Signed-off-by: Nate DeSimone
Cc: Chasel Chiu
Cc: Michael D Kinney
Cc: Isaac Oram
Cc: Mohamed Abbas
Cc: Liming Gao
Cc: Eric Dong
Cc: Michael Kubacki
---
Maintainers.txt | 4
1 file changed, 4 insertions(+)
diff --git a/Maintainers.txt b/Maintainers.txt
index fb4c4a3..d5865ba 100644
Add WhitleySiliconBinPkg and microcode for 3rd
Generation Intel(R) Xeon(R) Scalable processors
formerly known as Cooper Lake.
Signed-off-by: Nate DeSimone
Cc: Chasel Chiu
Cc: Michael D Kinney
Cc: Isaac Oram
Cc: Mohamed Abbas
Cc: Liming Gao
Cc: Eric Dong
Cc: Michael Kubacki
---
Reviewed-by: Daniel Schaefer
From: devel@edk2.groups.io on behalf of Abner Chang
Sent: Thursday, July 1, 2021 11:50
To: devel@edk2.groups.io ; g...@semihalf.com
Cc: l...@nuviainc.com ; ardb+tianoc...@kernel.org
; samer.el-haj-mahm...@arm.com
;
Bob:
This patch is good to me. Reviewed-by: Liming Gao
Have you sent the patch to update DSC spec?
Thanks
Liming
> -邮件原件-
> 发件人: Feng, Bob C
> 发送时间: 2021年7月1日 11:50
> 收件人: devel@edk2.groups.io; Feng, Bob C ; Liming
> Gao ; Chen, Christine
> 抄送: Kinney, Michael D ; Desimone,
Nickle:
You can create personal PR to verify this change first. If it passes CI,
please send the updated patch set.
Thanks
Liming
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Nickle Wang
> 发送时间: 2021年6月30日 21:11
> 收件人: devel@edk2.groups.io; Wang, Nickle (HPS SW)
> ; gaoliming ;
>
Thanks much everyone who attended 2 sessions of TDVF design review meeting
and lots of valuable comments and feedbacks received. These 2 meetings were
recorded and now uploaded to below link:
Session 1:
https://drive.google.com/file/d/100__tNVe5erNzExySq2SJOprvBN7zz8u/view?usp=sharing
Session 2:
Reviewed-by: Abner Chang
> -Original Message-
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Grzegorz Bernacki
> Sent: Wednesday, June 30, 2021 8:34 PM
> To: devel@edk2.groups.io
> Cc: l...@nuviainc.com; ardb+tianoc...@kernel.org; Samer.El-Haj-
>
Hi Liming and Christine,
Do you have any comments on this patch?
Thanks,
Bob
-Original Message-
From: devel@edk2.groups.io On Behalf Of Bob Feng
Sent: Tuesday, June 8, 2021 10:50 AM
To: devel@edk2.groups.io
Cc: Liming Gao ; Chen, Christine
; Kinney, Michael D ;
Desimone, Nathaniel L
Hi all,
So Leif and I have been working on USB Audio but we've run into a snag. We've
encountered a problem -- neither of us knows enough about USB to figure out how
to get the class-specific AC interface descriptors, and those contain vital
information that I need to be able to control the
For non-universal payload, HandoffHobTable is used without initialization.
This patch fixed this failure.
Signed-off-by: Guo Dong
---
UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.c | 3 +--
UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.c | 4 +---
2 files changed, 2
Reviewed-by: isaac.w.o...@intel.com
-Original Message-
From: manickavasakam karpagavinayagam
Sent: Wednesday, June 30, 2021 2:57 PM
To: devel@edk2.groups.io
Cc: Oram, Isaac W ; Desimone, Nathaniel L
; fel...@ami.com; DOPPALAPUDI, HARIKRISHNA
; Jha, Manish ; Bobroff, Zachary
;
Support for LINUX Boot
To enable/disable feature, PcdLinuxBootEnable can be used
1. Follow directions on http://osresearch.net/Building/ to compile the
heads kernel and initrd for qemu-system_x86_64
2. Copy the following built files
(1) initrd.cpio.xz to
On 06/29/21 20:44, Maciej Rabeda wrote:
> Thanks, Laszlo. I really like moving the condition out of 'if' clause in
> IScsiCHAPAuthTarget :)
>
> For the patchset:
> Reviewed-by: Maciej Rabeda
Thank you!
Merged as commit range 3cde0d553d93..bb33c27fbed6, via
Hi Eric, Mike, Ray,
with "master" being at commit 3cde0d553d93, please consider the
CollectBistDataFromPpi() function in "UefiCpuPkg/CpuMpPei/CpuBist.c":
> /**
> Collects BIST data from PPI.
>
> This function collects BIST data from Sec Platform Information2 PPI
> or SEC Platform
Hello!
I was investigating implementation of the PCD database
(https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Include/Guid/PcdDataBaseSignatureGuid.h).
According to my understanding LocalTokenNumber is implemented this way:
```
|31 30 29 28|27 26 25 24|23 22 21 20|19 18 17 16 15 14 13
Hi Ray,
This changes align to DxeCore
edk2\MdeModulePkg\Core\Dxe\Misc\MemoryAttributesTable.c
DxeCore uses VERBOSE error level to print MemoryAttributesTable. So, update
SmmCore to align to DxeCore.
Thanks,
Yang Gang
-Original Message-
From: Ni, Ray
Sent: 2021年6月30日 14:37
To: Yang
Signed-off-by: Yang Gang
Cc: Eric Dong
Cc: Ray Ni
Cc: Liming Gao
---
.../Core/PiSmmCore/MemoryAttributesTable.c| 26 +--
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c
On 06/30/21 14:34, Grzegorz Bernacki wrote:
> The edk2 patch
> SecurityPkg: Create library for setting Secure Boot variables.
>
> removes generic functions from SecureBootConfigDxe and places
> them into SecureBootVariableLib. This patch adds SecureBootVariableLib
> mapping for ArmVirtPkg
On 06/30/21 08:36, Ni, Ray wrote:
> Can you explain why VERBOSE is chosen instead of INFO?
I agree it should be documented in the commit message. One good reason
is if there are many messages, as logging lots of messages is costly (it
slows down booting).
Thanks
Laszlo
>
> Thanks,
> Ray
>
>
On 06/30/21 11:11, Ashish Kalra via groups.io wrote:
> Hello Laszlo,
>
> On Wed, Jun 23, 2021 at 06:49:06PM +0200, Laszlo Ersek wrote:
>> On 06/23/21 18:42, Laszlo Ersek wrote:
>>> On 06/22/21 19:46, Ashish Kalra wrote:
>>
Please find below your reply on v3 of this patch-set :
On Wed, Jun 30, 2021 at 02:34:10PM +0200, Grzegorz Bernacki wrote:
> The edk2 patch
> SecurityPkg: Create library for setting Secure Boot variables.
>
> removes generic functions from SecureBootConfigDxe and places
> them into SecureBootVariableLib. This patch adds SecureBootVariableLib
>
I found two locations:
Silicon\Intel\CoffeelakeSiliconPkg\Cpu\Library\PeiCpuPolicyLib\PeiCpuPolicyLib.c
Silicon\Intel\IntelSiliconPkg\Feature\Flash\SpiFvbService\SpiFvbServiceMm.c
On 6/30/2021 2:45 AM, Ni, Ray wrote:
Ok. I understand your patch just merges the existing PCDs from individual
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3469
The Self Certification Test (SCT) II Case Specification, 2017 requires
in 5.2.1.4.5. that QueryVariableInfo() shall fail for
attributes = EFI_VARIABLE_NON_VOLATILE.
Add EFI_VARIABLE_NON_VOLATILE to tested values in function
Universal Payload will consume Hobs from boot loader.
Dump all hobs in the Universal Payload entry.
Cc: Maurice Ma
Cc: Guo Dong
Cc: Benjamin You
Signed-off-by: Thiyagu Kesavan Balakrishnan
Signed-off-by: Zhiguang Liu
---
UefiPayloadPkg/UefiPayloadEntry/PrintHob.c| 613
Hi Liming,
I got my patch ready. Should I test it by creating PR on Github like
https://github.com/tianocore/edk2/pull/1735? Or I just send out new patch for
review?
Thanks,
Nickle
-Original Message-
From: devel@edk2.groups.io On Behalf Of Nickle Wang
Sent: Wednesday, June 30, 2021
Hi,
Please ignore this patchset, I was trying to create one patchset with
patches from edk2 and edk2-platfrom, but it didn't work too well.
Please let me send a new version of patches tomorrow
thanks,
greg
śr., 30 cze 2021 o 14:34 Grzegorz Bernacki via groups.io
napisał(a):
>
>
> This patchset
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that both the secrets and cpuid pages are reserved in the HOB,
extract the location details through fixed PCD and make it available
to the guest OS through the configuration table.
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc:
The SetMemoryEncDec() is used by the higher level routines to set or clear
the page encryption mask for system RAM and Mmio address. When SEV-SNP is
active, in addition to set/clear page mask it also updates the RMP table.
The RMP table updates are required for the system RAM address and not
the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or
clear the memory encryption attribute in the page table. When SEV-SNP
is active, we also need to change the page state in the RMP table so that
it is in sync with the
When SEV-SNP is active, the CPUID and Secrets memory range contains the
information that is used during the VM boot. The content need to be persist
across the kexec boot. Mark the memory range as Reserved in the EFI map
so that guest OS or firmware does not use the range as a system RAM.
Cc:
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Use the SEV-SNP AP Creation NAE event to create and launch APs under
SEV-SNP. This capability will be advertised in the SEV Hypervisor
Feature Support PCD (PcdSevEsHypervisorFeatures).
Cc: Eric Dong
Cc: Ray Ni
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that the physical address of the GHCB must
be registered with the hypervisor before using it. See the GHCB
specification section 2.3.2 for more details.
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
Cc: James
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Version 2 of the GHCB specification added the support to query the
hypervisor feature bitmap. The feature bitmap provide information
such as whether to use the AP create VmgExit or use the AP jump table
approach to create the APs. The
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MpInitLib uses the PcdSevSnpIsEnabled to determine whether the SEV-SNP
is active. If the SEV-SNP is active, then set the PCD to TRUE.
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
When SEV-SNP is active, a memory region mapped encrypted in the page
table must be validated before access. There are two approaches that
can be taken to validate the system RAM detected during the PEI phase:
1) Validate on-demand
OR
2)
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that OvmfPkg supports version 2 of the GHCB specification, bump the
protocol version.
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The initial page built during the SEC phase is used by the
MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The
page validation process requires using the PVALIDATE instruction; the
instruction accepts a virtual address of
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the
system RAM. As the boot progress, each phase validates a fixed region of
the RAM. In the PEI phase, the PlatformPei detects all the available RAM
and calls to
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Many of the integrity guarantees of SEV-SNP are enforced through the
Reverse Map Table (RMP). Each RMP entry contains the GPA at which a
particular page of DRAM should be mapped. The guest can request the
hypervisor to add pages in the RMP
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The VMM launch sequence should have pre-validated all the data pages used
in the Reset vector. The range does not cover the data pages used during
the SEC phase (mainly PEI and DXE firmware volume decompression memory).
When SEV-SNP is
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Create a function that can be used to determine if VM is running as an
SEV-SNP guest.
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc: Laszlo Ersek
Cc: Erdem Aktas
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure
that MMIO is only performed against the un-encrypted memory. If MMIO
is performed against encrypted memory, a #GP is raised.
The AmdSevDxe uses the functions provided
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Define the PCDs used by the MpInitLib while creating the AP when SEV-SNP
is active in the guest VM.
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Virtual Machine Privilege Level (VMPL) is an optional feature in the
SEV-SNP architecture, which allows a guest VM to divide its address space
into four levels. The level can be used to provide the hardware isolated
abstraction layers with a
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The GHCB page is part of a pre-validated memory range specified through
the SnpBootBlock GUID. When SEV-SNP is active, the GHCB page is
pre-validated by the hyperivosr during the SNP guest creation. On boot,
the reset vector maps the GHCB
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that private memory (aka pages mapped encrypted)
must be validated before being accessed.
The validation process consist of the following sequence:
1) Set the memory encryption attribute in the page table (aka
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Introduce a new SEV-SNP boot-specific GUID block. The block is used to
communicate the secrets and cpuid memory area reserved by the guest BIOS.
When SEV-SNP is enabled, the hypervisor will locate the SEV-SNP boot
block to get the location
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
During the SNP guest launch sequence, a special secrets page needs to be
inserted by the VMM. The PSP will populate the page; it will contain the
VM Platform Communication Key (VMPCKs) used by the guest to send and
receive secure messages to
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The upcoming SEV-SNP support will need to make a few additional MSR
protocol based VMGEXIT's. Add a macro that wraps the common setup and
response validation logic in one place to keep the code readable.
While at it, define SEV_STATUS_MSR
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The PageTables64.asm was created to provide routines to set the CR3
register for 64-bit paging. During the SEV support, it grew to include a
lot of the SEV stuff. Before adding more SEV features, let's move all
the SEV-specific routines into
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The upcoming SEV-SNP support will need to make a few additional guest
termination requests depending on the failure type. Let's move the logic
to request the guest termination into a macro to keep the code readable.
Cc: James Bottomley
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
new hardware-based memory protections. SEV-SNP adds strong memory integrity
protection to help prevent malicious hypervisor-based attacks like data
replay, memory
This commit allows to initialize Secure Boot default key
and databases from data embedded in firmware binary.
Signed-off-by: Grzegorz Bernacki
Reviewed-by: Sunny Wang
Reviewed-by: Pete Batard
Tested-by: Pete Batard on Raspberry Pi 4
---
Platform/RaspberryPi/RPi4/RPi4.dsc | 3 +++
The edk2 patch
SecurityPkg: Create library for setting Secure Boot variables.
removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each RICS-V platform which uses SecureBootConfigDxe.
Signed-off-by:
The edk2 patch
SecurityPkg: Create library for setting Secure Boot variables.
removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each Intel platform which uses SecureBootConfigDxe.
Signed-off-by:
This commits adds modules related to initialization and
usage of default Secure Boot key variables to SecurityPkg.
Signed-off-by: Grzegorz Bernacki
Reviewed-by: Sunny Wang
Reviewed-by: Pete Batard
Tested-by: Pete Batard on Raspberry Pi 4
---
SecurityPkg/SecurityPkg.dec | 14 ++
The edk2 patch
SecurityPkg: Create library for setting Secure Boot variables.
removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each ARM platform which uses SecureBootConfigDxe.
Signed-off-by:
This application allows user to force key enrollment from
Secure Boot default variables.
Signed-off-by: Grzegorz Bernacki
---
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf | 47
+
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.c | 109
This commit add option which allows reset content of Secure Boot
keys and databases to default variables.
Signed-off-by: Grzegorz Bernacki
Reviewed-by: Sunny Wang
Reviewed-by: Pete Batard
Tested-by: Pete Batard on Raspberry Pi 4
---
This commits add file which can be included by platform Flash
Description File. It allows to specify certificate files, which
will be embedded into binary file. The content of these files
can be used to initialize Secure Boot default keys and databases.
Signed-off-by: Grzegorz Bernacki
---
The edk2 patch
SecurityPkg: Create library for setting Secure Boot variables.
removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for each Intel platform which uses SecureBootConfigDxe.
Signed-off-by:
This driver initializes default Secure Boot keys and databases
based on keys embedded in flash.
Signed-off-by: Grzegorz Bernacki
Reviewed-by: Sunny Wang
Reviewed-by: Pete Batard
Tested-by: Pete Batard on Raspberry Pi
---
The edk2 patch
SecurityPkg: Create library for setting Secure Boot variables.
removes generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for ArmVirtPkg platform.
Signed-off-by: Grzegorz Bernacki
---
This commits add library, which consist functions related
creation/removal Secure Boot variables. Some of the functions
was moved from SecureBootConfigImpl.c file.
Signed-off-by: Grzegorz Bernacki
---
SecurityPkg/SecurityPkg.dsc
| 1 +
This patchset adds support for initialization of default
Secure Boot variables based on keys content embedded in
Hello Laszlo,
On Wed, Jun 23, 2021 at 06:49:06PM +0200, Laszlo Ersek wrote:
> On 06/23/21 18:42, Laszlo Ersek wrote:
> > On 06/22/21 19:46, Ashish Kalra wrote:
>
> >> Please find below your reply on v3 of this patch-set :
> >>
> >> Please include such a patch in v4 -- if Tom and Brijesh agree,
Thanks for the clarification. I will work on v-next with flexible array
as Data field.
Regards,
Kun
On 06/29/2021 18:07, Kinney, Michael D wrote:
If it breaks in the future, then that would be due to a new compiler that
or changes to the configuration of an existing compiler that break
Looks good to me.
Thanks for working on this, Greg.
Reviewed-by: Sunny Wang
-Original Message-
From: Grzegorz Bernacki
Sent: Tuesday, June 22, 2021 4:52 PM
To: devel@edk2.groups.io
Cc: l...@nuviainc.com; ardb+tianoc...@kernel.org; Samer El-Haj-Mahmoud
; Sunny Wang ;
m...@semihalf.com;
Internally reviewed this patch before sending the edk2 mailing list and Greg
already addressed all my comments, so It looks good to me.
This patch is to replace my previous commit
efdc159ef7c9f15581a0f63d755a1530ff475156 so that all ARM platforms (not only
RPi) can refer to this to add an HII
Internally reviewed this patch before sending the edk2 mailing list and Greg
already addressed all my comments, so It looks good to me.
Reviewed-by: Sunny Wang
Add Ray and Zhichao. They're BDS modules reviewers.
Hi Ray and Zhichao,
Could you help review this patch?
-Original Message-
Ok. I understand your patch just merges the existing PCDs from individual
XXSIliconPkgs to IntelSiliconPkg.
Are there any modules that use these PCDs in XXSiliconPkgs?
-Original Message-
From: Michael Kubacki
Sent: Wednesday, June 30, 2021 10:27 AM
To: Ni, Ray
Cc:
Can you explain why VERBOSE is chosen instead of INFO?
Thanks,
Ray
-Original Message-
From: Yang Gang
Sent: Wednesday, June 30, 2021 1:54 PM
To: devel@edk2.groups.io
Cc: Dong, Eric ; Ni, Ray ; Liming Gao
Subject: [PATCH] MdeModulePkg PiSmmCore: Change MemoryAttributes message to
75 matches
Mail list logo