Re: [edk2-devel] [PATCH 1/3] OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it

On Thu, Jul 18, 2024 at 07:57:27PM GMT, Tom Lendacky wrote: > On 7/16/24 21:30, 韩里洋 wrote: > > Hi Tom, > > > > > > > > > > Thank you for your response. > > > > In fact, I'm unable to proceed with the development of the fix patch > > locally as I don't have a SEV-SNP hardware for

Re: [edk2-devel] Can't set the boot order of the USB boot device

On Wed, Jul 10, 2024 at 06:05:01AM GMT, Hamit Can Karaca wrote: > Hello, > > We recently found a bug where we can't change the boot order of a USB > boot device. We are trying to set it on the top of the boot order but > it keeps going to the last place. Sometimes it works fine but most of > the

Re: [edk2-devel] Questions regarding NVDIMM and OVMF

Hi, > Do you have any pointers for implementing the support of nvdimm in > edk2/OVMF? Or is it not feasible and I need to also look at adding it > directly into QEMU qemu. Add e820_add_entry() calls. Possibly edk2 too. Not sure how linux is supposed to figure the memory in question is

Re: [edk2-devel] hardware for development

On Tue, Jun 25, 2024 at 12:41:19PM GMT, Marcin Juszkiewicz wrote: > W dniu 25.06.2024 o 12:40, Marcin Juszkiewicz via groups.io pisze: > > My work on EDK2 is only around SBSA Reference Platform (QemuSbsa) which > > is software emulated machine. And from time to time there are moments > > when I am

Re: [edk2-devel] Regarding MOR Secure feature

On Mon, Jun 24, 2024 at 08:49:52AM GMT, Ni, Ray wrote: > If you can confirm my understanding (F24/F25 are EOL today and Laszlo's fix > is not needed), I can create a PR to remove that change. Yes, F24/F25 are long EOL. Fedora releases come roughly every 6 months and are supported for ~13-14

Re: [edk2-devel] CryptoPkg host test broken due to smoketest for RDRAND

On Fri, Jun 14, 2024 at 07:07:41AM GMT, Li, Yi wrote: > All crypto host tests which consumed randlib broken due to: > https://github.com/tianocore/edk2/pull/5714 > Not sure why this issue not reported by CI when merge this PR. > > The reason is that the ```BaseRngLibConstructor``` of rnglib is

Re: [edk2-devel] GitHub PR Code Review process now active

On Mon, Jun 03, 2024 at 02:46:30PM GMT, Neal Gompa wrote: > That said, draft PRs cannot be reviewed, so we should not be telling > people to make draft PRs. It makes sense to open draft PRs, work in the PR until CI is clean, only then flip the PR to 'ready' and bother maintainers to review. take

Re: [edk2-devel] [PATCH edk2-platforms v2 0/3] SbsaQemu: support multiple PCI Express buses

On Tue, Jun 04, 2024 at 09:23:30AM GMT, Marcin Juszkiewicz wrote: > W dniu 28.05.2024 o 16:31, Ard Biesheuvel pisze: > > I would expect each host bridge to have its own separate resource > > windows for config space, buses and MMIO regions. That isn't how qemu pxb-pcie host bridge works on x86

Re: [edk2-devel] [PATCH v3 1/4] OvmfPkg/Sec: Setup MTRR early in the boot process.

Hi, > > I have a draft PR open with this fixed: > > https://github.com/tianocore/edk2/pull/5696 > > > > Can you check this works for bhyve? > > Works. Thanks! Thanks for testing, flipped PR to 'Ready'. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all

Re: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

On Thu, May 30, 2024 at 10:49:25AM GMT, Michael Brown wrote: > On 30/05/2024 11:33, Gerd Hoffmann wrote: > > Most likely it is exactly this ... > > > > > As of commit > > > https://github.com/ipxe/ipxe/commit/6769a7c3c, we now deliberately leak > > >

Re: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

On Thu, May 30, 2024 at 10:08:26AM GMT, Michael Brown wrote: > iPXE shouldn't be triggering any protocol installations in response to > ExitBootServices. > > We used to make a good-faith effort to clean up gracefully by uninstalling > protocols. This ended up exposing so many bugs in EDK2 and

Re: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

On Thu, May 30, 2024 at 01:07:45PM GMT, gaoliming via groups.io wrote: > If ASSERT trigs the exception, could call stack show each caller? Turned out to be ipxe, apparently it has a exit-boot-services handler which triggers all this. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links:

Re: [edk2-devel] [PATCH v3 1/4] OvmfPkg/Sec: Setup MTRR early in the boot process.

Hi, > > -    SetMem (, sizeof MtrrSettings.Fixed, 0x06); > > +    SetMem (, sizeof MtrrSettings.Fixed, > > MTRR_CACHE_WRITE_BACK); > > ZeroMem (, sizeof > > MtrrSettings.Variables); > > -    MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6; > > +    MtrrSettings.MtrrDefType |= BIT10; > >

Re: [edk2-devel] GitHub PR Code Review process now active

On Wed, May 29, 2024 at 08:06:00PM GMT, Kinney, Michael D wrote: > We could, but that would require manually syncing CODEOWNERS > with Maintainer.txt until that part of the process is automated. https://github.com/tianocore/edk2/pull/5703 ;) take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io

Re: [edk2-devel] GitHub PR Code Review process now active

On Wed, May 29, 2024 at 03:00:13PM GMT, Michael D Kinney wrote: > Hi Gerd, > > You are in the EDK II Reviewers team. > > The current settings only allow members of the EDK II Maintainers > team to assign reviewers. That contradicts the wiki instructions which say I should assign reviewers

Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

On Thu, May 23, 2024 at 10:44:52PM GMT, Doug Flick via groups.io wrote: > > REF:https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html > > This patch series patches the following CVEs: > - CVE-2023-45236: Predictable TCP Initial Sequence Numbers >

Re: [edk2-devel] [PATCH v1 0/2] Add a new FdtNorFalshQemuLib and enable it in

On Fri, May 24, 2024 at 04:38:26PM GMT, Chao Li wrote: > Hi Ard and other maintainers, > > Could you help to review this patch set? Looks good to me and survived a quick smoke test. Tested-by: Gerd Hoffmann Acked-by: Gerd Hoffmann take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups

Re: [edk2-devel] GitHub PR Code Review process now active

> The GitHub PR code review process is now active. Please > use the new PR based code review process for all new > submissions starting today. > > * The Wiki has been updated with the process changes. > > > https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Development-Process >

[edk2-devel] [PATCH 1/1] EmulatorPkg: fix build error.

unsigned int (__attribute__((ms_abi)) *)(EFI_TIME *)’} from incompatible pointer type ‘void (__attribute__((ms_abi)) *)(EFI_TIME *)’ [-Wincompatible-pointer-types] 429 | GasketSecSetTime, | ^~~~ Cc: Andrew Fish Cc: Ray Ni Signed-off-by: Gerd Hoffmann --- EmulatorPkg

Re: [edk2-devel] [PATCH v1 1/2] OvmfPkg: Add no hardcode version of FtdNorFlashQemuLib

able storage > > medium. > > > > In this way, UEFI can better handle the change of flash base address, > > which is suitable for different cpu architecture board implementation. > > > > BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=4770 > > > &g

Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

ose the > ability to do network boot. If that is a tolerable result, I am fine > with that too, but I think it needs to be made very clear in the > stable tag release notes. Tested the v3 series with OVMF, results are as expected: Without virtio-rng-pci network boot does not work. Wit

Re: [edk2-devel] 回复: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

On Fri, May 17, 2024 at 09:27:53AM GMT, Ard Biesheuvel wrote: > On Fri, 17 May 2024 at 05:27, Doug Flick via groups.io > wrote: > > > > On ARM, we can actually do better than this: I have taken Doug's v2 and > > applied some changes on top to make it work with ArmVirtQemu. > > > >

Re: [edk2-devel] [PATCH 10/18] UefiCpuPkg:Relocate AP to new safe buffer in PeiMpLib

On Tue, May 14, 2024 at 05:17:51AM GMT, Ni, Ray wrote: > Gerd, > I agree that the logic might be duplicated in multi places. > > But even CPU supports 1G paging, caller can decide whether to use 1G paging > or 2M paging, or 4K paging. > Using a single API to encapsulate the entire logic may not

Re: [edk2-devel] [PATCH 10/18] UefiCpuPkg:Relocate AP to new safe buffer in PeiMpLib

Hi, > + if (sizeof (UINTN) == sizeof (UINT64)) { > +// > +// Check Page5Level Support or not. > +// > +Cr4.UintN = AsmReadCr4 (); > +Page5LevelSupport = (Cr4.Bits.LA57 ? TRUE : FALSE); > + > +// > +// Check Page1G Support or not. > +// > +

Re: [edk2-devel] 回复: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci

On Sat, May 11, 2024 at 10:40:23AM GMT, Ard Biesheuvel wrote: > As I pointed out before, on the ARM side there are a few intersecting > issues with these changes. (On x86, this is mostly avoided due to the > fact that RDRAND is universally supported) Well, it's not that easy on x86 either.

Re: [edk2-devel] [PATCH] OvmfPkg: Update VMM Hob list check to support new resource attributes

On Thu, May 09, 2024 at 01:27:07PM GMT, Du Lin wrote: > Encrypted and Special Purpose resource attributes are introduced in > PI 1.8 Specification. This patch is to update VMM Hob list integrity > check to recognise these resource attributes. > > Cc: Ard Biesheuvel > Cc: G

Re: [edk2-devel] Assistance Needed: ArmVirtPkg

On Mon, May 06, 2024 at 10:22:07PM GMT, Doug Flick wrote: > All, > > In order to patch Tianocore Bugzilla issues and CVEs: > 4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs > (tianocore.org) > and > 4542 – Bug 09 - edk2/NetworkPkg: Use

Re: [edk2-devel] [PATCH v4 0/3] OvmfPkg: Don't make APIC MMIO accesses with encryption bit set

for the APIC base address in the > SEV-ES/SNP #VC handler. Series: Reviewed-by: Gerd Hoffmann take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118502): https://edk2.groups.io/g/devel/message/118502 Mute This Topic:

Re: [edk2-devel] [PATCH ovmf v2 0/5] Enable AMD SEV-ES DebugSwap

Hi, > How do I proceed from here? Repost patches here or that pull request will > do? I did not change anything besides spaces and CCs. Thanks, Patch review happens on the mailing list, so please post v3 series. thanks, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all

Re: [edk2-devel] [PATCH v3] OvmfPkg: Don't make APIC MMIO accesses with encryption bit set

On Fri, Apr 26, 2024 at 02:50:07PM GMT, Roth, Michael via groups.io wrote: > For the most part, OVMF will clear the encryption bit for MMIO regions, > but there is currently one known exception during SEC when the APIC > base address is accessed via MMIO with the encryption bit set for >

Re: [edk2-devel] [PATCH v4 00/14] Add SmmRelocationLib

elocationLib, PiSmmCpuDxeSmm driver (which runs at > a later phase) can be simplfied as below for SMM init: > 1. Consume the gSmmBaseHobGuid HOB for the relocated smbases > for each Processor. > 2. Execute the early SMM Init. Series: Tested-by: Gerd Hoffmann Acked-by: Gerd Hoffmann

Re: [edk2-devel] [PATCH] OvmfPkg: Set PcdCpuMaxLogicalProcessorNumber in OvmfXen

Hi, > It's a bit more complicated than setting it at build time, but we can > always ask Xen how many vcpu we have and set the PCD accordingly. This > is something that can happen in OvmfPkg/XenPlatformPei module. Exactly. > But to be honest, I don't know if it's worth it, because I don't

Re: [edk2-devel] [PATCH v2 3/7] OvmfPkg: Add the QemuFwCfgMmioLib PEI stage version

On Thu, Apr 25, 2024 at 04:06:13PM +0800, Chao Li wrote: > Hi Gerd, > > > Thanks, > Chao > On 2024/4/25 15:53, Gerd Hoffmann wrote: > >Hi, > > > > > +UINTN mFwCfgSelectorAddress; > > > +UINTN mFwCfgDataAddress; > > > +UINTN mFwC

Re: [edk2-devel] [PATCH v2 3/7] OvmfPkg: Add the QemuFwCfgMmioLib PEI stage version

Hi, > +UINTN mFwCfgSelectorAddress; > +UINTN mFwCfgDataAddress; > +UINTN mFwCfgDmaAddress; Hmm, global variables for PEI? I think the point of storing these in the HOB is to avoid the need for global variables? Also does that work when running PEI in-place from flash? > +RETURN_STATUS >

Re: [edk2-devel] [PATCH v2 2/7] OvmfPkg: Add the way of HOBs in QemuFwCfgLibMmio

Hi, > +EFI_GUID mFwCfgSelectorAddressGuid = FW_CONFIG_SELECTOR_ADDRESS_HOB_GUID; > +EFI_GUID mFwCfgDataAddressGuid = FW_CONFIG_DATA_ADDRESS_HOB_GUID; > +EFI_GUID mFwCfgDmaAddressGuid = FW_CONFIG_DMA_ADDRESS_HOB_GUID; Oh. I assumed that would be obvious (because it's common

Re: [edk2-devel] [PATCH] OvmfPkg: Set PcdCpuMaxLogicalProcessorNumber in OvmfXen

On Wed, Apr 24, 2024 at 02:36:32PM +0100, Alejandro Vallejo wrote: > Bump the compile-time constant for maximum processor count from 64 to 128 > in order to allow that many vCPUs to be brought online on Xen guests with > the default OVMF configuration. > + # UefiCpuPkg PCDs related to initial AP

Re: [edk2-devel] [PATCH v3 08/13] OvmfPkg/PlatformInitLib: Create gEfiSmmSmramMemoryGuid

Hi, > Let me explain more why need this change: > > 1. The EFI_SMM_SMRAM_MEMORY_GUID HOB, as defined in the PI specification, is > used to describe the SMRAM memory regions supported by the platform. This HOB > should be produced during the memory detection phase to align with the PI >

Re: [edk2-devel] [PATCH v3 00/13] Add SmmRelocationLib

Hi, > That means the SMMRevId is 0_xx64h for AMD64 processor. But I am not > sure what the value is for AMD32 processor. Maybe 0 according to the > OVMF logic. The smm emulation in the linux kernel uses 0 and 0x64. > But, I am very suspicious about the logic in AMD's version as below: > ---

Re: [edk2-devel] [PATCH] OvmfPkg: Don't make APIC MMIO accesses with encryption bit set

Hi, > > That is incompatible with 5-level paging. The current reset vector will > > never turn on 5-level paging in case SEV is active because we have more > > incompatibilities elsewhere (BaseMemEncryptSevLib IIRC). But still, > > it's moving things into the wrong direction ... > > Tom had

Re: [edk2-devel] [PATCH] OvmfPkg: Don't make APIC MMIO accesses with encryption bit set

Hi, > > Ideally CpuPageTableLib should be used for this. > > CpuPageTableLib will need to be modified in order for it to be used at this > (Sec) stage. In order to work in Sec - either the caller will have to supply > a list of pages that can be used if pagetable entries need to be allocated >

Re: [edk2-devel] [PATCH v3 08/13] OvmfPkg/PlatformInitLib: Create gEfiSmmSmramMemoryGuid

Hi, > Transfer to 16bit OS waking vector - 991F0 > hang here!!! That is the last ovmf message of a successful S3 resume, after that the OS should have back control. Looks fine to me. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this

Re: [edk2-devel] [PATCH v3 08/13] OvmfPkg/PlatformInitLib: Create gEfiSmmSmramMemoryGuid

Hi, > > First, smram allocation doesn't work that way. Have a look at > > OvmfPkg/SmmAccess. I guess that easily explains why this series > > breaks S3 suspend. > > Oh? Could you explain a bit more for 1) how smram allocation works? 2) what's > the possible reason break the S3? I haven't

Re: [edk2-devel] [PATCH] OvmfPkg: Don't make APIC MMIO accesses with encryption bit set

On Tue, Apr 23, 2024 at 03:59:58PM -0500, Michael Roth wrote: > For the most part, OVMF will clear the encryption bit for MMIO regions, > but there is currently one known exception during SEC when the APIC > base address is accessed via MMIO with the encryption bit set for > SEV-ES/SEV-SNP guests.

Re: [edk2-devel] [PATCH v3 00/13] Add SmmRelocationLib

On Wed, Apr 24, 2024 at 03:56:56AM +, Wu, Jiaxin wrote: > Hi Gerd, > > AMD version is not work for IA32X64 ovmf. > > I checked the detailed: CpuSaveState->x64 is always used for OVMF no matter > IA32 or X64, while AMD is not, which is decided by the MSR EFER_ADDRESS LMA > bit check. Hmm,

Re: [edk2-devel] [PATCH v1 0/4] Adjust the QemuFwCfgLibMmio and add PEI stage

On Wed, Apr 24, 2024 at 09:57:50AM +0800, Chao Li wrote: > Hi Gerd and Ard, > > Can I submit the V2 this week? I want all OvmfPkg changes to be meged before > the 202405 feature freeze. Yea, go ahead, lets stick to the PCD approach, given that Ard seems to not have objections to that ;) take

[edk2-devel] [PATCH v4 1/1] OvmfPkg/VirtHstiDxe: do not load driver in confidential guests

mfPkg/VirtHstiDxe: add code flash check") Signed-off-by: Gerd Hoffmann Tested-by: Srikanth Aithal --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 1 + OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 6 ++ 2 files changed, 7 insertions(+) diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/V

Re: [edk2-devel] [PATCH v3 4/5] OvmfPkg/VirtHstiDxe: add code flash check

On Tue, Apr 23, 2024 at 07:14:04PM +0530, Aithal, Srikanth wrote: > Correcting. > > On 4/23/2024 7:09 PM, Aithal, Srikanth wrote: > > Hello, > > > > Todays OVMF/edk2 master branch is breaking AMD SEV-ES guest boot with > > OvmfX64 package, where as sev-es guest boots fine with AmdSev package. >

Re: [edk2-devel] [PATCH edk2-platforms] SbsaQemu: move code outside of methods in DSDT

Hi, > +Name (RBUF, ResourceTemplate() { > +Memory32Fixed (ReadWrite, > + FixedPcdGet32 (PcdPlatformXhciBase), > + FixedPcdGet32 (PcdPlatformXhciSize)) > +Interrupt (ResourceConsumer, Level, ActiveHigh,

Re: [edk2-devel] [PATCH v2] OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742)

> > Cc: Borislav Petkov (AMD) > Cc: Tom Lendacky > Signed-off-by: Adam Dunlap Reviewed-by: Gerd Hoffmann take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118132): https://edk2.groups.io/g/devel/mes

Re: [edk2-devel] [PATCH v3 08/13] OvmfPkg/PlatformInitLib: Create gEfiSmmSmramMemoryGuid

Hi, > +Hob.Raw = BuildGuidHob ( > +, > +BufferSize > +); > +SmramHobDescriptorBlock = > (EFI_SMRAM_HOB_DESCRIPTOR_BLOCK *)(Hob.Raw); > +SmramHobDescriptorBlock->Descriptor[0].PhysicalStart = >

Re: [edk2-devel] [PATCH v3 00/13] Add SmmRelocationLib

On Tue, Apr 23, 2024 at 07:31:18AM +, Wu, Jiaxin wrote: > Thanks Gerd, I will try the S3 on OVMF. > > And for AmdSmmRelocationLib usage in OVMF, do you prefer: > 1. use the AmdSmmRelocationLib directly in this patch set? Or > 2. still keep the original to create the OvmfPkg/SmmRelocationLib,

[edk2-devel] [PATCH v3 2/5] OvmfPkg: Add VirtHstiDxe to OVMF firmware build

From: Konstantin Kostiuk Cc: Ard Biesheuvel Cc: Jiewen Yao Signed-off-by: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/OvmfPkgIa32.dsc| 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfPkgIa32.fdf| 1

[edk2-devel] [PATCH v3 5/5] OvmfPkg/VirtHstiDxe: add README.md

Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/VirtHstiDxe/README.md | 48 +++ 1 file changed, 48 insertions(+) create mode 100644 OvmfPkg/VirtHstiDxe/README.md diff --git a/OvmfPkg

[edk2-devel] [PATCH v3 4/5] OvmfPkg/VirtHstiDxe: add code flash check

Detects qemu config issue: code pflash is writable. Checked for both PC and Q35. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 2 ++ OvmfPkg/VirtHstiDxe/VirtHstiDxe.h | 13

[edk2-devel] [PATCH v3 3/5] OvmfPkg/VirtHstiDxe: add varstore flash check

Detects qemu config issue: vars pflash is not in secure mode (write access restricted to smm). Applies to Q35 with SMM only. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 4

[edk2-devel] [PATCH v3 1/5] OvmfPkg: Add VirtHstiDxe driver

: In SMM-enabled builds the driver will verify smram is properly locked. That test should never fail. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Initial-patch-by: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann Reviewed-by: Jiewen Yao --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 50

[edk2-devel] [PATCH v3 0/5] OvmfPkg: Add VirtHstiDxe driver

v3: - use PcdOvmfFlashNvStorageVariableBase - add reviewed-by tags v2: - remove 'Q35' from test bits - add patch with a README.md Gerd Hoffmann (3): OvmfPkg/VirtHstiDxe: add varstore flash check OvmfPkg/VirtHstiDxe: add code flash check OvmfPkg/VirtHstiDxe: add README.md Konstantin

Re: [edk2-devel] [PATCH v3 00/13] Add SmmRelocationLib

On Thu, Apr 18, 2024 at 08:02:43AM +, Wu, Jiaxin wrote: > Hi Gerd, > > Could you help review & check below OVMF related patches? > > > OvmfPkg/SmmRelocationLib: Add library instance for OVMF > > OvmfPkg/PlatformInitLib: Create gEfiSmmSmramMemoryGuid > > OvmfPkg: Refine SmmAccess

[edk2-devel] [PATCH v2 5/5] OvmfPkg/VirtHstiDxe: add README.md

Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann --- OvmfPkg/VirtHstiDxe/README.md | 48 +++ 1 file changed, 48 insertions(+) create mode 100644 OvmfPkg/VirtHstiDxe/README.md diff --git a/OvmfPkg/VirtHstiDxe/README.md b

[edk2-devel] [PATCH v2 4/5] OvmfPkg/VirtHstiDxe: add code flash check

Detects qemu config issue: code pflash is writable. Checked for both PC and Q35. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 2 ++ OvmfPkg/VirtHstiDxe/VirtHstiDxe.h | 13 +++ OvmfPkg/VirtHstiDxe

[edk2-devel] [PATCH v2 1/5] OvmfPkg: Add VirtHstiDxe driver

: In SMM-enabled builds the driver will verify smram is properly locked. That test should never fail. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Initial-patch-by: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 50 OvmfPkg

[edk2-devel] [PATCH v2 3/5] OvmfPkg/VirtHstiDxe: add varstore flash check

Detects qemu config issue: vars pflash is not in secure mode (write access restricted to smm). Applies to Q35 with SMM only. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 4 ++ OvmfPkg/VirtHstiDxe

[edk2-devel] [PATCH v2 2/5] OvmfPkg: Add VirtHstiDxe to OVMF firmware build

From: Konstantin Kostiuk Cc: Ard Biesheuvel Cc: Jiewen Yao Signed-off-by: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann --- OvmfPkg/OvmfPkgIa32.dsc| 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfPkgIa32.fdf| 1 + OvmfPkg/OvmfPkgIa32X64.fdf

[edk2-devel] [PATCH v2 0/5] OvmfPkg: Add VirtHstiDxe driver

v2: - remove 'Q35' from test bits - add patch with a README.md Gerd Hoffmann (3): OvmfPkg/VirtHstiDxe: add varstore flash check OvmfPkg/VirtHstiDxe: add code flash check OvmfPkg/VirtHstiDxe: add README.md Konstantin Kostiuk (2): OvmfPkg: Add VirtHstiDxe driver OvmfPkg: Add

Re: [edk2-devel] [PATCH V2 1/1] OvmfPkg/IntelTdx: Update TDVF README

e some information about TDVF. > 2. Fix some typo. Acked-by: Gerd Hoffmann take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118021): https://edk2.groups.io/g/devel/message/118021 Mute This Topic: https://groups.io/mt/

Re: [edk2-devel] [PATCH v3 5/6] target/arm: Do memory type alignment check when translation disabled

Hi, > Gerd, any ideas? Maybe I needs something subtly different in my > edk2 build? I've not looked at this bit of the qemu infrastructure > before - is there a document on how that image is built? There is roms/Makefile for that. make -C roms help make -C roms efi So easiest would be to

Re: [edk2-devel] [PATCH] OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742)

On Thu, Apr 18, 2024 at 08:39:20AM -0700, Adam Dunlap wrote: > On Thu, Apr 18, 2024 at 5:15 AM Gerd Hoffmann wrote: > > > > On Wed, Apr 17, 2024 at 09:54:00AM -0700, Adam Dunlap via groups.io wrote: > > > + UINT8 OpCode; > > > > The linux kernel patch uses

Re: [edk2-devel] [PATCH] OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742)

On Wed, Apr 17, 2024 at 09:54:00AM -0700, Adam Dunlap via groups.io wrote: > Ensure that when a #VC exception happens, the instruction at the > instruction pointer matches the instruction that is expected given the > error code. This is to mitigate the ahoi WeSee attack [1] that could > allow

Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/IntelTdx: Update TDVF README

Hi, > -The Intel? TDX Virtual Firmware Design Guide is at > +The Intel TDX Virtual Firmware Design Guide is at '' looks more like HTML than markdown. text updates look fine to me. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group.

Re: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver

On Wed, Apr 17, 2024 at 01:20:57PM +, Yao, Jiewen wrote: > That is good start. The SMRAM lock and Flash lock seem good to me. > > Comment: > 1) Do we really need to add "Q35" for the policy? > #define VIRT_HSTI_BYTE0_Q35_SMM_SMRAM_LOCK BIT0 > #define

Re: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver

On Wed, Apr 17, 2024 at 01:38:20PM +0200, Ard Biesheuvel wrote: > On Wed, 17 Apr 2024 at 10:18, Gerd Hoffmann wrote: > > > > On Fri, Mar 22, 2024 at 03:27:31PM +0100, Gerd Hoffmann wrote: > > > > > > > > > Gerd Hoffmann (2): > > > OvmfPkg/Vi

Re: [edk2-devel] [PATCH v1 0/4] Adjust the QemuFwCfgLibMmio and add PEI stage

On Wed, Apr 17, 2024 at 04:12:56PM +0800, Chao Li wrote: > Patch1: Added three PCDs for QemuFwCfgLibMmio > Patch2: Sparate QemuFwCfgLibMmio.c into two files and default as DXE > stage library. > Patch3: Added QemuFwCfgMmiLib PEI version > Patch4: Rename QemuFwCfgLibMmio.inf to

Re: [edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver

On Fri, Mar 22, 2024 at 03:27:31PM +0100, Gerd Hoffmann wrote: > > > Gerd Hoffmann (2): > OvmfPkg/VirtHstiDxe: add varstore flash check > OvmfPkg/VirtHstiDxe: add code flash check > > Konstantin Kostiuk (2): > OvmfPkg: Add VirtHstiDxe driver > OvmfPkg: Add V

Re: [edk2-devel] [PATCH v1 21/26] OvmfPkg/LoongArchVirt: Add FdtQemuFwCfgLib

On Wed, Apr 17, 2024 at 03:43:30PM +0800, Chao Li wrote: > Hi Gerd, > > > Thanks, > Chao > On 2024/4/17 14:59, Gerd Hoffmann wrote: > > On Wed, Apr 17, 2024 at 10:53:21AM +0800, Chao Li wrote: > > > Hi Gerd, > > > > > > Part 2 has been be merg

Re: [edk2-devel] [PATCH V1 0/5] Move Tdx specific lib from SecurityPkg to OvmfPkg

On Tue, Apr 16, 2024 at 03:40:08PM +, Yao, Jiewen wrote: > Yeah, I also considered that before. But after look at current code > structure, I give up. > > Since following SEV component are NOT in AmdSev directory (especially the TCG > one), I do not see a strong reason to put them to

Re: [edk2-devel] [PATCH v1 03/13] UefiCpuPkg/SmmRelocationLib: Add library instance for OVMF

On Tue, Apr 16, 2024 at 11:34:00AM +, Wu, Jiaxin wrote: > Hi Gerd, > > > Is the SmmRelocationLib approach supposed to work with mixed mode > > firmware where PEI is running in ia32 mode and dxe/smm is running > > in x64 mode (i.e. OvmfPkg/OvmfPkgIa32X64.dsc)? > > Yes, I passed the test on

Re: [edk2-devel] [PATCH v1 21/26] OvmfPkg/LoongArchVirt: Add FdtQemuFwCfgLib

On Wed, Apr 17, 2024 at 10:53:21AM +0800, Chao Li wrote: > Hi Gerd, > > Part 2 has been be merged, I'm separating  this Lib into two serve the PEI > stage and DXE stage. > > Currently, This DXE library uses three global variables, and when I simulate > the no-mmio version: MmioLib.c + Dxe.c +

Re: [edk2-devel] [PATCH v1 03/13] UefiCpuPkg/SmmRelocationLib: Add library instance for OVMF

Hi, > > > 2) Existing SmBase configuration is different between the AMD & OVMF. > > > OVMF: > > > AmdCpuState->x64.SMBASE = (UINT32)mSmBaseForAllCpus[CpuIndex]; > > > > > > AMD: > > > if ((CpuSaveState->x86.SMMRevId & 0x) == 0) { > > > CpuSaveState->x86.SMBASE =

Re: [edk2-devel] [PATCH V1 0/5] Move Tdx specific lib from SecurityPkg to OvmfPkg

On Mon, Apr 15, 2024 at 03:55:49PM +0800, Min Xu wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752 > > HashLibTdx and TdTcg2Dxe are designed for Intel TDX enlightened OVMF. > They're more reasonable to be put in OvmfPkg than in SecurityPkg. > > SecTpmMeasurementLibTdx is not used

Re: [edk2-devel] [PATCH v2 1/1] MdeModulePkg: Warn if out of space when writing variables

r the system unbootable. > This new message helps identifying this condition. > > Cc: Bob Feng > Cc: Gerd Hoffmann > Cc: Jiewen Yao > Cc: Laszlo Ersek > Cc: Liming Gao > Cc: Rahul Kumar > Cc: Rebecca Cran > Cc: Yuwei Chen > > Signed-off-by: Oliver Steffen

Re: [edk2-devel] [PATCH v1 03/13] UefiCpuPkg/SmmRelocationLib: Add library instance for OVMF

On Mon, Apr 15, 2024 at 01:04:58PM +, Wu, Jiaxin wrote: > Hi Gred, > > Because: > 1) The mode of the CPU check is different between the AMD & OVMF. > OVMF: > CpuSaveState->x86.SMMRevId & 0X > > AMD: > LMAValue = (UINT32)AsmReadMsr64 (EFER_ADDRESS) & LMA > > 2) Existing SmBase

Re: [edk2-devel] [PATCH v2 00/10] Add SmmRelocationLib

On Mon, Apr 15, 2024 at 09:30:11PM +0800, Wu, Jiaxin wrote: > Intel plans to separate the smbase relocation logic from > PiSmmCpuDxeSmm driver, and the related behavior will be > moved to the new interface defined by the SmmRelocationLib > class. > > The SmmRelocationLib class provides the

Re: [edk2-devel] ACPI table generators and ConfigurationManagerProtocol

Hi, > > And tell which of platforms is a good example of using those? > > Juno, FVP, Morello, N1SDP, one NXP platform and ArmVirt use them. Probably > the last one would be best to look at but who knows... Probably not ArmVirt. At least not the qemu variant, maybe the kvmtool version. On

Re: [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR.

On Thu, Apr 11, 2024 at 09:56:48AM +, Yao, Jiewen wrote: > Please allow me to clarify what you are proposing: > Do you mean in vTPM case, we extend both, but we only need TCG event log, NOT > CC event log? Elsewhere in this thread it was mentioned that writing both vTPM and RTMR events to

Re: [edk2-devel] [PATCH v3 1/4] OvmfPkg/Sec: Setup MTRR early in the boot process.

Hi, > > > @Gerd, what's the qemu command and test environment your QE > > > run the case? We'd like run it in our side. > > > > > > > > Tested edk2-ovmf-20231122-1.el9.rhel21704.20240202.1130.noarch with > > TDX guest, no issue found > > > > Version: > > > >

Re: [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR.

Hi, > Given that RTMR is a proper subset of vTPM (modulo the PCR/RTMR index > conversion), I feel that it should be the CoCo firmware's > responsibility to either: > - expose RTMR and not vTPM > - expose vTPM, and duplicate each measurement into RTMR as they are taken That approach looks good

Re: [edk2-devel] [PATCH v1 03/13] UefiCpuPkg/SmmRelocationLib: Add library instance for OVMF

On Wed, Apr 10, 2024 at 09:57:14PM +0800, Jiaxin Wu wrote: > Due to the definition difference of SMRAM Save State, > SmmBase config in SMRAM Save State for OVMF is also different. > > This patch provides the OvmfSmmRelocationLib library instance > to handle the SMRAM Save State difference. Why

Re: [edk2-devel] [PATCH v2 1/1] OvmfPkg: OVMF supports USB mouses

On Tue, Apr 09, 2024 at 04:51:20PM +0100, Pedro Falcato wrote: > On Tue, Apr 9, 2024 at 12:56 PM Gerd Hoffmann wrote: > > > > On Mon, Apr 08, 2024 at 08:53:10AM +0100, Phillip Tennen wrote: > > > Hi, thank you for taking a look at the patch! > > > > > >

Re: [edk2-devel] [PATCH v2 1/1] OvmfPkg: OVMF supports USB mouses

On Mon, Apr 08, 2024 at 08:53:10AM +0100, Phillip Tennen wrote: > Hi, thank you for taking a look at the patch! > > This patch can be verified to be working with this app (which was the > motivation for submitting this): > https://github.com/codyd51/uefirc/releases/tag/1.0.1. Quoting

Re: [edk2-devel] OVMF SMM Support

On Mon, Apr 08, 2024 at 08:33:30AM +, Wu, Jiaxin wrote: > Hi Gerd, > > With below OVMF build and QEMU command, OVMF hangs after SendSmiIpi > (mBspApicId) during SmmRelocateBases(), is there any issues with > latest code to support SMM on OVMF or my local command/configuration > issue? Have

Re: [edk2-devel] [PATCH v2 1/1] OvmfPkg: OVMF supports USB mouses

On Sat, Apr 06, 2024 at 02:41:54PM +0200, Heinrich Schuchardt wrote: > From: Phillip Tennen > > From: Phillip Tennen > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4747 > > UsbMouseDxe was missing from the OVMF build description, so=20 > the Simple Pointer Protocol wasn't usable from

Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait

On Tue, Mar 26, 2024 at 09:08:59AM +, Sun, CepingX wrote: > On Friday, March 22, 2024 5:06 PM Gerd Hoffmann wrote: > > > > No, we only need to update QemuFwCfgSelectItem + QemuFwCfgReadBytes to > > support reading from the cache. > Do you mean the existing

[edk2-devel] [PATCH 4/4] OvmfPkg/VirtHstiDxe: add code flash check

Detects qemu config issue: code pflash is writable. Checked for both PC and Q35. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 2 ++ OvmfPkg/VirtHstiDxe/VirtHstiDxe.h | 13 +++ OvmfPkg/VirtHstiDxe

[edk2-devel] [PATCH 0/4] OvmfPkg: Add VirtHstiDxe driver

Gerd Hoffmann (2): OvmfPkg/VirtHstiDxe: add varstore flash check OvmfPkg/VirtHstiDxe: add code flash check Konstantin Kostiuk (2): OvmfPkg: Add VirtHstiDxe driver OvmfPkg: Add VirtHstiDxe to OVMF firmware build OvmfPkg/OvmfPkgIa32.dsc | 2 + OvmfPkg/OvmfPkgIa32X64.dsc

[edk2-devel] [PATCH 3/4] OvmfPkg/VirtHstiDxe: add varstore flash check

Detects qemu config issue: vars pflash is not in secure mode (write access restricted to smm). Applies to Q35 with SMM only. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 4 ++ OvmfPkg/VirtHstiDxe

[edk2-devel] [PATCH 2/4] OvmfPkg: Add VirtHstiDxe to OVMF firmware build

From: Konstantin Kostiuk Cc: Ard Biesheuvel Cc: Jiewen Yao Signed-off-by: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann --- OvmfPkg/OvmfPkgIa32.dsc| 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfPkgIa32.fdf| 1 + OvmfPkg/OvmfPkgIa32X64.fdf

[edk2-devel] [PATCH 1/4] OvmfPkg: Add VirtHstiDxe driver

: In SMM-enabled builds the driver will verify smram is properly locked. That test should never fail. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Konstantin Kostiuk Initial-patch-by: Konstantin Kostiuk Signed-off-by: Gerd Hoffmann --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 50 OvmfPkg

Re: [edk2-devel] [PATCH v2 00/13] Part 2 patch set to add LoongArch support into UefiCpuPkg

eck in GetTimeInnanoSecond function. > 5. Separated into two series, this is series one, and the second one is > OvmfPkg. While I can't comment on the loongarch architecture details the code and the integration into build system looks overall sane to me. Series: Acked-by: Gerd Hoffmann

Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait

On Fri, Mar 22, 2024 at 08:29:28AM +, Sun, CepingX wrote: > On Thursday, March 21, 2024 8:25 PM Gerd Hoffmann wrote: > > Well, just try to read them. If present they can just be measured. > > If not present we can either skip them, or measure with an empty data > &

Re: [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR.

On Fri, Mar 22, 2024 at 02:39:20AM +, Yao, Jiewen wrote: > Please aware that this option will cause potential security risk. > > In case that any the guest component only knows one of vTPM or RTMR, > and only extends one of vTPM or RTMR, but the other one only verifies > the other, then the

  1   2   3   4   5   6   7   8   9   10   >