UefiPayloadPkg, DasharoModulePkg: update for extracted IOMMU settings #133
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
This will fix issues with the PciBusDxe. Signed-off-by: Patrick Rudolph <[email protected]>
Signed-off-by: Patrick Rudolph <[email protected]>
* Don't hardcode PCIE_BASE at build time * Support arbitrary platforms with different or even no MMCONF space * Fix buffer overflow accessing MMCONF where less than 256 buses are exposed * Use PciCfg8 for PCI access in PEI, which is only used for debugging Use PeiDxeDebugLibReportStatusCode library as DebugLib where use of BaseDebugLibSerialPort causes dependency cycle. Signed-off-by: Patrick Rudolph <[email protected]>
… timeout Signed-off-by: Michał Żygowski <[email protected]>
Parse coreboot's TPM PPI handoff buffer --------------------------------------- Read the coreboot table containing the TPM PPI handoff buffer and place it in gEfiTcgPhysicalPresenceInfoHob. coreboot uses the same PPI interface as QEMU does and installs the corresponding ACPI code to provide a full PPI interface to the OS. The OS must reboot in order to execute the requests. The corresponding coreboot patch can be found here: https://review.coreboot.org/c/coreboot/+/45568 The OvmfPkg PhysicalPresence library is used in PlatformBootManager to confirm TPM PPI request. This is necessary as coreboot doesn't have input drivers or a graphical UI that could be used. OvmfPkg: Introduce Tcg2PhysicalPresencePlatformLib -------------------------------------------------- Put the PPI configuration retriveal into an own library. That will allow to reuse the code in the UefipayloadPkg, where the firmware provides the ACPI tables, like QEMU does on OvmfPkg. However one major difference is that the PPI interface in DasharoPayloadPkg is not backed by a MMIO device, but resides in DRAM and is shared with ACPI code. Add an additional parameter to provide the location of the PPI and test if the memory region has the correct attributes. OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu: Add timeout -------------------------------------------------------- Instead of waiting and infinite time, abort the TPM PPI request after 3 minutes. This allow to boot headless platforms where no keyboard is attached or the user didn't made it in time. DasharoPayloadPkg/DasharoPayloadPkg.dsc: do not initialize TPM again -------------------------------------------------------------- Copy Tcg2PhysicalPresenceLibGetManagementFlags to OvmfPkg --------------------------------------------------------- Signed-off-by: Patrick Rudolph <[email protected]> Signed-off-by: Michał Żygowski <[email protected]> Signed-off-by: Michał Kopeć <[email protected]>
This was referenced May 25, 2024
|
We need similar changes in QEMU |
|
I don't understand this argumentation. We can at least make it build by guarding the VTD stuff or changing to the new DasharoBootPoliciesVTd. I can't approve changes that break other builds. |
|
I assume the reasoning is, it does not make much sense to "fix" the OVMF build, if we will drop it in a moment. |
|
Exactly as @macpijan said. There are still some issues to resolve before working image can be produced, and I'm OK with having integration branch until then. In any case, new CI will probably have to live on coreboot repo, not here. |
…boot MdeModulePkg changes -------------------- Allow reusing functions by other packages, specifically by DasharoPayloadPkg. * Move GetStringWidth() to CustomizedDisplayLib. * Move CreateMultiStringPopUp() to CustomizedDisplayLib CreateSharedPopUp() is an implementation of it and is moved as well (not used for anything else). DasharoPayloadPkg changes ---------------------- Parse coreboot information about recovery boot and display a dialog using functions moved to CustomizedDisplayLib library of MdeModulePkg. * Add ParseVBootWorkbuf() function Extracts information about vboot recovery from coreboot table. Ignore minor version of cb_vboot_workbuf_v2 while parsing because it doesn't seem to affect data layout and therefore shouldn't be the reason for aborting parsing of the structure. * Inform user via popup if in recovery boot. The popup explains what happened along with possible reasons. It disappears automatically after a timeout of 30 seconds or when user presses Enter. Signed-off-by: Sergii Dmytruk <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>
This is a two-screen menu (main and security options menus) with a single vboot lock option. Signed-off-by: Sergii Dmytruk <[email protected]>
…tures.c: create LockBios var in library constructor Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]>
…orms Signed-off-by: Michał Kopeć <[email protected]>
Remove SMM dependency as we can't use it with coreboot Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Kopeć <[email protected]>
…ionDxe Signed-off-by: Michał Kopeć <[email protected]>
Signed-off-by: Michał Żygowski <[email protected]>
Signed-off-by: Sergii Dmytruk <[email protected]>
It causes warm reboot on attempt to boot any OS. Logs:
Memory Previous Current Next
Type Pages Pages Pages
====== ======== ======== ========
09 00000008 00000014 00000019
0A 00000004 00000019 0000001F
00 00000004 0000004D 00000060
06 000000C0 00000199 000001FF
05 00000080 00000031 0000003D
Memory Type Information settings change.
...Warm Reset!!!
Signed-off-by: Sergii Dmytruk <[email protected]>
…NTIME_DRIVER" This breaks debug builds. Only use DxeRuntimeDebugLibSerialPort in release builds? This reverts commit 3f0c1bf.
* MdeModulePkg/Core/Pei/PeiMain.inf is PEI_CORE and is responsible for running PEIMs * MdeModulePkg/Universal/PCD/Pei/Pcd.inf has no dependencies * DasharoPayloadPkg/BlSupportPei/BlSupportPei.inf depends only on Pcd.inf This seems to make a difference at least on PC Engines APU, otherwise PEI dispatcher postpones initialization of BlSupportPei until later which seems to be too late. Signed-off-by: Sergii Dmytruk <[email protected]>
When this library is used by PEI_CORE and HOBs are created by one of PEIMs (e.g., BlSupportPei) not crashing is the best we can do. This function will get called later and HOBs will be available shortly, so the boot will happen. Signed-off-by: Sergii Dmytruk <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 AeadAesGcm implementation based on Mbedtls. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Add rand function for BaseCryptLibMbedTls. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement Pem API based on Mbedtls. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 X.509 Certificate Handler Wrapper Implementation over MbedTLS. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the current Mbedlts pkcs7 library doesn't support authenticatedAttributes and only support 0 or 1 certificates in Signed data, the patch implement Pkcs7 by low Mbedtls Api. And the implementation has pass unit_tes and integration test. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 PBKDF2 Key Derivation Function Wrapper Implementation over MbedTLS. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement more RSA functions such as RsaPkcs1Sign based Mbedlts. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Implement AuthenticodeVerify based on Mbedtls. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Timestamp Countersignature Verification implementaion based on Mbedtls. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Update all *.inf in BaseCryptLibMbedTls based on new implementation. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Reviewed-by: Yi Li <[email protected]> Acked-by: Jiewen Yao <[email protected]>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4177 Because the MbedTLS 3.3.0 doesn't have SHA3 and SM3 their implementations are based on OpenSSL. Cc: Jiewen Yao <[email protected]> Cc: Yi Li <[email protected]> Signed-off-by: Wenxing Hou <[email protected]> Signed-off-by: Sergii Dmytruk <[email protected]>
LTO builds do stricter type checking than no-LTO builds and it complains about several files that use incompatible declarations. struct tm was fine, it just had to be removed after including <CrtLibSupport.h> because that file contains the same declaration. Signed-off-by: Sergii Dmytruk <[email protected]>
… that work on SLB9665 Signed-off-by: Michał Żygowski <[email protected]>
On MTL the framebuffer is at BAR2 + some offset. Allow for this case when validating the framebuffer info received from coreboot. Signed-off-by: Michał Kopeć <[email protected]>
…utputDriverBindingStart Signed-off-by: Micha¿ Kope¿ <[email protected]>
This is the only setting that requires edk2-platforms, and only for PcdVTdPolicyPropertyMask. As not all platforms support VTd, fetching edk2-platforms unconditionally isn't necessary. This change creates the possibility to build Dasharo edk2 payload without edk2-platform. Signed-off-by: Krystian Hebel <[email protected]>
krystian-hebel
force-pushed
the
extract_vtd
branch
from
6fd8282
to
7d04eaa
Compare
This reverts commit 9386264.
Resource allocator used by coreboot may produce intertwined prefetchable and non-prefetchable MMIO regions. Since edk2 assumes that there is at most one continuous region of given type, this may create overlaps. This change removes overlapping part of region from PMem, leaving it only in Mem (and similarly for Above4G variants). By doing so, some of memory regions that could otherwise be WC are now UC, but this is safer than doing it the other way around. The regions are not split into smaller ones, as doing so would lead to bigger fragmentation and potentially depletion of MTRRs. Signed-off-by: Krystian Hebel <[email protected]>
SergiiDmytruk
force-pushed
the
rebased
branch
2 times, most recently
from
1fc8c3f
to
b2bdbfe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is done to allow building without edk2-platforms for platforms that don't need it.
Depends on Dasharo/DasharoModulePkg#44