Re: [edk2] [PATCH v4 14/41] OvmfPkg: LockBox: use SMM stack with -D SMM_REQUIRE
On 11/20/15 07:02, Jordan Justen wrote: > Reviewed-by: Jordan Justen Thank you! But, I think you reviewed this one earlier: http://thread.gmane.org/gmane.comp.bios.edk2.devel/3788/focus=4205 In that message, you wrote: With those move into a new patch, or into patch 14 13-14 Reviewed-by: Jordan Justen intel.com> and patch 14 is exactly this one. (I complied with your suggestion for v5.) (This is why I prefer to give my R-b explicitly for each patch in separation. It means more emails but is clearer down the road.) Thanks again! Laszlo > > On 2015-11-03 13:00:50, Laszlo Ersek wrote: >> During DXE, drivers save data in the LockBox. A save operation is layered >> as follows: >> >> - The unprivileged driver wishing to store data in the LockBox links >> against the "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf" >> library instance. >> >> The library allows the unprivileged driver to format requests for the >> privileged SMM LockBox driver (see below), and to parse responses. >> >> We apply this resolution for DXE_DRIVER modules. >> >> - The privileged SMM LockBox driver is built from >> "MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf". This driver >> has module type DXE_SMM_DRIVER and can access SMRAM. >> >> The driver delegates command parsing and response formatting to >> "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf". >> >> Therefore we include this DXE_SMM_DRIVER in the build, and apply said >> resolution specifically to it. >> >> (Including the driver requires us to resolve a few of other library >> classes for DXE_SMM_DRIVER modules.) >> >> - In PEI, the S3 Resume PEIM (UefiCpuPkg/Universal/Acpi/S3Resume2Pei) >> retrieves data from the LockBox. It is capable of searching SMRAM >> itself. >> >> We resolve LockBoxLib to >> "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf" specifically >> for this one PEIM. >> >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Laszlo Ersek >> --- >> OvmfPkg/OvmfPkgIa32.dsc| 16 >> OvmfPkg/OvmfPkgIa32X64.dsc | 16 >> OvmfPkg/OvmfPkgX64.dsc | 16 >> OvmfPkg/OvmfPkgIa32.fdf| 1 + >> OvmfPkg/OvmfPkgIa32X64.fdf | 1 + >> OvmfPkg/OvmfPkgX64.fdf | 1 + >> 6 files changed, 51 insertions(+) >> >> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc >> index 6cfd58e..a19d4e2 100644 >> --- a/OvmfPkg/OvmfPkgIa32.dsc >> +++ b/OvmfPkg/OvmfPkgIa32.dsc >> @@ -106,7 +106,9 @@ [LibraryClasses] >>QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf >>VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf >>LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf >> +!if $(SMM_REQUIRE) == FALSE >>LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf >> +!endif >> >> CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf >> >> !ifdef $(SOURCE_DEBUG_ENABLE) >> @@ -272,7 +274,11 @@ [LibraryClasses.common.DXE_DRIVER] >>DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf >>PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf >> >> CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf >> +!if $(SMM_REQUIRE) == TRUE >> + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf >> +!else >>LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf >> +!endif >> !ifdef $(SOURCE_DEBUG_ENABLE) >>DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf >> !endif >> @@ -292,6 +298,9 @@ [LibraryClasses.common.UEFI_APPLICATION] >> [LibraryClasses.common.DXE_SMM_DRIVER] >>PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf >>TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf >> + >> MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf >> + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf >> + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf >> >> SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf >> !ifdef $(DEBUG_ON_SERIAL_PORT) >>DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf >> @@ -461,6 +470,9 @@ [Components] >>UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf { >> >>PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf >> +!if $(SMM_REQUIRE) == TRUE >> + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf >> +!endif >>} >> !if $(SMM_REQUIRE) == TRUE >>OvmfPkg/SmmAccess/SmmAccessPei.inf { >> @@ -708,4 +720,8 @@ [Components] >># Privileged drivers (DXE_SMM_DRIVER modules) >># >>UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf >> + MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf { >> + >> + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf >> + } >> !endif >> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc >> index 6679e8a..d177154 100644 >> -
Re: [edk2] [PATCH v4 14/41] OvmfPkg: LockBox: use SMM stack with -D SMM_REQUIRE
Reviewed-by: Jordan Justen On 2015-11-03 13:00:50, Laszlo Ersek wrote: > During DXE, drivers save data in the LockBox. A save operation is layered > as follows: > > - The unprivileged driver wishing to store data in the LockBox links > against the "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf" > library instance. > > The library allows the unprivileged driver to format requests for the > privileged SMM LockBox driver (see below), and to parse responses. > > We apply this resolution for DXE_DRIVER modules. > > - The privileged SMM LockBox driver is built from > "MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf". This driver > has module type DXE_SMM_DRIVER and can access SMRAM. > > The driver delegates command parsing and response formatting to > "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf". > > Therefore we include this DXE_SMM_DRIVER in the build, and apply said > resolution specifically to it. > > (Including the driver requires us to resolve a few of other library > classes for DXE_SMM_DRIVER modules.) > > - In PEI, the S3 Resume PEIM (UefiCpuPkg/Universal/Acpi/S3Resume2Pei) > retrieves data from the LockBox. It is capable of searching SMRAM > itself. > > We resolve LockBoxLib to > "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf" specifically > for this one PEIM. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Laszlo Ersek > --- > OvmfPkg/OvmfPkgIa32.dsc| 16 > OvmfPkg/OvmfPkgIa32X64.dsc | 16 > OvmfPkg/OvmfPkgX64.dsc | 16 > OvmfPkg/OvmfPkgIa32.fdf| 1 + > OvmfPkg/OvmfPkgIa32X64.fdf | 1 + > OvmfPkg/OvmfPkgX64.fdf | 1 + > 6 files changed, 51 insertions(+) > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index 6cfd58e..a19d4e2 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -106,7 +106,9 @@ [LibraryClasses] >QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf >VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf >LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf > +!if $(SMM_REQUIRE) == FALSE >LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf > +!endif > > CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf > > !ifdef $(SOURCE_DEBUG_ENABLE) > @@ -272,7 +274,11 @@ [LibraryClasses.common.DXE_DRIVER] >DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf >PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf > > CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf > +!if $(SMM_REQUIRE) == TRUE > + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf > +!else >LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf > +!endif > !ifdef $(SOURCE_DEBUG_ENABLE) >DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf > !endif > @@ -292,6 +298,9 @@ [LibraryClasses.common.UEFI_APPLICATION] > [LibraryClasses.common.DXE_SMM_DRIVER] >PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf >TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf > + > MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf > + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf > > SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf > !ifdef $(DEBUG_ON_SERIAL_PORT) >DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf > @@ -461,6 +470,9 @@ [Components] >UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf { > >PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf > +!if $(SMM_REQUIRE) == TRUE > + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf > +!endif >} > !if $(SMM_REQUIRE) == TRUE >OvmfPkg/SmmAccess/SmmAccessPei.inf { > @@ -708,4 +720,8 @@ [Components] ># Privileged drivers (DXE_SMM_DRIVER modules) ># >UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf > + MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf { > + > + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf > + } > !endif > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 6679e8a..d177154 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -111,7 +111,9 @@ [LibraryClasses] >QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf >VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf >LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf > +!if $(SMM_REQUIRE) == FALSE >LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf > +!endif > > CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf > > !ifdef $(SOURCE_DEBUG_ENABLE) > @@ -277,7 +279,11 @@ [LibraryClasses.common.DXE_DRIVER] >DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpc
[edk2] [PATCH v4 14/41] OvmfPkg: LockBox: use SMM stack with -D SMM_REQUIRE
During DXE, drivers save data in the LockBox. A save operation is layered as follows: - The unprivileged driver wishing to store data in the LockBox links against the "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf" library instance. The library allows the unprivileged driver to format requests for the privileged SMM LockBox driver (see below), and to parse responses. We apply this resolution for DXE_DRIVER modules. - The privileged SMM LockBox driver is built from "MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf". This driver has module type DXE_SMM_DRIVER and can access SMRAM. The driver delegates command parsing and response formatting to "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf". Therefore we include this DXE_SMM_DRIVER in the build, and apply said resolution specifically to it. (Including the driver requires us to resolve a few of other library classes for DXE_SMM_DRIVER modules.) - In PEI, the S3 Resume PEIM (UefiCpuPkg/Universal/Acpi/S3Resume2Pei) retrieves data from the LockBox. It is capable of searching SMRAM itself. We resolve LockBoxLib to "MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf" specifically for this one PEIM. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek --- OvmfPkg/OvmfPkgIa32.dsc| 16 OvmfPkg/OvmfPkgIa32X64.dsc | 16 OvmfPkg/OvmfPkgX64.dsc | 16 OvmfPkg/OvmfPkgIa32.fdf| 1 + OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.fdf | 1 + 6 files changed, 51 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 6cfd58e..a19d4e2 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -106,7 +106,9 @@ [LibraryClasses] QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf +!if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf +!endif CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf !ifdef $(SOURCE_DEBUG_ENABLE) @@ -272,7 +274,11 @@ [LibraryClasses.common.DXE_DRIVER] DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf +!if $(SMM_REQUIRE) == TRUE + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf +!else LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf +!endif !ifdef $(SOURCE_DEBUG_ENABLE) DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf !endif @@ -292,6 +298,9 @@ [LibraryClasses.common.UEFI_APPLICATION] [LibraryClasses.common.DXE_SMM_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf !ifdef $(DEBUG_ON_SERIAL_PORT) DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf @@ -461,6 +470,9 @@ [Components] UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf { PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf +!if $(SMM_REQUIRE) == TRUE + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf +!endif } !if $(SMM_REQUIRE) == TRUE OvmfPkg/SmmAccess/SmmAccessPei.inf { @@ -708,4 +720,8 @@ [Components] # Privileged drivers (DXE_SMM_DRIVER modules) # UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf + MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf { + + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf + } !endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 6679e8a..d177154 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -111,7 +111,9 @@ [LibraryClasses] QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf +!if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf +!endif CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf !ifdef $(SOURCE_DEBUG_ENABLE) @@ -277,7 +279,11 @@ [LibraryClasses.common.DXE_DRIVER] DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf PlatformBdsLib|OvmfPkg/Library/PlatformBdsLib/PlatformBdsLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf +!if $(SMM_REQUIRE) == TRUE + LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf +!else LockBoxLib|OvmfPkg/Library/Loc