Re: [edk2-devel] [PATCH] IntelSiliconPkg/VTd: Reset the one-shot bits before modifing GCMD_REG
Hi Ray,
Could you help to review and merge this Vtd driver patch to edk2platforms
branch?
This patch is used to fix a bug about missing to mask one-shot bits when write
VTD GCMD_REG register.
Here is the PR of this patch.
https://github.com/tianocore/edk2-platforms/pull/125
Thank you.
BR
Sheng Wei
> -Original Message-
> From: Huang, Jenny
> Sent: Thursday, February 29, 2024 3:10 PM
> To: devel@edk2.groups.io; Sheng, W
> Cc: Ni, Ray ; Chaganty, Rangasai V
>
> Subject: RE: [edk2-devel] [PATCH] IntelSiliconPkg/VTd: Reset the one-shot bits
> before modifing GCMD_REG
>
> Reviewed-by: Jenny Huang
>
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Sheng, W
> Sent: Monday, February 19, 2024 7:37 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray ; Chaganty, Rangasai V
> ; Huang, Jenny
> Subject: [edk2-devel] [PATCH] IntelSiliconPkg/VTd: Reset the one-shot bits
> before modifing GCMD_REG
>
> Here is the process of modify GCMD_REG.
> Read GSTS_REG
> Reset the one-shot bits.
> Modify the target comamnd value.
> Write the command value to GCMD_REG.
> Wait until GSTS_REG indicates command is serviced.
>
> Cc: Ray Ni
> Cc: Rangasai V Chaganty
> Cc: Jenny Huang
> Signed-off-by: Sheng Wei
> ---
> .../Feature/VTd/IntelVTdCoreDxe/VtdReg.c | 13 ++
> .../VTd/IntelVTdCorePei/IntelVTdDmar.c| 9 +---
> .../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 43 +-
> .../Feature/VTd/IntelVTdDxe/VtdReg.c | 44 +--
> .../Feature/VTd/IntelVTdPmrPei/VtdReg.c | 1 +
> .../IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c | 12 ++---
> 6 files changed, 51 insertions(+), 71 deletions(-)
>
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
> index edeb4b3ff..21e2d5f1b 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
> @@ -112,13 +112,8 @@ PerpareCacheInvalidationInterface (
>// Enable the queued invalidation interface through the Global Command
> Register.
>
>// When enabled, hardware sets the QIES field in the Global Status
> Register.
>
>//
>
> - Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
>
> - Reg32 |= B_GMCD_REG_QIE;
>
> - MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Reg32);
>
> - DEBUG ((DEBUG_INFO, "Enable Queued Invalidation Interface. GCMD_REG =
> 0x%x\n", Reg32));
>
> - do {
>
> -Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
>
> - } while ((Reg32 & B_GSTS_REG_QIES) == 0);
>
> + DEBUG ((DEBUG_INFO, "Enable Queued Invalidation Interface.\n"));
>
> + VtdLibSetGlobalCommandRegisterBits (VtdUnitBaseAddress,
> B_GMCD_REG_QIE);
>
>
>
>VTdLogAddEvent (VTDLOG_DXE_QUEUED_INVALIDATION,
> VTD_LOG_QI_ENABLE, VtdUnitBaseAddress);
>
>
>
> @@ -577,7 +572,7 @@ DumpVtdCapRegs (
>IN VTD_CAP_REG *CapReg
>
>)
>
> {
>
> - DEBUG((DEBUG_INFO, " CapReg - 0x%x\n", CapReg->Uint64));
>
> + DEBUG((DEBUG_INFO, " CapReg - 0x%lx\n", CapReg->Uint64));
>
>DEBUG((DEBUG_INFO, "ND - 0x%x\n", CapReg->Bits.ND));
>
>DEBUG((DEBUG_INFO, "AFL- 0x%x\n", CapReg->Bits.AFL));
>
>DEBUG((DEBUG_INFO, "RWBF - 0x%x\n", CapReg->Bits.RWBF));
>
> @@ -737,7 +732,7 @@ DumpVtdIfError (
> if (HasError) {
>
>REPORT_STATUS_CODE (EFI_ERROR_CODE, PcdGet32
> (PcdErrorCodeVTdError));
>
>DEBUG((DEBUG_INFO, "\n ERROR \n"));
>
> - DumpVtdRegs (mVtdUnitInformation[Num].VtdUnitBaseAddress);
> + DumpVtdRegs (mVtdUnitInformation[Num].VtdUnitBaseAddress);
>
>DEBUG((DEBUG_INFO, " ERROR \n\n"));
>
>//
>
>// Clear
>
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCorePei/IntelVTdDmar.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCorePei/IntelVTdDmar.c
> index 93207ba52..549313dbf 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCorePei/IntelVTdDmar.c
> +++
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCorePei/IntelVTdDmar.c
> @@ -120,13 +120,8 @@ PerpareCacheInvalidationInterface (
>// Enable the queued invalidation interface through the Global Command
> Register.
>
>// When enabled, hardware sets the QIES field in the Global Status
> Register.
>
>//
>
> - Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Reset the one-shot bits before modifing GCMD_REG
Here is the process of modify GCMD_REG.
Read GSTS_REG
Reset the one-shot bits.
Modify the target comamnd value.
Write the command value to GCMD_REG.
Wait until GSTS_REG indicates command is serviced.
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Signed-off-by: Sheng Wei
---
.../Feature/VTd/IntelVTdCoreDxe/VtdReg.c | 13 ++
.../VTd/IntelVTdCorePei/IntelVTdDmar.c| 9 +---
.../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 43 +-
.../Feature/VTd/IntelVTdDxe/VtdReg.c | 44 +--
.../Feature/VTd/IntelVTdPmrPei/VtdReg.c | 1 +
.../IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c | 12 ++---
6 files changed, 51 insertions(+), 71 deletions(-)
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
index edeb4b3ff..21e2d5f1b 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
@@ -112,13 +112,8 @@ PerpareCacheInvalidationInterface (
// Enable the queued invalidation interface through the Global Command
Register.
// When enabled, hardware sets the QIES field in the Global Status Register.
//
- Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
- Reg32 |= B_GMCD_REG_QIE;
- MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Reg32);
- DEBUG ((DEBUG_INFO, "Enable Queued Invalidation Interface. GCMD_REG =
0x%x\n", Reg32));
- do {
-Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
- } while ((Reg32 & B_GSTS_REG_QIES) == 0);
+ DEBUG ((DEBUG_INFO, "Enable Queued Invalidation Interface.\n"));
+ VtdLibSetGlobalCommandRegisterBits (VtdUnitBaseAddress, B_GMCD_REG_QIE);
VTdLogAddEvent (VTDLOG_DXE_QUEUED_INVALIDATION, VTD_LOG_QI_ENABLE,
VtdUnitBaseAddress);
@@ -577,7 +572,7 @@ DumpVtdCapRegs (
IN VTD_CAP_REG *CapReg
)
{
- DEBUG((DEBUG_INFO, " CapReg - 0x%x\n", CapReg->Uint64));
+ DEBUG((DEBUG_INFO, " CapReg - 0x%lx\n", CapReg->Uint64));
DEBUG((DEBUG_INFO, "ND - 0x%x\n", CapReg->Bits.ND));
DEBUG((DEBUG_INFO, "AFL- 0x%x\n", CapReg->Bits.AFL));
DEBUG((DEBUG_INFO, "RWBF - 0x%x\n", CapReg->Bits.RWBF));
@@ -737,7 +732,7 @@ DumpVtdIfError (
if (HasError) {
REPORT_STATUS_CODE (EFI_ERROR_CODE, PcdGet32 (PcdErrorCodeVTdError));
DEBUG((DEBUG_INFO, "\n ERROR \n"));
- DumpVtdRegs (mVtdUnitInformation[Num].VtdUnitBaseAddress);
+ DumpVtdRegs (mVtdUnitInformation[Num].VtdUnitBaseAddress);
DEBUG((DEBUG_INFO, " ERROR \n\n"));
//
// Clear
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCorePei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCorePei/IntelVTdDmar.c
index 93207ba52..549313dbf 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCorePei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCorePei/IntelVTdDmar.c
@@ -120,13 +120,8 @@ PerpareCacheInvalidationInterface (
// Enable the queued invalidation interface through the Global Command
Register.
// When enabled, hardware sets the QIES field in the Global Status Register.
//
- Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
- Reg32 |= B_GMCD_REG_QIE;
- MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Reg32);
- DEBUG ((DEBUG_INFO, "Enable Queued Invalidation Interface. GCMD_REG =
0x%x\n", Reg32));
- do {
-Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
- } while ((Reg32 & B_GSTS_REG_QIES) == 0);
+ DEBUG ((DEBUG_INFO, "Enable Queued Invalidation Interface.\n"));
+ VtdLibSetGlobalCommandRegisterBits (VtdUnitBaseAddress, B_GMCD_REG_QIE);
VTdLogAddEvent (VTDLOG_PEI_QUEUED_INVALIDATION, VTD_LOG_QI_ENABLE,
VtdUnitBaseAddress);
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index e1b867973..533fb2b9a 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -20,6 +20,18 @@
#include
#include "IntelVTdDmarPei.h"
+VOID
+SetGlobalCommandRegisterBits (
+ IN UINTN VtdUnitBaseAddress,
+ IN UINT32BitMask
+ );
+
+VOID
+ClearGlobalCommandRegisterBits (
+ IN UINTN VtdUnitBaseAddress,
+ IN UINT32BitMask
+ );
+
/**
Flush VTD page table and context table memory.
@@ -58,6 +70,7 @@ FlushWriteBuffer (
if (CapReg.Bits.RWBF != 0) {
Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
+Reg32 = (Reg32 & 0x96FF); // Reset the one-shot bits
MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Reg32 | B_GMCD_REG_WBF);
do {
Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG)
[edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Add feedback status for PciIoMap
PciIoMap () need to feedback the status of mIoMmuProtocol->SetAttribute () return value. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4652 Cc: Ray Ni Cc: Huang Jenny Cc: Chiang Chris Signed-off-by: Sheng Wei --- MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c index 14bed54729..e85544d08d 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c @@ -1024,12 +1024,12 @@ PciIoMap ( return EFI_INVALID_PARAMETER; } - mIoMmuProtocol->SetAttribute ( -mIoMmuProtocol, -PciIoDevice->Handle, -*Mapping, -IoMmuAttribute -); + Status = mIoMmuProtocol->SetAttribute ( + mIoMmuProtocol, + PciIoDevice->Handle, + *Mapping, + IoMmuAttribute + ); } } -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114136): https://edk2.groups.io/g/devel/message/114136 Mute This Topic: https://groups.io/mt/103881889/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] MdeModulePkg/PciBusDxe: Add feedback status for PciIoMap
PciIoMap () need to feedback the status of mIoMmuProtocol->SetAttribute () return value. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4652 Cc: Ray Ni Cc: Huang, Jenny Cc: Chiang, Chris Signed-off-by: Sheng Wei --- MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c index 14bed54729..e85544d08d 100644 --- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c +++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c @@ -1024,12 +1024,12 @@ PciIoMap ( return EFI_INVALID_PARAMETER; } - mIoMmuProtocol->SetAttribute ( -mIoMmuProtocol, -PciIoDevice->Handle, -*Mapping, -IoMmuAttribute -); + Status = mIoMmuProtocol->SetAttribute ( + mIoMmuProtocol, + PciIoDevice->Handle, + *Mapping, + IoMmuAttribute + ); } } -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114135): https://edk2.groups.io/g/devel/message/114135 Mute This Topic: https://groups.io/mt/103881889/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v7 1/5] UefiCpuPkg: Add macro definitions for CET feature for NASM files.
Hi Ray, I update the copyright year and add your review-by for the 5 patches. And here is the PR https://github.com/tianocore/edk2/pull/5109 Thank you. BR Sheng Wei > -Original Message- > From: Ni, Ray > Sent: Thursday, December 7, 2023 4:41 PM > To: Sheng, W ; devel@edk2.groups.io > Cc: Dong, Eric ; Laszlo Ersek ; Wu, > Jiaxin ; Tan, Dun > Subject: RE: [PATCH v7 1/5] UefiCpuPkg: Add macro definitions for CET > feature for NASM files. > > For all the series (5 patches), Reviewed-by: Ray Ni > > Can you kindly create PR and update the copyright year in file header in the > final PR? > > Thanks, > Ray > > -Original Message- > > From: Sheng, W > > Sent: Wednesday, December 6, 2023 4:16 PM > > To: devel@edk2.groups.io > > Cc: Dong, Eric ; Ni, Ray ; > > Laszlo Ersek ; Wu, Jiaxin ; > > Tan, Dun > > Subject: [PATCH v7 1/5] UefiCpuPkg: Add macro definitions for CET > > feature for NASM files. > > > > Signed-off-by: Sheng Wei > > Cc: Eric Dong > > Cc: Ray Ni > > Cc: Laszlo Ersek > > Cc: Wu Jiaxin > > Cc: Tan Dun > > --- > > UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc | 26 > > ++ > > 1 file changed, 26 insertions(+) > > create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc > > > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc > > b/UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc > > new file mode 100644 > > index 00..41c99988c9 > > --- /dev/null > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc > > @@ -0,0 +1,26 @@ > > +; > > +-- > > > > +; > > > > +; Copyright (c) 2023, Intel Corporation. All rights reserved. > > > > +; SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +; > > > > +; Abstract: > > > > +; > > > > +; This file provides macro definitions for CET feature for NASM files. > > > > +; > > > > +; > > +-- > > > > + > > > > +%define MSR_IA32_U_CET 0x6A0 > > > > +%define MSR_IA32_S_CET 0x6A2 > > > > +%define MSR_IA32_CET_SH_STK_EN (1<<0) > > > > +%define MSR_IA32_CET_WR_SHSTK_EN (1<<1) > > > > +%define MSR_IA32_CET_ENDBR_EN (1<<2) > > > > +%define MSR_IA32_CET_LEG_IW_EN (1<<3) > > > > +%define MSR_IA32_CET_NO_TRACK_EN (1<<4) > > > > +%define MSR_IA32_CET_SUPPRESS_DIS (1<<5) > > > > +%define MSR_IA32_CET_SUPPRESS (1<<10) > > > > +%define MSR_IA32_CET_TRACKER (1<<11) > > > > +%define MSR_IA32_PL0_SSP 0x6A4 > > > > +%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 > > > > + > > > > +%define CR4_CET_BIT23 > > > > +%define CR4_CET(1< > > > -- > > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112171): https://edk2.groups.io/g/devel/message/112171 Mute This Topic: https://groups.io/mt/103009377/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 5/5] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler.
OS may enable CET-IBT feature by set MSR IA32_U_CET.bit2. If IA32_U_CET.bit2 is set, CPU is in WAIT_FOR_ENDBRANCH state and the next assemble code is not ENDBR, it will trigger #CP exception when set CR4.CET bit. SMI handler needs to backup MSR IA32_U_CET and clear MSR IA32_U_CET before set CR4.CET bit, And SMI handler needs to restore MSR IA32_U_CET when exit SMI handler. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 15 +++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +++ 2 files changed, 30 insertions(+) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 1da9afab97..9e1155dee6 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -202,11 +202,21 @@ ASM_PFX(mPatchCetSupported): pushedx pusheax +mov ecx, MSR_IA32_U_CET +rdmsr +pushedx +pusheax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushedx pusheax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -276,6 +286,11 @@ CetDone: pop edx wrmsr +mov ecx, MSR_IA32_U_CET +pop eax +pop edx +wrmsr + mov ecx, MSR_IA32_S_CET pop eax pop edx diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index abf9f1a90a..881d3177f7 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -217,6 +217,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +rdmsr +pushrdx +pushrax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushrdx @@ -227,6 +232,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -325,6 +335,11 @@ mCetSupportedAbsAddr: pop rdx wrmsr +mov ecx, MSR_IA32_U_CET +pop rax +pop rdx +wrmsr + mov ecx, MSR_IA32_S_CET pop rax pop rdx -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112099): https://edk2.groups.io/g/devel/message/112099 Mute This Topic: https://groups.io/mt/103009381/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 4/5] UefiCpuPkg: Only change CR4.CET bit for enable and disable CET.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 10 +++--- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 10 +++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 6368982433..1da9afab97 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -237,7 +237,9 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, ecx -mov eax, 0x668 | CR4_CET +; set CR4.CET bit for enable CET +mov eax, cr4 +bts eax, CR4_CET_BIT mov cr4, eax setssbsy @@ -264,8 +266,10 @@ CetDone: cmp al, 0 jz CetDone2 -mov eax, 0x668 -mov cr4, eax ; disable CET +; clear CR4.CET bit for disable CET +mov eax, cr4 +btr eax, CR4_CET_BIT +mov cr4, eax mov ecx, MSR_IA32_PL0_SSP pop eax diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index 9a225bc3be..abf9f1a90a 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -263,7 +263,9 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, rcx -mov eax, 0x668 | CR4_CET +; set CR4.CET bit for enable CET +mov rax, cr4 +bts rax, CR4_CET_BIT mov cr4, rax setssbsy @@ -308,8 +310,10 @@ mCetSupportedAbsAddr: cmp al, 0 jz CetDone2 -mov eax, 0x668 -mov cr4, rax ; disable CET +; clear CR4.CET bit for disable CET +mov rax, cr4 +btr rax, CR4_CET_BIT +mov cr4, rax mov ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR pop rax -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112098): https://edk2.groups.io/g/devel/message/112098 Mute This Topic: https://groups.io/mt/103009380/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 1/5] UefiCpuPkg: Add macro definitions for CET feature for NASM files.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc | 26 ++ 1 file changed, 26 insertions(+) create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc b/UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc new file mode 100644 index 00..41c99988c9 --- /dev/null +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc @@ -0,0 +1,26 @@ +;-- +; +; Copyright (c) 2023, Intel Corporation. All rights reserved. +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Abstract: +; +; This file provides macro definitions for CET feature for NASM files. +; +;-- + +%define MSR_IA32_U_CET 0x6A0 +%define MSR_IA32_S_CET 0x6A2 +%define MSR_IA32_CET_SH_STK_EN (1<<0) +%define MSR_IA32_CET_WR_SHSTK_EN (1<<1) +%define MSR_IA32_CET_ENDBR_EN (1<<2) +%define MSR_IA32_CET_LEG_IW_EN (1<<3) +%define MSR_IA32_CET_NO_TRACK_EN (1<<4) +%define MSR_IA32_CET_SUPPRESS_DIS (1<<5) +%define MSR_IA32_CET_SUPPRESS (1<<10) +%define MSR_IA32_CET_TRACKER (1<<11) +%define MSR_IA32_PL0_SSP 0x6A4 +%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 + +%define CR4_CET_BIT23 +%define CR4_CET(1<https://edk2.groups.io/g/devel/message/112095 Mute This Topic: https://groups.io/mt/103009377/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 3/5] UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 14 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +-- 2 files changed, 2 insertions(+), 27 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 19de5f614e..6368982433 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -15,19 +15,7 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" - -%define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 -%define MSR_IA32_PL0_SSP 0x6A4 - -%define CR4_CET0x80 +%include "Cet.inc" %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index d302ca8d01..9a225bc3be 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -15,25 +15,12 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" +%include "Cet.inc" ; ; Variables referenced by C code ; -%define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 -%define MSR_IA32_PL0_SSP 0x6A4 -%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 - -%define CR4_CET0x80 - %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 %define MSR_EFER_XD 0x800 -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112097): https://edk2.groups.io/g/devel/message/112097 Mute This Topic: https://groups.io/mt/103009379/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 2/5] UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 +++-- UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm index 9d66b9c5da..3d07da1cd4 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm @@ -5,6 +5,7 @@ ;--- %include "Nasm.inc" +%include "Cet.inc" SECTION .text @@ -16,7 +17,7 @@ ASM_PFX(DisableCet): incsspd eax mov eax, cr4 -btr eax, 23 ; clear CET +btr eax, CR4_CET_BIT ; clear CET mov cr4, eax ret @@ -24,7 +25,7 @@ global ASM_PFX(EnableCet) ASM_PFX(EnableCet): mov eax, cr4 -bts eax, 23 ; set CET +bts eax, CR4_CET_BIT ; set CET mov cr4, eax ; use jmp to skip the check for ret diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm index 8bbdbb31cc..700aef4703 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm @@ -5,6 +5,7 @@ ;--- %include "Nasm.inc" +%include "Cet.inc" DEFAULT REL SECTION .text @@ -17,7 +18,7 @@ ASM_PFX(DisableCet): incsspq rax mov rax, cr4 -btr eax, 23 ; clear CET +btr eax, CR4_CET_BIT ; clear CET mov cr4, rax ret @@ -25,7 +26,7 @@ global ASM_PFX(EnableCet) ASM_PFX(EnableCet): mov rax, cr4 -bts eax, 23 ; set CET +bts eax, CR4_CET_BIT ; set CET mov cr4, rax ; use jmp to skip the check for ret -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112096): https://edk2.groups.io/g/devel/message/112096 Mute This Topic: https://groups.io/mt/103009378/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v7 0/5] MdePkg: Add macro definitions for CET feature for NASM files.
Patch V7: Remove all the change in MdePkg. Move cet.inc to UefiCpuPkg\PiSmmCpuDxeSmm, beacuse CET feature is only used in SMM. Patch V6: Cet.inc only contains definitions for x86 CPU. Move the file to \Ia32 and \X64 folder. Refine code for cet.inc. Patch V5: File cet.inc will be used in both MdePkg UefiCpuPkg. Move cet.inc file from UefiCpuPkg to MdePkg. Use macro CR4_CET_BIT to replace hard code value for both LongJump.nasm and SetJump.nasm. Patch V4: Separate the changes to 5 patches. 1) Add macro definitions for CET feature for NASM files. 2) Use macro CR4_CET_BIT to replace hard code value in Cet.nasm. 3) Use CET macro definitions in Cet.inc for SmiEntry.nasm files. 4) Only change CR4.CET bit for enable/disable CET. 5) Backup and Restore MSR IA32_U_CET in SMI handler. Remove some unused code. It is no need to clear MSR IA32_S_CET, because clear CR4.CET bit will disable all CET functions. Since CET is disabled between clear CR4.CET and run 'rsm', it is no need to delay MSR IA32_S_CET restoration. Patch V3: Remove the 3rd patch. mSmmInterruptSspTables is a global variable. It is unnecessary to initializ it to zero manually. Patch V2: No function change with Patch V1. Split the patch to into 3 separate patches. Sheng Wei (5): UefiCpuPkg: Add macro definitions for CET feature for NASM files. UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm. UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files. UefiCpuPkg: Only change CR4.CET bit for enable and disable CET. UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler. UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc| 26 + UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 ++- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 39 +++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 ++- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 40 +++- 5 files changed, 78 insertions(+), 37 deletions(-) create mode 100644 UefiCpuPkg/PiSmmCpuDxeSmm/Cet.inc -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112094): https://edk2.groups.io/g/devel/message/112094 Mute This Topic: https://groups.io/mt/103009376/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 6/6] MdePkg: Use macro CR4_CET_BIT to replace hard code value.
The macro is used in file LongJump.nasm and SetJump.nasm. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 3 ++- MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 3 ++- MdePkg/Library/BaseLib/X64/LongJump.nasm | 3 ++- MdePkg/Library/BaseLib/X64/SetJump.nasm | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm index 6c13dfe307..df1bf9749e 100644 --- a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm +++ b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm @@ -14,6 +14,7 @@ ;-- %include "Nasm.inc" +%include "Cet.inc" SECTION .text @@ -34,7 +35,7 @@ ASM_PFX(InternalLongJump): testeax, eax jz CetDone mov eax, cr4 -bt eax, 23; check if CET is enabled +bt eax, CR4_CET_BIT ; check if CET is enabled jnc CetDone mov edx, [esp + 4] ; edx = JumpBuffer diff --git a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm index 2577373241..0c484f6852 100644 --- a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm +++ b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm @@ -14,6 +14,7 @@ ;-- %include "Nasm.inc" +%include "Cet.inc" SECTION .text @@ -42,7 +43,7 @@ ASM_PFX(SetJump): testeax, eax jz CetDone mov eax, cr4 -bt eax, 23; check if CET is enabled +bt eax, CR4_CET_BIT ; check if CET is enabled jnc CetDone mov eax, 1 diff --git a/MdePkg/Library/BaseLib/X64/LongJump.nasm b/MdePkg/Library/BaseLib/X64/LongJump.nasm index 2002f65cba..021b49e855 100644 --- a/MdePkg/Library/BaseLib/X64/LongJump.nasm +++ b/MdePkg/Library/BaseLib/X64/LongJump.nasm @@ -14,6 +14,7 @@ ;-- %include "Nasm.inc" +%include "Cet.inc" DEFAULT REL SECTION .text @@ -35,7 +36,7 @@ ASM_PFX(InternalLongJump): testeax, eax jz CetDone mov rax, cr4 -bt eax, 23 ; check if CET is enabled +bt eax, CR4_CET_BIT ; check if CET is enabled jnc CetDone pushrdx ; save rdx diff --git a/MdePkg/Library/BaseLib/X64/SetJump.nasm b/MdePkg/Library/BaseLib/X64/SetJump.nasm index 5943a5ebe5..d2c0991e66 100644 --- a/MdePkg/Library/BaseLib/X64/SetJump.nasm +++ b/MdePkg/Library/BaseLib/X64/SetJump.nasm @@ -14,6 +14,7 @@ ;-- %include "Nasm.inc" +%include "Cet.inc" DEFAULT REL SECTION .text @@ -44,7 +45,7 @@ ASM_PFX(SetJump): testeax, eax jz CetDone mov rax, cr4 -bt eax, 23 ; check if CET is enabled +bt eax, CR4_CET_BIT ; check if CET is enabled jnc CetDone mov rax, 1 -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111520): https://edk2.groups.io/g/devel/message/111520 Mute This Topic: https://groups.io/mt/102724277/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler.
OS may enable CET-IBT feature by set MSR IA32_U_CET.bit2. If IA32_U_CET.bit2 is set, CPU is in WAIT_FOR_ENDBRANCH state and the next assemble code is not ENDBR, it will trigger #CP exception when set CR4.CET bit. SMI handler needs to backup MSR IA32_U_CET and clear MSR IA32_U_CET before set CR4.CET bit, And SMI handler needs to restore MSR IA32_U_CET when exit SMI handler. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 15 +++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +++ 2 files changed, 30 insertions(+) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 1da9afab97..9e1155dee6 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -202,11 +202,21 @@ ASM_PFX(mPatchCetSupported): pushedx pusheax +mov ecx, MSR_IA32_U_CET +rdmsr +pushedx +pusheax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushedx pusheax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -276,6 +286,11 @@ CetDone: pop edx wrmsr +mov ecx, MSR_IA32_U_CET +pop eax +pop edx +wrmsr + mov ecx, MSR_IA32_S_CET pop eax pop edx diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index abf9f1a90a..881d3177f7 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -217,6 +217,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +rdmsr +pushrdx +pushrax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushrdx @@ -227,6 +232,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -325,6 +335,11 @@ mCetSupportedAbsAddr: pop rdx wrmsr +mov ecx, MSR_IA32_U_CET +pop rax +pop rdx +wrmsr + mov ecx, MSR_IA32_S_CET pop rax pop rdx -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111519): https://edk2.groups.io/g/devel/message/111519 Mute This Topic: https://groups.io/mt/102724276/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 4/6] UefiCpuPkg: Only change CR4.CET bit for enable and disable CET.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 10 +++--- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 10 +++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 6368982433..1da9afab97 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -237,7 +237,9 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, ecx -mov eax, 0x668 | CR4_CET +; set CR4.CET bit for enable CET +mov eax, cr4 +bts eax, CR4_CET_BIT mov cr4, eax setssbsy @@ -264,8 +266,10 @@ CetDone: cmp al, 0 jz CetDone2 -mov eax, 0x668 -mov cr4, eax ; disable CET +; clear CR4.CET bit for disable CET +mov eax, cr4 +btr eax, CR4_CET_BIT +mov cr4, eax mov ecx, MSR_IA32_PL0_SSP pop eax diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index 9a225bc3be..abf9f1a90a 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -263,7 +263,9 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, rcx -mov eax, 0x668 | CR4_CET +; set CR4.CET bit for enable CET +mov rax, cr4 +bts rax, CR4_CET_BIT mov cr4, rax setssbsy @@ -308,8 +310,10 @@ mCetSupportedAbsAddr: cmp al, 0 jz CetDone2 -mov eax, 0x668 -mov cr4, rax ; disable CET +; clear CR4.CET bit for disable CET +mov rax, cr4 +btr rax, CR4_CET_BIT +mov cr4, rax mov ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR pop rax -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111518): https://edk2.groups.io/g/devel/message/111518 Mute This Topic: https://groups.io/mt/102724275/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 3/6] UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 14 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +-- 2 files changed, 2 insertions(+), 27 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 19de5f614e..6368982433 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -15,19 +15,7 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" - -%define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 -%define MSR_IA32_PL0_SSP 0x6A4 - -%define CR4_CET0x80 +%include "Cet.inc" %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index d302ca8d01..9a225bc3be 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -15,25 +15,12 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" +%include "Cet.inc" ; ; Variables referenced by C code ; -%define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 -%define MSR_IA32_PL0_SSP 0x6A4 -%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 - -%define CR4_CET0x80 - %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 %define MSR_EFER_XD 0x800 -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111517): https://edk2.groups.io/g/devel/message/111517 Mute This Topic: https://groups.io/mt/102724274/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 2/6] UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 +++-- UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm index 9d66b9c5da..3d07da1cd4 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm @@ -5,6 +5,7 @@ ;--- %include "Nasm.inc" +%include "Cet.inc" SECTION .text @@ -16,7 +17,7 @@ ASM_PFX(DisableCet): incsspd eax mov eax, cr4 -btr eax, 23 ; clear CET +btr eax, CR4_CET_BIT ; clear CET mov cr4, eax ret @@ -24,7 +25,7 @@ global ASM_PFX(EnableCet) ASM_PFX(EnableCet): mov eax, cr4 -bts eax, 23 ; set CET +bts eax, CR4_CET_BIT ; set CET mov cr4, eax ; use jmp to skip the check for ret diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm index 8bbdbb31cc..700aef4703 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm @@ -5,6 +5,7 @@ ;--- %include "Nasm.inc" +%include "Cet.inc" DEFAULT REL SECTION .text @@ -17,7 +18,7 @@ ASM_PFX(DisableCet): incsspq rax mov rax, cr4 -btr eax, 23 ; clear CET +btr eax, CR4_CET_BIT ; clear CET mov cr4, rax ret @@ -25,7 +26,7 @@ global ASM_PFX(EnableCet) ASM_PFX(EnableCet): mov rax, cr4 -bts eax, 23 ; set CET +bts eax, CR4_CET_BIT ; set CET mov cr4, rax ; use jmp to skip the check for ret -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111516): https://edk2.groups.io/g/devel/message/111516 Mute This Topic: https://groups.io/mt/102724273/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 1/6] MdePkg: Add macro definitions for CET feature for NASM files.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- MdePkg/Include/Ia32/Cet.inc | 26 ++ MdePkg/Include/X64/Cet.inc | 26 ++ 2 files changed, 52 insertions(+) create mode 100644 MdePkg/Include/Ia32/Cet.inc create mode 100644 MdePkg/Include/X64/Cet.inc diff --git a/MdePkg/Include/Ia32/Cet.inc b/MdePkg/Include/Ia32/Cet.inc new file mode 100644 index 00..41c99988c9 --- /dev/null +++ b/MdePkg/Include/Ia32/Cet.inc @@ -0,0 +1,26 @@ +;-- +; +; Copyright (c) 2023, Intel Corporation. All rights reserved. +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Abstract: +; +; This file provides macro definitions for CET feature for NASM files. +; +;-- + +%define MSR_IA32_U_CET 0x6A0 +%define MSR_IA32_S_CET 0x6A2 +%define MSR_IA32_CET_SH_STK_EN (1<<0) +%define MSR_IA32_CET_WR_SHSTK_EN (1<<1) +%define MSR_IA32_CET_ENDBR_EN (1<<2) +%define MSR_IA32_CET_LEG_IW_EN (1<<3) +%define MSR_IA32_CET_NO_TRACK_EN (1<<4) +%define MSR_IA32_CET_SUPPRESS_DIS (1<<5) +%define MSR_IA32_CET_SUPPRESS (1<<10) +%define MSR_IA32_CET_TRACKER (1<<11) +%define MSR_IA32_PL0_SSP 0x6A4 +%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 + +%define CR4_CET_BIT23 +%define CR4_CET(1< +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Abstract: +; +; This file provides macro definitions for CET feature for NASM files. +; +;-- + +%define MSR_IA32_U_CET 0x6A0 +%define MSR_IA32_S_CET 0x6A2 +%define MSR_IA32_CET_SH_STK_EN (1<<0) +%define MSR_IA32_CET_WR_SHSTK_EN (1<<1) +%define MSR_IA32_CET_ENDBR_EN (1<<2) +%define MSR_IA32_CET_LEG_IW_EN (1<<3) +%define MSR_IA32_CET_NO_TRACK_EN (1<<4) +%define MSR_IA32_CET_SUPPRESS_DIS (1<<5) +%define MSR_IA32_CET_SUPPRESS (1<<10) +%define MSR_IA32_CET_TRACKER (1<<11) +%define MSR_IA32_PL0_SSP 0x6A4 +%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 + +%define CR4_CET_BIT23 +%define CR4_CET(1<https://edk2.groups.io/g/devel/message/111515 Mute This Topic: https://groups.io/mt/102724272/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 0/6] MdePkg: Add macro definitions for CET feature for NASM files.
Patch V6: Cet.inc only contains definitions for x86 CPU. Move the file to \Ia32 and \X64 folder. Refine code for cet.inc. Patch V5: File cet.inc will be used in both MdePkg UefiCpuPkg. Move cet.inc file from UefiCpuPkg to MdePkg. Use macro CR4_CET_BIT to replace hard code value for both LongJump.nasm and SetJump.nasm. Patch V4: Separate the changes to 5 patches. 1) Add macro definitions for CET feature for NASM files. 2) Use macro CR4_CET_BIT to replace hard code value in Cet.nasm. 3) Use CET macro definitions in Cet.inc for SmiEntry.nasm files. 4) Only change CR4.CET bit for enable/disable CET. 5) Backup and Restore MSR IA32_U_CET in SMI handler. Remove some unused code. It is no need to clear MSR IA32_S_CET, because clear CR4.CET bit will disable all CET functions. Since CET is disabled between clear CR4.CET and run 'rsm', it is no need to delay MSR IA32_S_CET restoration. Patch V3: Remove the 3rd patch. mSmmInterruptSspTables is a global variable. It is unnecessary to initializ it to zero manually. Patch V2: No function change with Patch V1. Split the patch to into 3 separate patches. Sheng Wei (6): MdePkg: Add macro definitions for CET feature for NASM files. UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm. UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files. UefiCpuPkg: Only change CR4.CET bit for enable and disable CET. UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler. MdePkg: Use macro CR4_CET_BIT to replace hard code value. MdePkg/Include/Ia32/Cet.inc | 26 + MdePkg/Include/X64/Cet.inc | 26 + MdePkg/Library/BaseLib/Ia32/LongJump.nasm| 3 +- MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 3 +- MdePkg/Library/BaseLib/X64/LongJump.nasm | 3 +- MdePkg/Library/BaseLib/X64/SetJump.nasm | 3 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 ++- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 39 +++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 ++- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 40 +++- 10 files changed, 112 insertions(+), 41 deletions(-) create mode 100644 MdePkg/Include/Ia32/Cet.inc create mode 100644 MdePkg/Include/X64/Cet.inc -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111514): https://edk2.groups.io/g/devel/message/111514 Mute This Topic: https://groups.io/mt/102724271/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 6/6] MdePkg: Use macro CR4_CET_BIT to replace hard code value.
The macro is used in file LongJump.nasm and SetJump.nasm. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 3 ++- MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 3 ++- MdePkg/Library/BaseLib/X64/LongJump.nasm | 3 ++- MdePkg/Library/BaseLib/X64/SetJump.nasm | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm index 6c13dfe307..df1bf9749e 100644 --- a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm +++ b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm @@ -14,6 +14,7 @@ ;-- %include "Nasm.inc" +%include "Cet.inc" SECTION .text @@ -34,7 +35,7 @@ ASM_PFX(InternalLongJump): testeax, eax jz CetDone mov eax, cr4 -bt eax, 23; check if CET is enabled +bt eax, CR4_CET_BIT ; check if CET is enabled jnc CetDone mov edx, [esp + 4] ; edx = JumpBuffer diff --git a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm index 2577373241..0c484f6852 100644 --- a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm +++ b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm @@ -14,6 +14,7 @@ ;-- %include "Nasm.inc" +%include "Cet.inc" SECTION .text @@ -42,7 +43,7 @@ ASM_PFX(SetJump): testeax, eax jz CetDone mov eax, cr4 -bt eax, 23; check if CET is enabled +bt eax, CR4_CET_BIT ; check if CET is enabled jnc CetDone mov eax, 1 diff --git a/MdePkg/Library/BaseLib/X64/LongJump.nasm b/MdePkg/Library/BaseLib/X64/LongJump.nasm index 2002f65cba..021b49e855 100644 --- a/MdePkg/Library/BaseLib/X64/LongJump.nasm +++ b/MdePkg/Library/BaseLib/X64/LongJump.nasm @@ -14,6 +14,7 @@ ;-- %include "Nasm.inc" +%include "Cet.inc" DEFAULT REL SECTION .text @@ -35,7 +36,7 @@ ASM_PFX(InternalLongJump): testeax, eax jz CetDone mov rax, cr4 -bt eax, 23 ; check if CET is enabled +bt eax, CR4_CET_BIT ; check if CET is enabled jnc CetDone pushrdx ; save rdx diff --git a/MdePkg/Library/BaseLib/X64/SetJump.nasm b/MdePkg/Library/BaseLib/X64/SetJump.nasm index 5943a5ebe5..d2c0991e66 100644 --- a/MdePkg/Library/BaseLib/X64/SetJump.nasm +++ b/MdePkg/Library/BaseLib/X64/SetJump.nasm @@ -14,6 +14,7 @@ ;-- %include "Nasm.inc" +%include "Cet.inc" DEFAULT REL SECTION .text @@ -44,7 +45,7 @@ ASM_PFX(SetJump): testeax, eax jz CetDone mov rax, cr4 -bt eax, 23 ; check if CET is enabled +bt eax, CR4_CET_BIT ; check if CET is enabled jnc CetDone mov rax, 1 -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111240): https://edk2.groups.io/g/devel/message/111240 Mute This Topic: https://groups.io/mt/102599356/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler.
OS may enable CET-IBT feature by set MSR IA32_U_CET.bit2. If IA32_U_CET.bit2 is set, CPU is in WAIT_FOR_ENDBRANCH state and the next assemble code is not ENDBR, it will trigger #CP exception when set CR4.CET bit. SMI handler needs to backup MSR IA32_U_CET and clear MSR IA32_U_CET before set CR4.CET bit, And SMI handler needs to restore MSR IA32_U_CET when exit SMI handler. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 15 +++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +++ 2 files changed, 30 insertions(+) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 1da9afab97..9e1155dee6 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -202,11 +202,21 @@ ASM_PFX(mPatchCetSupported): pushedx pusheax +mov ecx, MSR_IA32_U_CET +rdmsr +pushedx +pusheax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushedx pusheax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -276,6 +286,11 @@ CetDone: pop edx wrmsr +mov ecx, MSR_IA32_U_CET +pop eax +pop edx +wrmsr + mov ecx, MSR_IA32_S_CET pop eax pop edx diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index abf9f1a90a..881d3177f7 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -217,6 +217,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +rdmsr +pushrdx +pushrax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushrdx @@ -227,6 +232,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -325,6 +335,11 @@ mCetSupportedAbsAddr: pop rdx wrmsr +mov ecx, MSR_IA32_U_CET +pop rax +pop rdx +wrmsr + mov ecx, MSR_IA32_S_CET pop rax pop rdx -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111239): https://edk2.groups.io/g/devel/message/111239 Mute This Topic: https://groups.io/mt/102599355/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 4/6] UefiCpuPkg: Only change CR4.CET bit for enable and disable CET.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 10 +++--- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 10 +++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 6368982433..1da9afab97 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -237,7 +237,9 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, ecx -mov eax, 0x668 | CR4_CET +; set CR4.CET bit for enable CET +mov eax, cr4 +bts eax, CR4_CET_BIT mov cr4, eax setssbsy @@ -264,8 +266,10 @@ CetDone: cmp al, 0 jz CetDone2 -mov eax, 0x668 -mov cr4, eax ; disable CET +; clear CR4.CET bit for disable CET +mov eax, cr4 +btr eax, CR4_CET_BIT +mov cr4, eax mov ecx, MSR_IA32_PL0_SSP pop eax diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index 9a225bc3be..abf9f1a90a 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -263,7 +263,9 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, rcx -mov eax, 0x668 | CR4_CET +; set CR4.CET bit for enable CET +mov rax, cr4 +bts rax, CR4_CET_BIT mov cr4, rax setssbsy @@ -308,8 +310,10 @@ mCetSupportedAbsAddr: cmp al, 0 jz CetDone2 -mov eax, 0x668 -mov cr4, rax ; disable CET +; clear CR4.CET bit for disable CET +mov rax, cr4 +btr rax, CR4_CET_BIT +mov cr4, rax mov ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR pop rax -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111238): https://edk2.groups.io/g/devel/message/111238 Mute This Topic: https://groups.io/mt/102599354/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 3/6] UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 14 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +-- 2 files changed, 2 insertions(+), 27 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 19de5f614e..6368982433 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -15,19 +15,7 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" - -%define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 -%define MSR_IA32_PL0_SSP 0x6A4 - -%define CR4_CET0x80 +%include "Cet.inc" %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index d302ca8d01..9a225bc3be 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -15,25 +15,12 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" +%include "Cet.inc" ; ; Variables referenced by C code ; -%define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 -%define MSR_IA32_PL0_SSP 0x6A4 -%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 - -%define CR4_CET0x80 - %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 %define MSR_EFER_XD 0x800 -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111237): https://edk2.groups.io/g/devel/message/111237 Mute This Topic: https://groups.io/mt/102599352/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 2/6] UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 +++-- UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm index 9d66b9c5da..3d07da1cd4 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm @@ -5,6 +5,7 @@ ;--- %include "Nasm.inc" +%include "Cet.inc" SECTION .text @@ -16,7 +17,7 @@ ASM_PFX(DisableCet): incsspd eax mov eax, cr4 -btr eax, 23 ; clear CET +btr eax, CR4_CET_BIT ; clear CET mov cr4, eax ret @@ -24,7 +25,7 @@ global ASM_PFX(EnableCet) ASM_PFX(EnableCet): mov eax, cr4 -bts eax, 23 ; set CET +bts eax, CR4_CET_BIT ; set CET mov cr4, eax ; use jmp to skip the check for ret diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm index 8bbdbb31cc..700aef4703 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm @@ -5,6 +5,7 @@ ;--- %include "Nasm.inc" +%include "Cet.inc" DEFAULT REL SECTION .text @@ -17,7 +18,7 @@ ASM_PFX(DisableCet): incsspq rax mov rax, cr4 -btr eax, 23 ; clear CET +btr eax, CR4_CET_BIT ; clear CET mov cr4, rax ret @@ -25,7 +26,7 @@ global ASM_PFX(EnableCet) ASM_PFX(EnableCet): mov rax, cr4 -bts eax, 23 ; set CET +bts eax, CR4_CET_BIT ; set CET mov cr4, rax ; use jmp to skip the check for ret -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111236): https://edk2.groups.io/g/devel/message/111236 Mute This Topic: https://groups.io/mt/102599350/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 0/6] MdePkg: Add macro definitions for CET feature for NASM files.
Patch V5: File cet.inc will be used in both MdePkg UefiCpuPkg. Move cet.inc file from UefiCpuPkg to MdePkg. Use macro CR4_CET_BIT to replace hard code value for both LongJump.nasm and SetJump.nasm. Patch V4: Separate the changes to 5 patches. 1) Add macro definitions for CET feature for NASM files. 2) Use macro CR4_CET_BIT to replace hard code value in Cet.nasm. 3) Use CET macro definitions in Cet.inc for SmiEntry.nasm files. 4) Only change CR4.CET bit for enable/disable CET. 5) Backup and Restore MSR IA32_U_CET in SMI handler. Remove some unused code. It is no need to clear MSR IA32_S_CET, because clear CR4.CET bit will disable all CET functions. Since CET is disabled between clear CR4.CET and run 'rsm', it is no need to delay MSR IA32_S_CET restoration. Patch V3: Remove the 3rd patch. mSmmInterruptSspTables is a global variable. It is unnecessary to initializ it to zero manually. Patch V2: No function change with Patch V1. Split the patch to into 3 separate patches. Sheng Wei (6): MdePkg: Add macro definitions for CET feature for NASM files. UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm. UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files. UefiCpuPkg: Only change CR4.CET bit for enable and disable CET. UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler. MdePkg: Use macro CR4_CET_BIT to replace hard code value. MdePkg/Include/Cet.inc | 26 + MdePkg/Library/BaseLib/Ia32/LongJump.nasm| 3 +- MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 3 +- MdePkg/Library/BaseLib/X64/LongJump.nasm | 3 +- MdePkg/Library/BaseLib/X64/SetJump.nasm | 3 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 ++- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 39 +++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 ++- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 40 +++- 9 files changed, 86 insertions(+), 41 deletions(-) create mode 100644 MdePkg/Include/Cet.inc -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111234): https://edk2.groups.io/g/devel/message/111234 Mute This Topic: https://groups.io/mt/102599348/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v5 1/6] MdePkg: Add macro definitions for CET feature for NASM files.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun Reviewed-by: Laszlo Ersek --- MdePkg/Include/Cet.inc | 26 ++ 1 file changed, 26 insertions(+) create mode 100644 MdePkg/Include/Cet.inc diff --git a/MdePkg/Include/Cet.inc b/MdePkg/Include/Cet.inc new file mode 100644 index 00..a4038a0682 --- /dev/null +++ b/MdePkg/Include/Cet.inc @@ -0,0 +1,26 @@ +;-- +; +; Copyright (c) 2023, Intel Corporation. All rights reserved. +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Abstract: +; +; This file provides macro definitions for CET feature for NASM files. +; +;-- + +%define MSR_IA32_U_CET 0x6A0 +%define MSR_IA32_S_CET 0x6A2 +%define MSR_IA32_CET_SH_STK_EN 0x1 +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 +%define MSR_IA32_CET_ENDBR_EN 0x4 +%define MSR_IA32_CET_LEG_IW_EN 0x8 +%define MSR_IA32_CET_NO_TRACK_EN 0x10 +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 +%define MSR_IA32_CET_SUPPRESS 0x400 +%define MSR_IA32_CET_TRACKER 0x800 +%define MSR_IA32_PL0_SSP 0x6A4 +%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 + +%define CR4_CET_BIT23 +%define CR4_CET0x80 -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#111235): https://edk2.groups.io/g/devel/message/111235 Mute This Topic: https://groups.io/mt/102599349/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 5/5] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler.
OS may enable CET-IBT feature by set MSR IA32_U_CET.bit2. If IA32_U_CET.bit2 is set, CPU is in WAIT_FOR_ENDBRANCH state and the next assemble code is not ENDBR, it will trigger #CP exception when set CR4.CET bit. SMI handler needs to backup MSR IA32_U_CET and clear MSR IA32_U_CET before set CR4.CET bit, And SMI handler needs to restore MSR IA32_U_CET when exit SMI handler. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 15 +++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +++ 2 files changed, 30 insertions(+) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 1da9afab97..9e1155dee6 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -202,11 +202,21 @@ ASM_PFX(mPatchCetSupported): pushedx pusheax +mov ecx, MSR_IA32_U_CET +rdmsr +pushedx +pusheax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushedx pusheax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -276,6 +286,11 @@ CetDone: pop edx wrmsr +mov ecx, MSR_IA32_U_CET +pop eax +pop edx +wrmsr + mov ecx, MSR_IA32_S_CET pop eax pop edx diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index abf9f1a90a..881d3177f7 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -217,6 +217,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +rdmsr +pushrdx +pushrax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushrdx @@ -227,6 +232,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -325,6 +335,11 @@ mCetSupportedAbsAddr: pop rdx wrmsr +mov ecx, MSR_IA32_U_CET +pop rax +pop rdx +wrmsr + mov ecx, MSR_IA32_S_CET pop rax pop rdx -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#27): https://edk2.groups.io/g/devel/message/27 Mute This Topic: https://groups.io/mt/102556838/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 4/5] UefiCpuPkg: Only change CR4.CET bit for enable and disable CET.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 10 +++--- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 10 +++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 6368982433..1da9afab97 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -237,7 +237,9 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, ecx -mov eax, 0x668 | CR4_CET +; set CR4.CET bit for enable CET +mov eax, cr4 +bts eax, CR4_CET_BIT mov cr4, eax setssbsy @@ -264,8 +266,10 @@ CetDone: cmp al, 0 jz CetDone2 -mov eax, 0x668 -mov cr4, eax ; disable CET +; clear CR4.CET bit for disable CET +mov eax, cr4 +btr eax, CR4_CET_BIT +mov cr4, eax mov ecx, MSR_IA32_PL0_SSP pop eax diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index 9a225bc3be..abf9f1a90a 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -263,7 +263,9 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, rcx -mov eax, 0x668 | CR4_CET +; set CR4.CET bit for enable CET +mov rax, cr4 +bts rax, CR4_CET_BIT mov cr4, rax setssbsy @@ -308,8 +310,10 @@ mCetSupportedAbsAddr: cmp al, 0 jz CetDone2 -mov eax, 0x668 -mov cr4, rax ; disable CET +; clear CR4.CET bit for disable CET +mov rax, cr4 +btr rax, CR4_CET_BIT +mov cr4, rax mov ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR pop rax -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#26): https://edk2.groups.io/g/devel/message/26 Mute This Topic: https://groups.io/mt/102556837/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 3/5] UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 14 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 15 +-- 2 files changed, 2 insertions(+), 27 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 19de5f614e..6368982433 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -15,19 +15,7 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" - -%define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 -%define MSR_IA32_PL0_SSP 0x6A4 - -%define CR4_CET0x80 +%include "Cet.inc" %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index d302ca8d01..9a225bc3be 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -15,25 +15,12 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" +%include "Cet.inc" ; ; Variables referenced by C code ; -%define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 -%define MSR_IA32_PL0_SSP 0x6A4 -%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 - -%define CR4_CET0x80 - %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 %define MSR_EFER_XD 0x800 -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#25): https://edk2.groups.io/g/devel/message/25 Mute This Topic: https://groups.io/mt/102556836/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 2/5] UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 +++-- UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm index 9d66b9c5da..3d07da1cd4 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm @@ -5,6 +5,7 @@ ;--- %include "Nasm.inc" +%include "Cet.inc" SECTION .text @@ -16,7 +17,7 @@ ASM_PFX(DisableCet): incsspd eax mov eax, cr4 -btr eax, 23 ; clear CET +btr eax, CR4_CET_BIT ; clear CET mov cr4, eax ret @@ -24,7 +25,7 @@ global ASM_PFX(EnableCet) ASM_PFX(EnableCet): mov eax, cr4 -bts eax, 23 ; set CET +bts eax, CR4_CET_BIT ; set CET mov cr4, eax ; use jmp to skip the check for ret diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm index 8bbdbb31cc..700aef4703 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm @@ -5,6 +5,7 @@ ;--- %include "Nasm.inc" +%include "Cet.inc" DEFAULT REL SECTION .text @@ -17,7 +18,7 @@ ASM_PFX(DisableCet): incsspq rax mov rax, cr4 -btr eax, 23 ; clear CET +btr eax, CR4_CET_BIT ; clear CET mov cr4, rax ret @@ -25,7 +26,7 @@ global ASM_PFX(EnableCet) ASM_PFX(EnableCet): mov rax, cr4 -bts eax, 23 ; set CET +bts eax, CR4_CET_BIT ; set CET mov cr4, rax ; use jmp to skip the check for ret -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#24): https://edk2.groups.io/g/devel/message/24 Mute This Topic: https://groups.io/mt/102556834/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 1/5] UefiCpuPkg: Add macro definitions for CET feature for NASM files.
Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/Include/Cet.inc | 26 ++ 1 file changed, 26 insertions(+) create mode 100644 UefiCpuPkg/Include/Cet.inc diff --git a/UefiCpuPkg/Include/Cet.inc b/UefiCpuPkg/Include/Cet.inc new file mode 100644 index 00..a4038a0682 --- /dev/null +++ b/UefiCpuPkg/Include/Cet.inc @@ -0,0 +1,26 @@ +;-- +; +; Copyright (c) 2023, Intel Corporation. All rights reserved. +; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Abstract: +; +; This file provides macro definitions for CET feature for NASM files. +; +;-- + +%define MSR_IA32_U_CET 0x6A0 +%define MSR_IA32_S_CET 0x6A2 +%define MSR_IA32_CET_SH_STK_EN 0x1 +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 +%define MSR_IA32_CET_ENDBR_EN 0x4 +%define MSR_IA32_CET_LEG_IW_EN 0x8 +%define MSR_IA32_CET_NO_TRACK_EN 0x10 +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 +%define MSR_IA32_CET_SUPPRESS 0x400 +%define MSR_IA32_CET_TRACKER 0x800 +%define MSR_IA32_PL0_SSP 0x6A4 +%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 + +%define CR4_CET_BIT23 +%define CR4_CET0x80 -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#23): https://edk2.groups.io/g/devel/message/23 Mute This Topic: https://groups.io/mt/102556833/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4 0/5] UefiCpuPkg: Add macro definitions for CET feature for NASM files.
Patch V4: Separate the changes to 5 patches. 1) Add macro definitions for CET feature for NASM files. 2) Use macro CR4_CET_BIT to replace hard code value in Cet.nasm. 3) Use CET macro definitions in Cet.inc for SmiEntry.nasm files. 4) Only change CR4.CET bit for enable/disable CET. 5) Backup and Restore MSR IA32_U_CET in SMI handler. Remove some unused code. It is no need to clear MSR IA32_S_CET, because clear CR4.CET bit will disable all CET functions. Since CET is disabled between clear CR4.CET and run 'rsm', it is no need to delay MSR IA32_S_CET restoration. Patch V3: Remove the 3rd patch. mSmmInterruptSspTables is a global variable. It is unnecessary to initializ it to zero manually. Patch V2: No function change with Patch V1. Split the patch to into 3 separate patches. Sheng Wei (5): UefiCpuPkg: Add macro definitions for CET feature for NASM files. UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm. UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files. UefiCpuPkg: Only change CR4.CET bit for enable and disable CET. UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler. UefiCpuPkg/Include/Cet.inc | 26 + UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/Cet.nasm | 5 ++- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 39 +++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/Cet.nasm | 5 ++- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 40 +++- 5 files changed, 78 insertions(+), 37 deletions(-) create mode 100644 UefiCpuPkg/Include/Cet.inc -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#22): https://edk2.groups.io/g/devel/message/22 Mute This Topic: https://groups.io/mt/102556832/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 1/3] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before restoring MSR IA32_S_CET
Hi Laszlo, Please ignore the patch V3. I will refine the patches and raise patch V4. Thank you. BR Sheng Wei > -Original Message- > From: Laszlo Ersek > Sent: Thursday, November 9, 2023 5:16 AM > To: devel@edk2.groups.io; Sheng, W > Cc: Dong, Eric ; Ni, Ray ; Wu, Jiaxin > ; Tan, Dun > Subject: Re: [edk2-devel] [PATCH v2 1/3] UefiCpuPkg/PiSmmCpuDxeSmm: > Clear CR4.CET before restoring MSR IA32_S_CET > > On 11/6/23 10:07, Sheng Wei wrote: > > Clear CR4.CET bit before restoring MSR IA32_S_CET. > > Backup/restore MSR IA32_U_CET in SMI. > > (1) As far as I understand, these are still two separate fixes. And I think > this > patch has issues due to trying to fix both issues at the same time. (I could > be > wrong of course, I'm not familiar with CET, but this is my impression.) More > details on this below. > > (2) Each issue / fix (i.e., the one issue / fix per patch) should be > explained in > detail, even if you think the issue that each patch fixes is obvious. > > > > > Signed-off-by: Sheng Wei > > Cc: Eric Dong > > Cc: Ray Ni > > Cc: Laszlo Ersek > > Cc: Wu Jiaxin > > Cc: Tan Dun > > --- > > UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 53 > --- > > UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 69 > > > 2 files changed, 98 insertions(+), 24 deletions(-) > > > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm > > b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm > > index 19de5f614e..68332e2c3f 100644 > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm > > @@ -16,18 +16,19 @@ > > %include "StuffRsbNasm.inc" > > %include "Nasm.inc" > > > > +%define MSR_IA32_U_CET 0x6A0 > > %define MSR_IA32_S_CET 0x6A2 > > -%define MSR_IA32_CET_SH_STK_EN 0x1 > > -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 > > -%define MSR_IA32_CET_ENDBR_EN 0x4 > > -%define MSR_IA32_CET_LEG_IW_EN 0x8 > > -%define MSR_IA32_CET_NO_TRACK_EN 0x10 > > -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 > > -%define MSR_IA32_CET_SUPPRESS 0x400 > > -%define MSR_IA32_CET_TRACKER 0x800 > > +%define MSR_IA32_CET_SH_STK_EN 0x1 > > +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 > > +%define MSR_IA32_CET_ENDBR_EN 0x4 > > +%define MSR_IA32_CET_LEG_IW_EN 0x8 > > +%define MSR_IA32_CET_NO_TRACK_EN 0x10 > > +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 > > +%define MSR_IA32_CET_SUPPRESS 0x400 > > +%define MSR_IA32_CET_TRACKER 0x800 > > %define MSR_IA32_PL0_SSP 0x6A4 > > > > -%define CR4_CET0x80 > > +%define CR4_CET_BIT23 > > > > %define MSR_IA32_MISC_ENABLE 0x1A0 > > %define MSR_EFER 0xc080 > > (3) These assembly language macros should have been introduced in an > include file (*.inc). > > These "SmiEntry.nasm" files already %include "StuffRsbNasm.inc" and > "Nasm.inc", so placing the CET-related macros side-by-side with those files, > for > example in a new file called "Cet.inc", would be the right thing. It would > eliminate the duplication between the IA32 and X64 nasm files. > > Please prepend a patch to the series that moves the existent macros to > "Cet.nasm", and then in this patch, add the new macros to "Cet.nasm" / > modify the old ones inside "Cet.nasm". > > > > @@ -214,11 +215,21 @@ ASM_PFX(mPatchCetSupported): > > pushedx > > pusheax > > > > +mov ecx, MSR_IA32_U_CET > > +rdmsr > > +pushedx > > +pusheax > > + > > So this is related to saving CET_U state; we're pushing the MSR contents to > the > stack right after having saving CET_S state similarly. > > > mov ecx, MSR_IA32_PL0_SSP > > rdmsr > > pushedx > > pusheax > > > > +mov ecx, MSR_IA32_U_CET > > +xor eax, eax > > +xor edx, edx > > +wrmsr > > + > > mov ecx, MSR_IA32_S_CET > > mov eax, MSR_IA32_CET_SH_STK_EN > > xor edx, edx > > This seems to clear CET_U state. Why is that necessary? > > The commit message only says "backup/restore"; it does not say "clear". >
[edk2-devel] [PATCH v3 2/2] UefiCpuPkg/PiSmmCpuDxeSmm: Change CR4.CET bit only
Do not use fixed CR4 value 0x668, change CR4.CET bit only. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 9 ++--- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 3 ++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 68332e2c3f..a087576a54 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -260,7 +260,8 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, ecx -mov eax, 0x668 | CR4_CET +mov eax, cr4 +bts eax, CR4_CET_BIT mov cr4, eax setssbsy @@ -292,8 +293,10 @@ CetDone: xor edx, edx wrmsr -mov eax, 0x668 -mov cr4, eax ; disable CET +; clear CR4.CET bit +mov eax, cr4 +btr eax, CR4_CET_BIT +mov cr4, eax mov ecx, MSR_IA32_PL0_SSP pop eax diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index 007fbff640..7aed7c8dda 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -287,7 +287,8 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, rcx -mov eax, 0x668 | CR4_CET +mov rax, cr4 +bts rax, CR4_CET_BIT mov cr4, rax setssbsy -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110885): https://edk2.groups.io/g/devel/message/110885 Mute This Topic: https://groups.io/mt/102457046/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v3 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before restoring MSR IA32_S_CET
Clear CR4.CET bit before restoring MSR IA32_S_CET. Backup/restore MSR IA32_U_CET in SMI. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 53 --- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 69 2 files changed, 98 insertions(+), 24 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 19de5f614e..68332e2c3f 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -16,18 +16,19 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" +%define MSR_IA32_U_CET 0x6A0 %define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 +%define MSR_IA32_CET_SH_STK_EN 0x1 +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 +%define MSR_IA32_CET_ENDBR_EN 0x4 +%define MSR_IA32_CET_LEG_IW_EN 0x8 +%define MSR_IA32_CET_NO_TRACK_EN 0x10 +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 +%define MSR_IA32_CET_SUPPRESS 0x400 +%define MSR_IA32_CET_TRACKER 0x800 %define MSR_IA32_PL0_SSP 0x6A4 -%define CR4_CET0x80 +%define CR4_CET_BIT23 %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 @@ -214,11 +215,21 @@ ASM_PFX(mPatchCetSupported): pushedx pusheax +mov ecx, MSR_IA32_U_CET +rdmsr +pushedx +pusheax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushedx pusheax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -276,6 +287,11 @@ CetDone: cmp al, 0 jz CetDone2 +mov ecx, MSR_IA32_S_CET +xor eax, eax +xor edx, edx +wrmsr + mov eax, 0x668 mov cr4, eax ; disable CET @@ -284,10 +300,15 @@ CetDone: pop edx wrmsr -mov ecx, MSR_IA32_S_CET +mov ecx, MSR_IA32_U_CET pop eax pop edx wrmsr + +mov ecx, MSR_IA32_S_CET +pop eax +pop edx +mov ebx, eax CetDone2: mov eax, ASM_PFX(mXdSupported) @@ -305,6 +326,18 @@ CetDone2: .7: StuffRsb32 + +mov eax, ASM_PFX(mCetSupported) +mov al, [eax] +cmp al, 0 +jz CetDone3 + +mov ecx, MSR_IA32_S_CET +mov eax, ebx +xor edx, edx +wrmsr +CetDone3: + rsm ASM_PFX(gcSmiHandlerSize): DW $ - _SmiEntryPoint diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index d302ca8d01..007fbff640 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -20,19 +20,20 @@ ; Variables referenced by C code ; +%define MSR_IA32_U_CET 0x6A0 %define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 +%define MSR_IA32_CET_SH_STK_EN 0x1 +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 +%define MSR_IA32_CET_ENDBR_EN 0x4 +%define MSR_IA32_CET_LEG_IW_EN 0x8 +%define MSR_IA32_CET_NO_TRACK_EN 0x10 +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 +%define MSR_IA32_CET_SUPPRESS 0x400 +%define MSR_IA32_CET_TRACKER 0x800 %define MSR_IA32_PL0_SSP 0x6A4 %define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 -%define CR4_CET0x80 +%define CR4_CET_BIT23 %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 @@ -230,6 +231,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +rdmsr +pushrdx +pushrax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushrdx @@ -240,6 +246,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +xor eax, eax +
[edk2-devel] [PATCH v3 0/2] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before
Patch V3: Remove the 3rd patch. mSmmInterruptSspTables is a global variable. It is unnecessary to initializ it to zero manually. Patch V2: No function change with Patch V1. Split the patch to into 3 separate patches. Sheng Wei (2): UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before restoring MSR IA32_S_CET UefiCpuPkg/PiSmmCpuDxeSmm: Change CR4.CET bit only UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 62 + UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 72 2 files changed, 106 insertions(+), 28 deletions(-) -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110883): https://edk2.groups.io/g/devel/message/110883 Mute This Topic: https://groups.io/mt/102457043/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before restoring MSR IA32_S_CET
Hi Laszlo, Thank you for the review comments. (1) This change is used to fix a hung issue when enable kernel CET-IBT. Kernel will enable CET-IBT by set IA32_U_CET.bit2. The issue only happens when it enters SMI with the state machine == WAIT_FOR_ENDBRANCH state. In SMI handler, when Set CR4.CET bit, CPU will check the next assembly code, if the next code is not ENDBR. It will trigger #CP exception. So, we need to backup current IA32_U_CET, and clear IA32_U_CET before enable CR4.CET. And when exit SMI, we need to restore the value in IA32_U_CET. (2) Yes, I have separated it to 3 patches. But last patch will be removed because of (3) (3) It is global variable. It is initialized to zero. I will remove this change. I will raise patch V3. Thank you. BR Sheng Wei > -Original Message- > From: Laszlo Ersek > Sent: Friday, November 3, 2023 9:19 PM > To: devel@edk2.groups.io; Sheng, W > Cc: Dong, Eric ; Ni, Ray ; Wu, Jiaxin > ; Tan, Dun > Subject: Re: [edk2-devel] [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Clear > CR4.CET before restoring MSR IA32_S_CET > > On 11/3/23 06:35, Sheng Wei wrote: > > Clear CR4.CET bit before restoring MSR IA32_S_CET. > > Backup/restore MSR IA32_U_CET in SMI. > > Use current CR4 value when changing CR4.CET. > > (1) Why? > > (It's fine if you can provide a reference from the Intel SDM, but then please > do > provide it.) > > No problem has been stated. What is broken, and how does the proposed > patch solve the issue? > > (2) I could be mistaken, but the above changes are three separate fixes. > If you agree, then please split the patch in three patches. > > > Initial mSmmInterruptSspTables to 0. > > (3) The "mSmmInterruptSspTables" object has static storage duration (it is a > "global variable"), and its current definition > > UINTN mSmmInterruptSspTables; > > already ensures that it is initialized to zero. Therefore this change is > unnecessary. > > It does not hurt either, of course, so if you argument is that we should > improve readability, I don't mind, but then it too belongs in a separate > patch. > > Laszlo > > > > > Signed-off-by: Sheng Wei > > Cc: Eric Dong > > Cc: Ray Ni > > Cc: Laszlo Ersek > > Cc: Wu Jiaxin > > Cc: Tan Dun > > --- > > UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 62 > + > > UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 72 > > > UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- > > 3 files changed, 107 insertions(+), 29 deletions(-) > > > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm > > b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm > > index 19de5f614e..a087576a54 100644 > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm > > @@ -16,18 +16,19 @@ > > %include "StuffRsbNasm.inc" > > %include "Nasm.inc" > > > > +%define MSR_IA32_U_CET 0x6A0 > > %define MSR_IA32_S_CET 0x6A2 > > -%define MSR_IA32_CET_SH_STK_EN 0x1 > > -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 > > -%define MSR_IA32_CET_ENDBR_EN 0x4 > > -%define MSR_IA32_CET_LEG_IW_EN 0x8 > > -%define MSR_IA32_CET_NO_TRACK_EN 0x10 > > -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 > > -%define MSR_IA32_CET_SUPPRESS 0x400 > > -%define MSR_IA32_CET_TRACKER 0x800 > > +%define MSR_IA32_CET_SH_STK_EN 0x1 > > +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 > > +%define MSR_IA32_CET_ENDBR_EN 0x4 > > +%define MSR_IA32_CET_LEG_IW_EN 0x8 > > +%define MSR_IA32_CET_NO_TRACK_EN 0x10 > > +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 > > +%define MSR_IA32_CET_SUPPRESS 0x400 > > +%define MSR_IA32_CET_TRACKER 0x800 > > %define MSR_IA32_PL0_SSP 0x6A4 > > > > -%define CR4_CET0x80 > > +%define CR4_CET_BIT23 > > > > %define MSR_IA32_MISC_ENABLE 0x1A0 > > %define MSR_EFER 0xc080 > > @@ -214,11 +215,21 @@ ASM_PFX(mPatchCetSupported): > > pushedx > > pusheax > > > > +mov ecx, MSR_IA32_U_CET > > +rdmsr > > +pushedx > > +pusheax > > + > > mov ecx, MSR_IA32_PL0_SSP > > rdmsr > > pushedx > > pusheax > > > > +mov ecx, MSR_IA32_U_CET > > +xor
[edk2-devel] [PATCH v2 3/3] UefiCpuPkg/PiSmmCpuDxeSmm: Set mSmmInterruptSspTables initial value
Initial the value of mSmmInterruptSspTables to 0. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c index c4f21e2155..6c53213b0b 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c @@ -20,7 +20,7 @@ UINT32mCetPl0Ssp; UINT32mCetInterruptSsp; UINT32mCetInterruptSspTable; -UINTN mSmmInterruptSspTables; +UINTN mSmmInterruptSspTables = 0; /** Initialize IDT IST Field. -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110745): https://edk2.groups.io/g/devel/message/110745 Mute This Topic: https://groups.io/mt/102416578/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 2/3] UefiCpuPkg/PiSmmCpuDxeSmm: Change CR4.CET bit only
Do not use fixed CR4 value 0x668, change CR4.CET bit only. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 9 ++--- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 3 ++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 68332e2c3f..a087576a54 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -260,7 +260,8 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, ecx -mov eax, 0x668 | CR4_CET +mov eax, cr4 +bts eax, CR4_CET_BIT mov cr4, eax setssbsy @@ -292,8 +293,10 @@ CetDone: xor edx, edx wrmsr -mov eax, 0x668 -mov cr4, eax ; disable CET +; clear CR4.CET bit +mov eax, cr4 +btr eax, CR4_CET_BIT +mov cr4, eax mov ecx, MSR_IA32_PL0_SSP pop eax diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index 007fbff640..7aed7c8dda 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -287,7 +287,8 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, rcx -mov eax, 0x668 | CR4_CET +mov rax, cr4 +bts rax, CR4_CET_BIT mov cr4, rax setssbsy -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110744): https://edk2.groups.io/g/devel/message/110744 Mute This Topic: https://groups.io/mt/102416574/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2 1/3] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before restoring MSR IA32_S_CET
Clear CR4.CET bit before restoring MSR IA32_S_CET. Backup/restore MSR IA32_U_CET in SMI. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 53 --- UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 69 2 files changed, 98 insertions(+), 24 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 19de5f614e..68332e2c3f 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -16,18 +16,19 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" +%define MSR_IA32_U_CET 0x6A0 %define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 +%define MSR_IA32_CET_SH_STK_EN 0x1 +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 +%define MSR_IA32_CET_ENDBR_EN 0x4 +%define MSR_IA32_CET_LEG_IW_EN 0x8 +%define MSR_IA32_CET_NO_TRACK_EN 0x10 +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 +%define MSR_IA32_CET_SUPPRESS 0x400 +%define MSR_IA32_CET_TRACKER 0x800 %define MSR_IA32_PL0_SSP 0x6A4 -%define CR4_CET0x80 +%define CR4_CET_BIT23 %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 @@ -214,11 +215,21 @@ ASM_PFX(mPatchCetSupported): pushedx pusheax +mov ecx, MSR_IA32_U_CET +rdmsr +pushedx +pusheax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushedx pusheax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -276,6 +287,11 @@ CetDone: cmp al, 0 jz CetDone2 +mov ecx, MSR_IA32_S_CET +xor eax, eax +xor edx, edx +wrmsr + mov eax, 0x668 mov cr4, eax ; disable CET @@ -284,10 +300,15 @@ CetDone: pop edx wrmsr -mov ecx, MSR_IA32_S_CET +mov ecx, MSR_IA32_U_CET pop eax pop edx wrmsr + +mov ecx, MSR_IA32_S_CET +pop eax +pop edx +mov ebx, eax CetDone2: mov eax, ASM_PFX(mXdSupported) @@ -305,6 +326,18 @@ CetDone2: .7: StuffRsb32 + +mov eax, ASM_PFX(mCetSupported) +mov al, [eax] +cmp al, 0 +jz CetDone3 + +mov ecx, MSR_IA32_S_CET +mov eax, ebx +xor edx, edx +wrmsr +CetDone3: + rsm ASM_PFX(gcSmiHandlerSize): DW $ - _SmiEntryPoint diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index d302ca8d01..007fbff640 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -20,19 +20,20 @@ ; Variables referenced by C code ; +%define MSR_IA32_U_CET 0x6A0 %define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 +%define MSR_IA32_CET_SH_STK_EN 0x1 +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 +%define MSR_IA32_CET_ENDBR_EN 0x4 +%define MSR_IA32_CET_LEG_IW_EN 0x8 +%define MSR_IA32_CET_NO_TRACK_EN 0x10 +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 +%define MSR_IA32_CET_SUPPRESS 0x400 +%define MSR_IA32_CET_TRACKER 0x800 %define MSR_IA32_PL0_SSP 0x6A4 %define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 -%define CR4_CET0x80 +%define CR4_CET_BIT23 %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 @@ -230,6 +231,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +rdmsr +pushrdx +pushrax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushrdx @@ -240,6 +246,11 @@ ASM_PFX(mPatchCetSupported): pushrdx pushrax +mov ecx, MSR_IA32_U_CET +xor eax, eax +
[edk2-devel] [PATCH v2 0/3] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before
Patch V2: No function change with Patch V1. Split the patch to into 3 separate patches. Sheng Wei (3): UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before restoring MSR IA32_S_CET UefiCpuPkg/PiSmmCpuDxeSmm: Change CR4.CET bit only UefiCpuPkg/PiSmmCpuDxeSmm: Set mSmmInterruptSspTables initial value UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 62 + UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 72 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- 3 files changed, 107 insertions(+), 29 deletions(-) -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110742): https://edk2.groups.io/g/devel/message/110742 Mute This Topic: https://groups.io/mt/102416571/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR4.CET before restoring MSR IA32_S_CET
Clear CR4.CET bit before restoring MSR IA32_S_CET. Backup/restore MSR IA32_U_CET in SMI. Use current CR4 value when changing CR4.CET. Initial mSmmInterruptSspTables to 0. Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Wu Jiaxin Cc: Tan Dun --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 62 + UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm | 72 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- 3 files changed, 107 insertions(+), 29 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm index 19de5f614e..a087576a54 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm @@ -16,18 +16,19 @@ %include "StuffRsbNasm.inc" %include "Nasm.inc" +%define MSR_IA32_U_CET 0x6A0 %define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 +%define MSR_IA32_CET_SH_STK_EN 0x1 +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 +%define MSR_IA32_CET_ENDBR_EN 0x4 +%define MSR_IA32_CET_LEG_IW_EN 0x8 +%define MSR_IA32_CET_NO_TRACK_EN 0x10 +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 +%define MSR_IA32_CET_SUPPRESS 0x400 +%define MSR_IA32_CET_TRACKER 0x800 %define MSR_IA32_PL0_SSP 0x6A4 -%define CR4_CET0x80 +%define CR4_CET_BIT23 %define MSR_IA32_MISC_ENABLE 0x1A0 %define MSR_EFER 0xc080 @@ -214,11 +215,21 @@ ASM_PFX(mPatchCetSupported): pushedx pusheax +mov ecx, MSR_IA32_U_CET +rdmsr +pushedx +pusheax + mov ecx, MSR_IA32_PL0_SSP rdmsr pushedx pusheax +mov ecx, MSR_IA32_U_CET +xor eax, eax +xor edx, edx +wrmsr + mov ecx, MSR_IA32_S_CET mov eax, MSR_IA32_CET_SH_STK_EN xor edx, edx @@ -249,7 +260,8 @@ CetInterruptDone: bts ecx, 16 ; set WP mov cr0, ecx -mov eax, 0x668 | CR4_CET +mov eax, cr4 +bts eax, CR4_CET_BIT mov cr4, eax setssbsy @@ -276,18 +288,30 @@ CetDone: cmp al, 0 jz CetDone2 -mov eax, 0x668 -mov cr4, eax ; disable CET +mov ecx, MSR_IA32_S_CET +xor eax, eax +xor edx, edx +wrmsr + +; clear CR4.CET bit +mov eax, cr4 +btr eax, CR4_CET_BIT +mov cr4, eax mov ecx, MSR_IA32_PL0_SSP pop eax pop edx wrmsr -mov ecx, MSR_IA32_S_CET +mov ecx, MSR_IA32_U_CET pop eax pop edx wrmsr + +mov ecx, MSR_IA32_S_CET +pop eax +pop edx +mov ebx, eax CetDone2: mov eax, ASM_PFX(mXdSupported) @@ -305,6 +329,18 @@ CetDone2: .7: StuffRsb32 + +mov eax, ASM_PFX(mCetSupported) +mov al, [eax] +cmp al, 0 +jz CetDone3 + +mov ecx, MSR_IA32_S_CET +mov eax, ebx +xor edx, edx +wrmsr +CetDone3: + rsm ASM_PFX(gcSmiHandlerSize): DW $ - _SmiEntryPoint diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm index d302ca8d01..7aed7c8dda 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm @@ -20,19 +20,20 @@ ; Variables referenced by C code ; +%define MSR_IA32_U_CET 0x6A0 %define MSR_IA32_S_CET 0x6A2 -%define MSR_IA32_CET_SH_STK_EN 0x1 -%define MSR_IA32_CET_WR_SHSTK_EN 0x2 -%define MSR_IA32_CET_ENDBR_EN 0x4 -%define MSR_IA32_CET_LEG_IW_EN 0x8 -%define MSR_IA32_CET_NO_TRACK_EN 0x10 -%define MSR_IA32_CET_SUPPRESS_DIS 0x20 -%define MSR_IA32_CET_SUPPRESS 0x400 -%define MSR_IA32_CET_TRACKER 0x800 +%define MSR_IA32_CET_SH_STK_EN 0x1 +%define MSR_IA32_CET_WR_SHSTK_EN 0x2 +%define MSR_IA32_CET_ENDBR_EN 0x4 +%define MSR_IA32_CET_LEG_IW_EN 0x8 +%define MSR_IA32_CET_NO_TRACK_EN 0x10 +%define MSR_IA32_CET_SUPPRESS_DIS 0x20 +%define MSR_IA32_CET_SUPPRESS 0x400 +%define MSR_IA32_CET_TRACKER 0x800 %define MSR_IA32_PL0_SSP 0x6A4 %define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8 -%define CR4_CET0x80
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Print Flags field in DeviceScopeEntry
Flags field is defined in Device Scope Structure since VT-d spec 4.0. Print Device Scope Structure Flags field when dump DMAR table. Change-Id: I37365ea4c1e6cfa0a1842a583076136b7d2c Signed-off-by: Sheng Wei Cc: Ray Ni Cc: Rangasai V Chaganty Cc: Jenny Huang --- .../Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c | 4 1 file changed, 4 insertions(+) diff --git a/Silicon/Intel/IntelSiliconPkg/Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c b/Silicon/Intel/IntelSiliconPkg/Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c index 1e65115cb..d58c4cdcf 100644 --- a/Silicon/Intel/IntelSiliconPkg/Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c +++ b/Silicon/Intel/IntelSiliconPkg/Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c @@ -137,6 +137,10 @@ VtdLibDumpDmarDeviceScopeEntry ( " Length . 0x%02x\n", DmarDeviceScopeEntry->Length )); + VTDLIB_DEBUG ((DEBUG_INFO, +" Flags .. 0x%02x\n", +DmarDeviceScopeEntry->Flags +)); VTDLIB_DEBUG ((DEBUG_INFO, " Enumeration ID . 0x%02x\n", DmarDeviceScopeEntry->EnumerationId -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109519): https://edk2.groups.io/g/devel/message/109519 Mute This Topic: https://groups.io/mt/101892832/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] IntelSiliconPkg/Vtd: fix incorrect number of arguments
Fix incorrect number of arguments in VtdLibDumpSetAttribute(). Signed-off-by: Sheng Wei Cc: Ray Ni Cc: Rangasai V Chaganty Cc: Jenny Huang --- .../Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c| 1 + 1 file changed, 1 insertion(+) diff --git a/Silicon/Intel/IntelSiliconPkg/Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c b/Silicon/Intel/IntelSiliconPkg/Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c index 1e65115c..84eb6287 100644 --- a/Silicon/Intel/IntelSiliconPkg/Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c +++ b/Silicon/Intel/IntelSiliconPkg/Library/IntelVTdPeiDxeLib/IntelVTdPeiDxeLib.c @@ -1300,6 +1300,7 @@ VtdLibDumpSetAttribute ( SetAttributeInfo->SourceId.Uint16, SetAttributeInfo->DeviceAddress, SetAttributeInfo->Length, + SetAttributeInfo->IoMmuAccess, SetAttributeInfo->Status)); } -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109132): https://edk2.groups.io/g/devel/message/109132 Mute This Topic: https://groups.io/mt/101630645/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V9 2/2] SecurityPkg/SecureBoot: Support RSA4096 and RSA3072
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Change-Id: Ic13595ffb0581a178db71d231ba34f17862fa5d8
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Signed-off-by: Sheng Wei
---
.../Library/AuthVariableLib/AuthService.c | 225 +++---
.../AuthVariableLib/AuthServiceInternal.h | 4 +-
.../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
.../DxeImageVerificationLib.c | 74 +++---
.../SecureBootConfigDxe.inf | 8 +
.../SecureBootConfigImpl.c| 52 +++-
.../SecureBootConfigImpl.h| 7 +
.../SecureBootConfigStrings.uni | 2 +
8 files changed, 329 insertions(+), 85 deletions(-)
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c
b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index d81c581d78..20fb2757d7 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -29,12 +29,125 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include
#include
+#define SHA_DIGEST_SIZE_MAX SHA512_DIGEST_SIZE
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for hash
operations.
+
+ If this interface is not supported, then return zero.
+
+ @return The size, in bytes, of the context buffer required for hash
operations.
+ @retval 0 This interface is not supported.
+
+**/
+typedef
+UINTN
+(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)(
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by Sha1Context as hash context for
+ subsequent use.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HashContext Pointer to Hashcontext being initialized.
+
+ @retval TRUE Hash context initialization succeeded.
+ @retval FALSE Hash context initialization failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_INIT)(
+ OUT VOID *HashContext
+ );
+
+/**
+ Digests the input data and updates Hash context.
+
+ This function performs Hash digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ Hash context should be already correctly initialized by HashInit(), and
should not be finalized
+ by HashFinal(). Behavior with invalid context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE SHA-1 data digest succeeded.
+ @retval FALSE SHA-1 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_UPDATE)(
+ IN OUT VOID*HashContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the Hash digest value.
+
+ This function completes hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the Hash context
cannot
+ be used again.
+ Hash context should be already correctly initialized by HashInit(), and
should not be
+ finalized by HashFinal(). Behavior with invalid Hash context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[out] HashValuePointer to a buffer that receives the Hash
digest
+value.
+
+ @retval TRUE Hash digest computation succeeded.
+ @retval FALSE Hash digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_FINAL)(
+ IN OUT VOID *HashContext,
+ OUT UINT8 *HashValue
+ );
+
+typedef struct {
+ UINT32 HashSize;
+ EFI_HASH_GET_CONTEXT_SIZEGetContextSize;
+ EFI_HASH_INITInit;
+ EFI_HASH_UPDATE Update;
+ EFI_HASH_FINAL Final;
+ VOID **HashShaCtx;
+ UINT8*OidValue;
+ UINTNOidLength;
+} EFI_HASH_INFO;
+
//
// Public Exponent of RSA Key.
//
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
-CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
0x02, 0x01 };
+UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x01 };
+UINT8 mSha384OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x02 };
+UINT8 mSha512OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x03 };
+
+EFI_HASH_INFO mHashInfo[] = {
+ { SHA256_DIGEST_SIZE, Sha256GetContextSize
[edk2-devel] [PATCH V9 1/2] CryptoPkg/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify
Register and initialize sha384/sha512 digest algorithms
for PKCS#7 Handling.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Cc: Michael D Kinney
Change-Id: I208a618e3f6eb12704e528ab842494082de1464d
Signed-off-by: Sheng Wei
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 027dbb6842..944bcf8d38 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -591,7 +591,8 @@ ImageTimestampVerify (
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) ==
0) ||
- (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
+ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 ())
== 0) ||
+ (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
{
return FALSE;
}
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108354): https://edk2.groups.io/g/devel/message/108354
Mute This Topic: https://groups.io/mt/101207368/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V9 0/2] Support RSA4096 and RSA3072
Patch V9: Refine coding format for file AuthService.c Patch V8: Update the patch comments for CryptoPkg. Comment should be <76 characters in each line. Refine coding format. Patch V7: Drop raw RSA3072 and RSA4096. Only use gEfiCertX509Guid for RSA3072 and RSA4096 Do the positive tests and the negative tests below. And got all the expected results. Patch V6: Remove the changes in MdePkg. The changes of patch v6 are in CryptoPkg and SecurityPkg. Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK. This signature type is used to check the supported signature and show the strings. Patch V5: Using define KEY_TYPE_RSASSA to replace the magic number. Patch V4: Determine the RSA algorithm by a supported algorithm list. Patch V3: Select SHA algorithm automaticly for a unsigned efi image. Patch V2: Determine the SHA algorithm by a supported algorithm list. Create SHA context for each algorithm. Test Case: 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under UEFI shell. 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under UEFI shell. 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under UEFI shell. 4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI shell Test Result: Pass Negative Test Case: 1) Enroll a RSA2048 Cert, execute an unsigned efi image. 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed efi image. Test Result: Get "Access Denied" when try to execute the efi image. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Zeyi Chen Cc: Fiona Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Sheng Wei (2): CryptoPkg/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify SecurityPkg/SecureBoot: Support RSA4096 and RSA3072 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- .../Library/AuthVariableLib/AuthService.c | 225 +++--- .../AuthVariableLib/AuthServiceInternal.h | 4 +- .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- .../DxeImageVerificationLib.c | 74 +++--- .../SecureBootConfigDxe.inf | 8 + .../SecureBootConfigImpl.c| 52 +++- .../SecureBootConfigImpl.h| 7 + .../SecureBootConfigStrings.uni | 2 + 9 files changed, 331 insertions(+), 86 deletions(-) -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108352): https://edk2.groups.io/g/devel/message/108352 Mute This Topic: https://groups.io/mt/101207366/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V8 2/2] SecurityPkg/SecureBoot: Support RSA4096 and RSA3072
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Change-Id: Ic13595ffb0581a178db71d231ba34f17862fa5d8
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Signed-off-by: Sheng Wei
---
.../Library/AuthVariableLib/AuthService.c | 225 +++---
.../AuthVariableLib/AuthServiceInternal.h | 4 +-
.../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
.../DxeImageVerificationLib.c | 74 +++---
.../SecureBootConfigDxe.inf | 8 +
.../SecureBootConfigImpl.c| 52 +++-
.../SecureBootConfigImpl.h| 7 +
.../SecureBootConfigStrings.uni | 2 +
8 files changed, 329 insertions(+), 85 deletions(-)
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c
b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index d81c581d78..aec0fad28a 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -29,12 +29,125 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include
#include
+#define SHA_DIGEST_SIZE_MAX SHA512_DIGEST_SIZE
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for hash
operations.
+
+ If this interface is not supported, then return zero.
+
+ @return The size, in bytes, of the context buffer required for hash
operations.
+ @retval 0 This interface is not supported.
+
+**/
+typedef
+UINTN
+(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)(
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by Sha1Context as hash context for
+ subsequent use.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HashContext Pointer to Hashcontext being initialized.
+
+ @retval TRUE Hash context initialization succeeded.
+ @retval FALSE Hash context initialization failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_INIT)(
+ OUT VOID *HashContext
+ );
+
+/**
+ Digests the input data and updates Hash context.
+
+ This function performs Hash digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ Hash context should be already correctly initialized by HashInit(), and
should not be finalized
+ by HashFinal(). Behavior with invalid context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE SHA-1 data digest succeeded.
+ @retval FALSE SHA-1 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_UPDATE)(
+ IN OUT VOID*HashContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the Hash digest value.
+
+ This function completes hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the Hash context
cannot
+ be used again.
+ Hash context should be already correctly initialized by HashInit(), and
should not be
+ finalized by HashFinal(). Behavior with invalid Hash context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[out] HashValuePointer to a buffer that receives the Hash
digest
+value.
+
+ @retval TRUE Hash digest computation succeeded.
+ @retval FALSE Hash digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_FINAL)(
+ IN OUT VOID *HashContext,
+ OUT UINT8 *HashValue
+ );
+
+typedef struct {
+ UINT32 HashSize;
+ EFI_HASH_GET_CONTEXT_SIZEGetContextSize;
+ EFI_HASH_INITInit;
+ EFI_HASH_UPDATE Update;
+ EFI_HASH_FINAL Final;
+ VOID **HashShaCtx;
+ UINT8*OidValue;
+ UINTNOidLength;
+} EFI_HASH_INFO;
+
//
// Public Exponent of RSA Key.
//
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
-CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
0x02, 0x01 };
+UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x01 };
+UINT8 mSha384OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x02 };
+UINT8 mSha512OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x03 };
+
+EFI_HASH_INFO mHashInfo[] = {
+ { SHA256_DIGEST_SIZE, Sha256GetContextSize
[edk2-devel] [PATCH V8 1/2] CryptoPkg/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify
Register and initialize sha384/sha512 digest algorithms
for PKCS#7 Handling.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Cc: Michael D Kinney
Change-Id: I208a618e3f6eb12704e528ab842494082de1464d
Signed-off-by: Sheng Wei
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 027dbb6842..944bcf8d38 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -591,7 +591,8 @@ ImageTimestampVerify (
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) ==
0) ||
- (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
+ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 ())
== 0) ||
+ (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
{
return FALSE;
}
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108313): https://edk2.groups.io/g/devel/message/108313
Mute This Topic: https://groups.io/mt/101188632/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V8 0/2] Support RSA4096 and RSA3072
Patch V8: Update the patch comments for CryptoPkg. Comment should be <76 characters in each line. Refine coding format. Patch V7: Drop raw RSA3072 and RSA4096. Only use gEfiCertX509Guid for RSA3072 and RSA4096 Do the positive tests and the negative tests below. And got all the expected results. Patch V6: Remove the changes in MdePkg. The changes of patch v6 are in CryptoPkg and SecurityPkg. Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK. This signature type is used to check the supported signature and show the strings. Patch V5: Using define KEY_TYPE_RSASSA to replace the magic number. Patch V4: Determine the RSA algorithm by a supported algorithm list. Patch V3: Select SHA algorithm automaticly for a unsigned efi image. Patch V2: Determine the SHA algorithm by a supported algorithm list. Create SHA context for each algorithm. Test Case: 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under UEFI shell. 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under UEFI shell. 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under UEFI shell. 4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI shell Test Result: Pass Negative Test Case: 1) Enroll a RSA2048 Cert, execute an unsigned efi image. 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed efi image. Test Result: Get "Access Denied" when try to execute the efi image. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Zeyi Chen Cc: Fiona Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Sheng Wei (2): CryptoPkg/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify SecurityPkg/SecureBoot: Support RSA4096 and RSA3072 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- .../Library/AuthVariableLib/AuthService.c | 225 +++--- .../AuthVariableLib/AuthServiceInternal.h | 4 +- .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- .../DxeImageVerificationLib.c | 74 +++--- .../SecureBootConfigDxe.inf | 8 + .../SecureBootConfigImpl.c| 52 +++- .../SecureBootConfigImpl.h| 7 + .../SecureBootConfigStrings.uni | 2 + 9 files changed, 331 insertions(+), 86 deletions(-) -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108312): https://edk2.groups.io/g/devel/message/108312 Mute This Topic: https://groups.io/mt/101188631/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072
Hi Jiewen, Do you have any comments on the patch V7? The 2 patches are for CryptoPkg and SecurityPky. Could you help to review/merge the patches? Thank you. BR Sheng Wei > -Original Message- > From: Sheng, W > Sent: Tuesday, August 22, 2023 1:59 PM > To: devel@edk2.groups.io; Yao, Jiewen > Cc: Wang, Jian J ; Xu, Min M ; > Chen, Zeyi ; Wang, Fiona ; Lu, > Xiaoyu1 ; Jiang, Guomin ; > Kinney, Michael D ; Sheng, W > > Subject: RE: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072 > > Hi Jiewen, > I update the patch V6 to V7, drop raw RSA3K and RSA4K. The change is in > SecurityPkg. > And I did all the tests which are listed in the cover letter. I got the > expected > results. > Could you help to review/merge this V7 patch for secure boot feature ? > Thank you. > BR > Sheng Wei > > > -Original Message- > > From: devel@edk2.groups.io On Behalf Of Sheng > > Wei > > Sent: 2023年8月10日 10:24 > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J > > ; Xu, Min M ; Chen, Zeyi > > ; Wang, Fiona ; Lu, Xiaoyu1 > > ; Jiang, Guomin ; > > Kinney, Michael D > > Subject: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072 > > > > Patch V7: > > Drop raw RSA3072 and RSA4096. Only use gEfiCertX509Guid for RSA3072 > > and > > RSA4096 Do the positive tests and the negative tests below. And got > > all the expected results. > > > > Patch V6: > > Remove the changes in MdePkg. > > The changes of patch v6 are in CryptoPkg and SecurityPkg. > > Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK. > > This signature type is used to check the supported signature and show > > the strings. > > > > Patch V5: > > Using define KEY_TYPE_RSASSA to replace the magic number. > > > > Patch V4: > > Determine the RSA algorithm by a supported algorithm list. > > > > Patch V3: > > Select SHA algorithm automaticly for a unsigned efi image. > > > > Patch V2: > > Determine the SHA algorithm by a supported algorithm list. > > Create SHA context for each algorithm. > > > > Test Case: > > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image > > under UEFI shell. > > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image > > under UEFI shell. > > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image > > under UEFI shell. > > 4. Enroll an unsigned efi image, execute the unsigned efi image under > > UEFI shell > > > > Test Result: > > Pass > > > > Negative Test Case: > > 1) Enroll a RSA2048 Cert, execute an unsigned efi image. > > 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. > > 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. > > 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 > > signed efi image. > > > > Test Result: > > Get "Access Denied" when try to execute the efi image. > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Min Xu > > Cc: Zeyi Chen > > Cc: Fiona Wang > > Cc: Xiaoyu Lu > > Cc: Guomin Jiang > > Cc: Michael D Kinney > > > > Sheng Wei (2): > > CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to > > ImageTimestampVerify > > SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- > > .../Library/AuthVariableLib/AuthService.c | 218 +++--- > > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > > .../DxeImageVerificationLib.c | 73 +++--- > > .../SecureBootConfigDxe.inf | 8 + > > .../SecureBootConfigImpl.c| 50 +++- > > .../SecureBootConfigImpl.h| 7 + > > .../SecureBootConfigStrings.uni | 2 + > > 9 files changed, 324 insertions(+), 83 deletions(-) > > > > -- > > 2.26.2.windows.1 > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108129): https://edk2.groups.io/g/devel/message/108129 Mute This Topic: https://groups.io/mt/100656918/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=- -cover-letter.patch Description: -cover-letter.patch 0001-CryptoPkg-Library-BaseCryptLib-add-sha384-and-sha512.patch Description: 0001-CryptoPkg-Library-BaseCryptLib-add-sha384-and-sha512.patch 0002-SecurityPkg-SecureBoot-Support-RSA4096-and-RSA3072.patch Description: 0002-SecurityPkg-SecureBoot-Support-RSA4096-and-RSA3072.patch
Re: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072
Hi Jiewen, I update the patch V6 to V7, drop raw RSA3K and RSA4K. The change is in SecurityPkg. And I did all the tests which are listed in the cover letter. I got the expected results. Could you help to review/merge this V7 patch for secure boot feature ? Thank you. BR Sheng Wei > -Original Message- > From: devel@edk2.groups.io On Behalf Of Sheng > Wei > Sent: 2023年8月10日 10:24 > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J > ; Xu, Min M ; Chen, Zeyi > ; Wang, Fiona ; Lu, Xiaoyu1 > ; Jiang, Guomin ; Kinney, > Michael D > Subject: [edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072 > > Patch V7: > Drop raw RSA3072 and RSA4096. Only use gEfiCertX509Guid for RSA3072 and > RSA4096 Do the positive tests and the negative tests below. And got all the > expected results. > > Patch V6: > Remove the changes in MdePkg. > The changes of patch v6 are in CryptoPkg and SecurityPkg. > Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK. > This signature type is used to check the supported signature and show the > strings. > > Patch V5: > Using define KEY_TYPE_RSASSA to replace the magic number. > > Patch V4: > Determine the RSA algorithm by a supported algorithm list. > > Patch V3: > Select SHA algorithm automaticly for a unsigned efi image. > > Patch V2: > Determine the SHA algorithm by a supported algorithm list. > Create SHA context for each algorithm. > > Test Case: > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under > UEFI shell. > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under > UEFI shell. > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under > UEFI shell. > 4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI > shell > > Test Result: > Pass > > Negative Test Case: > 1) Enroll a RSA2048 Cert, execute an unsigned efi image. > 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. > 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. > 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed efi > image. > > Test Result: > Get "Access Denied" when try to execute the efi image. > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Min Xu > Cc: Zeyi Chen > Cc: Fiona Wang > Cc: Xiaoyu Lu > Cc: Guomin Jiang > Cc: Michael D Kinney > > Sheng Wei (2): > CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to > ImageTimestampVerify > SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- > .../Library/AuthVariableLib/AuthService.c | 218 +++--- > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > .../DxeImageVerificationLib.c | 73 +++--- > .../SecureBootConfigDxe.inf | 8 + > .../SecureBootConfigImpl.c| 50 +++- > .../SecureBootConfigImpl.h| 7 + > .../SecureBootConfigStrings.uni | 2 + > 9 files changed, 324 insertions(+), 83 deletions(-) > > -- > 2.26.2.windows.1 > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107943): https://edk2.groups.io/g/devel/message/107943 Mute This Topic: https://groups.io/mt/100656918/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=- -cover-letter.patch Description: -cover-letter.patch 0001-CryptoPkg-Library-BaseCryptLib-add-sha384-and-sha512.patch Description: 0001-CryptoPkg-Library-BaseCryptLib-add-sha384-and-sha512.patch 0002-SecurityPkg-SecureBoot-Support-RSA4096-and-RSA3072.patch Description: 0002-SecurityPkg-SecureBoot-Support-RSA4096-and-RSA3072.patch
Re: [edk2-devel] [PATCH V6 0/2] SecureBoot: Support RSA 512 and RSA 384
Hi Jiewen,
Thank you for comments.
I update the patch V6 to V7, drop raw RSA3K and RSA4K. The change is in
SecurityPkg.
And I did all the tests which are listed in the cover letter. I got the
expected results.
Could you help to review/merge the patches ?
Thank you.
BR
Sheng Wei
> -Original Message-
> From: Yao, Jiewen
> Sent: 2023年8月7日 19:49
> To: Sheng, W ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Xu, Min M ;
> Chen, Zeyi ; Wang, Fiona ;
> Lu, Xiaoyu1 ; Jiang, Guomin
> ; Kinney, Michael D
> Subject: RE: [PATCH V6 0/2] SecureBoot: Support RSA 512 and RSA 384
>
> > Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK.
>
> ===
> switch (KeyLenInBytes) {
> case WIN_CERT_UEFI_RSA2048_SIZE:
> CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid);
> break;
> case WIN_CERT_UEFI_RSA3072_SIZE:
> case WIN_CERT_UEFI_RSA4096_SIZE:
> CopyGuid (&KekSigList->SignatureType, &gEfiCertX509Guid);
> break;
> default :
> DEBUG ((DEBUG_ERROR, "Unsupported key length.\n"));
> Status = EFI_UNSUPPORTED;
> goto ON_EXIT;
> }
> ===
>
> Sorry that I am not clear on this. I don’t mean to use gEfiCertX509Guid to
> support raw RSA3K or 4K.
> I mean to use *drop* raw RSA3K or 4k. And Only use gEfiCertX509Guid for
> RSA3K or 4K. You don’t need to change EnrollRsa2048ToKek().
> Please just support RSA3K or 4K in EnrollX509ToKek(), and add test case to
> validate that.
>
> ===
> if (IsDerEncodeCertificate (FilePostFix)) {
> return EnrollX509ToKek (Private);
> } else if (CompareMem (FilePostFix, L".pbk", 4) == 0) {
> return EnrollRsa2048ToKek (Private);
> } else {
> ===
>
> Thank you
> Yao, Jiewen
>
>
> > -Original Message-
> > From: Sheng, W
> > Sent: Monday, August 7, 2023 5:10 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen ; Wang, Jian J
> > ; Xu, Min M ; Chen, Zeyi
> > ; Wang, Fiona ; Lu, Xiaoyu1
> > ; Jiang, Guomin ;
> > Kinney, Michael D
> > Subject: [PATCH V6 0/2] SecureBoot: Support RSA 512 and RSA 384
> >
> > Patch V6:
> > Remove the changes in MdePkg.
> > The changes of patch v6 are in CryptoPkg and SecurityPkg.
> > Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK.
> > This signature type is used to check the supported signature and show the
> strings.
> >
> > Patch V5:
> > Using define KEY_TYPE_RSASSA to replace the magic number.
> >
> > Patch V4:
> > Determine the RSA algorithm by a supported algorithm list.
> >
> > Patch V3:
> > Select SHA algorithm automaticly for a unsigned efi image.
> >
> > Patch V2:
> > Determine the SHA algorithm by a supported algorithm list.
> > Create SHA context for each algorithm.
> >
> > Test Case:
> > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image
> > under UEFI shell.
> > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image
> > under UEFI shell.
> > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image
> > under UEFI shell.
> > 4. Enroll an unsigned efi image, execute the unsigned efi image under
> > UEFI shell
> >
> > Test Result:
> > Pass
> >
> > Negative Test Case:
> > 1) Enroll a RSA2048 Cert, execute an unsigned efi image.
> > 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image.
> > 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image.
> > 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096
> > signed efi image.
> >
> > Test Result:
> > Get "Access Denied" when try to execute the efi image.
> >
> > Cc: Jiewen Yao
> > Cc: Jian J Wang
> > Cc: Min Xu
> > Cc: Zeyi Chen
> > Cc: Fiona Wang
> > Cc: Xiaoyu Lu
> > Cc: Guomin Jiang
> > Cc: Michael D Kinney
> >
> > Sheng Wei (2):
> > CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to
> > ImageTimestampVerify
> > SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
> >
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +-
> > .../Library/AuthVariableLib/AuthService.c | 218 +++---
> > .../AuthVariableLib/AuthServiceInternal.h | 4 +-
> > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
> > .../DxeImageVerificationLib.c | 73 +++---
> > .../SecureBootConfigDxe.inf | 8 +
> > .../SecureBootConfigImpl.c| 91 ++--
> > .../SecureBootConfigImpl.h| 7 +
> > .../SecureBootConfigStrings.uni | 2 +
> > 9 files changed, 356 insertions(+), 92 deletions(-)
> >
> > --
> > 2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107676): https://edk2.groups.io/g/devel/message/107676
Mute This Topic: https://groups.io/mt/100596018/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V7 2/2] SecurityPkg/SecureBoot: Support RSA4096 and RSA3072
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Change-Id: Ic13595ffb0581a178db71d231ba34f17862fa5d8
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Signed-off-by: Sheng Wei
---
.../Library/AuthVariableLib/AuthService.c | 218 +++---
.../AuthVariableLib/AuthServiceInternal.h | 4 +-
.../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
.../DxeImageVerificationLib.c | 73 +++---
.../SecureBootConfigDxe.inf | 8 +
.../SecureBootConfigImpl.c| 50 +++-
.../SecureBootConfigImpl.h| 7 +
.../SecureBootConfigStrings.uni | 2 +
8 files changed, 322 insertions(+), 82 deletions(-)
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c
b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index d81c581d78..339021b79c 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -29,12 +29,125 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include
#include
+#define SHA_DIGEST_SIZE_MAX SHA512_DIGEST_SIZE
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for hash
operations.
+
+ If this interface is not supported, then return zero.
+
+ @return The size, in bytes, of the context buffer required for hash
operations.
+ @retval 0 This interface is not supported.
+
+**/
+typedef
+UINTN
+(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)(
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by Sha1Context as hash context for
+ subsequent use.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HashContext Pointer to Hashcontext being initialized.
+
+ @retval TRUE Hash context initialization succeeded.
+ @retval FALSE Hash context initialization failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_INIT)(
+ OUT VOID *HashContext
+ );
+
+/**
+ Digests the input data and updates Hash context.
+
+ This function performs Hash digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ Hash context should be already correctly initialized by HashInit(), and
should not be finalized
+ by HashFinal(). Behavior with invalid context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE SHA-1 data digest succeeded.
+ @retval FALSE SHA-1 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_UPDATE)(
+ IN OUT VOID*HashContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the Hash digest value.
+
+ This function completes hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the Hash context
cannot
+ be used again.
+ Hash context should be already correctly initialized by HashInit(), and
should not be
+ finalized by HashFinal(). Behavior with invalid Hash context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[out] HashValuePointer to a buffer that receives the Hash
digest
+value.
+
+ @retval TRUE Hash digest computation succeeded.
+ @retval FALSE Hash digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_FINAL)(
+ IN OUT VOID *HashContext,
+ OUT UINT8 *HashValue
+ );
+
+typedef struct {
+ UINT32 HashSize;
+ EFI_HASH_GET_CONTEXT_SIZEGetContextSize;
+ EFI_HASH_INITInit;
+ EFI_HASH_UPDATE Update;
+ EFI_HASH_FINAL Final;
+ VOID **HashShaCtx;
+ UINT8*OidValue;
+ UINTNOidLength;
+} EFI_HASH_INFO;
+
//
// Public Exponent of RSA Key.
//
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
-CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
0x02, 0x01 };
+UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x01 };
+UINT8 mSha384OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x02 };
+UINT8 mSha512OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x03 };
+
+EFI_HASH_INFO mHashInfo[] = {
+ {SHA256_DIGEST_SIZE, Sha256GetContextSize, Sha256Init
[edk2-devel] [PATCH V7 0/2] Support RSA4096 and RSA3072
Patch V7: Drop raw RSA3072 and RSA4096. Only use gEfiCertX509Guid for RSA3072 and RSA4096 Do the positive tests and the negative tests below. And got all the expected results. Patch V6: Remove the changes in MdePkg. The changes of patch v6 are in CryptoPkg and SecurityPkg. Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK. This signature type is used to check the supported signature and show the strings. Patch V5: Using define KEY_TYPE_RSASSA to replace the magic number. Patch V4: Determine the RSA algorithm by a supported algorithm list. Patch V3: Select SHA algorithm automaticly for a unsigned efi image. Patch V2: Determine the SHA algorithm by a supported algorithm list. Create SHA context for each algorithm. Test Case: 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under UEFI shell. 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under UEFI shell. 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under UEFI shell. 4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI shell Test Result: Pass Negative Test Case: 1) Enroll a RSA2048 Cert, execute an unsigned efi image. 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed efi image. Test Result: Get "Access Denied" when try to execute the efi image. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Zeyi Chen Cc: Fiona Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Sheng Wei (2): CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- .../Library/AuthVariableLib/AuthService.c | 218 +++--- .../AuthVariableLib/AuthServiceInternal.h | 4 +- .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- .../DxeImageVerificationLib.c | 73 +++--- .../SecureBootConfigDxe.inf | 8 + .../SecureBootConfigImpl.c| 50 +++- .../SecureBootConfigImpl.h| 7 + .../SecureBootConfigStrings.uni | 2 + 9 files changed, 324 insertions(+), 83 deletions(-) -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107673): https://edk2.groups.io/g/devel/message/107673 Mute This Topic: https://groups.io/mt/100656918/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V7 1/2] CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify
Register and initialize sha384/sha512 digest algorithms for PKCS#7 Handling.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Cc: Michael D Kinney
Change-Id: I208a618e3f6eb12704e528ab842494082de1464d
Signed-off-by: Sheng Wei
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 027dbb6842..944bcf8d38 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -591,7 +591,8 @@ ImageTimestampVerify (
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) ==
0) ||
- (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
+ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 ())
== 0) ||
+ (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
{
return FALSE;
}
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107674): https://edk2.groups.io/g/devel/message/107674
Mute This Topic: https://groups.io/mt/100656919/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
Hi Jiewen, I remove the new GUIDs. I use signature type gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK. This signature type is used in below 6 places. 1) Show key name string in KEK delete page UpdateDeletePage() 2) Check supported SignatureType when delete KEK DeleteKeyExchangeKey() 3) Check supported SignatureType when delete KEK DeleteSignature() 4) Show key name when load the Signature LoadSignatureList() 5) Show help info string when load the Signature FormatHelpInfo() 6) Check supported SignatureType CheckSignatureListFormat() It is no need to change MdePkg. All the changes are in CryptoPkg and SecurityPkg. I did the local unit test and raised the patch v6. Could you help to review/merge the patches ? Thank you BR Sheng Wei > -Original Message- > From: Yao, Jiewen > Sent: 2023年8月3日 16:13 > To: Sheng, W ; Gao, Liming > ; devel@edk2.groups.io > Cc: Wang, Jian J ; Xu, Min M ; > Chen, Zeyi ; Wang, Fiona ; > Lu, Xiaoyu1 ; Jiang, Guomin > ; Kinney, Michael D > Subject: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for > CERT_RSA3072 and CERT_RSA4096 > > Hey > We cannot add anything not defined in UEFI spec yet. Thanks Liming to catch > that. > > Can you remove CERT_RSA3072 and CERT_RSA4096? > > I think we need to use EFI_CERT_TYPE_PKCS7_GUID + EFI_CERT_X509_GUID > to support RSA3072 and RSA4096. > Have you validated that configuration? > > > > -Original Message- > > From: Sheng, W > > Sent: Thursday, August 3, 2023 3:29 PM > > To: Gao, Liming ; devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J > > ; Xu, Min M ; Chen, Zeyi > > ; Wang, Fiona ; Lu, Xiaoyu1 > > ; Jiang, Guomin ; > > Kinney, Michael D > > Subject: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for > > CERT_RSA3072 and CERT_RSA4096 > > > > Hi Liming, > > Sorry for the late response. > > The two new GUID are not in the public UEFI spec yet. > > Do we have any process to add these 2 new GUIDs ? > > Thank you. > > BR > > Sheng Wei > > > > > > > > > -Original Message- > > > From: gaoliming > > > Sent: 2023年8月2日 17:12 > > > To: Sheng, W ; devel@edk2.groups.io > > > Cc: Yao, Jiewen ; Wang, Jian J > > > ; Xu, Min M ; Chen, Zeyi > > > ; Wang, Fiona ; Lu, > > > Xiaoyu1 ; Jiang, Guomin > > > ; Kinney, Michael D > > > > > > Subject: 回复: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID > > > for > > > CERT_RSA3072 and CERT_RSA4096 > > > > > > Sheng Wei: > > > I gave my comments for the patch 1/3 on this morning. Have you got > > > my response? > > > > > > I just want to confirm whether these two new GUID are in the > > > public UEFI spec or not. > > > > > > Thanks > > > Liming > > > > -邮件原件- > > > > 发件人: Sheng, W > > > > 发送时间: 2023年8月2日 16:04 > > > > 收件人: devel@edk2.groups.io; Gao, Liming > > > > > 抄送: Yao, Jiewen ; Wang, Jian J > > > > ; Xu, Min M ; Chen, > > > > Zeyi ; Wang, Fiona ; > > > > Lu, Xiaoyu1 ; Jiang, Guomin > > > > ; Kinney, Michael D > > > > > > > > 主题: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for > > > > CERT_RSA3072 and CERT_RSA4096 > > > > > > > > Hi Gao, Liming, > > > > For this patch group, we have got review-by from Yao, Jiewen on > > > > patch > > > > 2/3(CryptoPkg) and patch 3/3(SecurityPkg). > > > > Do you any comments on the patch 1/3 (MdePkg) ? > > > > Patch 1/3 is only to add 2 new GUIDs. > > > > Could you help to merge it ? > > > > > > > > Thank you. > > > > BR > > > > Sheng Wei > > > > > > > > > -Original Message- > > > > > From: Sheng, W > > > > > Sent: 2023年7月31日 10:02 > > > > > To: 'devel@edk2.groups.io' ; Gao, Liming > > > > > > > > > > Cc: Yao, Jiewen ; Wang, Jian J > > > > > ; Xu, Min M ; Chen, > > > > > Zeyi ; Wang, Fiona ; > > > > > Lu, > > > > > Xiaoyu1 ; Jiang, Guomin > > > > > ; Kinney, Michael D > > > > > > > > > > Subject: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add > > > > > GUID for > > > > > CERT_RSA3072 and CERT_RSA4096 > > > > > > > &
[edk2-devel] [PATCH V6 2/2] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Change-Id: Ic13595ffb0581a178db71d231ba34f17862fa5d8
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Signed-off-by: Sheng Wei
---
.../Library/AuthVariableLib/AuthService.c | 218 +++---
.../AuthVariableLib/AuthServiceInternal.h | 4 +-
.../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
.../DxeImageVerificationLib.c | 73 +++---
.../SecureBootConfigDxe.inf | 8 +
.../SecureBootConfigImpl.c| 91 ++--
.../SecureBootConfigImpl.h| 7 +
.../SecureBootConfigStrings.uni | 2 +
8 files changed, 354 insertions(+), 91 deletions(-)
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c
b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index d81c581d78..339021b79c 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -29,12 +29,125 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include
#include
+#define SHA_DIGEST_SIZE_MAX SHA512_DIGEST_SIZE
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for hash
operations.
+
+ If this interface is not supported, then return zero.
+
+ @return The size, in bytes, of the context buffer required for hash
operations.
+ @retval 0 This interface is not supported.
+
+**/
+typedef
+UINTN
+(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)(
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by Sha1Context as hash context for
+ subsequent use.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HashContext Pointer to Hashcontext being initialized.
+
+ @retval TRUE Hash context initialization succeeded.
+ @retval FALSE Hash context initialization failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_INIT)(
+ OUT VOID *HashContext
+ );
+
+/**
+ Digests the input data and updates Hash context.
+
+ This function performs Hash digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ Hash context should be already correctly initialized by HashInit(), and
should not be finalized
+ by HashFinal(). Behavior with invalid context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE SHA-1 data digest succeeded.
+ @retval FALSE SHA-1 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_UPDATE)(
+ IN OUT VOID*HashContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the Hash digest value.
+
+ This function completes hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the Hash context
cannot
+ be used again.
+ Hash context should be already correctly initialized by HashInit(), and
should not be
+ finalized by HashFinal(). Behavior with invalid Hash context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[out] HashValuePointer to a buffer that receives the Hash
digest
+value.
+
+ @retval TRUE Hash digest computation succeeded.
+ @retval FALSE Hash digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_FINAL)(
+ IN OUT VOID *HashContext,
+ OUT UINT8 *HashValue
+ );
+
+typedef struct {
+ UINT32 HashSize;
+ EFI_HASH_GET_CONTEXT_SIZEGetContextSize;
+ EFI_HASH_INITInit;
+ EFI_HASH_UPDATE Update;
+ EFI_HASH_FINAL Final;
+ VOID **HashShaCtx;
+ UINT8*OidValue;
+ UINTNOidLength;
+} EFI_HASH_INFO;
+
//
// Public Exponent of RSA Key.
//
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
-CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
0x02, 0x01 };
+UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x01 };
+UINT8 mSha384OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x02 };
+UINT8 mSha512OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x03 };
+
+EFI_HASH_INFO mHashInfo[] = {
+ {SHA256_DIGEST_SIZE, Sha256GetContextSize
[edk2-devel] [PATCH V6 1/2] CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify
Register and initialize sha384/sha512 digest algorithms for PKCS#7 Handling.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Cc: Michael D Kinney
Change-Id: I208a618e3f6eb12704e528ab842494082de1464d
Signed-off-by: Sheng Wei
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 027dbb6842..944bcf8d38 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -591,7 +591,8 @@ ImageTimestampVerify (
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) ==
0) ||
- (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
+ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 ())
== 0) ||
+ (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
{
return FALSE;
}
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107612): https://edk2.groups.io/g/devel/message/107612
Mute This Topic: https://groups.io/mt/100596019/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V6 0/2] SecureBoot: Support RSA 512 and RSA 384
Patch V6: Remove the changes in MdePkg. The changes of patch v6 are in CryptoPkg and SecurityPkg. Set signature type to gEfiCertX509Guid when enroll RSA3072/RSA4096 KEK. This signature type is used to check the supported signature and show the strings. Patch V5: Using define KEY_TYPE_RSASSA to replace the magic number. Patch V4: Determine the RSA algorithm by a supported algorithm list. Patch V3: Select SHA algorithm automaticly for a unsigned efi image. Patch V2: Determine the SHA algorithm by a supported algorithm list. Create SHA context for each algorithm. Test Case: 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under UEFI shell. 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under UEFI shell. 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under UEFI shell. 4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI shell Test Result: Pass Negative Test Case: 1) Enroll a RSA2048 Cert, execute an unsigned efi image. 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed efi image. Test Result: Get "Access Denied" when try to execute the efi image. Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Zeyi Chen Cc: Fiona Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Sheng Wei (2): CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- .../Library/AuthVariableLib/AuthService.c | 218 +++--- .../AuthVariableLib/AuthServiceInternal.h | 4 +- .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- .../DxeImageVerificationLib.c | 73 +++--- .../SecureBootConfigDxe.inf | 8 + .../SecureBootConfigImpl.c| 91 ++-- .../SecureBootConfigImpl.h| 7 + .../SecureBootConfigStrings.uni | 2 + 9 files changed, 356 insertions(+), 92 deletions(-) -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107611): https://edk2.groups.io/g/devel/message/107611 Mute This Topic: https://groups.io/mt/100596018/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
Hi Liming,
Sorry for the late response.
The two new GUID are not in the public UEFI spec yet.
Do we have any process to add these 2 new GUIDs ?
Thank you.
BR
Sheng Wei
> -Original Message-
> From: gaoliming
> Sent: 2023年8月2日 17:12
> To: Sheng, W ; devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J
> ; Xu, Min M ; Chen, Zeyi
> ; Wang, Fiona ; Lu, Xiaoyu1
> ; Jiang, Guomin ; Kinney,
> Michael D
> Subject: 回复: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> CERT_RSA3072 and CERT_RSA4096
>
> Sheng Wei:
> I gave my comments for the patch 1/3 on this morning. Have you got my
> response?
>
> I just want to confirm whether these two new GUID are in the public UEFI
> spec or not.
>
> Thanks
> Liming
> > -邮件原件-
> > 发件人: Sheng, W
> > 发送时间: 2023年8月2日 16:04
> > 收件人: devel@edk2.groups.io; Gao, Liming
> > 抄送: Yao, Jiewen ; Wang, Jian J
> > ; Xu, Min M ; Chen, Zeyi
> > ; Wang, Fiona ; Lu, Xiaoyu1
> > ; Jiang, Guomin ;
> > Kinney, Michael D
> > 主题: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> > CERT_RSA3072 and CERT_RSA4096
> >
> > Hi Gao, Liming,
> > For this patch group, we have got review-by from Yao, Jiewen on patch
> > 2/3(CryptoPkg) and patch 3/3(SecurityPkg).
> > Do you any comments on the patch 1/3 (MdePkg) ?
> > Patch 1/3 is only to add 2 new GUIDs.
> > Could you help to merge it ?
> >
> > Thank you.
> > BR
> > Sheng Wei
> >
> > > -Original Message-
> > > From: Sheng, W
> > > Sent: 2023年7月31日 10:02
> > > To: 'devel@edk2.groups.io' ; Gao, Liming
> > >
> > > Cc: Yao, Jiewen ; Wang, Jian J
> > > ; Xu, Min M ; Chen, Zeyi
> > > ; Wang, Fiona ; Lu,
> > > Xiaoyu1 ; Jiang, Guomin
> > > ; Kinney, Michael D
> > >
> > > Subject: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID
> > > for
> > > CERT_RSA3072 and CERT_RSA4096
> > >
> > > Hi Gao, Liming,
> > > Could you help to review and merge this patch to MdePkg?
> > > This patch is only to add 2 new GUIDs.
> > > These 2 GUIDs will be used for adding RSA3072/RSA4096 cert support
> > > for secure boot feature.
> > > Thank you.
> > > BR
> > > Sheng Wei
> > >
> > > > > -Original Message-
> > > > > From: devel@edk2.groups.io On Behalf Of
> > > Sheng
> > > > > Wei
> > > > > Sent: 2023年7月27日 14:35
> > > > > To: devel@edk2.groups.io
> > > > > Cc: Yao, Jiewen ; Wang, Jian J
> > > > > ; Xu, Min M ; Chen,
> > > > > Zeyi ; Wang, Fiona ;
> > > > > Lu,
> > > > > Xiaoyu1 ; Jiang, Guomin
> > > > > ; Kinney, Michael D
> > > > > ; Gao, Liming
> >
> > > > > Subject: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID
> > > > > for
> > > > > CERT_RSA3072 and CERT_RSA4096
> > > > >
> > > > > Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid
> > > > >
> > > > > Cc: Jiewen Yao
> > > > > Cc: Jian J Wang
> > > > > Cc: Min Xu
> > > > > Cc: Zeyi Chen
> > > > > Cc: Fiona Wang
> > > > > Cc: Xiaoyu Lu
> > > > > Cc: Guomin Jiang
> > > > > Cc: Michael D Kinney
> > > > > Cc: Liming Gao
> > > > > Signed-off-by: Sheng Wei
> > > > > ---
> > > > > MdePkg/Include/Guid/ImageAuthentication.h | 26
> > > > > +++
> > > > > MdePkg/MdePkg.dec | 2 ++
> > > > > 2 files changed, 28 insertions(+)
> > > > >
> > > > > diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
> > > > > b/MdePkg/Include/Guid/ImageAuthentication.h
> > > > > index fe83596571..c8ea2c14fb 100644
> > > > > --- a/MdePkg/Include/Guid/ImageAuthentication.h
> > > > > +++ b/MdePkg/Include/Guid/ImageAuthentication.h
> > > > > @@ -144,6 +144,30 @@ typedef struct {
> > > > > 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e,
> 0x85,
> > 0xb3,
> > > > > 0xb6} \ } +///+/// This identifies a signature containing an
> RSA-3072
> > key.
> > > > The
> > > > > key (only the modulus+/// since the public key exponent is known
> > > > > to be
> > > > > 0x10001) shall be stored in bi
Re: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
Hi Gao, Liming,
For this patch group, we have got review-by from Yao, Jiewen on patch
2/3(CryptoPkg) and patch 3/3(SecurityPkg).
Do you any comments on the patch 1/3 (MdePkg) ?
Patch 1/3 is only to add 2 new GUIDs.
Could you help to merge it ?
Thank you.
BR
Sheng Wei
> -Original Message-
> From: Sheng, W
> Sent: 2023年7月31日 10:02
> To: 'devel@edk2.groups.io' ; Gao, Liming
>
> Cc: Yao, Jiewen ; Wang, Jian J
> ; Xu, Min M ; Chen, Zeyi
> ; Wang, Fiona ; Lu, Xiaoyu1
> ; Jiang, Guomin ; Kinney,
> Michael D
> Subject: RE: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> CERT_RSA3072 and CERT_RSA4096
>
> Hi Gao, Liming,
> Could you help to review and merge this patch to MdePkg?
> This patch is only to add 2 new GUIDs.
> These 2 GUIDs will be used for adding RSA3072/RSA4096 cert support for
> secure boot feature.
> Thank you.
> BR
> Sheng Wei
>
> > > -----Original Message-
> > > From: devel@edk2.groups.io On Behalf Of
> Sheng
> > > Wei
> > > Sent: 2023年7月27日 14:35
> > > To: devel@edk2.groups.io
> > > Cc: Yao, Jiewen ; Wang, Jian J
> > > ; Xu, Min M ; Chen, Zeyi
> > > ; Wang, Fiona ; Lu,
> > > Xiaoyu1 ; Jiang, Guomin
> > > ; Kinney, Michael D
> > > ; Gao, Liming
> > > Subject: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> > > CERT_RSA3072 and CERT_RSA4096
> > >
> > > Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid
> > >
> > > Cc: Jiewen Yao
> > > Cc: Jian J Wang
> > > Cc: Min Xu
> > > Cc: Zeyi Chen
> > > Cc: Fiona Wang
> > > Cc: Xiaoyu Lu
> > > Cc: Guomin Jiang
> > > Cc: Michael D Kinney
> > > Cc: Liming Gao
> > > Signed-off-by: Sheng Wei
> > > ---
> > > MdePkg/Include/Guid/ImageAuthentication.h | 26
> > > +++
> > > MdePkg/MdePkg.dec | 2 ++
> > > 2 files changed, 28 insertions(+)
> > >
> > > diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
> > > b/MdePkg/Include/Guid/ImageAuthentication.h
> > > index fe83596571..c8ea2c14fb 100644
> > > --- a/MdePkg/Include/Guid/ImageAuthentication.h
> > > +++ b/MdePkg/Include/Guid/ImageAuthentication.h
> > > @@ -144,6 +144,30 @@ typedef struct {
> > > 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85,
> > > 0xb3,
> > > 0xb6} \ } +///+/// This identifies a signature containing an RSA-3072
> > > key.
> > The
> > > key (only the modulus+/// since the public key exponent is known to
> > > be
> > > 0x10001) shall be stored in big-endian+/// order.+/// The
> > > SignatureHeader size shall always be 0. The SignatureSize shall
> > > always be 16 (size+/// of SignatureOwner component) + 384
> bytes.+///+#define
> > > EFI_CERT_RSA3072_GUID \+ { \+0xedd320c2, 0xb057, 0x4b8e, {0xad,
> > 0x46,
> > > 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 } \+ }++///+/// This identifies
> > > a signature containing an RSA-4096 key. The key (only the
> > > modulus+/// since the public key exponent is known to be 0x10001)
> > > shall be stored in big-endian+/// order.+/// The SignatureHeader
> > > size shall always be 0. The SignatureSize shall always be 16
> > > (size+/// of SignatureOwner
> > component) + 512
> > > bytes.+///+#define EFI_CERT_RSA4096_GUID \+ { \+0xb23e89a6,
> 0x8c8b,
> > > 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c } \+ }+ ///
> > > /// This identifies a signature containing a RSA-2048 signature of a
> > > SHA-256 hash. The /// SignatureHeader size shall always be 0. The
> > > SignatureSize shall always be
> > > 16 (size of@@ -330,6 +354,8 @@ typedef struct { extern EFI_GUID
> > > gEfiImageSecurityDatabaseGuid; extern EFI_GUID gEfiCertSha256Guid;
> > > extern EFI_GUID gEfiCertRsa2048Guid;+extern EFI_GUID
> > > gEfiCertRsa3072Guid;+extern EFI_GUID gEfiCertRsa4096Guid; extern
> > > EFI_GUID gEfiCertRsa2048Sha256Guid; extern EFI_GUID
> > > gEfiCertSha1Guid; extern EFI_GUID gEfiCertRsa2048Sha1Guid;diff
> > > --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index
> > > b85614992b..24e4779d33 100644
> > > --- a/MdePkg/MdePkg.dec
> > > +++ b/MdePkg/MdePkg.dec
> > > @@ -581,6 +581,8 @@
> > >gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3,
> > > 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }} gEfiCertSha256Guid
> > >=
> > > { 0xc1c41626, 0x504c, 0x4092
Re: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
Hi Gao, Liming,
Could you help to review and merge this patch to MdePkg?
This patch is only to add 2 new GUIDs.
These 2 GUIDs will be used for adding RSA3072/RSA4096 cert support for secure
boot feature.
Thank you.
BR
Sheng Wei
> > -Original Message-
> > From: devel@edk2.groups.io On Behalf Of Sheng
> > Wei
> > Sent: 2023年7月27日 14:35
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen ; Wang, Jian J
> > ; Xu, Min M ; Chen, Zeyi
> > ; Wang, Fiona ; Lu, Xiaoyu1
> > ; Jiang, Guomin ;
> > Kinney, Michael D ; Gao, Liming
> >
> > Subject: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> > CERT_RSA3072 and CERT_RSA4096
> >
> > Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid
> >
> > Cc: Jiewen Yao
> > Cc: Jian J Wang
> > Cc: Min Xu
> > Cc: Zeyi Chen
> > Cc: Fiona Wang
> > Cc: Xiaoyu Lu
> > Cc: Guomin Jiang
> > Cc: Michael D Kinney
> > Cc: Liming Gao
> > Signed-off-by: Sheng Wei
> > ---
> > MdePkg/Include/Guid/ImageAuthentication.h | 26
> > +++
> > MdePkg/MdePkg.dec | 2 ++
> > 2 files changed, 28 insertions(+)
> >
> > diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
> > b/MdePkg/Include/Guid/ImageAuthentication.h
> > index fe83596571..c8ea2c14fb 100644
> > --- a/MdePkg/Include/Guid/ImageAuthentication.h
> > +++ b/MdePkg/Include/Guid/ImageAuthentication.h
> > @@ -144,6 +144,30 @@ typedef struct {
> > 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3,
> > 0xb6} \ } +///+/// This identifies a signature containing an RSA-3072 key.
> The
> > key (only the modulus+/// since the public key exponent is known to be
> > 0x10001) shall be stored in big-endian+/// order.+/// The
> > SignatureHeader size shall always be 0. The SignatureSize shall always
> > be 16 (size+/// of SignatureOwner component) + 384 bytes.+///+#define
> > EFI_CERT_RSA3072_GUID \+ { \+0xedd320c2, 0xb057, 0x4b8e, {0xad,
> 0x46,
> > 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 } \+ }++///+/// This identifies a
> > signature containing an RSA-4096 key. The key (only the modulus+///
> > since the public key exponent is known to be 0x10001) shall be stored
> > in big-endian+/// order.+/// The SignatureHeader size shall always be
> > 0. The SignatureSize shall always be 16 (size+/// of SignatureOwner
> component) + 512
> > bytes.+///+#define EFI_CERT_RSA4096_GUID \+ { \+0xb23e89a6, 0x8c8b,
> > 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c } \+ }+ ///
> > /// This identifies a signature containing a RSA-2048 signature of a
> > SHA-256 hash. The /// SignatureHeader size shall always be 0. The
> > SignatureSize shall always be
> > 16 (size of@@ -330,6 +354,8 @@ typedef struct { extern EFI_GUID
> > gEfiImageSecurityDatabaseGuid; extern EFI_GUID gEfiCertSha256Guid;
> > extern EFI_GUID gEfiCertRsa2048Guid;+extern EFI_GUID
> > gEfiCertRsa3072Guid;+extern EFI_GUID gEfiCertRsa4096Guid; extern
> > EFI_GUID gEfiCertRsa2048Sha256Guid; extern EFI_GUID gEfiCertSha1Guid;
> > extern EFI_GUID gEfiCertRsa2048Sha1Guid;diff --git
> > a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index
> > b85614992b..24e4779d33 100644
> > --- a/MdePkg/MdePkg.dec
> > +++ b/MdePkg/MdePkg.dec
> > @@ -581,6 +581,8 @@
> >gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3,
> > 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }} gEfiCertSha256Guid
> > =
> > { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43,
> 0x28 }}
> > gEfiCertRsa2048Guid= { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14,
> 0xed,
> > 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}+ gEfiCertRsa3072Guid= {
> > 0xedd320c2,
> > 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}+
> > gEfiCertRsa4096Guid= { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73,
> 0x15,
> > 0x4e, 0x8d, 0x00, 0x98, 0x2c }} gEfiCertRsa2048Sha256Guid =
> { 0xe2b36190,
> > 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
> > gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87,
> > 0xbe,
> > 0x1, 0x49, 0x66, 0x31, 0xbd }} gEfiCertRsa2048Sha1Guid= {
> > 0x67f8444f,
> > 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}--
> > 2.26.2.windows.1
> >
> >
> >
> > -=-=-=-=-=-=
> > Groups.io Links: You receive all messages sent to this group.
> > View/Reply Online (#107294):
> > https://edk2.groups.io/g/devel/message/107294
> > Mute This Topic: https:/
Re: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
Hi Michael D,
Could you help to review and merge this patch to MdePkg?
This patch is only to add 2 new GUIDs.
These 2 GUIDs will be used for adding RSA3072/RSA4096 cert support for secure
boot feature.
Thank you.
BR
Sheng Wei
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Sheng
> Wei
> Sent: 2023年7月27日 14:35
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J
> ; Xu, Min M ; Chen, Zeyi
> ; Wang, Fiona ; Lu, Xiaoyu1
> ; Jiang, Guomin ; Kinney,
> Michael D ; Gao, Liming
>
> Subject: [edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for
> CERT_RSA3072 and CERT_RSA4096
>
> Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid
>
> Cc: Jiewen Yao
> Cc: Jian J Wang
> Cc: Min Xu
> Cc: Zeyi Chen
> Cc: Fiona Wang
> Cc: Xiaoyu Lu
> Cc: Guomin Jiang
> Cc: Michael D Kinney
> Cc: Liming Gao
> Signed-off-by: Sheng Wei
> ---
> MdePkg/Include/Guid/ImageAuthentication.h | 26
> +++
> MdePkg/MdePkg.dec | 2 ++
> 2 files changed, 28 insertions(+)
>
> diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
> b/MdePkg/Include/Guid/ImageAuthentication.h
> index fe83596571..c8ea2c14fb 100644
> --- a/MdePkg/Include/Guid/ImageAuthentication.h
> +++ b/MdePkg/Include/Guid/ImageAuthentication.h
> @@ -144,6 +144,30 @@ typedef struct {
> 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3,
> 0xb6} \ } +///+/// This identifies a signature containing an RSA-3072 key.
> The
> key (only the modulus+/// since the public key exponent is known to be
> 0x10001) shall be stored in big-endian+/// order.+/// The SignatureHeader
> size shall always be 0. The SignatureSize shall always be 16 (size+/// of
> SignatureOwner component) + 384 bytes.+///+#define
> EFI_CERT_RSA3072_GUID \+ { \+0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46,
> 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 } \+ }++///+/// This identifies a
> signature
> containing an RSA-4096 key. The key (only the modulus+/// since the public
> key exponent is known to be 0x10001) shall be stored in big-endian+///
> order.+/// The SignatureHeader size shall always be 0. The SignatureSize shall
> always be 16 (size+/// of SignatureOwner component) + 512
> bytes.+///+#define EFI_CERT_RSA4096_GUID \+ { \+0xb23e89a6, 0x8c8b,
> 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c } \+ }+ /// /// This
> identifies a signature containing a RSA-2048 signature of a SHA-256 hash. The
> /// SignatureHeader size shall always be 0. The SignatureSize shall always be
> 16 (size of@@ -330,6 +354,8 @@ typedef struct {
> extern EFI_GUID gEfiImageSecurityDatabaseGuid; extern EFI_GUID
> gEfiCertSha256Guid; extern EFI_GUID gEfiCertRsa2048Guid;+extern
> EFI_GUID gEfiCertRsa3072Guid;+extern EFI_GUID gEfiCertRsa4096Guid;
> extern EFI_GUID gEfiCertRsa2048Sha256Guid; extern EFI_GUID
> gEfiCertSha1Guid; extern EFI_GUID gEfiCertRsa2048Sha1Guid;diff --git
> a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index
> b85614992b..24e4779d33 100644
> --- a/MdePkg/MdePkg.dec
> +++ b/MdePkg/MdePkg.dec
> @@ -581,6 +581,8 @@
>gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3,
> 0xbc, 0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }} gEfiCertSha256Guid =
> { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28
> }}
> gEfiCertRsa2048Guid= { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14,
> 0xed,
> 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}+ gEfiCertRsa3072Guid= {
> 0xedd320c2,
> 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}+
> gEfiCertRsa4096Guid= { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73,
> 0x15,
> 0x4e, 0x8d, 0x00, 0x98, 0x2c }} gEfiCertRsa2048Sha256Guid = {
> 0xe2b36190,
> 0x879b, 0x4a3d, {0xad, 0x8d, 0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
> gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87,
> 0xbe,
> 0x1, 0x49, 0x66, 0x31, 0xbd }} gEfiCertRsa2048Sha1Guid= {
> 0x67f8444f,
> 0x8743, 0x48f1, {0xa3, 0x28, 0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}--
> 2.26.2.windows.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#107294):
> https://edk2.groups.io/g/devel/message/107294
> Mute This Topic: https://groups.io/mt/100385942/2558558
> Group Owner: devel+ow...@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [w.sh...@intel.com] -
> =-=-=-=-=-=
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107313): https://edk2.groups.io/g/devel/message/107313
Mute This Topic: https://groups.io/mt/100405114/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384
Here are my negative tests. 1) Enroll a RSA2048 Cert, execute an unsigned efi image. 2) Enroll a RSA2048 Cert, execute a RSA4096 signed efi image. 3) Enroll a RSA4096 Cert, execute a RSA3072 signed efi image. 4) Enroll a RSA4096 Cert to both DB and DBX, execute the RSA4096 signed efi image. Test Result: Get "Access Denied" when try to execute the efi image. Thank you. BR Sheng Wei > -Original Message- > From: Yao, Jiewen > Sent: 2023年7月27日 17:45 > To: Sheng, W ; devel@edk2.groups.io > Cc: Wang, Jian J ; Xu, Min M ; > Chen, Zeyi ; Wang, Fiona ; > Lu, Xiaoyu1 ; Jiang, Guomin > ; Kinney, Michael D > ; Gao, Liming > Subject: RE: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 > > Thanks. May I know what *negative* test you have done? > > > > -Original Message- > > From: Sheng, W > > Sent: Thursday, July 27, 2023 2:35 PM > > To: devel@edk2.groups.io > > Cc: Yao, Jiewen ; Wang, Jian J > > ; Xu, Min M ; Chen, Zeyi > > ; Wang, Fiona ; Lu, Xiaoyu1 > > ; Jiang, Guomin ; > > Kinney, Michael D ; Gao, Liming > > > > Subject: [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384 > > > > Patch V5: > > Using define KEY_TYPE_RSASSA to replace the magic number. > > > > Patch V4: > > Determine the RSA algorithm by a supported algorithm list. > > > > Patch V3: > > Select SHA algorithm automaticly for a unsigned efi image. > > > > Patch V2: > > Determine the SHA algorithm by a supported algorithm list. > > Create SHA context for each algorithm. > > > > Test Case: > > 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image > > under UEFI shell. > > 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image > > under UEFI shell. > > 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image > > under UEFI shell. > > 4. Enroll an unsigned efi image, execute the unsigned efi image under > > UEFI shell > > > > Test Result: > > Pass > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Min Xu > > Cc: Zeyi Chen > > Cc: Fiona Wang > > Cc: Xiaoyu Lu > > Cc: Guomin Jiang > > Cc: Michael D Kinney > > Cc: Liming Gao > > > > Sheng Wei (3): > > MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096 > > CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to > > ImageTimestampVerify > > SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 > > > > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- > > MdePkg/Include/Guid/ImageAuthentication.h | 26 +++ > > MdePkg/MdePkg.dec | 2 + > > .../Library/AuthVariableLib/AuthService.c | 220 +++--- > > .../AuthVariableLib/AuthServiceInternal.h | 4 +- > > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- > > .../DxeImageVerificationLib.c | 73 +++--- > > .../SecureBootConfigDxe.inf | 16 ++ > > .../SecureBootConfigImpl.c| 114 +++-- > > .../SecureBootConfigImpl.h| 7 + > > .../SecureBootConfigStrings.uni | 6 + > > 11 files changed, 421 insertions(+), 92 deletions(-) > > > > -- > > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107306): https://edk2.groups.io/g/devel/message/107306 Mute This Topic: https://groups.io/mt/100385941/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V5 3/3] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Signed-off-by: Sheng Wei
---
.../Library/AuthVariableLib/AuthService.c | 220 +++---
.../AuthVariableLib/AuthServiceInternal.h | 4 +-
.../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
.../DxeImageVerificationLib.c | 73 +++---
.../SecureBootConfigDxe.inf | 16 ++
.../SecureBootConfigImpl.c| 114 +++--
.../SecureBootConfigImpl.h| 7 +
.../SecureBootConfigStrings.uni | 6 +
8 files changed, 391 insertions(+), 91 deletions(-)
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c
b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index d81c581d78..4c268a85cd 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -29,12 +29,125 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include
#include
+#define SHA_DIGEST_SIZE_MAX SHA512_DIGEST_SIZE
+
+/**
+ Retrieves the size, in bytes, of the context buffer required for hash
operations.
+
+ If this interface is not supported, then return zero.
+
+ @return The size, in bytes, of the context buffer required for hash
operations.
+ @retval 0 This interface is not supported.
+
+**/
+typedef
+UINTN
+(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE)(
+ VOID
+ );
+
+/**
+ Initializes user-supplied memory pointed by Sha1Context as hash context for
+ subsequent use.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[out] HashContext Pointer to Hashcontext being initialized.
+
+ @retval TRUE Hash context initialization succeeded.
+ @retval FALSE Hash context initialization failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_INIT)(
+ OUT VOID *HashContext
+ );
+
+/**
+ Digests the input data and updates Hash context.
+
+ This function performs Hash digest on a data buffer of the specified size.
+ It can be called multiple times to compute the digest of long or
discontinuous data streams.
+ Hash context should be already correctly initialized by HashInit(), and
should not be finalized
+ by HashFinal(). Behavior with invalid context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[in] Data Pointer to the buffer containing the data to
be hashed.
+ @param[in] DataSize Size of Data buffer in bytes.
+
+ @retval TRUE SHA-1 data digest succeeded.
+ @retval FALSE SHA-1 data digest failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_UPDATE)(
+ IN OUT VOID*HashContext,
+ IN CONST VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Completes computation of the Hash digest value.
+
+ This function completes hash computation and retrieves the digest value into
+ the specified memory. After this function has been called, the Hash context
cannot
+ be used again.
+ Hash context should be already correctly initialized by HashInit(), and
should not be
+ finalized by HashFinal(). Behavior with invalid Hash context is undefined.
+
+ If HashContext is NULL, then return FALSE.
+ If HashValue is NULL, then return FALSE.
+ If this interface is not supported, then return FALSE.
+
+ @param[in, out] HashContext Pointer to the Hash context.
+ @param[out] HashValuePointer to a buffer that receives the Hash
digest
+value.
+
+ @retval TRUE Hash digest computation succeeded.
+ @retval FALSE Hash digest computation failed.
+ @retval FALSE This interface is not supported.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *EFI_HASH_FINAL)(
+ IN OUT VOID *HashContext,
+ OUT UINT8 *HashValue
+ );
+
+typedef struct {
+ UINT32 HashSize;
+ EFI_HASH_GET_CONTEXT_SIZEGetContextSize;
+ EFI_HASH_INITInit;
+ EFI_HASH_UPDATE Update;
+ EFI_HASH_FINAL Final;
+ VOID **HashShaCtx;
+ UINT8*OidValue;
+ UINTNOidLength;
+} EFI_HASH_INFO;
+
//
// Public Exponent of RSA Key.
//
CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
-CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
0x02, 0x01 };
+UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x01 };
+UINT8 mSha384OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x02 };
+UINT8 mSha512OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x03 };
+
+EFI_HASH_INFO mHashInfo[] = {
+ {SHA256_DIGEST_SIZE, Sha256GetContextSize, Sha256Init, Sha256Update,
Sha256Final, &mHashSha25
[edk2-devel] [PATCH V5 2/3] CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify
Register and initialize sha384/sha512 digest algorithms for PKCS#7 Handling.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Cc: Michael D Kinney
Signed-off-by: Sheng Wei
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 027dbb6842..944bcf8d38 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -591,7 +591,8 @@ ImageTimestampVerify (
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) ==
0) ||
- (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
+ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 ())
== 0) ||
+ (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
{
return FALSE;
}
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107295): https://edk2.groups.io/g/devel/message/107295
Mute This Topic: https://groups.io/mt/100385943/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V5 1/3] MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096
Add gEfiCertRsa3072Guid and gEfiCertRsa4096Guid
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Cc: Xiaoyu Lu
Cc: Guomin Jiang
Cc: Michael D Kinney
Cc: Liming Gao
Signed-off-by: Sheng Wei
---
MdePkg/Include/Guid/ImageAuthentication.h | 26 +++
MdePkg/MdePkg.dec | 2 ++
2 files changed, 28 insertions(+)
diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
b/MdePkg/Include/Guid/ImageAuthentication.h
index fe83596571..c8ea2c14fb 100644
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -144,6 +144,30 @@ typedef struct {
0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3,
0xb6} \
}
+///
+/// This identifies a signature containing an RSA-3072 key. The key (only the
modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in
big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always
be 16 (size
+/// of SignatureOwner component) + 384 bytes.
+///
+#define EFI_CERT_RSA3072_GUID \
+ { \
+0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee,
0x92 } \
+ }
+
+///
+/// This identifies a signature containing an RSA-4096 key. The key (only the
modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in
big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always
be 16 (size
+/// of SignatureOwner component) + 512 bytes.
+///
+#define EFI_CERT_RSA4096_GUID \
+ { \
+0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98,
0x2c } \
+ }
+
///
/// This identifies a signature containing a RSA-2048 signature of a SHA-256
hash. The
/// SignatureHeader size shall always be 0. The SignatureSize shall always be
16 (size of
@@ -330,6 +354,8 @@ typedef struct {
extern EFI_GUID gEfiImageSecurityDatabaseGuid;
extern EFI_GUID gEfiCertSha256Guid;
extern EFI_GUID gEfiCertRsa2048Guid;
+extern EFI_GUID gEfiCertRsa3072Guid;
+extern EFI_GUID gEfiCertRsa4096Guid;
extern EFI_GUID gEfiCertRsa2048Sha256Guid;
extern EFI_GUID gEfiCertSha1Guid;
extern EFI_GUID gEfiCertRsa2048Sha1Guid;
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index b85614992b..24e4779d33 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -581,6 +581,8 @@
gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3, 0xbc,
0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }}
gEfiCertSha256Guid = { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9,
0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}
gEfiCertRsa2048Guid= { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14,
0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}
+ gEfiCertRsa3072Guid= { 0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46,
0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}
+ gEfiCertRsa4096Guid= { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73,
0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c }}
gEfiCertRsa2048Sha256Guid = { 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d,
0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87,
0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}
gEfiCertRsa2048Sha1Guid= { 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28,
0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107294): https://edk2.groups.io/g/devel/message/107294
Mute This Topic: https://groups.io/mt/100385942/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH V5 0/3] SecureBoot: Support RSA 512 and RSA 384
Patch V5: Using define KEY_TYPE_RSASSA to replace the magic number. Patch V4: Determine the RSA algorithm by a supported algorithm list. Patch V3: Select SHA algorithm automaticly for a unsigned efi image. Patch V2: Determine the SHA algorithm by a supported algorithm list. Create SHA context for each algorithm. Test Case: 1. Enroll a RSA4096 Cert, and execute an RSA4096 signed efi image under UEFI shell. 2. Enroll a RSA3072 Cert, and execute an RSA3072 signed efi image under UEFI shell. 3. Enroll a RSA2048 Cert, and execute an RSA2048 signed efi image under UEFI shell. 4. Enroll an unsigned efi image, execute the unsigned efi image under UEFI shell Test Result: Pass Cc: Jiewen Yao Cc: Jian J Wang Cc: Min Xu Cc: Zeyi Chen Cc: Fiona Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Cc: Michael D Kinney Cc: Liming Gao Sheng Wei (3): MdePkg/Include: Add GUID for CERT_RSA3072 and CERT_RSA4096 CryptoPkg/Library/BaseCryptLib: add sha384 and sha512 to ImageTimestampVerify SecurityPkg/SecureBoot: Support RSA 512 and RSA 384 CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +- MdePkg/Include/Guid/ImageAuthentication.h | 26 +++ MdePkg/MdePkg.dec | 2 + .../Library/AuthVariableLib/AuthService.c | 220 +++--- .../AuthVariableLib/AuthServiceInternal.h | 4 +- .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++-- .../DxeImageVerificationLib.c | 73 +++--- .../SecureBootConfigDxe.inf | 16 ++ .../SecureBootConfigImpl.c| 114 +++-- .../SecureBootConfigImpl.h| 7 + .../SecureBootConfigStrings.uni | 6 + 11 files changed, 421 insertions(+), 92 deletions(-) -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107293): https://edk2.groups.io/g/devel/message/107293 Mute This Topic: https://groups.io/mt/100385941/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v4] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
Hi Jiewen,
Thank you for the comments.
I will update the patch and follow the process.
BR
Sheng Wei
> -Original Message-
> From: Yao, Jiewen
> Sent: 2023年7月25日 14:06
> To: Sheng, W ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Xu, Min M ;
> Chen, Zeyi ; Wang, Fiona
> Subject: RE: [PATCH v4] SecurityPkg/SecureBoot: Support RSA 512 and RSA
> 384
>
> Thanks for the update, Wei.
>
> From process perspective, please always do following:
>
> 1) Please describe what is the difference between this version and previous
> version. As such, we can know what is delta and we can focus on the delta.
>
> 2) Please describe what test has been done for this specific version. Such as
> unit test, integration test, etc.
>
> 3) Please split the patch based upon package. The reason is that we need
> different reviewer for each package.
>
>
> For the patch, I have below comment:
>
> 1) Please don't use magic number. Please always define MACRO for better
> maintenance.
>
> + if (KeyInfo->KeyType == 0) {
>
> Please use "if (KeyInfo->KeyType == KEY_TYPE_RSASSA) {"
>
>
> Thank you
> Yao, Jiewen
>
>
> > -Original Message-
> > From: Sheng, W
> > Sent: Thursday, July 6, 2023 4:06 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen ; Wang, Jian J
> > ; Xu, Min M ; Chen, Zeyi
> > ; Wang, Fiona
> > Subject: [PATCH v4] SecurityPkg/SecureBoot: Support RSA 512 and RSA
> > 384
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
> >
> > Cc: Jiewen Yao
> > Cc: Jian J Wang
> > Cc: Min Xu
> > Cc: Zeyi Chen
> > Cc: Fiona Wang
> > Signed-off-by: Sheng Wei
> > ---
> > CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +-
> > MdePkg/Include/Guid/ImageAuthentication.h | 26 +++
> > MdePkg/MdePkg.dec | 2 +
> > .../Library/AuthVariableLib/AuthService.c | 220 +++---
> > .../AuthVariableLib/AuthServiceInternal.h | 4 +-
> > .../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
> > .../DxeImageVerificationLib.c | 73 +++---
> > .../SecureBootConfigDxe.inf | 16 ++
> > .../SecureBootConfigImpl.c| 114 +++--
> > .../SecureBootConfigImpl.h| 2 +
> > .../SecureBootConfigStrings.uni | 6 +
> > 11 files changed, 416 insertions(+), 92 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
> > index 027dbb6842..944bcf8d38 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
> > @@ -591,7 +591,8 @@ ImageTimestampVerify (
> >// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
> >
> >//
> >
> >if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1
> > ()) == 0)
> > ||
> >
> > - (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias
> > (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
> >
> > + (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest
> > + (EVP_sha384 ())
> > == 0) ||
> >
> > + (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias
> > (SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
> >
> >{
> >
> > return FALSE;
> >
> >}
> >
> > diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
> > b/MdePkg/Include/Guid/ImageAuthentication.h
> > index fe83596571..c8ea2c14fb 100644
> > --- a/MdePkg/Include/Guid/ImageAuthentication.h
> > +++ b/MdePkg/Include/Guid/ImageAuthentication.h
> > @@ -144,6 +144,30 @@ typedef struct {
> > 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85,
> > 0xb3, 0xb6} \
> >
> >}
> >
> >
> >
> > +///
> >
> > +/// This identifies a signature containing an RSA-3072 key. The key
> > +(only the
> > modulus
> >
> > +/// since the public key exponent is known to be 0x10001) shall be
> > +stored in big-
> > endian
> >
> > +/// order.
> >
> > +/// The SignatureHeader size shall always be 0. The SignatureSize
> > +shall always be
> > 16 (size
> >
> > +/// of SignatureOwner component) + 384 bytes.
> >
> > +///
> >
> > +#define EFI_CERT_RSA3072_GUID \
> >
> > + { \
> >
> > +0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89,
> > + 0xee,
[edk2-devel] [PATCH] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1u
Cc: Jian J Wang Cc: Jiewen Yao Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Sheng Wei --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf| 1 - CryptoPkg/Library/OpensslLib/OpensslLibFull.inf | 1 - CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf | 1 - CryptoPkg/Library/OpensslLib/openssl | 2 +- 6 files changed, 1 insertion(+), 6 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 0f64c9fa7e..64f4eac4c8 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -162,7 +162,6 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c - $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf index ebada80d9d..5b18e59e66 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf @@ -163,7 +163,6 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c - $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index 311cd1e605..411d1e5717 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -163,7 +163,6 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c - $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf index 52bb4aeaa5..409242e7c3 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf @@ -167,7 +167,6 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c - $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf index 2ea117e506..f85c545d97 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf @@ -168,7 +168,6 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c - $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl index 830bf8e1e4..70c2912f63 16 --- a/CryptoPkg/Library/OpensslLib/openssl +++ b/CryptoPkg/Library/OpensslLib/openssl @@ -1 +1 @@ -Subproject commit 830bf8e1e4749ad65c51b6a1d0d769ae689404ba +Subproject commit 70c2912f635aac8ab28629a2b5ea0c09740d2bda -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106981): https://edk2.groups.io/g/devel/message/106981 Mute This Topic: https://groups.io/mt/100210889/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] IntelSiliconPkg/Vtd: Resolve parameter transfer errors
Fix the capsule update assert caused by function call errors.
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
Signed-off-by: Sheng Wei
---
.../Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
index dd0c49698..f05ca6ae5 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdReg.c
@@ -737,7 +737,7 @@ DumpVtdIfError (
if (HasError) {
REPORT_STATUS_CODE (EFI_ERROR_CODE, PcdGet32 (PcdErrorCodeVTdError));
DEBUG((DEBUG_INFO, "\n ERROR \n"));
- DumpVtdRegs (Num);
+ DumpVtdRegs (mVtdUnitInformation[Num].VtdUnitBaseAddress);
DEBUG((DEBUG_INFO, " ERROR \n\n"));
//
// Clear
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106891): https://edk2.groups.io/g/devel/message/106891
Mute This Topic: https://groups.io/mt/100115481/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v4] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Signed-off-by: Sheng Wei
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +-
MdePkg/Include/Guid/ImageAuthentication.h | 26 +++
MdePkg/MdePkg.dec | 2 +
.../Library/AuthVariableLib/AuthService.c | 220 +++---
.../AuthVariableLib/AuthServiceInternal.h | 4 +-
.../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
.../DxeImageVerificationLib.c | 73 +++---
.../SecureBootConfigDxe.inf | 16 ++
.../SecureBootConfigImpl.c| 114 +++--
.../SecureBootConfigImpl.h| 2 +
.../SecureBootConfigStrings.uni | 6 +
11 files changed, 416 insertions(+), 92 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 027dbb6842..944bcf8d38 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -591,7 +591,8 @@ ImageTimestampVerify (
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) ==
0) ||
- (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
+ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 ())
== 0) ||
+ (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
{
return FALSE;
}
diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
b/MdePkg/Include/Guid/ImageAuthentication.h
index fe83596571..c8ea2c14fb 100644
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -144,6 +144,30 @@ typedef struct {
0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3,
0xb6} \
}
+///
+/// This identifies a signature containing an RSA-3072 key. The key (only the
modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in
big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always
be 16 (size
+/// of SignatureOwner component) + 384 bytes.
+///
+#define EFI_CERT_RSA3072_GUID \
+ { \
+0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee,
0x92 } \
+ }
+
+///
+/// This identifies a signature containing an RSA-4096 key. The key (only the
modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in
big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always
be 16 (size
+/// of SignatureOwner component) + 512 bytes.
+///
+#define EFI_CERT_RSA4096_GUID \
+ { \
+0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98,
0x2c } \
+ }
+
///
/// This identifies a signature containing a RSA-2048 signature of a SHA-256
hash. The
/// SignatureHeader size shall always be 0. The SignatureSize shall always be
16 (size of
@@ -330,6 +354,8 @@ typedef struct {
extern EFI_GUID gEfiImageSecurityDatabaseGuid;
extern EFI_GUID gEfiCertSha256Guid;
extern EFI_GUID gEfiCertRsa2048Guid;
+extern EFI_GUID gEfiCertRsa3072Guid;
+extern EFI_GUID gEfiCertRsa4096Guid;
extern EFI_GUID gEfiCertRsa2048Sha256Guid;
extern EFI_GUID gEfiCertSha1Guid;
extern EFI_GUID gEfiCertRsa2048Sha1Guid;
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index d6c4179b2a..c88e88fa6b 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -571,6 +571,8 @@
gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3, 0xbc,
0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }}
gEfiCertSha256Guid = { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9,
0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}
gEfiCertRsa2048Guid= { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14,
0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}
+ gEfiCertRsa3072Guid= { 0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46,
0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}
+ gEfiCertRsa4096Guid= { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73,
0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c }}
gEfiCertRsa2048Sha256Guid = { 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d,
0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87,
0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}
gEfiCertRsa2048Sha1Guid= { 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28,
0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c
b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index d81c581d78..4c268a85cd 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -29,12 +29,125 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include
#inc
Re: [edk2-devel] [PATCH] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
Hi Jiewen,
As your suggestion.
I will check if CPL_KEY_INFO. KeyType == 0 first.
If true, I will use below table to select RSA algorithm.
KeyLengthInBitsRSA algorithm
2048RSA 2K
3072RSA 3K
4096RSA 4K
Do you have any comment about this solution ?
Thank you
BR
Sheng Wei
> -Original Message-
> From: Yao, Jiewen
> Sent: 2023年7月6日 15:06
> To: Sheng, W ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Xu, Min M
> ; Chen, Zeyi ; Wang, Fiona
>
> Subject: RE: [PATCH] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
>
> CPL_KEY_INFO is not standard, but implementation choice.
>
> I notice KeyType field is not used today. I assume it is 0 today.
>
> Can we use 0 to indicate RSASSA?
>
> Thank you
> Yao, Jiewen
>
>
>
> > -Original Message-
> > From: Sheng, W
> > Sent: Thursday, July 6, 2023 2:48 PM
> > To: Yao, Jiewen ; devel@edk2.groups.io
> > Cc: Wang, Jian J ; Xu, Min M
> ;
> > Chen, Zeyi ; Wang, Fiona
> > Subject: RE: [PATCH] SecurityPkg/SecureBoot: Support RSA 512 and RSA
> 384
> >
> > Hi Jiewen,
> > I raised the patch V3, And I also attached the patch file.
> > For 4,
> > My solution is below.
> > When enroll the unsigned image, BIOS will select the most supported
> complex
> > hash algorithm to get the hash.
> > When do the verification, BIOS will try all supported hash algorithm in "db"
> and
> > "dbx".
> >
> > For 5.
> > The struct of CPL_KEY_INFO should be binded to .pbk file format.
> > I cannot find the spec of .pbk file. I can not change the struct items.
> > Do you know where to find the spec of public key storing file (*.pbk) ?
> > Or is *.pbk file a legacy file format? We do not need to change this part
> > and
> > keep it for RSA 2048 only ?
> >
> > Thank you
> > BR
> > Sheng Wei
> >
> > > -Original Message-
> > > From: Yao, Jiewen
> > > Sent: 2023年6月30日 19:57
> > > To: Sheng, W ; devel@edk2.groups.io
> > > Cc: Wang, Jian J ; Xu, Min M
> > > ; Chen, Zeyi ; Wang, Fiona
> > >
> > > Subject: RE: [PATCH] SecurityPkg/SecureBoot: Support RSA 512 and RSA
> 384
> > >
> > > For 4, I think we can enroll all supported algorithms, or the active
> algorithm. I
> > > don’t think the PCD is needed.
> > >
> > > For 5, I suggest to change the data structure to include the algorithm ID.
> > >
> > > Thank you
> > > Yao, Jiewen
> > >
> > >
> > > > -Original Message-
> > > > From: Sheng, W
> > > > Sent: Friday, June 30, 2023 3:52 PM
> > > > To: Yao, Jiewen ; devel@edk2.groups.io
> > > > Cc: Wang, Jian J ; Xu, Min M
> > > ;
> > > > Chen, Zeyi ; Wang, Fiona
>
> > > > Subject: RE: [PATCH] SecurityPkg/SecureBoot: Support RSA 512 and RSA
> > > 384
> > > >
> > > > Hi Jiewen,
> > > > I raised the patch V2.
> > > > I do the fix for 1) , 2), 3).
> > > > But for 4) 5), I have below comments.
> > > >
> > > > 4) I am not sure why we need this PCD. Why cannot we support all of
> hash
> > > algo?
> > > >
> > > > + ## Indicates default hash algorithm in Secure Boot
> > > > + # 0 - Use SHA256
> > > > + # 1 - Use SHA384
> > > > + # 2 - Use SHA512
> > > > + # @Prompt Secure Boot default hash algorithm
> > > > +
> > > > +
> > > >
> > >
> gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultHashAlg|0|UINT8|0x
> > > 00
> > > > + 010040
> > > >
> > > > PCD PcdSecureBootDefaultHashAlg is used for the only case of enroll an
> > > > unsigned image.
> > > > The original logic is BIOS will genrate SHA256 digest for this unsigned
> image
> > > and
> > > > save it.
> > > > The PCD is used to select the hash algorithm for this case.
> > > > So we have to use a PCD to select the algorithm manully.
> > > >
> > > >
> > > > 5) I don’t believe that you can use size to determine the algorithm. We
> > > need a
> > > > more robust way, such as algorithm ID.
> > > >
> > > > + switch (KeyLenInBytes) {
> > > > + case WIN_CERT_UEFI_RSA2048_SIZE:
> > > > +CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid);
> > > > +br
[edk2-devel] [PATCH v3] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Signed-off-by: Sheng Wei
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +-
MdePkg/Include/Guid/ImageAuthentication.h | 26 +++
MdePkg/MdePkg.dec | 2 +
.../Library/AuthVariableLib/AuthService.c | 220 +++---
.../AuthVariableLib/AuthServiceInternal.h | 4 +-
.../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
.../DxeImageVerificationLib.c | 73 +++---
.../SecureBootConfigDxe.inf | 16 ++
.../SecureBootConfigImpl.c| 108 +++--
.../SecureBootConfigImpl.h| 2 +
.../SecureBootConfigStrings.uni | 6 +
11 files changed, 410 insertions(+), 92 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 027dbb6842..944bcf8d38 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -591,7 +591,8 @@ ImageTimestampVerify (
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) ==
0) ||
- (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
+ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 ())
== 0) ||
+ (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
{
return FALSE;
}
diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
b/MdePkg/Include/Guid/ImageAuthentication.h
index fe83596571..c8ea2c14fb 100644
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -144,6 +144,30 @@ typedef struct {
0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3,
0xb6} \
}
+///
+/// This identifies a signature containing an RSA-3072 key. The key (only the
modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in
big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always
be 16 (size
+/// of SignatureOwner component) + 384 bytes.
+///
+#define EFI_CERT_RSA3072_GUID \
+ { \
+0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee,
0x92 } \
+ }
+
+///
+/// This identifies a signature containing an RSA-4096 key. The key (only the
modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in
big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always
be 16 (size
+/// of SignatureOwner component) + 512 bytes.
+///
+#define EFI_CERT_RSA4096_GUID \
+ { \
+0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98,
0x2c } \
+ }
+
///
/// This identifies a signature containing a RSA-2048 signature of a SHA-256
hash. The
/// SignatureHeader size shall always be 0. The SignatureSize shall always be
16 (size of
@@ -330,6 +354,8 @@ typedef struct {
extern EFI_GUID gEfiImageSecurityDatabaseGuid;
extern EFI_GUID gEfiCertSha256Guid;
extern EFI_GUID gEfiCertRsa2048Guid;
+extern EFI_GUID gEfiCertRsa3072Guid;
+extern EFI_GUID gEfiCertRsa4096Guid;
extern EFI_GUID gEfiCertRsa2048Sha256Guid;
extern EFI_GUID gEfiCertSha1Guid;
extern EFI_GUID gEfiCertRsa2048Sha1Guid;
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index d6c4179b2a..c88e88fa6b 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -571,6 +571,8 @@
gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3, 0xbc,
0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }}
gEfiCertSha256Guid = { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9,
0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}
gEfiCertRsa2048Guid= { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14,
0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}
+ gEfiCertRsa3072Guid= { 0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46,
0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}
+ gEfiCertRsa4096Guid= { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73,
0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c }}
gEfiCertRsa2048Sha256Guid = { 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d,
0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87,
0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}
gEfiCertRsa2048Sha1Guid= { 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28,
0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c
b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index d81c581d78..4c268a85cd 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -29,12 +29,125 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include
#inc
Re: [edk2-devel] [PATCH] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
Hi Jiewen,
I raised the patch V2.
I do the fix for 1) , 2), 3).
But for 4) 5), I have below comments.
4) I am not sure why we need this PCD. Why cannot we support all of hash algo?
+ ## Indicates default hash algorithm in Secure Boot
+ # 0 - Use SHA256
+ # 1 - Use SHA384
+ # 2 - Use SHA512
+ # @Prompt Secure Boot default hash algorithm
+
+ gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultHashAlg|0|UINT8|0x00
+ 010040
PCD PcdSecureBootDefaultHashAlg is used for the only case of enroll an unsigned
image.
The original logic is BIOS will genrate SHA256 digest for this unsigned image
and save it.
The PCD is used to select the hash algorithm for this case.
So we have to use a PCD to select the algorithm manully.
5) I don’t believe that you can use size to determine the algorithm. We need a
more robust way, such as algorithm ID.
+ switch (KeyLenInBytes) {
+ case WIN_CERT_UEFI_RSA2048_SIZE:
+CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid);
+break;
+ case WIN_CERT_UEFI_RSA3072_SIZE:
+CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa3072Guid);
+break;
+ case WIN_CERT_UEFI_RSA4096_SIZE:
+CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa4096Guid);
+break;
+break;
This code is used when enroll a RSA public key storing file (*.pbk).
Here is the header Struct of this file.
typedef struct _CPL_KEY_INFO {
UINT32KeyLengthInBits;// Key Length In Bits
UINT32BlockSize; // Operation Block Size in Bytes
UINT32CipherBlockSize;// Output Cipher Block Size in Bytes
UINT32KeyType;// Key Type
UINT32CipherMode; // Cipher Mode for Symmetric Algorithm
UINT32Flags; // Additional Key Property Flags
} CPL_KEY_INFO;
Edk2/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h
We can only get to know the RSA algorithm by KeyLengthInBits.
(RSA2048/RSA3072/RSA4096)
Thank you.
BR
Sheng Wei
> -Original Message-
> From: Yao, Jiewen
> Sent: 2023年6月22日 15:22
> To: Sheng, W ; devel@edk2.groups.io
> Cc: Wang, Jian J ; Xu, Min M ;
> Chen, Zeyi ; Wang, Fiona
> Subject: RE: [PATCH] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
>
> Thank you very much to contribute this patch. Here is my feedback.
>
> 1) I don’t believe that you cannot use digest size to determine the algorithm,
> because different hash algorithm may have same time. E.g. SHA256 and
> SHA3_256.
>
> + if (DigestSize == SHA256_DIGEST_SIZE) {
> +Status = CalculatePrivAuthVarSignChainSHA256Digest (
> + SignerCert,
> + SignerCertSize,
> + TopLevelCert,
> + TopLevelCertSize,
> + ShaDigest
> + );
>
> 2) I don’t believe that you cannot assuming CtxSize of SHA512 is bigger than
> SHA256. I think we may need create context for each algo.
>
> @@ -135,7 +135,7 @@ AuthVariableLibInitialize (
>//
>// Initialize hash context.
>//
> - CtxSize = Sha256GetContextSize ();
> + CtxSize = Sha512GetContextSize ();
>mHashCtx = AllocateRuntimePool (CtxSize);
>if (mHashCtx == NULL) {
>
> 3) I believe we should use 0 for SHA256 and ASSERT in default.
>
> + switch (PcdGet8 (PcdSecureBootDefaultHashAlg)) { case 1:
> +DEBUG ((DEBUG_INFO, "%a use SHA384", __func__));
> +HashAlg = HASHALG_SHA384;
> +break;
> + case 2:
> +DEBUG ((DEBUG_INFO, "%a use SHA512", __func__));
> +HashAlg = HASHALG_SHA512;
> +break;
> + default:
> +DEBUG ((DEBUG_INFO, "%a use SHA256", __func__));
> +HashAlg = HASHALG_SHA256;
> +break;
> + }
>
> 4) I am not sure why we need this PCD. Why cannot we support all of hash
> algo?
>
> + ## Indicates default hash algorithm in Secure Boot
> + # 0 - Use SHA256
> + # 1 - Use SHA384
> + # 2 - Use SHA512
> + # @Prompt Secure Boot default hash algorithm
> +
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdSecureBootDefaultHashAlg|0|UINT8|0x
> 00
> + 010040
>
> 5) I don’t believe that you can use size to determine the algorithm. We need
> a more robust way, such as algorithm ID.
>
> + switch (KeyLenInBytes) {
> + case WIN_CERT_UEFI_RSA2048_SIZE:
> +CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid);
> +break;
> + case WIN_CERT_UEFI_RSA3072_SIZE:
> +CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa3072Guid);
> +break;
> + case WIN_CERT_UEFI_RSA4096_SIZE:
> +CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa4096Guid);
> +break;
> +break;
>
> Thank you
> Yao, Jiewen
>
> > -Original Message-
> > From: Sheng, W
> > Sent: Thur
[edk2-devel] [PATCH v2] SecurityPkg/SecureBoot: Support RSA 512 and RSA 384
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3413
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Min Xu
Cc: Zeyi Chen
Cc: Fiona Wang
Signed-off-by: Sheng Wei
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c | 3 +-
MdePkg/Include/Guid/ImageAuthentication.h | 26 +++
MdePkg/MdePkg.dec | 2 +
.../Library/AuthVariableLib/AuthService.c | 220 +++---
.../AuthVariableLib/AuthServiceInternal.h | 4 +-
.../Library/AuthVariableLib/AuthVariableLib.c | 42 ++--
.../DxeImageVerificationLib.c | 40 +++-
.../DxeImageVerificationLib.inf | 1 +
SecurityPkg/SecurityPkg.dec | 7 +
.../SecureBootConfigDxe.inf | 19 ++
.../SecureBootConfigImpl.c| 127 --
.../SecureBootConfigImpl.h| 2 +
.../SecureBootConfigStrings.uni | 6 +
13 files changed, 435 insertions(+), 64 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
index 027dbb6842..944bcf8d38 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c
@@ -591,7 +591,8 @@ ImageTimestampVerify (
// Register & Initialize necessary digest algorithms for PKCS#7 Handling.
//
if ((EVP_add_digest (EVP_md5 ()) == 0) || (EVP_add_digest (EVP_sha1 ()) ==
0) ||
- (EVP_add_digest (EVP_sha256 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
+ (EVP_add_digest (EVP_sha256 ()) == 0) || (EVP_add_digest (EVP_sha384 ())
== 0) ||
+ (EVP_add_digest (EVP_sha512 ()) == 0) || ((EVP_add_digest_alias
(SN_sha1WithRSAEncryption, SN_sha1WithRSA)) == 0))
{
return FALSE;
}
diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
b/MdePkg/Include/Guid/ImageAuthentication.h
index fe83596571..c8ea2c14fb 100644
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -144,6 +144,30 @@ typedef struct {
0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3,
0xb6} \
}
+///
+/// This identifies a signature containing an RSA-3072 key. The key (only the
modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in
big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always
be 16 (size
+/// of SignatureOwner component) + 384 bytes.
+///
+#define EFI_CERT_RSA3072_GUID \
+ { \
+0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46, 0x2c, 0x9b, 0x85, 0x89, 0xee,
0x92 } \
+ }
+
+///
+/// This identifies a signature containing an RSA-4096 key. The key (only the
modulus
+/// since the public key exponent is known to be 0x10001) shall be stored in
big-endian
+/// order.
+/// The SignatureHeader size shall always be 0. The SignatureSize shall always
be 16 (size
+/// of SignatureOwner component) + 512 bytes.
+///
+#define EFI_CERT_RSA4096_GUID \
+ { \
+0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73, 0x15, 0x4e, 0x8d, 0x00, 0x98,
0x2c } \
+ }
+
///
/// This identifies a signature containing a RSA-2048 signature of a SHA-256
hash. The
/// SignatureHeader size shall always be 0. The SignatureSize shall always be
16 (size of
@@ -330,6 +354,8 @@ typedef struct {
extern EFI_GUID gEfiImageSecurityDatabaseGuid;
extern EFI_GUID gEfiCertSha256Guid;
extern EFI_GUID gEfiCertRsa2048Guid;
+extern EFI_GUID gEfiCertRsa3072Guid;
+extern EFI_GUID gEfiCertRsa4096Guid;
extern EFI_GUID gEfiCertRsa2048Sha256Guid;
extern EFI_GUID gEfiCertSha1Guid;
extern EFI_GUID gEfiCertRsa2048Sha1Guid;
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index d6c4179b2a..c88e88fa6b 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -571,6 +571,8 @@
gEfiImageSecurityDatabaseGuid = { 0xd719b2cb, 0x3d3a, 0x4596, {0xa3, 0xbc,
0xda, 0xd0, 0xe, 0x67, 0x65, 0x6f }}
gEfiCertSha256Guid = { 0xc1c41626, 0x504c, 0x4092, {0xac, 0xa9,
0x41, 0xf9, 0x36, 0x93, 0x43, 0x28 }}
gEfiCertRsa2048Guid= { 0x3c5766e8, 0x269c, 0x4e34, {0xaa, 0x14,
0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6 }}
+ gEfiCertRsa3072Guid= { 0xedd320c2, 0xb057, 0x4b8e, {0xad, 0x46,
0x2c, 0x9b, 0x85, 0x89, 0xee, 0x92 }}
+ gEfiCertRsa4096Guid= { 0xb23e89a6, 0x8c8b, 0x4412, {0x85, 0x73,
0x15, 0x4e, 0x8d, 0x00, 0x98, 0x2c }}
gEfiCertRsa2048Sha256Guid = { 0xe2b36190, 0x879b, 0x4a3d, {0xad, 0x8d,
0xf2, 0xe7, 0xbb, 0xa3, 0x27, 0x84 }}
gEfiCertSha1Guid = { 0x826ca512, 0xcf10, 0x4ac9, {0xb1, 0x87,
0xbe, 0x1, 0x49, 0x66, 0x31, 0xbd }}
gEfiCertRsa2048Sha1Guid= { 0x67f8444f, 0x8743, 0x48f1, {0xa3, 0x28,
0x1e, 0xaa, 0xb8, 0x73, 0x60, 0x80 }}
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c
b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index d81c581d78..4c268a85cd 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariabl
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Fix wrong parameter type in VtdLog.c
Add (VOID **) for gBS->AllocatePool.
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
Signed-off-by: Sheng Wei
---
.../Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdLog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdLog.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdLog.c
index 0ac4758ff..91c27e2a1 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdLog.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdCoreDxe/VtdLog.c
@@ -326,7 +326,7 @@ VTdLogInitialize(
TotalBufferSize = PcdGet32 (PcdVTdDxeLogBufferSize) + PcdGet32
(PcdVTdPeiPostMemLogBufferSize) + sizeof (VTDLOG_PEI_PRE_MEM_INFO) *
VTD_LOG_PEI_PRE_MEM_BAR_MAX;
- Status = gBS->AllocatePool (EfiBootServicesData, TotalBufferSize,
&mVtdLogBuffer);
+ Status = gBS->AllocatePool (EfiBootServicesData, TotalBufferSize, (VOID **)
&mVtdLogBuffer);
if (EFI_ERROR (Status)) {
return;
}
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106002): https://edk2.groups.io/g/devel/message/106002
Mute This Topic: https://groups.io/mt/99478714/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] IntelSiliconPkg/IntelVTdDmarPei: Fix build error when disable optimization
MSFT:*_*_*_CC_FLAGS = /Od will disable build optimization.
Signed-off-by: Sheng Wei
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
---
.../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 43 +--
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index ae9135010..e1b867973 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -242,6 +242,7 @@ SubmitQueuedInvalidationDescriptor (
VTD_IQA_REGIqaReg;
VTD_IQT_REGIqtReg;
VTD_IQH_REGIqhReg;
+ UINT64 IQBassAddress;
if (Desc == NULL) {
return EFI_INVALID_PARAMETER;
@@ -249,19 +250,29 @@ SubmitQueuedInvalidationDescriptor (
VtdUnitBaseAddress = VTdUnitInfo->VtdUnitBaseAddress;
IqaReg.Uint64 = MmioRead64 (VtdUnitBaseAddress + R_IQA_REG);
- if (IqaReg.Bits.IQA == 0) {
+ //
+ // Get IQA_REG.IQA (Invalidation Queue Base Address)
+ //
+ IQBassAddress = RShiftU64 (IqaReg.Uint64, 12);
+ if (IQBassAddress == 0) {
DEBUG ((DEBUG_ERROR,"Invalidation Queue Buffer not ready [0x%lx]\n",
IqaReg.Uint64));
return EFI_NOT_READY;
}
IqtReg.Uint64 = MmioRead64 (VtdUnitBaseAddress + R_IQT_REG);
- if (IqaReg.Bits.DW == 0) {
+ //
+ // Check IQA_REG.DW (Descriptor Width)
+ //
+ if ((IqaReg.Uint64 & BIT11) == 0) {
//
// 128-bit descriptor
//
QueueSize = (UINTN) (1 << (IqaReg.Bits.QS + 8));
-Qi128Desc = (QI_DESC *) (UINTN) (IqaReg.Bits.IQA << VTD_PAGE_SHIFT);
-QueueTail = (UINTN) IqtReg.Bits128Desc.QT;
+Qi128Desc = (QI_DESC *) (UINTN) LShiftU64 (IQBassAddress, VTD_PAGE_SHIFT);
+//
+// Get IQT_REG.QT for 128-bit descriptors
+//
+QueueTail = (UINTN) (RShiftU64 (IqtReg.Uint64, 4) & 0x7FFF);
Qi128Desc += QueueTail;
Qi128Desc->Low = Desc->Uint64[0];
Qi128Desc->High = Desc->Uint64[1];
@@ -274,14 +285,18 @@ SubmitQueuedInvalidationDescriptor (
Desc->Uint64[0],
Desc->Uint64[1]));
-IqtReg.Bits128Desc.QT = QueueTail;
+IqtReg.Uint64 &= ~(0x7FFF << 4);
+IqtReg.Uint64 |= LShiftU64 (QueueTail, 4);
} else {
//
// 256-bit descriptor
//
QueueSize = (UINTN) (1 << (IqaReg.Bits.QS + 7));
-Qi256Desc = (QI_256_DESC *) (UINTN) (IqaReg.Bits.IQA << VTD_PAGE_SHIFT);
-QueueTail = (UINTN) IqtReg.Bits256Desc.QT;
+Qi256Desc = (QI_256_DESC *) (UINTN) LShiftU64 (IQBassAddress,
VTD_PAGE_SHIFT);
+//
+// Get IQT_REG.QT for 256-bit descriptors
+//
+QueueTail = (UINTN) (RShiftU64 (IqtReg.Uint64, 5) & 0x3FFF);
Qi256Desc += QueueTail;
Qi256Desc->Uint64[0] = Desc->Uint64[0];
Qi256Desc->Uint64[1] = Desc->Uint64[1];
@@ -298,7 +313,8 @@ SubmitQueuedInvalidationDescriptor (
Desc->Uint64[2],
Desc->Uint64[3]));
-IqtReg.Bits256Desc.QT = QueueTail;
+IqtReg.Uint64 &= ~(0x3FFF << 5);
+IqtReg.Uint64 |= LShiftU64 (QueueTail, 5);
}
//
@@ -315,10 +331,13 @@ SubmitQueuedInvalidationDescriptor (
}
IqhReg.Uint64 = MmioRead64 (VtdUnitBaseAddress + R_IQH_REG);
-if (IqaReg.Bits.DW == 0) {
- QueueHead = (UINTN) IqhReg.Bits128Desc.QH;
+//
+// Check IQA_REG.DW (Descriptor Width) and get IQH_REG.QH
+//
+if ((IqaReg.Uint64 & BIT11) == 0) {
+ QueueHead = (UINTN) (RShiftU64 (IqhReg.Uint64, 4) & 0x7FFF);
} else {
- QueueHead = (UINTN) IqhReg.Bits256Desc.QH;
+ QueueHead = (UINTN) (RShiftU64 (IqhReg.Uint64, 5) & 0x3FFF);
}
} while (QueueTail != QueueHead);
@@ -410,7 +429,7 @@ InvalidateIOTLB (
// Queued Invalidation
//
CapReg.Uint64 = MmioRead64 (VTdUnitInfo->VtdUnitBaseAddress + R_CAP_REG);
-QiDesc.Uint64[0] = QI_IOTLB_DID(0) |
QI_IOTLB_DR(CAP_READ_DRAIN(CapReg.Uint64)) |
QI_IOTLB_DW(CAP_WRITE_DRAIN(CapReg.Uint64)) | QI_IOTLB_GRAN(1) | QI_IOTLB_TYPE;
+QiDesc.Uint64[0] = QI_IOTLB_DID(0) | (CapReg.Bits.DRD ? QI_IOTLB_DR(1) :
QI_IOTLB_DR(0)) | (CapReg.Bits.DWD ? QI_IOTLB_DW(1) : QI_IOTLB_DW(0)) |
QI_IOTLB_GRAN(1) | QI_IOTLB_TYPE;
QiDesc.Uint64[1] = QI_IOTLB_ADDR(0) | QI_IOTLB_IH(0) | QI_IOTLB_AM(0);
QiDesc.Uint64[2] = 0;
QiDesc.Uint64[3] = 0;
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105160): https://edk2.groups.io/g/devel/message/105160
Mute This Topic: https://groups.io/mt/99082903/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1t
Upgrade openssl to 1.1.1t Pick up bugfixes from the latest openssl release. Cc: Jian J Wang Cc: Jiewen Yao Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Sheng Wei --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 + CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf | 1 + CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf| 1 + CryptoPkg/Library/OpensslLib/OpensslLibFull.inf | 1 + CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf | 1 + CryptoPkg/Library/OpensslLib/openssl | 2 +- 6 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf index 60c6c24b0a..1474df8125 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -162,6 +162,7 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c + $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf index 103ef7bda2..3c5f6d5d17 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibAccel.inf @@ -163,6 +163,7 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c + $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf index c4eaea888c..a9adb94720 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -163,6 +163,7 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c + $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf index 309e43055c..4c2cbe9cf7 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFull.inf @@ -167,6 +167,7 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c + $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf index 4b79bd..591c57fdc2 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibFullAccel.inf @@ -168,6 +168,7 @@ $(OPENSSL_PATH)/crypto/bn/bn_srp.c $(OPENSSL_PATH)/crypto/bn/bn_word.c $(OPENSSL_PATH)/crypto/bn/bn_x931p.c + $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c $(OPENSSL_PATH)/crypto/buffer/buf_err.c $(OPENSSL_PATH)/crypto/buffer/buffer.c $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c diff --git a/CryptoPkg/Library/OpensslLib/openssl b/CryptoPkg/Library/OpensslLib/openssl index 129058165d..830bf8e1e4 16 --- a/CryptoPkg/Library/OpensslLib/openssl +++ b/CryptoPkg/Library/OpensslLib/openssl @@ -1 +1 @@ -Subproject commit 129058165d195e43a0ad10111b0c2e29bdf65980 +Subproject commit 830bf8e1e4749ad65c51b6a1d0d769ae689404ba -- 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100532): https://edk2.groups.io/g/devel/message/100532 Mute This Topic: https://groups.io/mt/97282811/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2] IntelSiliconPkg/VTd: Use 256-bit invaildation queue descriptor
256-bit invaildation queue descriptor could be used for both
abort DMA mode and legacy mode.
Signed-off-by: Sheng Wei
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
---
.../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 179 -
.../VTd/IntelVTdDmarPei/IntelVTdDmarPei.h | 12 +-
.../Feature/VTd/IntelVTdDxe/DmaProtection.c | 3 +
.../Feature/VTd/IntelVTdDxe/DmaProtection.h | 12 +-
.../Feature/VTd/IntelVTdDxe/VtdReg.c | 235 +++---
.../Include/IndustryStandard/Vtd.h| 65 -
6 files changed, 347 insertions(+), 159 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index af85a3d8e..ae9135010 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -79,10 +79,9 @@ PerpareCacheInvalidationInterface (
IN VTD_UNIT_INFO *VTdUnitInfo
)
{
- UINT16 QueueSize;
- UINT64 Reg64;
UINT32 Reg32;
VTD_ECAP_REG ECapReg;
+ VTD_IQA_REGIqaReg;
UINTN VtdUnitBaseAddress;
VtdUnitBaseAddress = VTdUnitInfo->VtdUnitBaseAddress;
@@ -121,20 +120,25 @@ PerpareCacheInvalidationInterface (
//
// Setup the IQ address, size and descriptor width through the Invalidation
Queue Address Register
//
- if (VTdUnitInfo->QiDesc == NULL) {
-QueueSize = 0;
-VTdUnitInfo->QiDescLength = 1 << (QueueSize + 8);
-VTdUnitInfo->QiDesc = (QI_DESC *) AllocatePages (EFI_SIZE_TO_PAGES (sizeof
(QI_DESC) * VTdUnitInfo->QiDescLength));
-if (VTdUnitInfo->QiDesc == NULL) {
+ if (VTdUnitInfo->QiDescBuffer == NULL) {
+VTdUnitInfo->QiDescBufferSize = (sizeof (QI_256_DESC) * ((UINTN) 1 <<
(VTD_INVALIDATION_QUEUE_SIZE + 7)));
+VTdUnitInfo->QiDescBuffer = AllocatePages (EFI_SIZE_TO_PAGES
(VTdUnitInfo->QiDescBufferSize));
+if (VTdUnitInfo->QiDescBuffer == NULL) {
DEBUG ((DEBUG_ERROR,"Could not Alloc Invalidation Queue Buffer.\n"));
return EFI_OUT_OF_RESOURCES;
}
}
- DEBUG ((DEBUG_INFO, "Invalidation Queue Length : %d\n",
VTdUnitInfo->QiDescLength));
- Reg64 = (UINT64) (UINTN) VTdUnitInfo->QiDesc;
- Reg64 |= QueueSize;
- MmioWrite64 (VtdUnitBaseAddress + R_IQA_REG, Reg64);
+ DEBUG ((DEBUG_INFO, "Invalidation Queue Buffer Size : %d\n",
VTdUnitInfo->QiDescBufferSize));
+ //
+ // 4KB Aligned address
+ //
+ IqaReg.Uint64 = (UINT64) (UINTN) VTdUnitInfo->QiDescBuffer;
+ IqaReg.Bits.DW = VTD_QUEUED_INVALIDATION_DESCRIPTOR_WIDTH;
+ IqaReg.Bits.QS = VTD_INVALIDATION_QUEUE_SIZE;
+ MmioWrite64 (VtdUnitBaseAddress + R_IQA_REG, IqaReg.Uint64);
+ IqaReg.Uint64 = MmioRead64 (VtdUnitBaseAddress + R_IQA_REG);
+ DEBUG ((DEBUG_INFO, "IQA_REG = 0x%lx, IQH_REG = 0x%lx\n", IqaReg.Uint64,
MmioRead64 (VtdUnitBaseAddress + R_IQH_REG)));
//
// Enable the queued invalidation interface through the Global Command
Register.
@@ -148,8 +152,6 @@ PerpareCacheInvalidationInterface (
Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
} while ((Reg32 & B_GSTS_REG_QIES) == 0);
- VTdUnitInfo->QiFreeHead = 0;
-
return EFI_SUCCESS;
}
@@ -174,10 +176,10 @@ DisableQueuedInvalidationInterface (
Reg32 = MmioRead32 (VTdUnitInfo->VtdUnitBaseAddress + R_GSTS_REG);
} while ((Reg32 & B_GSTS_REG_QIES) != 0);
-if (VTdUnitInfo->QiDesc != NULL) {
- FreePages(VTdUnitInfo->QiDesc, EFI_SIZE_TO_PAGES (sizeof (QI_DESC) *
VTdUnitInfo->QiDescLength));
- VTdUnitInfo->QiDesc = NULL;
- VTdUnitInfo->QiDescLength = 0;
+if (VTdUnitInfo->QiDescBuffer != NULL) {
+ FreePages(VTdUnitInfo->QiDescBuffer, EFI_SIZE_TO_PAGES
(VTdUnitInfo->QiDescBufferSize));
+ VTdUnitInfo->QiDescBuffer = NULL;
+ VTdUnitInfo->QiDescBufferSize = 0;
}
VTdUnitInfo->EnableQueuedInvalidation = 0;
@@ -197,12 +199,15 @@ QueuedInvalidationCheckFault (
IN VTD_UNIT_INFO *VTdUnitInfo
)
{
- UINT32 FaultReg;
+ UINT32FaultReg;
+ VTD_IQERCD_REGIqercdReg;
FaultReg = MmioRead32 (VTdUnitInfo->VtdUnitBaseAddress + R_FSTS_REG);
if (FaultReg & (B_FSTS_REG_IQE | B_FSTS_REG_ITE | B_FSTS_REG_ICE)) {
-DEBUG((DEBUG_ERROR, "Detect Queue Invalidation Error [0x%08x]\n",
FaultReg));
-FaultReg |= (B_FSTS_REG_IQE | B_FSTS_REG_ITE | B_FSTS_REG_ICE);
+IqercdReg.Uint64 = MmioRead64 (VTdUnitInfo->VtdUnitBaseAddress +
R_IQERCD_REG);
+
+DEBUG((DEBUG_ERROR, "Detect Queue Invalidation Error [0x%08x] - IQERCD
[0x%016lx]\n", FaultReg, IqercdReg.Uint64));
+
MmioWrite32 (VTdUnitInfo->VtdUnitBaseAddress + R_FSTS_REG, FaultReg);
return RETURN_DEVICE_ERROR;
}
@@ -223,37 +228,83 @@ QueuedInvalidationCheckF
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Use 256-bit invaildation queue descriptor
256-bit invaildation queue descriptor could be used for both
abort DMA mode and legacy mode.
Signed-off-by: Sheng Wei
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
---
.../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 188 -
.../VTd/IntelVTdDmarPei/IntelVTdDmarPei.h | 5 +-
.../Feature/VTd/IntelVTdDxe/DmaProtection.c | 3 +
.../Feature/VTd/IntelVTdDxe/DmaProtection.h | 5 +-
.../Feature/VTd/IntelVTdDxe/VtdReg.c | 248 +++---
.../Include/IndustryStandard/Vtd.h| 65 -
6 files changed, 355 insertions(+), 159 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index af85a3d8e..0c9805550 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -79,10 +79,11 @@ PerpareCacheInvalidationInterface (
IN VTD_UNIT_INFO *VTdUnitInfo
)
{
- UINT16 QueueSize;
- UINT64 Reg64;
+ UINT8 DescriptorWidth;
+ UINTN QueueSize;
UINT32 Reg32;
VTD_ECAP_REG ECapReg;
+ VTD_IQA_REGIqaReg;
UINTN VtdUnitBaseAddress;
VtdUnitBaseAddress = VTdUnitInfo->VtdUnitBaseAddress;
@@ -121,20 +122,34 @@ PerpareCacheInvalidationInterface (
//
// Setup the IQ address, size and descriptor width through the Invalidation
Queue Address Register
//
- if (VTdUnitInfo->QiDesc == NULL) {
+ if (VTdUnitInfo->QiDescBuffer == NULL) {
+//
+// It uses 256-bit descriptor
+// Queue size is 128.
+//
+DescriptorWidth = 1;
QueueSize = 0;
-VTdUnitInfo->QiDescLength = 1 << (QueueSize + 8);
-VTdUnitInfo->QiDesc = (QI_DESC *) AllocatePages (EFI_SIZE_TO_PAGES (sizeof
(QI_DESC) * VTdUnitInfo->QiDescLength));
-if (VTdUnitInfo->QiDesc == NULL) {
+
+VTdUnitInfo->QiDescBufferSize = (sizeof (QI_256_DESC) * ((UINTN) 1 <<
(QueueSize + 7)));
+VTdUnitInfo->QiDescBuffer = AllocatePages (EFI_SIZE_TO_PAGES
(VTdUnitInfo->QiDescBufferSize));
+if (VTdUnitInfo->QiDescBuffer == NULL) {
DEBUG ((DEBUG_ERROR,"Could not Alloc Invalidation Queue Buffer.\n"));
return EFI_OUT_OF_RESOURCES;
}
}
- DEBUG ((DEBUG_INFO, "Invalidation Queue Length : %d\n",
VTdUnitInfo->QiDescLength));
- Reg64 = (UINT64) (UINTN) VTdUnitInfo->QiDesc;
- Reg64 |= QueueSize;
- MmioWrite64 (VtdUnitBaseAddress + R_IQA_REG, Reg64);
+ DEBUG ((DEBUG_INFO, "Invalidation Queue Buffer Size : %d\n",
VTdUnitInfo->QiDescBufferSize));
+ //
+ // 4KB Aligned address
+ //
+ IqaReg.Uint64 = (UINT64) (UINTN) VTdUnitInfo->QiDescBuffer;
+ IqaReg.Bits.DW = DescriptorWidth;
+ IqaReg.Bits.QS = QueueSize;
+ MmioWrite64 (VtdUnitBaseAddress + R_IQA_REG, IqaReg.Uint64);
+ IqaReg.Uint64 = MmioRead64 (VtdUnitBaseAddress + R_IQA_REG);
+ DEBUG ((DEBUG_INFO, "IQA_REG [0x%lx]\n", IqaReg.Uint64));
+
+ DEBUG ((DEBUG_INFO, "IQH_REG [0x%lx]\n", MmioRead64 (VtdUnitBaseAddress +
R_IQH_REG)));
//
// Enable the queued invalidation interface through the Global Command
Register.
@@ -148,8 +163,6 @@ PerpareCacheInvalidationInterface (
Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
} while ((Reg32 & B_GSTS_REG_QIES) == 0);
- VTdUnitInfo->QiFreeHead = 0;
-
return EFI_SUCCESS;
}
@@ -174,10 +187,10 @@ DisableQueuedInvalidationInterface (
Reg32 = MmioRead32 (VTdUnitInfo->VtdUnitBaseAddress + R_GSTS_REG);
} while ((Reg32 & B_GSTS_REG_QIES) != 0);
-if (VTdUnitInfo->QiDesc != NULL) {
- FreePages(VTdUnitInfo->QiDesc, EFI_SIZE_TO_PAGES (sizeof (QI_DESC) *
VTdUnitInfo->QiDescLength));
- VTdUnitInfo->QiDesc = NULL;
- VTdUnitInfo->QiDescLength = 0;
+if (VTdUnitInfo->QiDescBuffer != NULL) {
+ FreePages(VTdUnitInfo->QiDescBuffer, EFI_SIZE_TO_PAGES
(VTdUnitInfo->QiDescBufferSize));
+ VTdUnitInfo->QiDescBuffer = NULL;
+ VTdUnitInfo->QiDescBufferSize = 0;
}
VTdUnitInfo->EnableQueuedInvalidation = 0;
@@ -197,12 +210,15 @@ QueuedInvalidationCheckFault (
IN VTD_UNIT_INFO *VTdUnitInfo
)
{
- UINT32 FaultReg;
+ UINT32FaultReg;
+ VTD_IQERCD_REGIqercdReg;
FaultReg = MmioRead32 (VTdUnitInfo->VtdUnitBaseAddress + R_FSTS_REG);
if (FaultReg & (B_FSTS_REG_IQE | B_FSTS_REG_ITE | B_FSTS_REG_ICE)) {
-DEBUG((DEBUG_ERROR, "Detect Queue Invalidation Error [0x%08x]\n",
FaultReg));
-FaultReg |= (B_FSTS_REG_IQE | B_FSTS_REG_ITE | B_FSTS_REG_ICE);
+IqercdReg.Uint64 = MmioRead64 (VTdUnitInfo->VtdUnitBaseAddress +
R_IQERCD_REG);
+
+DEBUG((DEBUG_ERROR, "Detect Queue Invalidation Error [0x%08x] - IQERCD
[0x%016lx]\n", FaultReg, IqercdReg.Uint64));
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Use 256-bit invaildation queue descriptor
256-bit invaildation queue descriptor could be used for both
abort DMA mode and legacy mode.
Change-Id: Ib3b94d6c5782d42c53056204312f6f4ad513344e
Signed-off-by: Sheng Wei
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
---
.../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 172 -
.../VTd/IntelVTdDmarPei/IntelVTdDmarPei.h | 5 +-
.../Feature/VTd/IntelVTdDxe/DmaProtection.c | 3 +
.../Feature/VTd/IntelVTdDxe/DmaProtection.h | 5 +-
.../Feature/VTd/IntelVTdDxe/VtdReg.c | 232 +++---
.../Include/IndustryStandard/Vtd.h| 65 -
6 files changed, 329 insertions(+), 153 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index af85a3d8e..87d5edaa6 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -79,10 +79,11 @@ PerpareCacheInvalidationInterface (
IN VTD_UNIT_INFO *VTdUnitInfo
)
{
- UINT16 QueueSize;
- UINT64 Reg64;
+ UINT8 DescriptorWidth;
+ UINTN QueueSize;
UINT32 Reg32;
VTD_ECAP_REG ECapReg;
+ VTD_IQA_REGIqaReg;
UINTN VtdUnitBaseAddress;
VtdUnitBaseAddress = VTdUnitInfo->VtdUnitBaseAddress;
@@ -121,20 +122,32 @@ PerpareCacheInvalidationInterface (
//
// Setup the IQ address, size and descriptor width through the Invalidation
Queue Address Register
//
- if (VTdUnitInfo->QiDesc == NULL) {
+ if (VTdUnitInfo->QiDescBuffer == NULL) {
+//
+// It uses 256-bit descriptor
+// Queue size is 128.
+//
+DescriptorWidth = 1;
QueueSize = 0;
-VTdUnitInfo->QiDescLength = 1 << (QueueSize + 8);
-VTdUnitInfo->QiDesc = (QI_DESC *) AllocatePages (EFI_SIZE_TO_PAGES (sizeof
(QI_DESC) * VTdUnitInfo->QiDescLength));
-if (VTdUnitInfo->QiDesc == NULL) {
+
+VTdUnitInfo->QiDescBufferSize = (sizeof (QI_256_DESC) * ((UINTN) 1 <<
(QueueSize + 7)));
+VTdUnitInfo->QiDescBuffer = AllocatePages (EFI_SIZE_TO_PAGES
(VTdUnitInfo->QiDescBufferSize));
+if (VTdUnitInfo->QiDescBuffer == NULL) {
DEBUG ((DEBUG_ERROR,"Could not Alloc Invalidation Queue Buffer.\n"));
return EFI_OUT_OF_RESOURCES;
}
}
- DEBUG ((DEBUG_INFO, "Invalidation Queue Length : %d\n",
VTdUnitInfo->QiDescLength));
- Reg64 = (UINT64) (UINTN) VTdUnitInfo->QiDesc;
- Reg64 |= QueueSize;
- MmioWrite64 (VtdUnitBaseAddress + R_IQA_REG, Reg64);
+ DEBUG ((DEBUG_INFO, "Invalidation Queue Buffer Size : %d\n",
VTdUnitInfo->QiDescBufferSize));
+ //
+ // 4KB Aligned address
+ //
+ IqaReg.Uint64 = (UINT64) (UINTN) VTdUnitInfo->QiDescBuffer;
+ IqaReg.Bits.DW = DescriptorWidth;
+ IqaReg.Bits.QS = QueueSize;
+ MmioWrite64 (VtdUnitBaseAddress + R_IQA_REG, IqaReg.Uint64);
+ IqaReg.Uint64 = MmioRead64 (VtdUnitBaseAddress + R_IQA_REG);
+ DEBUG ((DEBUG_INFO, "IQA_REG [0x%x]\n", IqaReg.Uint64));
//
// Enable the queued invalidation interface through the Global Command
Register.
@@ -148,8 +161,6 @@ PerpareCacheInvalidationInterface (
Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
} while ((Reg32 & B_GSTS_REG_QIES) == 0);
- VTdUnitInfo->QiFreeHead = 0;
-
return EFI_SUCCESS;
}
@@ -174,10 +185,10 @@ DisableQueuedInvalidationInterface (
Reg32 = MmioRead32 (VTdUnitInfo->VtdUnitBaseAddress + R_GSTS_REG);
} while ((Reg32 & B_GSTS_REG_QIES) != 0);
-if (VTdUnitInfo->QiDesc != NULL) {
- FreePages(VTdUnitInfo->QiDesc, EFI_SIZE_TO_PAGES (sizeof (QI_DESC) *
VTdUnitInfo->QiDescLength));
- VTdUnitInfo->QiDesc = NULL;
- VTdUnitInfo->QiDescLength = 0;
+if (VTdUnitInfo->QiDescBuffer != NULL) {
+ FreePages(VTdUnitInfo->QiDescBuffer, EFI_SIZE_TO_PAGES
(VTdUnitInfo->QiDescBufferSize));
+ VTdUnitInfo->QiDescBuffer = NULL;
+ VTdUnitInfo->QiDescBufferSize = 0;
}
VTdUnitInfo->EnableQueuedInvalidation = 0;
@@ -197,12 +208,15 @@ QueuedInvalidationCheckFault (
IN VTD_UNIT_INFO *VTdUnitInfo
)
{
- UINT32 FaultReg;
+ UINT32FaultReg;
+ VTD_IQERCD_REGIqercdReg;
FaultReg = MmioRead32 (VTdUnitInfo->VtdUnitBaseAddress + R_FSTS_REG);
if (FaultReg & (B_FSTS_REG_IQE | B_FSTS_REG_ITE | B_FSTS_REG_ICE)) {
-DEBUG((DEBUG_ERROR, "Detect Queue Invalidation Error [0x%08x]\n",
FaultReg));
-FaultReg |= (B_FSTS_REG_IQE | B_FSTS_REG_ITE | B_FSTS_REG_ICE);
+IqercdReg.Uint64 = MmioRead64 (VTdUnitInfo->VtdUnitBaseAddress +
R_IQERCD_REG);
+
+DEBUG((DEBUG_ERROR, "Detect Queue Invalidation Error [0x%08x] - IQERCD
[0x%016lx]\n", FaultReg, IqercdReg.Uint64));
+
MmioWrite32 (VTdUnitInfo->VtdUnitBaseAddress + R_FSTS_REG,
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Refine VTd core driver
Refine the DRHD table print message.
Remove unused variable.
Hsd-es-id: 15012152545
Signed-off-by: Sheng Wei
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
---
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c| 3 +--
.../Feature/VTd/IntelVTdDxe/DmarAcpiTable.c | 8
.../IntelSiliconPkg/Feature/VTd/IntelVTdDxe/VtdReg.c | 3 +--
3 files changed, 6 insertions(+), 8 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index 24beccd26..af85a3d8e 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -486,7 +486,6 @@ EnableDmar (
IN UINTN RootEntryTable
)
{
- UINT32Reg32;
UINTN VtdUnitBaseAddress;
BOOLEAN TEWasEnabled;
@@ -529,7 +528,7 @@ EnableDmar (
//
// Init DMAr Fault Event and Data registers
//
- Reg32 = MmioRead32 (VtdUnitBaseAddress + R_FEDATA_REG);
+ MmioRead32 (VtdUnitBaseAddress + R_FEDATA_REG);
//
// Write Buffer Flush before invalidation
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
index 42e1b1449..a485f4d9a 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
@@ -536,14 +536,14 @@ DumpDmarDrhd (
"Flags 0x%02x\n",
Drhd->Flags
));
- DEBUG ((DEBUG_INFO,
-"Size . 0x%02x\n",
-Drhd->Size
-));
DEBUG ((DEBUG_INFO,
" INCLUDE_PCI_ALL 0x%02x\n",
Drhd->Flags & EFI_ACPI_DMAR_DRHD_FLAGS_INCLUDE_PCI_ALL
));
+ DEBUG ((DEBUG_INFO,
+"Size . 0x%02x\n",
+Drhd->Size
+));
DEBUG ((DEBUG_INFO,
"Segment Number ... 0x%04x\n",
Drhd->SegmentNumber
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/VtdReg.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/VtdReg.c
index 1b354e850..8e834f4c4 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/VtdReg.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/VtdReg.c
@@ -573,7 +573,6 @@ EnableDmar (
)
{
UINTN Index;
- UINT32Reg32;
UINTN VtdUnitBaseAddress;
BOOLEAN TEWasEnabled;
@@ -615,7 +614,7 @@ EnableDmar (
//
// Init DMAr Fault Event and Data registers
//
-Reg32 = MmioRead32 (mVtdUnitInformation[Index].VtdUnitBaseAddress +
R_FEDATA_REG);
+MmioRead32 (mVtdUnitInformation[Index].VtdUnitBaseAddress + R_FEDATA_REG);
//
// Write Buffer Flush before invalidation
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95310): https://edk2.groups.io/g/devel/message/95310
Mute This Topic: https://groups.io/mt/94403119/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] IntelSiliconPkg/VTd: Enable ADM when change TTM
Hi Ray,
Could you help to review the merge the patch to the VTd driver in edkplatform
branch ?
This patch is used to enable Abort DMA Mode(ADM) when change the TTM .
The comment from VTd spec is below.
For implementations reporting Enhanced SRTP Support (ESRTPS) field as
Clear in the Capability register, software must not modify this field while
DMA remapping is active (TES=1 in Global Status register).
So, we will enable ADM while TE is disable.
Thank you
BR
Sheng Wei
> -Original Message-
> From: Huang, Jenny
> Sent: 2022年9月29日 11:54
> To: devel@edk2.groups.io; Sheng, W
> Cc: Ni, Ray ; Chaganty, Rangasai V
> ; Kowalewski, Robert
>
> Subject: RE: [edk2-devel] [PATCH] IntelSiliconPkg/VTd: Enable ADM when
> change TTM
>
> Reviewed-by: Jenny Huang
>
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Sheng,
> W
> Sent: Monday, September 5, 2022 1:49 AM
> To: devel@edk2.groups.io
> Cc: Huang, Jenny ; Ni, Ray ;
> Chaganty, Rangasai V ; Kowalewski,
> Robert
> Subject: [edk2-devel] [PATCH] IntelSiliconPkg/VTd: Enable ADM when change
> TTM
>
> In Abort DMA Mode(ADM), hardware will abort all DMA operations without
> the need to set up a roottable. Enable Abort DMA Mode, when change
> Translation Table Mode(TTM)
>
> Change-Id: I74207fe96ef7a57d89a355d40dfbdd36186f06c3
> Signed-off-by: Sheng Wei
> Cc: Jenny Huang
> Cc: Ray Ni
> Cc: Rangasai V Chaganty
>
> Cc: Robert Kowalewski
> ---
> .../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 157 +++-
> .../Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf | 1 +
> .../Feature/VTd/IntelVTdDxe/VtdReg.c | 169 +-
> .../Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 12 +-
> 4 files changed, 245 insertions(+), 94 deletions(-)
>
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.
> c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.
> c
> index b5b78f779..24beccd26 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.
> c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTd
> +++ Dmar.c
> @@ -361,6 +361,68 @@ InvalidateIOTLB (
>return EFI_SUCCESS;
>
> }
>
>
>
> +/**
>
> + Clear Global Command Register Bits
>
> +
>
> + @param[in] VtdUnitBaseAddress The base address of the VTd engine.
>
> + @param[in] BitMaskBit mask.
>
> +**/
>
> +VOID
>
> +ClearGlobalCommandRegisterBits (
>
> + IN UINTN VtdUnitBaseAddress,
>
> + IN UINT32BitMask
>
> + )
>
> +{
>
> + UINT32Reg32;
>
> + UINT32Status;
>
> + UINT32Command;
>
> +
>
> + Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
>
> + Status = (Reg32 & 0x96FF); // Reset the one-shot bits
>
> + Command = (Status & (~BitMask));
>
> + MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Command);
>
> +
>
> + DEBUG((DEBUG_INFO, "Clear GCMD_REG bits 0x%x.\n", BitMask));
>
> +
>
> + //
>
> + // Poll on Status bit of Global status register to become zero
>
> + //
>
> + do {
>
> +Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
>
> + } while ((Reg32 & BitMask) == BitMask);
>
> +}
>
> +
>
> +/**
>
> + Set Global Command Register Bits
>
> +
>
> + @param[in] VtdUnitBaseAddress The base address of the VTd engine.
>
> + @param[in] BitMaskBit mask.
>
> +**/
>
> +VOID
>
> +SetGlobalCommandRegisterBits (
>
> + IN UINTN VtdUnitBaseAddress,
>
> + IN UINT32BitMask
>
> + )
>
> +{
>
> + UINT32Reg32;
>
> + UINT32Status;
>
> + UINT32Command;
>
> +
>
> + Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
>
> + Status = (Reg32 & 0x96FF); // Reset the one-shot bits
>
> + Command = (Status | BitMask);
>
> + MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Command);
>
> +
>
> + DEBUG((DEBUG_INFO, "Set GCMD_REG bits 0x%x.\n", BitMask));
>
> +
>
> + //
>
> + // Poll on Status bit of Global status register to become not zero
>
> + //
>
> + do {
>
> +Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
>
> + } while ((Reg32 & BitMask) == 0);
>
> +}
>
> +
>
> /**
>
>Enable DMAR translation in pre-mem phase.
>
>
>
> @@ -383,13 +445,10 @@ EnableDmarPreMem (
>DEBUG ((DEBUG_INFO, "RTADDR_REG : 0x%016lx \n", RtaddrRegValue));
>
>MmioWrite64 (VtdUnit
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Enable ADM when change TTM
In Abort DMA Mode(ADM), hardware will abort all DMA operations without
the need to set up a roottable. Enable Abort DMA Mode, when change
Translation Table Mode(TTM)
Change-Id: I74207fe96ef7a57d89a355d40dfbdd36186f06c3
Signed-off-by: Sheng Wei
Cc: Jenny Huang
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Robert Kowalewski
---
.../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 157 +++-
.../Feature/VTd/IntelVTdDxe/IntelVTdDxe.inf | 1 +
.../Feature/VTd/IntelVTdDxe/VtdReg.c | 169 +-
.../Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 12 +-
4 files changed, 245 insertions(+), 94 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index b5b78f779..24beccd26 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -361,6 +361,68 @@ InvalidateIOTLB (
return EFI_SUCCESS;
}
+/**
+ Clear Global Command Register Bits
+
+ @param[in] VtdUnitBaseAddress The base address of the VTd engine.
+ @param[in] BitMaskBit mask.
+**/
+VOID
+ClearGlobalCommandRegisterBits (
+ IN UINTN VtdUnitBaseAddress,
+ IN UINT32BitMask
+ )
+{
+ UINT32Reg32;
+ UINT32Status;
+ UINT32Command;
+
+ Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
+ Status = (Reg32 & 0x96FF); // Reset the one-shot bits
+ Command = (Status & (~BitMask));
+ MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Command);
+
+ DEBUG((DEBUG_INFO, "Clear GCMD_REG bits 0x%x.\n", BitMask));
+
+ //
+ // Poll on Status bit of Global status register to become zero
+ //
+ do {
+Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
+ } while ((Reg32 & BitMask) == BitMask);
+}
+
+/**
+ Set Global Command Register Bits
+
+ @param[in] VtdUnitBaseAddress The base address of the VTd engine.
+ @param[in] BitMaskBit mask.
+**/
+VOID
+SetGlobalCommandRegisterBits (
+ IN UINTN VtdUnitBaseAddress,
+ IN UINT32BitMask
+ )
+{
+ UINT32Reg32;
+ UINT32Status;
+ UINT32Command;
+
+ Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
+ Status = (Reg32 & 0x96FF); // Reset the one-shot bits
+ Command = (Status | BitMask);
+ MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Command);
+
+ DEBUG((DEBUG_INFO, "Set GCMD_REG bits 0x%x.\n", BitMask));
+
+ //
+ // Poll on Status bit of Global status register to become not zero
+ //
+ do {
+Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
+ } while ((Reg32 & BitMask) == 0);
+}
+
/**
Enable DMAR translation in pre-mem phase.
@@ -383,13 +445,10 @@ EnableDmarPreMem (
DEBUG ((DEBUG_INFO, "RTADDR_REG : 0x%016lx \n", RtaddrRegValue));
MmioWrite64 (VtdUnitBaseAddress + R_RTADDR_REG, RtaddrRegValue);
- Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
- MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Reg32 | B_GMCD_REG_SRTP);
-
DEBUG ((DEBUG_INFO, "EnableDmarPreMem: waiting for RTPS bit to be set...
\n"));
- do {
-Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
- } while((Reg32 & B_GSTS_REG_RTPS) == 0);
+ SetGlobalCommandRegisterBits (VtdUnitBaseAddress, B_GMCD_REG_SRTP);
+
+ Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
DEBUG ((DEBUG_INFO, "EnableDmarPreMem: R_GSTS_REG = 0x%x \n", Reg32));
//
@@ -405,12 +464,7 @@ EnableDmarPreMem (
//
// Enable VTd
//
- Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
- MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Reg32 | B_GMCD_REG_TE);
- DEBUG ((DEBUG_INFO, "EnableDmarPreMem: Waiting B_GSTS_REG_TE ...\n"));
- do {
-Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
- } while ((Reg32 & B_GSTS_REG_TE) == 0);
+ SetGlobalCommandRegisterBits (VtdUnitBaseAddress, B_GMCD_REG_TE);
DEBUG ((DEBUG_INFO, "VTD () enabled!<<<<<<\n"));
@@ -434,22 +488,43 @@ EnableDmar (
{
UINT32Reg32;
UINTN VtdUnitBaseAddress;
+ BOOLEAN TEWasEnabled;
VtdUnitBaseAddress = VTdUnitInfo->VtdUnitBaseAddress;
DEBUG ((DEBUG_INFO, ">>>>>>EnableDmar() for engine [%x] \n",
VtdUnitBaseAddress));
- DEBUG ((DEBUG_INFO, "RootEntryTable 0x%x \n", RootEntryTable));
- MmioWrite64 (VtdUnitBaseAddress + R_RTADDR_REG, (UINT64) RootEntryTable);
+ //
+ // Check TE was enabled or not.
+ //
+ TEWasEnabled = ((MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG) &
B_GSTS_REG_TE) == B_GSTS_REG_TE);
- Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
- MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Reg32 | B_GMCD_REG_SRTP);
+ if (TEWasEnabled && (VTdUnitInfo->ECapReg.Bits.ADMS == 1) && PcdGetBool
(PcdVTdSupportAbortDm
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Add DMAR SIDP Table dumpping
VT-d spec 4.0 has added a new structure called SIDP which is more
generic to describe special properties of integrated devices.
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
Signed-off-by: Sheng Wei
---
.../Feature/VTd/IntelVTdDxe/DmarAcpiTable.c | 72 +++
1 file changed, 72 insertions(+)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
index 75fbd53ed..42e1b1449 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
@@ -93,6 +93,10 @@ DumpDmarDeviceScopeEntry (
" Length . 0x%02x\n",
DmarDeviceScopeEntry->Length
));
+ DEBUG ((DEBUG_INFO,
+" Flags .. 0x%02x\n",
+DmarDeviceScopeEntry->Flags
+));
DEBUG ((DEBUG_INFO,
" Enumeration ID . 0x%02x\n",
DmarDeviceScopeEntry->EnumerationId
@@ -122,6 +126,66 @@ DumpDmarDeviceScopeEntry (
return;
}
+/**
+ Dump DMAR SIDP table.
+
+ @param[in] Sidp DMAR SIDP table
+**/
+VOID
+DumpDmarSidp (
+ IN EFI_ACPI_DMAR_SIDP_HEADER *Sidp
+ )
+{
+ EFI_ACPI_DMAR_DEVICE_SCOPE_STRUCTURE_HEADER *DmarDeviceScopeEntry;
+ INTN SidpLen;
+
+ if (Sidp == NULL) {
+return;
+ }
+
+ DEBUG ((DEBUG_INFO,
+"
***\n"
+));
+ DEBUG ((DEBUG_INFO,
+" * SoC Integrated Device Property Reporting Structure
*\n"
+));
+ DEBUG ((DEBUG_INFO,
+"
***\n"
+));
+ DEBUG ((DEBUG_INFO,
+(sizeof(UINTN) == sizeof(UINT64)) ?
+" SIDP address ... 0x%016lx\n" :
+" SIDP address ... 0x%08x\n",
+Sidp
+));
+ DEBUG ((DEBUG_INFO,
+"Type . 0x%04x\n",
+Sidp->Header.Type
+));
+ DEBUG ((DEBUG_INFO,
+"Length ... 0x%04x\n",
+Sidp->Header.Length
+));
+ DEBUG ((DEBUG_INFO,
+"Segment Number ... 0x%04x\n",
+Sidp->SegmentNumber
+));
+
+ SidpLen = Sidp->Header.Length - sizeof(EFI_ACPI_DMAR_SIDP_HEADER);
+ DmarDeviceScopeEntry = (EFI_ACPI_DMAR_DEVICE_SCOPE_STRUCTURE_HEADER *)(Sidp
+ 1);
+ while (SidpLen > 0) {
+DumpDmarDeviceScopeEntry (DmarDeviceScopeEntry);
+SidpLen -= DmarDeviceScopeEntry->Length;
+DmarDeviceScopeEntry = (EFI_ACPI_DMAR_DEVICE_SCOPE_STRUCTURE_HEADER
*)((UINTN)DmarDeviceScopeEntry + DmarDeviceScopeEntry->Length);
+ }
+
+ DEBUG ((DEBUG_INFO,
+"
***\n\n"
+));
+
+ return;
+}
+
/**
Dump DMAR SATC table.
@@ -472,6 +536,10 @@ DumpDmarDrhd (
"Flags 0x%02x\n",
Drhd->Flags
));
+ DEBUG ((DEBUG_INFO,
+"Size . 0x%02x\n",
+Drhd->Size
+));
DEBUG ((DEBUG_INFO,
" INCLUDE_PCI_ALL 0x%02x\n",
Drhd->Flags & EFI_ACPI_DMAR_DRHD_FLAGS_INCLUDE_PCI_ALL
@@ -583,7 +651,11 @@ DumpAcpiDMAR (
case EFI_ACPI_DMAR_TYPE_SATC:
DumpDmarSatc ((EFI_ACPI_DMAR_SATC_HEADER *)DmarHeader);
break;
+case EFI_ACPI_DMAR_TYPE_SIDP:
+ DumpDmarSidp ((EFI_ACPI_DMAR_SIDP_HEADER *)DmarHeader);
+ break;
default:
+ DEBUG ((DEBUG_INFO, "Unknown DMAR Table Type : %d\n", DmarHeader->Type));
break;
}
DmarLen -= DmarHeader->Length;
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92501): https://edk2.groups.io/g/devel/message/92501
Mute This Topic: https://groups.io/mt/93075708/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH] IntelSiliconPkg/VTd: Fix VTd Queued Invalidation IOTLB descriptor
Hi Ray,
Could you help to review and merge a VTd driver patch ? Huang, Jenny has given
the "review-by".
This patch is used to fix/refine code about VTd Queued Invalidation feature.
Here are the changes
1) Bug fix: VTd Queued Invalidation IOTLB descriptor need to use
CAP_REG.DWD and CAP_REG.DRD. It is wrong to use ECAP_REG. (PEI VTD DMAR core
driver)
2) Refine print message: Queued Invalidation descriptor is 128 bits value
use “0x%016lx” replace “0x%08x”. (PEI VTD DMAR core driver)
3) Refine coding, change to use same struct member as DXE driver. (PEI VTD
DMAR core driver)
4) Refine comment. (PEI VTD DMAR core driver)
5) Register-based invalidation interface supported by hardware
implementations of this architecture with Major Version 5 or lower (VER_REG).
It is wrong to use “6” (DXE VTD core driver)
Thank you.
BR
Sheng Wei
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Sheng
> Wei
> Sent: 2022年6月27日 15:08
> To: devel@edk2.groups.io
> Cc: Huang, Jenny ; Ni, Ray ;
> Chaganty, Rangasai V
> Subject: [edk2-devel] [PATCH] IntelSiliconPkg/VTd: Fix VTd Queued
> Invalidation IOTLB descriptor
>
> VTd Queued Invalidation IOTLB descriptor need to use CAP_REG.DWD and
> CAP_REG.DRD. Queued Invalidation descriptor is a 128 bits value.
> Register-based invalidation interface supported by hardware
> implementations of this architecture with Major Version 5 or lower
> (VER_REG).
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3964
>
> Signed-off-by: Sheng Wei
> Cc: Jenny Huang
> Cc: Ray Ni
> Cc: Rangasai V Chaganty
> ---
> .../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 32 +--
> .../VTd/IntelVTdDmarPei/IntelVTdDmarPei.h | 2 +-
> .../Feature/VTd/IntelVTdDxe/VtdReg.c | 2 +-
> 3 files changed, 17 insertions(+), 19 deletions(-)
>
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.
> c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.
> c
> index 0d372f6c..b5b78f77 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.
> c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTd
> +++ Dmar.c
> @@ -79,7 +79,7 @@ PerpareCacheInvalidationInterface (
>IN VTD_UNIT_INFO *VTdUnitInfo ) {- UINT16 QiDescLength;+ UINT16
> QueueSize; UINT64 Reg64; UINT32 Reg32; VTD_ECAP_REG
> ECapReg;@@ -122,18 +122,18 @@ PerpareCacheInvalidationInterface (
>// Setup the IQ address, size and descriptor width through the Invalidation
> Queue Address Register // if (VTdUnitInfo->QiDesc == NULL) {-
> VTdUnitInfo->QueueSize = 0;-QiDescLength = 1 << (VTdUnitInfo-
> >QueueSize + 8);-VTdUnitInfo->QiDesc = (QI_DESC *) AllocatePages
> (EFI_SIZE_TO_PAGES(sizeof(QI_DESC) * QiDescLength));+QueueSize = 0;+
> VTdUnitInfo->QiDescLength = 1 << (QueueSize + 8);+VTdUnitInfo->QiDesc
> = (QI_DESC *) AllocatePages (EFI_SIZE_TO_PAGES (sizeof (QI_DESC) *
> VTdUnitInfo->QiDescLength)); if (VTdUnitInfo->QiDesc == NULL)
> { DEBUG ((DEBUG_ERROR,"Could not Alloc Invalidation Queue
> Buffer.\n")); return EFI_OUT_OF_RESOURCES; } } - DEBUG
> ((DEBUG_INFO, "Invalidation Queue Length : %d\n", QiDescLength));+
> DEBUG ((DEBUG_INFO, "Invalidation Queue Length : %d\n", VTdUnitInfo-
> >QiDescLength)); Reg64 = (UINT64) (UINTN) VTdUnitInfo->QiDesc;- Reg64
> |= VTdUnitInfo->QueueSize;+ Reg64 |= QueueSize; MmioWrite64
> (VtdUnitBaseAddress + R_IQA_REG, Reg64);//@@ -164,7 +164,6 @@
> DisableQueuedInvalidationInterface (
>) { UINT32 Reg32;- UINT16 QiDescLength;if
> (VTdUnitInfo-
> >EnableQueuedInvalidation != 0) { Reg32 = MmioRead32 (VTdUnitInfo-
> >VtdUnitBaseAddress + R_GSTS_REG);@@ -176,10 +175,9 @@
> DisableQueuedInvalidationInterface (
> } while ((Reg32 & B_GSTS_REG_QIES) != 0); if (VTdUnitInfo->QiDesc !=
> NULL) {- QiDescLength = 1 << (VTdUnitInfo->QueueSize + 8);-
> FreePages(VTdUnitInfo->QiDesc, EFI_SIZE_TO_PAGES(sizeof(QI_DESC) *
> QiDescLength));+ FreePages(VTdUnitInfo->QiDesc, EFI_SIZE_TO_PAGES
> (sizeof (QI_DESC) * VTdUnitInfo->QiDescLength)); VTdUnitInfo->QiDesc =
> NULL;- VTdUnitInfo->QueueSize = 0;+ VTdUnitInfo->QiDescLength =
> 0; } VTdUnitInfo->EnableQueuedInvalidation = 0;@@ -239,10 +237,10
> @@ SubmitQueuedInvalidationDescriptor (
> return EFI_INVALID_PARAMETER; } - QiDescLength = 1 << (VTdUnitInfo-
> >QueueSize + 8);+ QiDescLength = VTdUnitInfo->QiDescLength; BaseDesc =
> VTdUnitInfo->QiDesc; - DEBUG((DEBUG_IN
Re: [edk2-devel] [PATCH] MdePkg/include: Update DMAR definitions to Intel VT-d spec ver4.0
Reviewed-by: Sheng Wei
The change matches the Vtd specification v 4.0
> -Original Message-
> From: Kowalewski, Robert
> Sent: 2022年7月6日 21:48
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D ; Gao, Liming
> ; Liu, Zhiguang ;
> Huang, Jenny ; Sheng, W
> Subject: [PATCH] MdePkg/include: Update DMAR definitions to Intel VT-d
> spec ver4.0
>
> Updated DMAR definitions accordingly to changes in Intel(R) Virtualization
> Technology for Directed I/O (VT-D) Architecture Specification ver4.0.
>
> Added new definition of remapping structure - SIDP. The SoC Integrated
> Device Property (SIDP) reporting structure identifies devices that have
> special properties and that may put restrictions on how system software
> must configure remapping structures that govern such devices in a platform
> where remapping hardware is enabled.
>
> Updated DRHD definition - field 'reserved' is replaced with 'Size'.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3978
>
> Signed-off-by: Robert Kowalewski
>
> Cc: Michael D Kinney
> Cc: Liming Gao
> Cc: Zhiguang Liu
> Cc: Jenny Huang
> Cc: Sheng Wei
> ---
> .../DmaRemappingReportingTable.h | 46 +++
> 1 file changed, 38 insertions(+), 8 deletions(-)
>
> diff --git
> a/MdePkg/Include/IndustryStandard/DmaRemappingReportingTable.h
> b/MdePkg/Include/IndustryStandard/DmaRemappingReportingTable.h
> index 193e4bced5..00588ff234 100644
> --- a/MdePkg/Include/IndustryStandard/DmaRemappingReportingTable.h
> +++ b/MdePkg/Include/IndustryStandard/DmaRemappingReportingTable.h
> @@ -2,12 +2,12 @@
>DMA Remapping Reporting (DMAR) ACPI table definition from Intel(R)
>Virtualization Technology for Directed I/O (VT-D) Architecture
> Specification.
>
> - Copyright (c) 2016 - 2020, Intel Corporation. All rights reserved.
> + Copyright (c) 2016 - 2022, Intel Corporation. All rights
> + reserved.
>SPDX-License-Identifier: BSD-2-Clause-Patent
>
>@par Revision Reference:
> - Intel(R) Virtualization Technology for Directed I/O (VT-D) Architecture
> - Specification v3.2, Dated October 2020.
> + Specification v4.0, Dated June 2022.
>
> https://software.intel.com/content/dam/develop/external/us/en/documen
> ts/vt-directed-io-spec.pdf
>
>@par Glossary:
> @@ -41,6 +41,7 @@
> #define EFI_ACPI_DMAR_TYPE_RHSA 0x03
> #define EFI_ACPI_DMAR_TYPE_ANDD 0x04
> #define EFI_ACPI_DMAR_TYPE_SATC 0x05
> +#define EFI_ACPI_DMAR_TYPE_SIDP 0x06
> ///@}
>
> ///
> @@ -56,6 +57,12 @@
> #define EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_IOAPIC 0x03
> #define EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_MSI_CAPABLE_HPET
> 0x04
> #define EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_ACPI_NAMESPACE_DEVICE
> 0x05
> +
> +#define
> EFI_ACPI_DEVICE_SCOPE_REQ_WO_PASID_NESTED_NOTALLOWED BIT0
> +#define
> EFI_ACPI_DEVICE_SCOPE_REQ_WO_PASID_PWSNP_NOTALLOWED BIT1
> +#define EFI_ACPI_DEVICE_SCOPE_REQ_WO_PASID_PGSNP_NOTALLOWED
> BIT2
> +#define EFI_ACPI_DEVICE_SCOPE_REQ_WO_PASID_ATC_HARDENED
> BIT3
> +#define EFI_ACPI_DEVICE_SCOPE_REQ_WO_PASID_ATC_REQUIRED
> BIT4
> ///@}
>
> ///
> @@ -83,11 +90,12 @@ typedef struct {
> /// Device Scope Structure is defined in section 8.3.1 /// typedef struct {
> - UINT8 Type;
> - UINT8 Length;
> - UINT16Reserved2;
> - UINT8 EnumerationId;
> - UINT8 StartBusNumber;
> + UINT8Type;
> + UINT8Length;
> + UINT8Flags;
> + UINT8Reserved;
> + UINT8EnumerationId;
> + UINT8StartBusNumber;
> } EFI_ACPI_DMAR_DEVICE_SCOPE_STRUCTURE_HEADER;
>
> /**
> @@ -111,7 +119,14 @@ typedef struct {
> - Bits[7:1] Reserved.
>**/
>UINT8 Flags;
> - UINT8 Reserved;
> +
> + /**
> +- Bits[3:0]: Indicates the size of the remapping hardware register set
> for
> + this remapping unit. If the value in this field is N, the
> size
> + of the register set is 2^N 4 KB pages
> +- Bits[7:4]: Reserved.
> + **/
> + UINT8 Size;
>///
>/// The PCI Segment associated with this unit.
>///
> @@ -249,6 +264,20 @@ typedef struct {
>UINT16SegmentNumber;
> } EFI_ACPI_DMAR_SATC_HEADER;
>
> +/**
> + SoC Integrated Device Property (SIDP) Reporting Structure is defined
> +in
> + section 8.9.
> +**/
> +typedef struct {
> + EFI_ACPI_DMAR_STRUCTURE_HEADERHeader;
> +
> + UINT16Reserved;
> + ///
> + /// The PCI Segment associated with this SIDP structure.
> + ///
> + UINT16SegmentNumber;
> +} EFI_ACPI_DMAR_SIDP_HEADER;
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Fix VTd Queued Invalidation IOTLB descriptor
VTd Queued Invalidation IOTLB descriptor need to use CAP_REG.DWD
and CAP_REG.DRD. Queued Invalidation descriptor is a 128 bits value.
Register-based invalidation interface supported by hardware implementations
of this architecture with Major Version 5 or lower (VER_REG).
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3964
Signed-off-by: Sheng Wei
Cc: Jenny Huang
Cc: Ray Ni
Cc: Rangasai V Chaganty
---
.../VTd/IntelVTdDmarPei/IntelVTdDmar.c| 32 +--
.../VTd/IntelVTdDmarPei/IntelVTdDmarPei.h | 2 +-
.../Feature/VTd/IntelVTdDxe/VtdReg.c | 2 +-
3 files changed, 17 insertions(+), 19 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index 0d372f6c..b5b78f77 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -79,7 +79,7 @@ PerpareCacheInvalidationInterface (
IN VTD_UNIT_INFO *VTdUnitInfo
)
{
- UINT16 QiDescLength;
+ UINT16 QueueSize;
UINT64 Reg64;
UINT32 Reg32;
VTD_ECAP_REG ECapReg;
@@ -122,18 +122,18 @@ PerpareCacheInvalidationInterface (
// Setup the IQ address, size and descriptor width through the Invalidation
Queue Address Register
//
if (VTdUnitInfo->QiDesc == NULL) {
-VTdUnitInfo->QueueSize = 0;
-QiDescLength = 1 << (VTdUnitInfo->QueueSize + 8);
-VTdUnitInfo->QiDesc = (QI_DESC *) AllocatePages
(EFI_SIZE_TO_PAGES(sizeof(QI_DESC) * QiDescLength));
+QueueSize = 0;
+VTdUnitInfo->QiDescLength = 1 << (QueueSize + 8);
+VTdUnitInfo->QiDesc = (QI_DESC *) AllocatePages (EFI_SIZE_TO_PAGES (sizeof
(QI_DESC) * VTdUnitInfo->QiDescLength));
if (VTdUnitInfo->QiDesc == NULL) {
DEBUG ((DEBUG_ERROR,"Could not Alloc Invalidation Queue Buffer.\n"));
return EFI_OUT_OF_RESOURCES;
}
}
- DEBUG ((DEBUG_INFO, "Invalidation Queue Length : %d\n", QiDescLength));
+ DEBUG ((DEBUG_INFO, "Invalidation Queue Length : %d\n",
VTdUnitInfo->QiDescLength));
Reg64 = (UINT64) (UINTN) VTdUnitInfo->QiDesc;
- Reg64 |= VTdUnitInfo->QueueSize;
+ Reg64 |= QueueSize;
MmioWrite64 (VtdUnitBaseAddress + R_IQA_REG, Reg64);
//
@@ -164,7 +164,6 @@ DisableQueuedInvalidationInterface (
)
{
UINT32 Reg32;
- UINT16 QiDescLength;
if (VTdUnitInfo->EnableQueuedInvalidation != 0) {
Reg32 = MmioRead32 (VTdUnitInfo->VtdUnitBaseAddress + R_GSTS_REG);
@@ -176,10 +175,9 @@ DisableQueuedInvalidationInterface (
} while ((Reg32 & B_GSTS_REG_QIES) != 0);
if (VTdUnitInfo->QiDesc != NULL) {
- QiDescLength = 1 << (VTdUnitInfo->QueueSize + 8);
- FreePages(VTdUnitInfo->QiDesc, EFI_SIZE_TO_PAGES(sizeof(QI_DESC) *
QiDescLength));
+ FreePages(VTdUnitInfo->QiDesc, EFI_SIZE_TO_PAGES (sizeof (QI_DESC) *
VTdUnitInfo->QiDescLength));
VTdUnitInfo->QiDesc = NULL;
- VTdUnitInfo->QueueSize = 0;
+ VTdUnitInfo->QiDescLength = 0;
}
VTdUnitInfo->EnableQueuedInvalidation = 0;
@@ -239,10 +237,10 @@ SubmitQueuedInvalidationDescriptor (
return EFI_INVALID_PARAMETER;
}
- QiDescLength = 1 << (VTdUnitInfo->QueueSize + 8);
+ QiDescLength = VTdUnitInfo->QiDescLength;
BaseDesc = VTdUnitInfo->QiDesc;
- DEBUG((DEBUG_INFO, "[0x%x] Submit QI Descriptor [0x%08x, 0x%08x]\n",
VTdUnitInfo->VtdUnitBaseAddress, Desc->Low, Desc->High));
+ DEBUG((DEBUG_INFO, "[0x%x] Submit QI Descriptor [0x%016lx, 0x%016lx]\n",
VTdUnitInfo->VtdUnitBaseAddress, Desc->Low, Desc->High));
BaseDesc[VTdUnitInfo->QiFreeHead].Low = Desc->Low;
BaseDesc[VTdUnitInfo->QiFreeHead].High = Desc->High;
@@ -251,7 +249,6 @@ SubmitQueuedInvalidationDescriptor (
DEBUG((DEBUG_INFO,"QI Free Head=0x%x\n", VTdUnitInfo->QiFreeHead));
VTdUnitInfo->QiFreeHead = (VTdUnitInfo->QiFreeHead + 1) % QiDescLength;
- Reg64Iqh = MmioRead64 (VTdUnitInfo->VtdUnitBaseAddress + R_IQH_REG);
//
// Update the HW tail register indicating the presence of new descriptors.
//
@@ -328,6 +325,7 @@ InvalidateIOTLB (
{
UINT64Reg64;
VTD_ECAP_REG ECapReg;
+ VTD_CAP_REG CapReg;
QI_DESC QiDesc;
if (VTdUnitInfo->EnableQueuedInvalidation == 0) {
@@ -353,8 +351,8 @@ InvalidateIOTLB (
//
// Queued Invalidation
//
-ECapReg.Uint64 = MmioRead64 (VTdUnitInfo->VtdUnitBaseAddress + R_ECAP_REG);
-QiDesc.Low = QI_IOTLB_DID(0) | QI_IOTLB_DR(CAP_READ_DRAIN(ECapReg.Uint64))
| QI_IOTLB_DW(CAP_WRITE_DRAIN(ECapReg.Uint64)) | QI_IOTLB_GRAN(1) |
QI_IOTLB_TYPE;
+CapReg.Uint64 = MmioRead64 (VTdUnitInfo->VtdUnitBaseAddre
[edk2-devel] [PATCH v3] IntelSiliconPkg/VTd: Add PCD for VTd Abort DMA Mode Support
PcdVTdSupportAbortDmaMode is used to enable/disable using VTd Abort DMA Mode.
Signed-off-by: Sheng Wei
Reviewed-by: Robert Kowalewski
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Change-Id: If999d2f4906bda887dffe8574ec17cb90346b710
---
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c | 9 ++---
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf | 3 ++-
Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec| 6 ++
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index b4c44d87..0d372f6c 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -1,6 +1,6 @@
/** @file
- Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -570,10 +570,12 @@ EnableVTdTranslationProtectionBlockDma (
DEBUG ((DEBUG_INFO, "EnableVTdTranslationProtectionBlockDma - 0x%08x\n",
VtdUnitBaseAddress));
+ DEBUG ((DEBUG_INFO, "PcdVTdSupportAbortDmaMode : %d\n", FixedPcdGetBool
(PcdVTdSupportAbortDmaMode)));
+
ECapReg.Uint64 = MmioRead64 (VtdUnitBaseAddress + R_ECAP_REG);
- DEBUG ((DEBUG_INFO, "ECapReg : 0%016lx\n", ECapReg.Uint64));
+ DEBUG ((DEBUG_INFO, "ECapReg.ADMS : %d\n", ECapReg.Bits.ADMS));
- if (ECapReg.Bits.ADMS == 1) {
+ if ((ECapReg.Bits.ADMS == 1) && FixedPcdGetBool (PcdVTdSupportAbortDmaMode))
{
//
// Use Abort DMA Mode
//
@@ -594,6 +596,7 @@ EnableVTdTranslationProtectionBlockDma (
ASSERT (FALSE);
return EFI_DEVICE_ERROR;
}
+DEBUG ((DEBUG_INFO, "Block All DMA by TE.\n"));
Status = EnableDmarPreMem (VtdUnitBaseAddress, (UINT64) (*RootEntryTable));
}
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
index b97ff900..473665e9 100644
---
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
+++
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
@@ -4,7 +4,7 @@
# This driver initializes VTd engine based upon EDKII_VTD_INFO_PPI
# and provide DMA protection in PEI.
#
-# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2022, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -55,6 +55,7 @@
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask ## CONSUMES
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPeiDmaBufferSize ## CONSUMES
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPeiDmaBufferSizeS3 ## CONSUMES
+ gIntelSiliconPkgTokenSpaceGuid.PcdVTdSupportAbortDmaMode ## CONSUMES
[Depex]
gEfiPeiMasterBootModePpiGuid AND
diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
index e5b785ae..c36d130a 100644
--- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
+++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
@@ -135,6 +135,12 @@
gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvSize|0x000A|UINT32|0x000A
gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvOffset|0x0066|UINT32|0x000B
+ ## Indicates if VTd Abort DMA Mode is supported.
+ # TRUE - Support VTd abort DMA mode.
+ # FALSE - Not support VTd abort DMA mode.
+ # @Prompt VTd abort DMA mode support.
+
gIntelSiliconPkgTokenSpaceGuid.PcdVTdSupportAbortDmaMode|FALSE|BOOLEAN|0x000C
+
[PcdsFixedAtBuild, PcdsPatchableInModule]
## Error code for VTd error.
# EDKII_ERROR_CODE_VTD_ERROR = (EFI_IO_BUS_UNSPECIFIED | (EFI_OEM_SPECIFIC
| 0x)) = 0x02008000
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90350): https://edk2.groups.io/g/devel/message/90350
Mute This Topic: https://groups.io/mt/91639873/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v2] IntelSiliconPkg/VTd: Add PCD for VTd Abort DMA Mode Support
PcdVTdSupportAbortDmaMode is used to enable/disable using VTd Abort DMA Mode.
Signed-off-by: Sheng Wei
Reviewed-by: Robert Kowalewski
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Change-Id: If999d2f4906bda887dffe8574ec17cb90346b710
---
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c | 9 ++---
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf | 3 ++-
Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec| 6 ++
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index b4c44d87..0d372f6c 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -1,6 +1,6 @@
/** @file
- Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -570,10 +570,12 @@ EnableVTdTranslationProtectionBlockDma (
DEBUG ((DEBUG_INFO, "EnableVTdTranslationProtectionBlockDma - 0x%08x\n",
VtdUnitBaseAddress));
+ DEBUG ((DEBUG_INFO, "PcdVTdSupportAbortDmaMode : %d\n", FixedPcdGetBool
(PcdVTdSupportAbortDmaMode)));
+
ECapReg.Uint64 = MmioRead64 (VtdUnitBaseAddress + R_ECAP_REG);
- DEBUG ((DEBUG_INFO, "ECapReg : 0%016lx\n", ECapReg.Uint64));
+ DEBUG ((DEBUG_INFO, "ECapReg.ADMS : %d\n", ECapReg.Bits.ADMS));
- if (ECapReg.Bits.ADMS == 1) {
+ if ((ECapReg.Bits.ADMS == 1) && FixedPcdGetBool (PcdVTdSupportAbortDmaMode))
{
//
// Use Abort DMA Mode
//
@@ -594,6 +596,7 @@ EnableVTdTranslationProtectionBlockDma (
ASSERT (FALSE);
return EFI_DEVICE_ERROR;
}
+DEBUG ((DEBUG_INFO, "Block All DMA by TE.\n"));
Status = EnableDmarPreMem (VtdUnitBaseAddress, (UINT64) (*RootEntryTable));
}
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
index b97ff900..473665e9 100644
---
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
+++
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
@@ -4,7 +4,7 @@
# This driver initializes VTd engine based upon EDKII_VTD_INFO_PPI
# and provide DMA protection in PEI.
#
-# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2022, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -55,6 +55,7 @@
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask ## CONSUMES
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPeiDmaBufferSize ## CONSUMES
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPeiDmaBufferSizeS3 ## CONSUMES
+ gIntelSiliconPkgTokenSpaceGuid.PcdVTdSupportAbortDmaMode ## CONSUMES
[Depex]
gEfiPeiMasterBootModePpiGuid AND
diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
index e5b785ae..1131f4c5 100644
--- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
+++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
@@ -135,6 +135,12 @@
gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvSize|0x000A|UINT32|0x000A
gIntelSiliconPkgTokenSpaceGuid.PcdFlashMicrocodeFvOffset|0x0066|UINT32|0x000B
+ ## Indicates if VTd Abort DMA Mode is supported.
+ # TRUE - Support VTd abort DMA mode.
+ # FALSE - Not support VTd abort DMA mode.
+ # @Prompt VTd abort DMA mode support.
+
gIntelSiliconPkgTokenSpaceGuid.PcdVTdSupportAbortDmaMode|TRUE|BOOLEAN|0x000C
+
[PcdsFixedAtBuild, PcdsPatchableInModule]
## Error code for VTd error.
# EDKII_ERROR_CODE_VTD_ERROR = (EFI_IO_BUS_UNSPECIFIED | (EFI_OEM_SPECIFIC
| 0x)) = 0x02008000
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90001): https://edk2.groups.io/g/devel/message/90001
Mute This Topic: https://groups.io/mt/91328253/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Add PCD for VTd Abort DMA Mode Support
PcdVTdSupportAbortDmaMode is used to enable/disable VTd Abort DMA Mode.
Signed-off-by: Sheng Wei
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
---
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c | 7 +--
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf| 3 ++-
Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 6 ++
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index b4c44d87..18c22316 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -1,6 +1,6 @@
/** @file
- Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -570,10 +570,12 @@ EnableVTdTranslationProtectionBlockDma (
DEBUG ((DEBUG_INFO, "EnableVTdTranslationProtectionBlockDma - 0x%08x\n",
VtdUnitBaseAddress));
+ DEBUG ((DEBUG_INFO, "PcdVTdSupportAbortDmaMode : %d\n", FeaturePcdGet
(PcdVTdSupportAbortDmaMode)));
+
ECapReg.Uint64 = MmioRead64 (VtdUnitBaseAddress + R_ECAP_REG);
DEBUG ((DEBUG_INFO, "ECapReg : 0%016lx\n", ECapReg.Uint64));
- if (ECapReg.Bits.ADMS == 1) {
+ if ((ECapReg.Bits.ADMS == 1) && FeaturePcdGet (PcdVTdSupportAbortDmaMode)) {
//
// Use Abort DMA Mode
//
@@ -594,6 +596,7 @@ EnableVTdTranslationProtectionBlockDma (
ASSERT (FALSE);
return EFI_DEVICE_ERROR;
}
+DEBUG ((DEBUG_INFO, "Block All DMA by TE.\n"));
Status = EnableDmarPreMem (VtdUnitBaseAddress, (UINT64) (*RootEntryTable));
}
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
index b97ff900..473665e9 100644
---
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
+++
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.inf
@@ -4,7 +4,7 @@
# This driver initializes VTd engine based upon EDKII_VTD_INFO_PPI
# and provide DMA protection in PEI.
#
-# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2022, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -55,6 +55,7 @@
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask ## CONSUMES
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPeiDmaBufferSize ## CONSUMES
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPeiDmaBufferSizeS3 ## CONSUMES
+ gIntelSiliconPkgTokenSpaceGuid.PcdVTdSupportAbortDmaMode ## CONSUMES
[Depex]
gEfiPeiMasterBootModePpiGuid AND
diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
index e5b785ae..92d7fa3b 100644
--- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
+++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
@@ -172,3 +172,9 @@
# @Prompt The VTd PEI DMA buffer size for S3.
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPeiDmaBufferSizeS3|0x0020|UINT32|0x0004
+ ## Indicates if VTd Abort DMA Mode is supported.
+ # TRUE - Support VTd abort DMA mode.
+ # FALSE - Not support VTd abort DMA mode.
+ # @Prompt VTd abort DMA mode support.
+
gIntelSiliconPkgTokenSpaceGuid.PcdVTdSupportAbortDmaMode|TRUE|BOOLEAN|0x000C
+
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89681): https://edk2.groups.io/g/devel/message/89681
Mute This Topic: https://groups.io/mt/91031568/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] IntelSiliconPkg/VTd: Fix to support IntelVTdDmarPei in 64bit
The change is good to me.
Reviewed-by: Sheng Wei
> -Original Message-
> From: Kuo, Ted
> Sent: 2022年2月15日 14:47
> To: devel@edk2.groups.io
> Cc: Sheng, W ; Ni, Ray ; Chaganty,
> Rangasai V ; Huang, Jenny
> ; Kowalewski, Robert
>
> Subject: [PATCH v2] IntelSiliconPkg/VTd: Fix to support IntelVTdDmarPei in
> 64bit
>
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3836
> Changed VtdIndex defined in PROCESS_DRHD_CALLBACK_FUNC from
> UINT32 to UINTN to avoid type incompatible error when enable PEI in 64bit.
>
> Cc: Sheng Wei
> Cc: Ray Ni
> Cc: Rangasai V Chaganty
> Cc: Jenny Huang
> Cc: Robert Kowalewski
> Signed-off-by: Ted Kuo
> ---
> .../IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.c | 4
> ++--
> .../IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.h | 2
> +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.c
> index f97d627eca..2844f366bb 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTd
> +++ DmarPei.c
> @@ -434,7 +434,7 @@ GetVTdInfoHob (
> VOID
> ProcessDhrdPreMemory (
>IN OUT VOID *Context,
> - IN UINT32 VTdIndex,
> + IN UINTN VTdIndex,
>IN EFI_ACPI_DMAR_DRHD_HEADER *DmarDrhd
>)
> {
> @@ -454,7 +454,7 @@ ProcessDhrdPreMemory ( VOID
> ProcessDrhdPostMemory (
>IN OUT VOID *Context,
> - IN UINT32 VTdIndex,
> + IN UINTN VTdIndex,
>IN EFI_ACPI_DMAR_DRHD_HEADER *DmarDrhd
>)
> {
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.h
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.h
> index 351a7810d8..7bed0a5363 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.h
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTd
> +++ DmarPei.h
> @@ -49,7 +49,7 @@ typedef
> VOID
> (*PROCESS_DRHD_CALLBACK_FUNC) (
>IN OUT VOID *Context,
> - IN UINT32 VTdIndex,
> + IN UINTN VTdIndex,
>IN EFI_ACPI_DMAR_DRHD_HEADER *DmarDrhd
>);
>
> --
> 2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86674): https://edk2.groups.io/g/devel/message/86674
Mute This Topic: https://groups.io/mt/89156060/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] IntelSiliconPkg/VTd: Fix to support IntelVTdDmarPei in 64bit
Hi Ted,
Since we use UINTN as the return type of ParseDmarAcpiTableDrhd (), Could we
keep UINTN here and change define of PROCESS_DRHD_CALLBACK_FUNC ?
typedef
VOID
(*PROCESS_DRHD_CALLBACK_FUNC) (
IN OUT VOID *Context,
IN UINT32 VTdIndex, // change to UINTN
IN EFI_ACPI_DMAR_DRHD_HEADER *DmarDrhd
);
And it also related to below 2 functions.
ProcessDrhdPostMemory ()
ProcessDhrdPreMemory ()
Need change the second parameter.
IN UINT32 VTdIndex, // change to UINTN
Thank you
BR
Sheng Wei
> -Original Message-
> From: Kuo, Ted
> Sent: 2022年2月15日 14:47
> To: devel@edk2.groups.io
> Cc: Sheng, W ; Ni, Ray ; Chaganty,
> Rangasai V ; Huang, Jenny
> ; Kowalewski, Robert
>
> Subject: [PATCH v2] IntelSiliconPkg/VTd: Fix to support IntelVTdDmarPei in
> 64bit
>
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3836
> Changed VtdIndex defined in PROCESS_DRHD_CALLBACK_FUNC from
> UINT32 to UINTN to avoid type incompatible error when enable PEI in 64bit.
>
> Cc: Sheng Wei
> Cc: Ray Ni
> Cc: Rangasai V Chaganty
> Cc: Jenny Huang
> Cc: Robert Kowalewski
> Signed-off-by: Ted Kuo
> ---
> .../IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.c | 4
> ++--
> .../IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.h | 2
> +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.c
> index f97d627eca..2844f366bb 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTd
> +++ DmarPei.c
> @@ -434,7 +434,7 @@ GetVTdInfoHob (
> VOID
> ProcessDhrdPreMemory (
>IN OUT VOID *Context,
> - IN UINT32 VTdIndex,
> + IN UINTN VTdIndex,
>IN EFI_ACPI_DMAR_DRHD_HEADER *DmarDrhd
>)
> {
> @@ -454,7 +454,7 @@ ProcessDhrdPreMemory ( VOID
> ProcessDrhdPostMemory (
>IN OUT VOID *Context,
> - IN UINT32 VTdIndex,
> + IN UINTN VTdIndex,
>IN EFI_ACPI_DMAR_DRHD_HEADER *DmarDrhd
>)
> {
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.h
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.h
> index 351a7810d8..7bed0a5363 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar
> Pei.h
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTd
> +++ DmarPei.h
> @@ -49,7 +49,7 @@ typedef
> VOID
> (*PROCESS_DRHD_CALLBACK_FUNC) (
>IN OUT VOID *Context,
> - IN UINT32 VTdIndex,
> + IN UINTN VTdIndex,
>IN EFI_ACPI_DMAR_DRHD_HEADER *DmarDrhd
>);
>
> --
> 2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86673): https://edk2.groups.io/g/devel/message/86673
Mute This Topic: https://groups.io/mt/89156060/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] IntelSiliconPkg/VTd: Use Legacy Mode Address Translation
Only if ECAP_REG.SMTS == 0 and ECAP_REG.bit 24 == 1, use
extended mode address translation.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3826
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
Signed-off-by: Sheng Wei
---
.../Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c| 2 +-
.../IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/TranslationTable.c | 2 +-
.../Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c| 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index b30c44dc..180981eb 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -626,7 +626,7 @@ EnableVTdTranslationProtection (
if (VtdUnitInfo->ExtRootEntryTable != 0) {
DEBUG ((DEBUG_INFO, "EnableVtdDmar (%d) ExtRootEntryTable 0x%x\n",
Index, VtdUnitInfo->ExtRootEntryTable));
- Status = EnableDmar (VtdUnitInfo, VtdUnitInfo->ExtRootEntryTable);
+ Status = EnableDmar (VtdUnitInfo, VtdUnitInfo->ExtRootEntryTable |
BIT11);
} else {
DEBUG ((DEBUG_INFO, "EnableVtdDmar (%d) RootEntryTable 0x%x\n", Index,
VtdUnitInfo->RootEntryTable));
Status = EnableDmar (VtdUnitInfo, VtdUnitInfo->RootEntryTable);
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/TranslationTable.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/TranslationTable.c
index c94f4a85..b3e9519f 100644
---
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/TranslationTable.c
+++
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/TranslationTable.c
@@ -902,7 +902,7 @@ SetupTranslationTable (
ASSERT(FALSE);
Status = EFI_UNSUPPORTED;
} else {
-Status = CreateExtContextEntry (VtdUnitInfo);
+Status = CreateContextEntry (VtdUnitInfo);
}
} else {
if (VtdUnitInfo->ECapReg.Bits.DEP_24) {
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
index 48e38d56..3e8cf9dd 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
@@ -389,7 +389,7 @@ SetupTranslationTable (
ASSERT(FALSE);
Status = EFI_UNSUPPORTED;
} else {
-Status = CreateExtContextEntry (Index);
+Status = CreateContextEntry (Index);
}
} else {
if (mVtdUnitInformation[Index].ECapReg.Bits.DEP_24) {
--
2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86434): https://edk2.groups.io/g/devel/message/86434
Mute This Topic: https://groups.io/mt/88988329/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 4/4] IntelSiliconPkg/VTd: Only generate PEI DMA buffer once.
VTdInfoNotify may be called manay times, PEI DMA buffer should be
generated only once.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3667
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
Reviewed-by: Jenny Huang
Signed-off-by: Sheng Wei
---
.../Feature/VTd/IntelVTdDmarPei/DmarTable.c| 545 +
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c | 444 -
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.c | 481 ++
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.h | 119 ++---
.../Feature/VTd/IntelVTdDmarPei/TranslationTable.c | 196 ++--
5 files changed, 548 insertions(+), 1237 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/DmarTable.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/DmarTable.c
index e9c99d0a..2ff2db7d 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/DmarTable.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/DmarTable.c
@@ -1,6 +1,7 @@
/** @file
- Copyright (c) 2020, Intel Corporation. All rights reserved.
+ Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -104,74 +105,6 @@ DumpDmarDeviceScopeEntry (
return;
}
-/**
- Dump DMAR RMRR table.
-
- @param[in] Rmrr DMAR RMRR table
-**/
-VOID
-DumpDmarRmrr (
- IN EFI_ACPI_DMAR_RMRR_HEADER *Rmrr
- )
-{
- EFI_ACPI_DMAR_DEVICE_SCOPE_STRUCTURE_HEADER *DmarDeviceScopeEntry;
- INTNRmrrLen;
-
- if (Rmrr == NULL) {
-return;
- }
-
- DEBUG ((DEBUG_INFO,
-"
***\n"
-));
- DEBUG ((DEBUG_INFO,
-" * Reserved Memory Region Reporting Structure
*\n"
-));
- DEBUG ((DEBUG_INFO,
-"
***\n"
-));
- DEBUG ((DEBUG_INFO,
-(sizeof (UINTN) == sizeof (UINT64)) ?
-" RMRR address ... 0x%016lx\n" :
-" RMRR address ... 0x%08x\n",
-Rmrr
-));
- DEBUG ((DEBUG_INFO,
-"Type . 0x%04x\n",
-Rmrr->Header.Type
-));
- DEBUG ((DEBUG_INFO,
-"Length ... 0x%04x\n",
-Rmrr->Header.Length
-));
- DEBUG ((DEBUG_INFO,
-"Segment Number ... 0x%04x\n",
-Rmrr->SegmentNumber
-));
- DEBUG ((DEBUG_INFO,
-"Reserved Memory Region Base Address .. 0x%016lx\n",
-Rmrr->ReservedMemoryRegionBaseAddress
-));
- DEBUG ((DEBUG_INFO,
-"Reserved Memory Region Limit Address . 0x%016lx\n",
-Rmrr->ReservedMemoryRegionLimitAddress
-));
-
- RmrrLen = Rmrr->Header.Length - sizeof(EFI_ACPI_DMAR_RMRR_HEADER);
- DmarDeviceScopeEntry = (EFI_ACPI_DMAR_DEVICE_SCOPE_STRUCTURE_HEADER *) (Rmrr
+ 1);
- while (RmrrLen > 0) {
-DumpDmarDeviceScopeEntry (DmarDeviceScopeEntry);
-RmrrLen -= DmarDeviceScopeEntry->Length;
-DmarDeviceScopeEntry = (EFI_ACPI_DMAR_DEVICE_SCOPE_STRUCTURE_HEADER *)
((UINTN) DmarDeviceScopeEntry + DmarDeviceScopeEntry->Length);
- }
-
- DEBUG ((DEBUG_INFO,
-"
***\n\n"
-));
-
- return;
-}
-
/**
Dump DMAR DRHD table.
@@ -312,9 +245,6 @@ DumpAcpiDMAR (
case EFI_ACPI_DMAR_TYPE_DRHD:
DumpDmarDrhd ((EFI_ACPI_DMAR_DRHD_HEADER *) DmarHeader);
break;
-case EFI_ACPI_DMAR_TYPE_RMRR:
- DumpDmarRmrr ((EFI_ACPI_DMAR_RMRR_HEADER *) DmarHeader);
- break;
default:
break;
}
@@ -330,491 +260,42 @@ DumpAcpiDMAR (
}
/**
- Get VTd engine number.
+ Parse DMAR DRHD table.
@param[in] AcpiDmarTable DMAR ACPI table
+ @param[in] Callback Callback function for handle DRHD
+ @param[in] Context Callback function Context
@return the VTd engine number.
-**/
-UINTN
-GetVtdEngineNumber (
- IN EFI_ACPI_DMAR_HEADER *AcpiDmarTable
- )
-{
- EFI_ACPI_DMAR_STRUCTURE_HEADER*DmarHeader;
- UINTN VtdIndex;
- VtdIndex = 0;
- DmarHeader = (EFI_ACPI_DMAR_STRUCTURE_HEADER *) ((UINTN) (AcpiDmarTable +
1));
- while ((UINTN) DmarHeader < (UINTN) AcpiDmarTable +
AcpiDmarTable->Header.Length) {
-switch (DmarHeader->Type) {
-case EFI_ACPI_DMAR_TYPE_DRHD:
- VtdIndex++;
- break;
-default:
- break;
-}
-DmarHeader = (EFI_ACPI_DMAR_STRUCTURE_HEADER *) ((UINTN) DmarHeader +
DmarHeader->Length);
- }
- return VtdIndex ;
-}
-
-/**
- Get PCI d
[edk2-devel] [PATCH v6 2/4] IntelSiliconPkg/VTd: Update VTd register structs
Update VTd register structs accroding to VTd spec ver 3.3
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3765
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
Reviewed-by: Jenny Huang
Signed-off-by: Sheng Wei
---
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c | 3 +-
.../Feature/VTd/IntelVTdDmarPei/TranslationTable.c | 23 +++
.../Feature/VTd/IntelVTdDxe/TranslationTable.c | 22 --
.../Feature/VTd/IntelVTdDxe/VtdReg.c | 7 +++--
.../IntelSiliconPkg/Include/IndustryStandard/Vtd.h | 34 +-
5 files changed, 68 insertions(+), 21 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index c3a939c9..87ce9716 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -631,10 +631,8 @@ DumpVtdECapRegs (
DEBUG ((DEBUG_INFO, "SC - 0x%x\n", ECapReg->Bits.SC));
DEBUG ((DEBUG_INFO, "IRO- 0x%x\n", ECapReg->Bits.IRO));
DEBUG ((DEBUG_INFO, "MHMV - 0x%x\n", ECapReg->Bits.MHMV));
- DEBUG ((DEBUG_INFO, "ECS- 0x%x\n", ECapReg->Bits.ECS));
DEBUG ((DEBUG_INFO, "MTS- 0x%x\n", ECapReg->Bits.MTS));
DEBUG ((DEBUG_INFO, "NEST - 0x%x\n", ECapReg->Bits.NEST));
- DEBUG ((DEBUG_INFO, "DIS- 0x%x\n", ECapReg->Bits.DIS));
DEBUG ((DEBUG_INFO, "PASID - 0x%x\n", ECapReg->Bits.PASID));
DEBUG ((DEBUG_INFO, "PRS- 0x%x\n", ECapReg->Bits.PRS));
DEBUG ((DEBUG_INFO, "ERS- 0x%x\n", ECapReg->Bits.ERS));
@@ -642,6 +640,7 @@ DumpVtdECapRegs (
DEBUG ((DEBUG_INFO, "NWFS - 0x%x\n", ECapReg->Bits.NWFS));
DEBUG ((DEBUG_INFO, "EAFS - 0x%x\n", ECapReg->Bits.EAFS));
DEBUG ((DEBUG_INFO, "PSS- 0x%x\n", ECapReg->Bits.PSS));
+ DEBUG ((DEBUG_INFO, "ADMS - 0x%x\n", ECapReg->Bits.ADMS));
}
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/TranslationTable.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/TranslationTable.c
index 6676b2a9..a309d566 100644
---
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/TranslationTable.c
+++
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/TranslationTable.c
@@ -884,13 +884,26 @@ SetupTranslationTable (
return Status;
}
-if (VtdUnitInfo->ECapReg.Bits.ECS) {
- DEBUG ((DEBUG_INFO, "CreateExtContextEntry - %d\n", Index));
- Status = CreateExtContextEntry (VtdUnitInfo);
+if (VtdUnitInfo->ECapReg.Bits.SMTS) {
+ if (VtdUnitInfo->ECapReg.Bits.DEP_24) {
+DEBUG ((DEBUG_ERROR,"ECapReg.bit24 is not zero\n"));
+ASSERT(FALSE);
+Status = EFI_UNSUPPORTED;
+ } else {
+Status = CreateExtContextEntry (VtdUnitInfo);
+ }
} else {
- DEBUG ((DEBUG_INFO, "CreateContextEntry - %d\n", Index));
- Status = CreateContextEntry (VtdUnitInfo);
+ if (VtdUnitInfo->ECapReg.Bits.DEP_24) {
+//
+// To compatible with pervious VTd engine
+// It was ECS(Extended Context Support) bit.
+//
+Status = CreateExtContextEntry (VtdUnitInfo);
+ } else {
+Status = CreateContextEntry (VtdUnitInfo);
+ }
}
+
if (EFI_ERROR (Status)) {
return Status;
}
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
index ca5f65a8..48e38d56 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/TranslationTable.c
@@ -382,11 +382,27 @@ SetupTranslationTable (
for (Index = 0; Index < mVtdUnitNumber; Index++) {
DEBUG((DEBUG_INFO, "CreateContextEntry - %d\n", Index));
-if (mVtdUnitInformation[Index].ECapReg.Bits.ECS) {
- Status = CreateExtContextEntry (Index);
+
+if (mVtdUnitInformation[Index].ECapReg.Bits.SMTS) {
+ if (mVtdUnitInformation[Index].ECapReg.Bits.DEP_24) {
+DEBUG ((DEBUG_ERROR,"ECapReg.bit24 is not zero\n"));
+ASSERT(FALSE);
+Status = EFI_UNSUPPORTED;
+ } else {
+Status = CreateExtContextEntry (Index);
+ }
} else {
- Status = CreateContextEntry (Index);
+ if (mVtdUnitInformation[Index].ECapReg.Bits.DEP_24) {
+//
+// To compatible with pervious VTd engine
+// It was ECS(Extended Context Support) bit.
+//
+Status = CreateExtContextEntry (Index);
+ } else {
+Status = CreateContextEntry (Index);
+ }
[edk2-devel] [PATCH v6 3/4] IntelSiliconPkg/VTd: Support VTd Abort DMA Mode
If VTd ECAP_REG.ADMS bit is set, abort DMA mode is supported.
When VTd Abort DMA Mode is enabled, hardware will abort all DMA
operations without the need to set up a root-table with each
entry marked as not-present.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3766
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
Reviewed-by: Jenny Huang
Signed-off-by: Sheng Wei
---
.../Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c | 43 +-
1 file changed, 26 insertions(+), 17 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
index 87ce9716..63397a1a 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c
@@ -384,7 +384,7 @@ InvalidateIOTLB (
Enable DMAR translation inpre-mem phase.
@param[in] VtdUnitBaseAddress The base address of the VTd engine.
- @param[in] RootEntryTable The address of the VTd RootEntryTable.
+ @param[in] RtaddrRegValue The value of RTADDR_REG.
@retval EFI_SUCCESS DMAR translation is enabled.
@retval EFI_DEVICE_ERRORDMAR translation is not enabled.
@@ -392,15 +392,15 @@ InvalidateIOTLB (
EFI_STATUS
EnableDmarPreMem (
IN UINTNVtdUnitBaseAddress,
- IN UINTNRootEntryTable
+ IN UINTNRtaddrRegValue
)
{
UINT32 Reg32;
DEBUG ((DEBUG_INFO, ">>>>>>EnableDmarPreMem() for engine [%x] \n",
VtdUnitBaseAddress));
- DEBUG ((DEBUG_INFO, "RootEntryTable 0x%x \n", RootEntryTable));
- MmioWrite64 (VtdUnitBaseAddress + R_RTADDR_REG, (UINT64) (UINTN)
RootEntryTable);
+ DEBUG ((DEBUG_INFO, "RTADDR_REG : 0x%x \n", RtaddrRegValue));
+ MmioWrite64 (VtdUnitBaseAddress + R_RTADDR_REG, (UINT64) RtaddrRegValue);
Reg32 = MmioRead32 (VtdUnitBaseAddress + R_GSTS_REG);
MmioWrite32 (VtdUnitBaseAddress + R_GCMD_REG, Reg32 | B_GMCD_REG_SRTP);
@@ -662,18 +662,6 @@ EnableVTdTranslationProtectionAll (
DEBUG ((DEBUG_INFO, "EnableVTdTranslationProtectionAll - 0x%lx\n",
EngineMask));
- Status = PeiServicesLocatePpi (
- &gEdkiiVTdNullRootEntryTableGuid,
- 0,
- NULL,
- (VOID **)&RootEntryTable
- );
- if (EFI_ERROR(Status)) {
-DEBUG ((DEBUG_ERROR, "Locate Null Root Entry Table Ppi Failed : %r\n",
Status));
-ASSERT (FALSE);
-return;
- }
-
for (Index = 0; Index < VTdInfo->VTdEngineCount; Index++) {
if ((EngineMask & LShiftU64(1, Index)) == 0) {
continue;
@@ -686,7 +674,28 @@ EnableVTdTranslationProtectionAll (
VTdInfo->VtdUnitInfo[Index].ECapReg.Uint64 = MmioRead64
(VTdInfo->VtdUnitInfo[Index].VtdUnitBaseAddress + R_ECAP_REG);
DumpVtdECapRegs (&VTdInfo->VtdUnitInfo[Index].ECapReg);
-EnableDmarPreMem (VTdInfo->VtdUnitInfo[Index].VtdUnitBaseAddress, (UINTN)
*RootEntryTable);
+if (VTdInfo->VtdUnitInfo[Index].ECapReg.Bits.ADMS == 1) {
+ //
+ // Use Abort DMA Mode
+ //
+ Status = EnableDmarPreMem
(VTdInfo->VtdUnitInfo[Index].VtdUnitBaseAddress, V_RTADDR_REG_TTM_ADM);
+} else {
+ //
+ // Use Null Root Entry Table
+ //
+ Status = PeiServicesLocatePpi (
+ &gEdkiiVTdNullRootEntryTableGuid,
+ 0,
+ NULL,
+ (VOID **)&RootEntryTable
+ );
+ if (EFI_ERROR(Status)) {
+DEBUG ((DEBUG_ERROR, "Locate Null Root Entry Table Ppi Failed : %r\n",
Status));
+ASSERT (FALSE);
+return;
+ }
+ EnableDmarPreMem (VTdInfo->VtdUnitInfo[Index].VtdUnitBaseAddress,
(UINTN) *RootEntryTable);
+}
}
return;
--
2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#86009): https://edk2.groups.io/g/devel/message/86009
Mute This Topic: https://groups.io/mt/88639520/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH v6 1/4] IntelSiliconPkg/VTd: Fix typos
It is DRHD(DMA Remapping Hardware Unit Definition).
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3622
Cc: Ray Ni
Cc: Rangasai V Chaganty
Cc: Jenny Huang
Cc: Robert Kowalewski
Reviewed-by: Jenny Huang
Reviewed-by: Robert Kowalewski
Signed-off-by: Sheng Wei
---
.../IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/DmarTable.c | 12 ++--
.../IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c | 12 ++--
.../IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/DmarTable.c | 6 +++---
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/DmarTable.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/DmarTable.c
index 2154690d..e9c99d0a 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/DmarTable.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDmarPei/DmarTable.c
@@ -539,14 +539,14 @@ RegisterPciDevice (
}
/**
- Process DMAR DHRD table.
+ Process DMAR DRHD table.
@param[in] VTdUnitInfo The VTd engine unit information.
@param[in] DmarDrhd The DRHD table.
**/
VOID
-ProcessDhrd (
+ProcessDrhd (
IN VTD_UNIT_INFO *VTdUnitInfo,
IN EFI_ACPI_DMAR_DRHD_HEADER *DmarDrhd
)
@@ -581,10 +581,10 @@ ProcessDhrd (
if ((DmarDrhd->Flags & EFI_ACPI_DMAR_DRHD_FLAGS_INCLUDE_PCI_ALL) != 0) {
VTdUnitInfo->PciDeviceInfo.IncludeAllFlag = TRUE;
-DEBUG ((DEBUG_INFO," ProcessDhrd: with INCLUDE ALL\n"));
+DEBUG ((DEBUG_INFO," ProcessDrhd: with INCLUDE ALL\n"));
} else {
VTdUnitInfo->PciDeviceInfo.IncludeAllFlag = FALSE;
-DEBUG ((DEBUG_INFO," ProcessDhrd: without INCLUDE ALL\n"));
+DEBUG ((DEBUG_INFO," ProcessDrhd: without INCLUDE ALL\n"));
}
VTdUnitInfo->PciDeviceInfo.PciDeviceDataNumber = 0;
@@ -600,7 +600,7 @@ ProcessDhrd (
return;
}
-DEBUG ((DEBUG_INFO," ProcessDhrd: "));
+DEBUG ((DEBUG_INFO," ProcessDrhd: "));
switch (DmarDevScopeEntry->Type) {
case EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_ENDPOINT:
DEBUG ((DEBUG_INFO,"PCI Endpoint"));
@@ -708,7 +708,7 @@ ParseDmarAcpiTableDrhd (
switch (DmarHeader->Type) {
case EFI_ACPI_DMAR_TYPE_DRHD:
ASSERT (VtdIndex < VtdUnitNumber);
- ProcessDhrd (&VTdInfo->VtdUnitInfo[VtdIndex], (EFI_ACPI_DMAR_DRHD_HEADER
*) DmarHeader);
+ ProcessDrhd (&VTdInfo->VtdUnitInfo[VtdIndex], (EFI_ACPI_DMAR_DRHD_HEADER
*) DmarHeader);
VtdIndex++;
break;
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
index 1ee290b7..75fbd53e 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdDxe/DmarAcpiTable.c
@@ -662,7 +662,7 @@ GetPciBusDeviceFunction (
}
/**
- Process DMAR DHRD table.
+ Process DMAR DRHD table.
@param[in] VtdIndex The index of VTd engine.
@param[in] DmarDrhd The DRHD table.
@@ -670,7 +670,7 @@ GetPciBusDeviceFunction (
@retval EFI_SUCCESS The DRHD table is processed.
**/
EFI_STATUS
-ProcessDhrd (
+ProcessDrhd (
IN UINTN VtdIndex,
IN EFI_ACPI_DMAR_DRHD_HEADER *DmarDrhd
)
@@ -690,7 +690,7 @@ ProcessDhrd (
if ((DmarDrhd->Flags & EFI_ACPI_DMAR_DRHD_FLAGS_INCLUDE_PCI_ALL) != 0) {
mVtdUnitInformation[VtdIndex].PciDeviceInfo.IncludeAllFlag = TRUE;
-DEBUG ((DEBUG_INFO," ProcessDhrd: with INCLUDE ALL\n"));
+DEBUG ((DEBUG_INFO," ProcessDrhd: with INCLUDE ALL\n"));
Status = ScanAllPciBus((VOID *)VtdIndex, DmarDrhd->SegmentNumber,
ScanBusCallbackRegisterPciDevice);
if (EFI_ERROR (Status)) {
@@ -698,7 +698,7 @@ ProcessDhrd (
}
} else {
mVtdUnitInformation[VtdIndex].PciDeviceInfo.IncludeAllFlag = FALSE;
-DEBUG ((DEBUG_INFO," ProcessDhrd: without INCLUDE ALL\n"));
+DEBUG ((DEBUG_INFO," ProcessDrhd: without INCLUDE ALL\n"));
}
DmarDevScopeEntry = (EFI_ACPI_DMAR_DEVICE_SCOPE_STRUCTURE_HEADER
*)((UINTN)(DmarDrhd + 1));
@@ -709,7 +709,7 @@ ProcessDhrd (
return Status;
}
-DEBUG ((DEBUG_INFO," ProcessDhrd: "));
+DEBUG ((DEBUG_INFO," ProcessDrhd: "));
switch (DmarDevScopeEntry->Type) {
case EFI_ACPI_DEVICE_SCOPE_ENTRY_TYPE_PCI_ENDPOINT:
DEBUG ((DEBUG_INFO,"PCI Endpoint"));
@@ -877,7 +877,7 @@ ParseDmarAcpiTableDrhd (
switch (DmarHeader->Type) {
case EFI_ACPI_DMAR_TYPE_DRHD:
ASSERT (VtdIndex < mVtdUnitNumber);
- Status = ProcessDhrd (VtdIndex, (EFI_ACPI_DMAR_DRHD_HEADER *)DmarHeader);
+ Status = ProcessDrhd (VtdIndex, (EFI_ACPI_DMAR_DRHD_HEADER *)DmarHeader);
if (EFI_ERROR (Status)) {
return Status;
}
diff --git
a/Silicon/In
[edk2-devel] [PATCH v6 0/4] There are 4 patches for VTd drivers
[PATCH 1/4] IntelSiliconPkg/VTd: Fix typos [PATCH 2/4] IntelSiliconPkg/VTd: Update VTd register structs [PATCH 3/4] IntelSiliconPkg/VTd: Support VTd Abort DMA Mode [PATCH 4/4] IntelSiliconPkg/VTd: Only generate PEI DMA buffer once. Patch v2 update: Fix build error in [PATCH 2/4] and [PATCH 4/4] Patch v3 update: Refine code for PEI 64 bit build compatible. Change the condition for using Register-based Invalidation. Patch v4 update: [PATCH 4/4] Remove unused code. [PATCH 4/4] Refine comments and vriable name. [PATCH 4/4] Add empty pointer check. Patch v5 update: [PATCH 2/4] Add debug log Patch v6 update: [PATCH 4/4] Some basic code refine [PATCH 4/4] Use a fixed MAX VTdUnitInfo Table size. Cc: Ray Ni Cc: Rangasai V Chaganty Cc: Jenny Huang Cc: Robert Kowalewski Signed-off-by: Sheng Wei Sheng Wei (4): IntelSiliconPkg/VTd: Fix typos IntelSiliconPkg/VTd: Update VTd register structs IntelSiliconPkg/VTd: Support VTd Abort DMA Mode IntelSiliconPkg/VTd: Only generate PEI DMA buffer once. .../Feature/VTd/IntelVTdDmarPei/DmarTable.c| 545 + .../Feature/VTd/IntelVTdDmarPei/IntelVTdDmar.c | 438 - .../Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.c | 481 ++ .../Feature/VTd/IntelVTdDmarPei/IntelVTdDmarPei.h | 119 ++--- .../Feature/VTd/IntelVTdDmarPei/TranslationTable.c | 215 ++-- .../Feature/VTd/IntelVTdDxe/DmarAcpiTable.c| 12 +- .../Feature/VTd/IntelVTdDxe/TranslationTable.c | 22 +- .../Feature/VTd/IntelVTdDxe/VtdReg.c | 7 +- .../Feature/VTd/IntelVTdPmrPei/DmarTable.c | 6 +- .../IntelSiliconPkg/Include/IndustryStandard/Vtd.h | 34 +- 10 files changed, 623 insertions(+), 1256 deletions(-) -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86006): https://edk2.groups.io/g/devel/message/86006 Mute This Topic: https://groups.io/mt/88639516/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
