Re: [edk2-devel] [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
Reviewed-by: Sai Chaganty
-Original Message-
From: Sheng, W
Sent: Sunday, August 30, 2020 11:38 PM
To: devel@edk2.groups.io
Cc: Ni, Ray ; Chaganty, Rangasai V
Subject: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling
setting confilct
PMR enabling set by pre-boot DMA protection is cleared by RC when boot guard is
enabled. Pre-boot DMA protection should only reset VT-d BAR when it is 0 and
reset PMR region when it is not programmed to protect all memory address.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
Change-Id: Ic5370f474a43a94903871782ace5cce186b4ddc0
Cc: Ray Ni
Cc: Rangasai V Chaganty
Signed-off-by: Sheng Wei
---
.../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c| 14 +++
.../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h| 15 +++
.../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf | 1 +
.../Feature/VTd/IntelVTdPmrPei/VtdReg.c| 47 ++
4 files changed, 77 insertions(+)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
index ea944aa4..31a14f28 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdP
+++ mrPei.c
@@ -745,7 +745,21 @@ VTdInfoNotify (
// Protect all system memory
//
InitVTdInfo ();
+
+Hob = GetFirstGuidHob ();
+VTdInfo = GET_GUID_HOB_DATA(Hob);
+
+//
+// NOTE: We need check if PMR is enabled or not.
+//
+EnabledEngineMask = GetDmaProtectionEnabledEngineMask (VTdInfo,
VTdInfo->EngineMask);
+if (EnabledEngineMask != 0) {
+ Status = PreMemoryEnableVTdTranslationProtection (VTdInfo,
EnabledEngineMask);
+}
InitVTdPmrForAll ();
+if (((EnabledEngineMask != 0) && (!EFI_ERROR (Status {
+ DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
+}
//
// Install PPI.
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
index 58e6afad..ffed2c5b 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdP
+++ mrPei.h
@@ -97,6 +97,21 @@ GetHighMemoryAlignment (
IN UINT64EngineMask
);
+/**
+ Enable VTd translation table protection in pre-memory phase.
+
+ @param VTdInfoThe VTd engine context information.
+ @param EngineMask The mask of the VTd engine to be accessed.
+
+ @retval EFI_SUCCESS DMAR translation protection is enabled.
+ @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+ IN VTD_INFO *VTdInfo,
+ IN UINT64EngineMask
+ );
+
/**
Enable VTd translation table protection.
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
index 3eb2b510..1e613ddd 100644
---
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdP
+++ mrPei.inf
@@ -48,6 +48,7 @@
gEdkiiVTdInfoPpiGuid## CONSUMES
gEfiPeiMemoryDiscoveredPpiGuid ## CONSUMES
gEfiEndOfPeiSignalPpiGuid ## CONSUMES
+ gEdkiiVTdNullRootEntryTableGuid ## PRODUCES
[Pcd]
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask ## CONSUMES
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
index c9669426..2e252fe5 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
@@ -13,8 +13,10 @@
#include
#include #include
+#include
#include
#include
+#include
#include "IntelVTdPmrPei.h"
@@ -246,6 +248,51 @@ DisableDmar (
return EFI_SUCCESS;
}
+/**
+ Enable VTd translation table protection in pre-memory phase.
+
+ @param VTdInfoThe VTd engine context information.
+ @param EngineMask The mask of the VTd engine to be accessed.
+
+ @retval EFI_SUCCESS DMAR translation protection is enabled.
+ @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+ IN VTD_INFO *VTdInfo,
+ IN UINT64EngineMask
+ )
+{
+ EFI_STATUSStatus;
+ UINTN Index;
+ EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI *RootEntryTable;
+
+ DEBUG ((DEBUG_INFO, "PreMemoryEnableVTdTranslationProtection -
+ 0x%lx\n", EngineMask));
+
+ Status = PeiServicesLocatePpi (
+ ,
+ 0,
+
Re: [edk2-devel] [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
Reviewed-by: Ray Ni
> -Original Message-
> From: Sheng, W
> Sent: Monday, August 31, 2020 2:38 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray ; Chaganty, Rangasai V
>
> Subject: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling
> setting confilct
>
> PMR enabling set by pre-boot DMA protection is cleared by RC
> when boot guard is enabled. Pre-boot DMA protection should only
> reset VT-d BAR when it is 0 and reset PMR region when it is
> not programmed to protect all memory address.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
>
> Change-Id: Ic5370f474a43a94903871782ace5cce186b4ddc0
> Cc: Ray Ni
> Cc: Rangasai V Chaganty
> Signed-off-by: Sheng Wei
> ---
> .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c| 14 +++
> .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h| 15 +++
> .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf | 1 +
> .../Feature/VTd/IntelVTdPmrPei/VtdReg.c| 47
> ++
> 4 files changed, 77 insertions(+)
>
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> index ea944aa4..31a14f28 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> +++
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> @@ -745,7 +745,21 @@ VTdInfoNotify (
> // Protect all system memory
> //
> InitVTdInfo ();
> +
> +Hob = GetFirstGuidHob ();
> +VTdInfo = GET_GUID_HOB_DATA(Hob);
> +
> +//
> +// NOTE: We need check if PMR is enabled or not.
> +//
> +EnabledEngineMask = GetDmaProtectionEnabledEngineMask (VTdInfo,
> VTdInfo->EngineMask);
> +if (EnabledEngineMask != 0) {
> + Status = PreMemoryEnableVTdTranslationProtection (VTdInfo,
> EnabledEngineMask);
> +}
> InitVTdPmrForAll ();
> +if (((EnabledEngineMask != 0) && (!EFI_ERROR (Status {
> + DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
> +}
>
> //
> // Install PPI.
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> index 58e6afad..ffed2c5b 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> +++
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> @@ -97,6 +97,21 @@ GetHighMemoryAlignment (
>IN UINT64EngineMask
>);
>
> +/**
> + Enable VTd translation table protection in pre-memory phase.
> +
> + @param VTdInfoThe VTd engine context information.
> + @param EngineMask The mask of the VTd engine to be accessed.
> +
> + @retval EFI_SUCCESS DMAR translation protection is enabled.
> + @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
> +**/
> +EFI_STATUS
> +PreMemoryEnableVTdTranslationProtection (
> + IN VTD_INFO *VTdInfo,
> + IN UINT64EngineMask
> + );
> +
> /**
>Enable VTd translation table protection.
>
> diff --git
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> index 3eb2b510..1e613ddd 100644
> ---
> a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> +++
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> @@ -48,6 +48,7 @@
>gEdkiiVTdInfoPpiGuid## CONSUMES
>gEfiPeiMemoryDiscoveredPpiGuid ## CONSUMES
>gEfiEndOfPeiSignalPpiGuid ## CONSUMES
> + gEdkiiVTdNullRootEntryTableGuid ## PRODUCES
>
> [Pcd]
>gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask ## CONSUMES
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> index c9669426..2e252fe5 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> @@ -13,8 +13,10 @@
> #include
> #include
> #include
> +#include
> #include
> #include
> +#include
>
> #include "IntelVTdPmrPei.h"
>
> @@ -246,6 +248,51 @@ DisableDmar (
>return EFI_SUCCESS;
> }
>
> +/**
> + Enable VTd translation table protection in pre-memory phase.
> +
> + @param VTdInfoThe VTd engine context information.
> + @param EngineMask The mask of the VTd engine to be accessed.
> +
> + @retval EFI_SUCCESS DMAR translation protection is enabled.
> + @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
> +**/
> +EFI_STATUS
> +PreMemoryEnableVTdTranslationProtection (
> + IN VTD_INFO *VTdInfo,
> + IN UINT64EngineMask
> + )
> +{
> + EFI_STATUSStatus;
> + UINTN
[edk2-devel] [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
PMR enabling set by pre-boot DMA protection is cleared by RC
when boot guard is enabled. Pre-boot DMA protection should only
reset VT-d BAR when it is 0 and reset PMR region when it is
not programmed to protect all memory address.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
Change-Id: Ic5370f474a43a94903871782ace5cce186b4ddc0
Cc: Ray Ni
Cc: Rangasai V Chaganty
Signed-off-by: Sheng Wei
---
.../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c| 14 +++
.../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h| 15 +++
.../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf | 1 +
.../Feature/VTd/IntelVTdPmrPei/VtdReg.c| 47 ++
4 files changed, 77 insertions(+)
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
index ea944aa4..31a14f28 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
@@ -745,7 +745,21 @@ VTdInfoNotify (
// Protect all system memory
//
InitVTdInfo ();
+
+Hob = GetFirstGuidHob ();
+VTdInfo = GET_GUID_HOB_DATA(Hob);
+
+//
+// NOTE: We need check if PMR is enabled or not.
+//
+EnabledEngineMask = GetDmaProtectionEnabledEngineMask (VTdInfo,
VTdInfo->EngineMask);
+if (EnabledEngineMask != 0) {
+ Status = PreMemoryEnableVTdTranslationProtection (VTdInfo,
EnabledEngineMask);
+}
InitVTdPmrForAll ();
+if (((EnabledEngineMask != 0) && (!EFI_ERROR (Status {
+ DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
+}
//
// Install PPI.
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
index 58e6afad..ffed2c5b 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
@@ -97,6 +97,21 @@ GetHighMemoryAlignment (
IN UINT64EngineMask
);
+/**
+ Enable VTd translation table protection in pre-memory phase.
+
+ @param VTdInfoThe VTd engine context information.
+ @param EngineMask The mask of the VTd engine to be accessed.
+
+ @retval EFI_SUCCESS DMAR translation protection is enabled.
+ @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+ IN VTD_INFO *VTdInfo,
+ IN UINT64EngineMask
+ );
+
/**
Enable VTd translation table protection.
diff --git
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
index 3eb2b510..1e613ddd 100644
---
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
+++
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
@@ -48,6 +48,7 @@
gEdkiiVTdInfoPpiGuid## CONSUMES
gEfiPeiMemoryDiscoveredPpiGuid ## CONSUMES
gEfiEndOfPeiSignalPpiGuid ## CONSUMES
+ gEdkiiVTdNullRootEntryTableGuid ## PRODUCES
[Pcd]
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask ## CONSUMES
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
index c9669426..2e252fe5 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
@@ -13,8 +13,10 @@
#include
#include
#include
+#include
#include
#include
+#include
#include "IntelVTdPmrPei.h"
@@ -246,6 +248,51 @@ DisableDmar (
return EFI_SUCCESS;
}
+/**
+ Enable VTd translation table protection in pre-memory phase.
+
+ @param VTdInfoThe VTd engine context information.
+ @param EngineMask The mask of the VTd engine to be accessed.
+
+ @retval EFI_SUCCESS DMAR translation protection is enabled.
+ @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+ IN VTD_INFO *VTdInfo,
+ IN UINT64EngineMask
+ )
+{
+ EFI_STATUSStatus;
+ UINTN Index;
+ EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI *RootEntryTable;
+
+ DEBUG ((DEBUG_INFO, "PreMemoryEnableVTdTranslationProtection - 0x%lx\n",
EngineMask));
+
+ Status = PeiServicesLocatePpi (
+ ,
+ 0,
+ NULL,
+ (VOID **)
+ );
+
+ if (EFI_ERROR(Status)) {
+DEBUG((DEBUG_ERROR, "Locate NullRootEntryTable Ppi : %r\n", Status));
+return EFI_UNSUPPORTED;
+ }
+
+ DEBUG ((DEBUG_INFO, "NullRootEntryTable - 0x%lx\n", *RootEntryTable));
+
+ for (Index =
