefiCpuPkg/Include/Library/BaseRiscVMmuLib.h | 39 ++ .../Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c | 569 ++ .../BaseRiscVMmuLib/BaseRiscVMmuLib.inf | 26 + .../Library/BaseRiscVMmuLib/RiscVMmuCore.S| 31 + 8 files changed, 677 insertions(+), 2 deletions(-) create mode 100644 UefiCpuPkg/Include/Library/BaseRiscVMmuLib.h create mode 100644 UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c create mode 100644 UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.inf create mode 100644 UefiCpuPkg/Library/BaseRiscVMmuLib/RiscVMmuCore.S diff --git a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc index 731f54f73f81..bc204ba5fe52 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc +++ b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc @@ -83,6 +83,7 @@ # RISC-V Architectural Libraries CpuExceptionHandlerLib|UefiCpuPkg/Library/BaseRiscV64CpuExceptionHandlerLib/BaseRiscV64CpuExceptionHandlerLib.inf RiscVSbiLib|MdePkg/Library/BaseRiscVSbiLib/BaseRiscVSbiLib.inf + RiscVMmuLib|UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.inf PlatformBootManagerLib|OvmfPkg/RiscVVirt/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf ResetSystemLib|OvmfPkg/RiscVVirt/Library/ResetSystemLib/BaseResetSystemLib.inf diff --git a/UefiCpuPkg/CpuDxeRiscV64/CpuDxe.c b/UefiCpuPkg/CpuDxeRiscV64/CpuDxe.c index 25fe3f54c325..2af3b6223450 100644 --- a/UefiCpuPkg/CpuDxeRiscV64/CpuDxe.c +++ b/UefiCpuPkg/CpuDxeRiscV64/CpuDxe.c @@ -296,8 +296,7 @@ CpuSetMemoryAttributes ( IN UINT64 Attributes ) { - DEBUG ((DEBUG_INFO, "%a: Set memory attributes not supported yet\n", __func__)); - return EFI_SUCCESS; + return RiscVSetMemoryAttributes (BaseAddress, Length, Attributes); } /** @@ -340,6 +339,12 @@ InitializeCpu ( // DisableInterrupts (); + // + // Enable MMU + // + Status = RiscVConfigureMmu (); + ASSERT_EFI_ERROR (Status); + // // Install Boot protocol // diff --git a/UefiCpuPkg/CpuDxeRiscV64/CpuDxe.h b/UefiCpuPkg/CpuDxeRiscV64/CpuDxe.h index 49f4e119665a..68e6d038b66e 100644 --- a/UefiCpuPkg/CpuDxeRiscV64/CpuDxe.h +++ b/UefiCpuPkg/CpuDxeRiscV64/CpuDxe.h @@ -15,11 +15,13 @@ #include #include #include +#include #include #include #include #include #include +#include /** Flush CPU data cache. If the instruction cache is fully coherent diff --git a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf index e8fa25446aef..6d52085df0d5 100644 --- a/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf +++ b/UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf @@ -37,6 +37,8 @@ TimerLib PeCoffGetEntryPointLib RiscVSbiLib + RiscVMmuLib + CacheMaintenanceLib [Sources] CpuDxe.c diff --git a/UefiCpuPkg/Include/Library/BaseRiscVMmuLib.h b/UefiCpuPkg/Include/Library/BaseRiscVMmuLib.h new file mode 100644 index ..f71d6a4a1e7b --- /dev/null +++ b/UefiCpuPkg/Include/Library/BaseRiscVMmuLib.h @@ -0,0 +1,39 @@ +/** @file + + Copyright (c) 2015 - 2016, Linaro Ltd. All rights reserved. + Copyright (c) 2023, Ventana Micro Systems Inc. All Rights Reserved. + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef BASE_RISCV_MMU_LIB_H_ +#define BASE_RISCV_MMU_LIB_H_ + +VOID +EFIAPI +RiscVLocalTlbFlushAll ( + VOID + ); + +VOID +EFIAPI +RiscVLocalTlbFlush ( + UINTN VirtAddr + ); + +EFI_STATUS +EFIAPI +RiscVSetMemoryAttributes ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64Length, + IN UINT64Attributes + ); + +EFI_STATUS +EFIAPI +RiscVConfigureMmu ( + VOID + ); + +#endif /* BASE_RISCV_MMU_LIB_H_ */ diff --git a/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c b/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c new file mode 100644 index ..e6841b793bfc --- /dev/null +++ b/UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c @@ -0,0 +1,569 @@ +/** @file +* MMU implementation for RISC-V +* +* Copyright (c) 2011-2020, ARM Limited. All rights reserved. +* Copyright (c) 2016, Linaro Limited. All rights reserved. +* Copyright (c) 2017, Intel Corporation. All rights reserved. +* Copyright (c) 2023, Ventana Micro Systems Inc. All Rights Reserved. +* +* SPDX-License-Identifier: BSD-2-Clause-Patent +* +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define RISCV_PG_V BIT0 +#define RISCV_PG_R BIT1 +#define RISCV_PG_W BIT2 +#define RISCV_PG_X BIT3 +#define RISCV_PG_G BIT5 +#define RISCV_PG_A BI
[edk2-devel] [PATCH v4 6/7] OvmfPkg: RiscVVirt: Remove satp bare mode setting
There is no point to set satp to bare mode as that should be the default mode when booting edk2. Signed-off-by: Tuan Phan Reviewed-by: Andrei Warkentin Reviewed-by: Sunil V L --- OvmfPkg/RiscVVirt/Sec/Memory.c | 18 ++ 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/OvmfPkg/RiscVVirt/Sec/Memory.c b/OvmfPkg/RiscVVirt/Sec/Memory.c index 0e2690c73687..aad71ee5dcbb 100644 --- a/OvmfPkg/RiscVVirt/Sec/Memory.c +++ b/OvmfPkg/RiscVVirt/Sec/Memory.c @@ -85,21 +85,6 @@ AddMemoryRangeHob ( AddMemoryBaseSizeHob (MemoryBase, (UINT64)(MemoryLimit - MemoryBase)); } -/** - Configure MMU -**/ -STATIC -VOID -InitMmu ( - ) -{ - // - // Set supervisor translation mode to Bare mode - // - RiscVSetSupervisorAddressTranslationRegister ((UINT64)SATP_MODE_OFF << 60); - DEBUG ((DEBUG_INFO, "%a: Set Supervisor address mode to bare-metal mode.\n", __func__)); -} - /** Publish system RAM and reserve memory regions. @@ -327,7 +312,8 @@ MemoryPeimInitialization ( AddReservedMemoryMap (FdtPointer); - InitMmu (); + /* Make sure SEC is booting with bare mode */ + ASSERT ((RiscVGetSupervisorAddressTranslationRegister () & SATP64_MODE) == (SATP_MODE_OFF << SATP64_MODE_SHIFT)); BuildMemoryTypeInformationHob (); -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106308): https://edk2.groups.io/g/devel/message/106308 Mute This Topic: https://groups.io/mt/99724479/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 5/7] OvmfPkg/RiscVVirt: Add VirtNorFlashDxe to APRIORI list
Make sure VirtNorFlashDxe loaded before VariableRuntimeDxe as it is the backend flash driver. Signed-off-by: Tuan Phan --- OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf | 10 ++ 1 file changed, 10 insertions(+) diff --git a/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf b/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf index 21e4ba67379f..9ab8eb3ba7d8 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf +++ b/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf @@ -53,6 +53,16 @@ READ_STATUS= TRUE READ_LOCK_CAP = TRUE READ_LOCK_STATUS = TRUE +APRIORI DXE { + INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf + INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf + INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf + INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf + INF EmbeddedPkg/Drivers/FdtClientDxe/FdtClientDxe.inf + INF UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf + INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf +} + # # DXE Phase modules # -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106307): https://edk2.groups.io/g/devel/message/106307 Mute This Topic: https://groups.io/mt/99724477/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 4/7] OvmfPkg/RiscVVirt: SEC: Add IO memory resource hob for platform devices
Normally, DXE driver would add device resource to GCD before start using. But some key resources such as uart used for printing info at very early stage. Those resources should be populated to HOB in SEC phase so they are added to GCD before MMU enabled. Signed-off-by: Tuan Phan Reviewed-by: Andrei Warkentin --- OvmfPkg/RiscVVirt/Sec/Platform.c | 62 1 file changed, 62 insertions(+) diff --git a/OvmfPkg/RiscVVirt/Sec/Platform.c b/OvmfPkg/RiscVVirt/Sec/Platform.c index 3645c27b0b12..c66432473067 100644 --- a/OvmfPkg/RiscVVirt/Sec/Platform.c +++ b/OvmfPkg/RiscVVirt/Sec/Platform.c @@ -21,6 +21,64 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include +/** + Build memory map I/O range resource HOB using the + base address and size. + + @param MemoryBase Memory map I/O base. + @param MemorySize Memory map I/O size. + +**/ +STATIC +VOID +AddIoMemoryBaseSizeHob ( + EFI_PHYSICAL_ADDRESS MemoryBase, + UINT64MemorySize + ) +{ + /* Align to EFI_PAGE_SIZE */ + MemorySize = ALIGN_VALUE (MemorySize, EFI_PAGE_SIZE); + BuildResourceDescriptorHob ( +EFI_RESOURCE_MEMORY_MAPPED_IO, +EFI_RESOURCE_ATTRIBUTE_PRESENT | +EFI_RESOURCE_ATTRIBUTE_INITIALIZED | +EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE | +EFI_RESOURCE_ATTRIBUTE_TESTED, +MemoryBase, +MemorySize +); +} + +/** + Populate IO resources from FDT that not added to GCD by its + driver in the DXE phase. + + @param FdtBase Fdt base address + @param CompatibleCompatible string + +**/ +STATIC +VOID +PopulateIoResources ( + VOID *FdtBase, + CONST CHAR8 *Compatible + ) +{ + UINT64 *Reg; + INT32 Node, LenP; + + Node = fdt_node_offset_by_compatible (FdtBase, -1, Compatible); + while (Node != -FDT_ERR_NOTFOUND) { +Reg = (UINT64 *)fdt_getprop (FdtBase, Node, "reg", &LenP); +if (Reg) { + ASSERT (LenP == (2 * sizeof (UINT64))); + AddIoMemoryBaseSizeHob (SwapBytes64 (Reg[0]), SwapBytes64 (Reg[1])); +} + +Node = fdt_node_offset_by_compatible (FdtBase, Node, Compatible); + } +} + /** @retval EFI_SUCCESSThe address of FDT is passed in HOB. EFI_UNSUPPORTEDCan't locate FDT. @@ -80,5 +138,9 @@ PlatformPeimInitialization ( BuildFvHob (PcdGet32 (PcdOvmfDxeMemFvBase), PcdGet32 (PcdOvmfDxeMemFvSize)); + PopulateIoResources (Base, "ns16550a"); + PopulateIoResources (Base, "qemu,fw-cfg-mmio"); + PopulateIoResources (Base, "virtio,mmio"); + return EFI_SUCCESS; } -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106306): https://edk2.groups.io/g/devel/message/106306 Mute This Topic: https://groups.io/mt/99724474/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 3/7] OvmfPkg/RiscVVirt: VirtNorFlashPlatformLib: Fix wrong flash size
The size should be for single region, not the whole firmware FD. Signed-off-by: Tuan Phan Reviewed-by: Andrei Warkentin Reviewed-by: Sunil V L --- .../Library/VirtNorFlashPlatformLib/VirtNorFlashStaticLib.c| 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/RiscVVirt/Library/VirtNorFlashPlatformLib/VirtNorFlashStaticLib.c b/OvmfPkg/RiscVVirt/Library/VirtNorFlashPlatformLib/VirtNorFlashStaticLib.c index fdc2ccb6294e..33f3a01b06f4 100644 --- a/OvmfPkg/RiscVVirt/Library/VirtNorFlashPlatformLib/VirtNorFlashStaticLib.c +++ b/OvmfPkg/RiscVVirt/Library/VirtNorFlashPlatformLib/VirtNorFlashStaticLib.c @@ -24,7 +24,8 @@ VIRT_NOR_FLASH_DESCRIPTION mNorFlashDevice = { FixedPcdGet32 (PcdOvmfFdBaseAddress), FixedPcdGet64 (PcdFlashNvStorageVariableBase), - FixedPcdGet32 (PcdOvmfFirmwareFdSize), + FixedPcdGet32 (PcdOvmfFirmwareFdSize) - + (FixedPcdGet64 (PcdFlashNvStorageVariableBase) - FixedPcdGet32 (PcdOvmfFdBaseAddress)), QEMU_NOR_BLOCK_SIZE }; -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106305): https://edk2.groups.io/g/devel/message/106305 Mute This Topic: https://groups.io/mt/99724473/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 2/7] MdePkg/Register: RISC-V: Add satp mode bits shift definition
The satp mode bits shift is used cross modules. It should be defined in one place. Signed-off-by: Tuan Phan Reviewed-by: Andrei Warkentin Reviewed-by: Sunil V L --- MdePkg/Include/Register/RiscV64/RiscVEncoding.h | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/MdePkg/Include/Register/RiscV64/RiscVEncoding.h b/MdePkg/Include/Register/RiscV64/RiscVEncoding.h index 5c2989b797bf..2bde8db478ff 100644 --- a/MdePkg/Include/Register/RiscV64/RiscVEncoding.h +++ b/MdePkg/Include/Register/RiscV64/RiscVEncoding.h @@ -58,9 +58,10 @@ #define PRV_S 1UL #define PRV_M 3UL -#define SATP64_MODE 0xF000ULL -#define SATP64_ASID 0x0000ULL -#define SATP64_PPN 0x0FFFULL +#define SATP64_MODE0xF000ULL +#define SATP64_MODE_SHIFT 60 +#define SATP64_ASID0x0000ULL +#define SATP64_PPN 0x0FFFULL #define SATP_MODE_OFF 0UL #define SATP_MODE_SV32 1UL -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106304): https://edk2.groups.io/g/devel/message/106304 Mute This Topic: https://groups.io/mt/99724471/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 0/7] RISC-V: Add MMU support
This series adds MMU support for RISC-V. Only SV39/48/57 modes are supported and tested. The MMU is required to support setting page attribute which is the first basic step to support security booting on RISC-V. There are two parts: 1. Add MMU base library. MMU will be enabled during CpuDxe initialization. 2. Fix all resources should be populated in HOB or added to GCD by driver before accessing when MMU enabled. All changes can be found in the branch tphan/riscv_mmu at: https://github.com/pttuan/edk2.git Changes in v4: - Rebased master. - Added VirtNorFlashDxe to APRIORI DXE list. Changes in v3: - Move MMU library to UefiCpuPkg. - Add Andrei reviewed-by. Changes in v2: - Move MMU core to a library. - Setup SATP mode as highest possible that HW supports. Tuan Phan (7): MdePkg/BaseLib: RISC-V: Support getting satp register value MdePkg/Register: RISC-V: Add satp mode bits shift definition OvmfPkg/RiscVVirt: VirtNorFlashPlatformLib: Fix wrong flash size OvmfPkg/RiscVVirt: SEC: Add IO memory resource hob for platform devices OvmfPkg/RiscVVirt: Add VirtNorFlashDxe to APRIORI list OvmfPkg: RiscVVirt: Remove satp bare mode setting UefiCpuPkg: RISC-V: Support MMU with SV39/48/57 mode MdePkg/Include/Library/BaseLib.h | 5 + .../Include/Register/RiscV64/RiscVEncoding.h | 7 +- MdePkg/Library/BaseLib/RiscV64/RiscVMmu.S | 8 + .../VirtNorFlashStaticLib.c | 3 +- OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 1 + OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf | 10 + OvmfPkg/RiscVVirt/Sec/Memory.c| 18 +- OvmfPkg/RiscVVirt/Sec/Platform.c | 62 ++ UefiCpuPkg/CpuDxeRiscV64/CpuDxe.c | 9 +- UefiCpuPkg/CpuDxeRiscV64/CpuDxe.h | 2 + UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf| 2 + UefiCpuPkg/Include/Library/BaseRiscVMmuLib.h | 39 ++ .../Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c | 569 ++ .../BaseRiscVMmuLib/BaseRiscVMmuLib.inf | 26 + .../Library/BaseRiscVMmuLib/RiscVMmuCore.S| 31 + 15 files changed, 770 insertions(+), 22 deletions(-) create mode 100644 UefiCpuPkg/Include/Library/BaseRiscVMmuLib.h create mode 100644 UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.c create mode 100644 UefiCpuPkg/Library/BaseRiscVMmuLib/BaseRiscVMmuLib.inf create mode 100644 UefiCpuPkg/Library/BaseRiscVMmuLib/RiscVMmuCore.S -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106302): https://edk2.groups.io/g/devel/message/106302 Mute This Topic: https://groups.io/mt/99724468/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 1/7] MdePkg/BaseLib: RISC-V: Support getting satp register value
Add an API to retrieve satp register value. Signed-off-by: Tuan Phan Reviewed-by: Andrei Warkentin Reviewed-by: Sunil V L --- MdePkg/Include/Library/BaseLib.h | 5 + MdePkg/Library/BaseLib/RiscV64/RiscVMmu.S | 8 2 files changed, 13 insertions(+) diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h index 8f2df76c29a3..5d7067ee854e 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -181,6 +181,11 @@ RiscVSetSupervisorAddressTranslationRegister ( IN UINT64 ); +UINT64 +RiscVGetSupervisorAddressTranslationRegister ( + VOID + ); + UINT64 RiscVReadTimer ( VOID diff --git a/MdePkg/Library/BaseLib/RiscV64/RiscVMmu.S b/MdePkg/Library/BaseLib/RiscV64/RiscVMmu.S index ac8f92f38aed..c9cf60c1664b 100644 --- a/MdePkg/Library/BaseLib/RiscV64/RiscVMmu.S +++ b/MdePkg/Library/BaseLib/RiscV64/RiscVMmu.S @@ -21,3 +21,11 @@ ASM_FUNC (RiscVSetSupervisorAddressTranslationRegister) csrw CSR_SATP, a0 ret + +// +// Get the value of Supervisor Address Translation and +// Protection Register. +// +ASM_FUNC (RiscVGetSupervisorAddressTranslationRegister) +csrr a0, CSR_SATP +ret -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106303): https://edk2.groups.io/g/devel/message/106303 Mute This Topic: https://groups.io/mt/99724469/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v3 1/1] OvmfPkg/Bhyve: include TPM driver
On Mon, 19 Jun 2023 at 13:54, Corvin Köhne wrote: > > Bhyve will gain support for TPM emulation in the near future. Therefore, > prepare OVMF by copying all TPM driver used by qemu's OVMF DSC into the > bhyve OVMF DSC. > > Signed-off-by: Corvin Köhne > Reviewed-by: Rebecca Cran > Acked-by: Gerd Hoffmann > Cc: Ard Biesheuvel > Cc: Jiewen Yao > Cc: Jordan Justen > Cc: Peter Grehan Merged as #4568 Thanks. > --- > OvmfPkg/Bhyve/BhyveX64.dsc | 17 +++-- > OvmfPkg/Bhyve/BhyveX64.fdf | 7 +++ > 2 files changed, 22 insertions(+), 2 deletions(-) > > diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc > index 7b974706f958..7fa40998ae80 100644 > --- a/OvmfPkg/Bhyve/BhyveX64.dsc > +++ b/OvmfPkg/Bhyve/BhyveX64.dsc > @@ -32,6 +32,8 @@ [Defines] >DEFINE SMM_REQUIRE = FALSE >DEFINE SOURCE_DEBUG_ENABLE = FALSE > > +!include OvmfPkg/Include/Dsc/OvmfTpmDefines.dsc.inc > + ># ># Network definition ># > @@ -226,8 +228,7 @@ [LibraryClasses] > > OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf >XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf > > - > Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf > - > TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf > +!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc > > [LibraryClasses.common] >BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -564,12 +565,17 @@ [PcdsDynamicDefault] > >gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 > > +!include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc > + ># MdeModulePkg resolution sets up the system display resolution >gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|0 >gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|0 >gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow|0 >gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn|0 > > +[PcdsDynamicHii] > +!include OvmfPkg/Include/Dsc/OvmfTpmPcdsHii.dsc.inc > + > > > # > # Components Section - list of all EDK II Modules needed by this Platform. > @@ -609,6 +615,8 @@ [Components] > >} > > +!include OvmfPkg/Include/Dsc/OvmfTpmComponentsPei.dsc.inc > + ># ># DXE Phase modules ># > @@ -632,6 +640,7 @@ [Components] > !if $(SECURE_BOOT_ENABLE) == TRUE > > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > !endif > +!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc >} > >MdeModulePkg/Universal/EbcDxe/EbcDxe.inf > @@ -826,3 +835,7 @@ [Components] >NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf >} > > + # > + # TPM support > + # > +!include OvmfPkg/Include/Dsc/OvmfTpmComponentsDxe.dsc.inc > diff --git a/OvmfPkg/Bhyve/BhyveX64.fdf b/OvmfPkg/Bhyve/BhyveX64.fdf > index 3f6270c048cc..c62d5757092e 100644 > --- a/OvmfPkg/Bhyve/BhyveX64.fdf > +++ b/OvmfPkg/Bhyve/BhyveX64.fdf > @@ -158,6 +158,8 @@ [FV.PEIFV] > INF OvmfPkg/Bhyve/SmmAccess/SmmAccessPei.inf > !endif > > +!include OvmfPkg/Include/Fdf/OvmfTpmPei.fdf.inc > + > > > > [FV.DXEFV] > @@ -335,6 +337,11 @@ [FV.DXEFV] > INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > !endif > > +# > +# TPM support > +# > +!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc > + > > > > [FV.FVMAIN_COMPACT] > -- > 2.41.0 > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106301): https://edk2.groups.io/g/devel/message/106301 Mute This Topic: https://groups.io/mt/99621595/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4 0/6] OvmfPkg/Bhyve: install Acpi tables by FwCfg
On Wed, 21 Jun 2023 at 09:31, Corvin Köhne wrote: > > CI: https://github.com/tianocore/edk2/pull/4545 > > Corvin Köhne (6): > OvmfPkg/Library: fix definition of GetAcpiRsdpFromMemory > OvmfPkg: avoid including AcpiPlatformLib twice > OvmfPkg: move PciEncoding into AcpiPlatformLib > OvmfPkg: move BootScript into AcpiPlatformLib > OvmfPkg: move QemuFwCfgAcpi into AcpiPlatformLib > OvmfPkg/Bhyve: install Acpi tables provided by FwCfg > Merged as #4568 Thanks. > ArmVirtPkg/ArmVirtQemu.dsc| 1 + > ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + > OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + > OvmfPkg/CloudHv/CloudHvX64.dsc| 1 + > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 + > OvmfPkg/Microvm/MicrovmX64.dsc| 1 + > OvmfPkg/OvmfPkgIa32.dsc | 1 + > OvmfPkg/OvmfPkgIa32X64.dsc| 1 + > OvmfPkg/OvmfPkgX64.dsc| 1 + > OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc | 1 + > OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf | 10 +- > .../Bhyve/AcpiPlatformDxe/AcpiPlatformDxe.inf | 1 - > .../AcpiPlatformLib/DxeAcpiPlatformLib.inf| 14 ++ > OvmfPkg/AcpiPlatformDxe/AcpiPlatform.h| 51 > OvmfPkg/Bhyve/AcpiPlatformDxe/AcpiPlatform.h | 17 -- > OvmfPkg/Include/Library/AcpiPlatformLib.h | 60 - > OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c| 3 + > OvmfPkg/Bhyve/AcpiPlatformDxe/AcpiPlatform.c | 5 + > OvmfPkg/Bhyve/AcpiPlatformDxe/PciDecoding.c | 232 -- > .../AcpiPlatformLib}/BootScript.c | 3 +- > .../AcpiPlatformLib}/PciDecoding.c| 3 +- > .../AcpiPlatformLib}/QemuFwCfgAcpi.c | 3 +- > 22 files changed, 94 insertions(+), 318 deletions(-) > delete mode 100644 OvmfPkg/Bhyve/AcpiPlatformDxe/PciDecoding.c > rename OvmfPkg/{AcpiPlatformDxe => Library/AcpiPlatformLib}/BootScript.c > (96%) > rename OvmfPkg/{AcpiPlatformDxe => Library/AcpiPlatformLib}/PciDecoding.c > (96%) > rename OvmfPkg/{AcpiPlatformDxe => Library/AcpiPlatformLib}/QemuFwCfgAcpi.c > (96%) > > -- > 2.41.0 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106300): https://edk2.groups.io/g/devel/message/106300 Mute This Topic: https://groups.io/mt/99672097/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH 1/1] ArmPkg: Add Pcd to disable EFI_MEMORY_ATTRIBUTE_PROTOCOL
On Tue, 20 Jun 2023 at 19:07, Sean Brogan wrote: > > I don't think a MemoryAttributes2Protocol with a single API would have > avoided the errors. > > The programming pattern that triggered this would still need multiple calls > to any API and in the future where all memory is allocated as NX this > possibility would still exist. > > A short term effort to minimize the compatibility problem in the ecosystem is > documented here Memory Protections: Document compatibility challenges · Issue > #18 · tianocore/projects (github.com) It does not address (and i don't see > any reason to try to) a loader that uses the protocol incorrectly. > > We have provided virtual reference platforms with these features enabled > (both arm and x86) and have been working with the relevant communities for > multiple years now. The UEFI CA for option roms already have compliance > requirements (UPDATED: UEFI Signing Requirements - Microsoft Community Hub). > But there are and will continue to be compatibility challenges when enabling > a more restrictive execution environment in uefi and the uefi ecosystem. The > more things we make optional the longer this transition period will take. > "Memory Mitigations" were proposed and mostly coded over a decade ago. The > code changes are not that difficult. To change our vast and unwieldy > ecosystem is the hard part. Please help to "stay the course" for this very > necessary industry change. If a production platform has requirements that > force such a configuration option that is understandable but it is counter > productive in open-source industry standard reference Edk2 code. > Fair enough. But I will note that the only reason we are in this situation in the first place is because shim has to re-implement the PE loader, cert handling and all related crypto, and needs the memory attributes protocol to manipulate the RO/NX permissions. Now that we are taking these things seriously, wouldn't it be *much* better to get rid of all this cruft, and specify a method by which a loader can provide an ephemeral DB that the system firmware will authenticate against? That way, we can reduce shim to a single SetVariable() call that creates the ephemeral DB (and perhaps a call into the TPM code to measure it), which is arguably a lot easier to audit than the code we have today. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106299): https://edk2.groups.io/g/devel/message/106299 Mute This Topic: https://groups.io/mt/99631663/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met
On Fri, 23 Jun 2023 at 18:03, Joey Vagedes wrote: > > Utilize GenFw to automatically set the NXCOMPAT bit of the DLL Characteristics > field of the Optional Header if the following requirements are met: > > 1. It is a 64bit PE > 2. The section alignment is evently divisible by 4K > 3. No section is both EFI_IMAGE_SCN_MEM_EXECUTE and EFI_IMAGE_SCN_MEM_WRITE > Is this sufficient? For example, the EBC DXE driver creates code trampolines in page allocations, and expects them to be executable. However, this change would flag that driver as NX compat too. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106298): https://edk2.groups.io/g/devel/message/106298 Mute This Topic: https://groups.io/mt/99721318/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 1/2] MdePkg: IndustryStandard: Add DLL Characteristics
Add the bit masks for DLL Characteristics, used within the optional header of a PE, to the PeImage.h header file. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Signed-off-by: Joey Vagedes --- MdePkg/Include/IndustryStandard/PeImage.h | 15 +++ 1 file changed, 15 insertions(+) diff --git a/MdePkg/Include/IndustryStandard/PeImage.h b/MdePkg/Include/IndustryStandard/PeImage.h index 47037049348c..430e8988f550 100644 --- a/MdePkg/Include/IndustryStandard/PeImage.h +++ b/MdePkg/Include/IndustryStandard/PeImage.h @@ -269,6 +269,21 @@ typedef struct { #define EFI_IMAGE_SUBSYSTEM_OS2_CUI 5 #define EFI_IMAGE_SUBSYSTEM_POSIX_CUI7 +// +// DLL Characteristics +// +#define IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA0x0020 +#define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 +#define IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY0x0080 +#define IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 +#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200 +#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400 +#define IMAGE_DLLCHARACTERISTICS_NO_BIND0x0800 +#define IMAGE_DLLCHARACTERISTICS_APPCONTAINER 0x1000 +#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 +#define IMAGE_DLLCHARACTERISTICS_GUARD_CF 0x4000 +#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000 + /// /// Length of ShortName. /// -- 2.41.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106296): https://edk2.groups.io/g/devel/message/106296 Mute This Topic: https://groups.io/mt/99721319/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 2/2] BaseTools: GenFw: auto-set nxcompat flag
Automatically set the nxcompat flag in the DLL Characteristics field of the Optional Header of the PE32+ image. For this flag to be set automatically, it must, the section alignment must be evenly divisible by 4K (EFI_PAGE_SIZE) and no section must be executable and writable. Cc: Rebecca Cran Cc: Liming Gao Cc: Bob Feng Cc: Yuwei Chen Signed-off-by: Joey Vagedes --- BaseTools/Source/C/GenFw/GenFw.c | 59 1 file changed, 59 insertions(+) diff --git a/BaseTools/Source/C/GenFw/GenFw.c b/BaseTools/Source/C/GenFw/GenFw.c index 0289c8ef8a5c..4581c4233c14 100644 --- a/BaseTools/Source/C/GenFw/GenFw.c +++ b/BaseTools/Source/C/GenFw/GenFw.c @@ -441,6 +441,60 @@ Returns: return STATUS_SUCCESS; } +STATIC +BOOLEAN +IsNxCompatCompliant ( + EFI_IMAGE_OPTIONAL_HEADER_UNION *PeHdr + ) +/*++ + +Routine Description: + + Checks if the Pe image is nxcompat. i.e. PE is 64bit, section alignment is + evenly divisible by 4k, and no section is writable and executable. + +Arguments: + + PeHdr The Pe header + +Returns: + TRUE The PE is nx compat compliant + FALSE The PE is not nx compat compliant + +--*/ +{ + EFI_IMAGE_SECTION_HEADER *SectionHeader; + UINT32 Index; + UINT32 Mask; + + // Must have an optional header to perform verification + if (PeHdr->Pe32.FileHeader.SizeOfOptionalHeader == 0) { +return FALSE; + } + + // Verify PE is 64 bit + if (!(PeHdr->Pe32.OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC)) { +return FALSE; + } + + // Verify Section Alignment is divisible by 4K + if (!((PeHdr->Pe32Plus.OptionalHeader.SectionAlignment % EFI_PAGE_SIZE) == 0)) { +return FALSE; + } + + // Verify sections are not Write & Execute + Mask = EFI_IMAGE_SCN_MEM_EXECUTE | EFI_IMAGE_SCN_MEM_WRITE; + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) ((UINT8 *) &(PeHdr->Pe32Plus.OptionalHeader) + PeHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader); + for (Index = 0; Index < PeHdr->Pe32Plus.FileHeader.NumberOfSections; Index ++, SectionHeader ++) { +if ((SectionHeader->Characteristics & Mask) == Mask) { + return FALSE; +} + } + + // Passed all requirements, return TRUE + return TRUE; +} + VOID SetHiiResourceHeader ( UINT8 *HiiBinData, @@ -2458,6 +2512,11 @@ Returns: TEImageHeader.BaseOfCode = Optional64->BaseOfCode; TEImageHeader.ImageBase = (UINT64) (Optional64->ImageBase); +// Set NxCompat flag +if (IsNxCompatCompliant (PeHdr)) { + Optional64->DllCharacteristics |= IMAGE_DLLCHARACTERISTICS_NX_COMPAT; +} + if (Optional64->NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { TEImageHeader.DataDirectory[EFI_TE_IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = Optional64->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress; TEImageHeader.DataDirectory[EFI_TE_IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = Optional64->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].Size; -- 2.41.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106297): https://edk2.groups.io/g/devel/message/106297 Mute This Topic: https://groups.io/mt/99721320/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met
Utilize GenFw to automatically set the NXCOMPAT bit of the DLL Characteristics field of the Optional Header if the following requirements are met: 1. It is a 64bit PE 2. The section alignment is evently divisible by 4K 3. No section is both EFI_IMAGE_SCN_MEM_EXECUTE and EFI_IMAGE_SCN_MEM_WRITE Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Rebecca Cran Cc: Bob Feng Cc: Yuwei Chen Joey Vagedes (2): MdePkg: IndustryStandard: Add DLL Characteristics BaseTools: GenFw: auto-set nxcompat flag MdePkg/Include/IndustryStandard/PeImage.h | 15 + BaseTools/Source/C/GenFw/GenFw.c | 59 2 files changed, 74 insertions(+) -- 2.41.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106295): https://edk2.groups.io/g/devel/message/106295 Mute This Topic: https://groups.io/mt/99721318/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 0/1] CI: Use latest image for Linux jobs (Qemu 8, gcc 12)
Hi Oliver, I see the PR you linked is marked as draft and test. I'm happy to help push this if you can confirm when you're done testing. Thanks, Michael On 6/22/2023 7:37 AM, Oliver Steffen wrote: Use the latest Linux container image (from 2023-05-30). It uses Qemu 8.0.0 and gcc 12. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4324 PR: https://github.com/tianocore/edk2/pull/4460 v2: - Collect RBs and Acks - Rerun CI with current master branch v1: - intial version Oliver Steffen (1): CI: Use latest image for Linux jobs (Qemu 8, gcc 12) .azurepipelines/templates/defaults.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106294): https://edk2.groups.io/g/devel/message/106294 Mute This Topic: https://groups.io/mt/99695648/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 0/8] ArmCpuInfo improvements
W dniu 5.06.2023 o 08:37, Marcin Juszkiewicz via groups.io pisze: This changeset was supposed to add SVE/SME information but got some updates to improve output of ArmCpuInfo application a bit too. Probably would need to definition of system registers for older toolchains. Changes since v1: - show stage 2 granule support on Neoverse-N1 Can someone review that patchset? Or should I abandon any hope? -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106293): https://edk2.groups.io/g/devel/message/106293 Mute This Topic: https://groups.io/mt/99335290/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v1 0/8] SecurityPkg/MdePkg: RngLib GUID
Hello, Just a ping for the patch-set, Regards, Pierre On 5/9/23 09:40, PierreGondois via groups.io wrote: From: Pierre Gondois This patchset follows the 'code first' approach and relies on [1]. This patchset follows the thread at [3] that aims to solve [2]. [1] and [2] are bound and this patchset aims to solve both. In this patchset: a- The RngDxe can rely on the RngLib. However the RngLib has no interface allowing to describe which Rng algorithm is implemented. The RngDxe must advertise the algorithm that are available through the RngGetInfo() callback. Add a GetRngGuid() for interface to the RngLib. b- The Arm Architecture states the RNDR that the DRBG algorithm should be compliant with NIST SP800-90A, while not mandating a particular algorithm, so as to be inclusive of different geographies. The RngLib can rely on this Arm RNDR instruction. In order to accurately describe the implementation using the RNDR instruction, add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. c- For the same reason as a/b, add a GUID describing unsafe RNG algorithms, allowing to accurately describe the BaseRngLibTimerLib. d- Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the Arm implementation of the RngDxe. [1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441 [2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151 [3] https://edk2.groups.io/g/devel/message/100806 Pierre Gondois (8): MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg MdePkg/DxeRngLib: Request raw algorithm instead of default MdePkg/Rng: Add GUIDs to describe Rng algorithms MdePkg/Rng: Add GetRngGuid() to RngLib SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib SecurityPkg/RngDxe: Select safe default Rng algorithm SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm MdePkg/Include/Library/RngLib.h | 17 + MdePkg/Include/Protocol/Rng.h | 20 ++ .../BaseArmTrngLibNull/BaseArmTrngLibNull.c | 4 -- MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++ MdePkg/Library/BaseRngLib/BaseRngLib.inf | 9 +++ MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++ .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++ .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 + .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 +- MdePkg/MdePkg.dec | 7 ++ .../RngDxe/AArch64/AArch64Algo.c | 70 +++ .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 +++--- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- SecurityPkg/SecurityPkg.dec | 2 - 15 files changed, 278 insertions(+), 36 deletions(-) -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106292): https://edk2.groups.io/g/devel/message/106292 Mute This Topic: https://groups.io/mt/99714809/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-