Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: c673216f53bd18515ecbffdba75af007e6700853
https://github.com/tianocore/edk2/commit/c673216f53bd18515ecbffdba75af007e6700853
Author: Min M Xu <min.m...@intel.com>
Date: 2023-01-18 (Wed, 18 Jan 2023)
Changed paths:
M EmbeddedPkg/Include/Library/PrePiLib.h
M EmbeddedPkg/Library/PrePiLib/FwVol.c
M EmbeddedPkg/Library/PrePiLib/PrePiLib.c
Log Message:
-----------
EmbeddedPkg/PrePiLib: Add FFS_CHECK_SECTION_HOOK when finding section
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152
EmbeddedPkg/PrePiLib provides the service of finding sections based on
the input SectionType. But sometimes there maybe multiple sections
with the same SectionType. FFS_CHECK_SECTION_HOOK is a hook which can
be called to do additional check.
Cc: Leif Lindholm <quic_llind...@quicinc.com>
Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Cc: Abner Chang <abner.ch...@amd.com>
Cc: Daniel Schaefer <g...@danielschaefer.me>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Acked-by: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Signed-off-by: Min Xu <min.m...@intel.com>
Acked-by: Gerd Hoffmann <kra...@redhat.com>
Commit: 066d3c8004e2004c9699ec4c5d6f4fb67ab7d231
https://github.com/tianocore/edk2/commit/066d3c8004e2004c9699ec4c5d6f4fb67ab7d231
Author: Min M Xu <min.m...@intel.com>
Date: 2023-01-18 (Wed, 18 Jan 2023)
Changed paths:
M OvmfPkg/OvmfPkg.dec
Log Message:
-----------
OvmfPkg: Add PCDs/GUID for NCCFV
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152
NCCFV refers to Non-Confidential-Computing-FV. It includes the DXE phase
drivers which are only loaded/started in non-cc guest. Hence the
PCDs / GUID for NCCFV are defined in OvmfPkg.dec.
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Commit: c3f4f5a949a9e94bafe081c24dbd4110834b11ea
https://github.com/tianocore/edk2/commit/c3f4f5a949a9e94bafe081c24dbd4110834b11ea
Author: Min M Xu <min.m...@intel.com>
Date: 2023-01-18 (Wed, 18 Jan 2023)
Changed paths:
M OvmfPkg/IntelTdx/IntelTdxX64.dsc
M OvmfPkg/IntelTdx/IntelTdxX64.fdf
Log Message:
-----------
OvmfPkg/IntelTdx: Enable separate-fv in IntelTdx/IntelTdxX64.fdf
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152
In current DXE FV there are 100+ drivers. Some of the drivers are not
used in Td guest. (Such as USB support drivers, network related drivers,
etc).
>From the security perspective if a driver is not used, we'd should prevent
it from being loaded / started. There are 2 benefits:
1. Reduce the attack surface
2. Improve the boot performance
So we separate DXEFV into 2 FVs: DXEFV and NCCFV. All the drivers which
are not needed by a Confidential Computing guest are moved from DXEFV
to NCCFV.
The following patch will find NCCFV for non-cc guest and build FVHob
so that NCCFV drivers can be loaded / started in DXE phase.
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Acked-by: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Commit: 70d1481b559c2964eafe3938f1d728a09691d7cb
https://github.com/tianocore/edk2/commit/70d1481b559c2964eafe3938f1d728a09691d7cb
Author: Min M Xu <min.m...@intel.com>
Date: 2023-01-18 (Wed, 18 Jan 2023)
Changed paths:
M OvmfPkg/Library/PeilessStartupLib/DxeLoad.c
M OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
M OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
Log Message:
-----------
OvmfPkg/PeilessStartupLib: Find NCCFV in non-td guest
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4152
As described in BZ#4152, NCCFV includes the DXE phase drivers for non-cc
guest. PeilessStartupLib is updated to find NCCFV for non-cc guest.
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Signed-off-by: Min Xu <min.m...@intel.com>
Acked-by: Gerd Hoffmann <kra...@redhat.com>
Reviewed-by: Jiewen Yao <jiewen....@intel.com>
Compare: https://github.com/tianocore/edk2/compare/6c1988af7683...70d1481b559c
_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits
