On 03/11/2015 22:00, Laszlo Ersek wrote: > When the user builds OVMF with -D SMM_REQUIRE, our LockBox implementation > must not be used, since it doesn't actually protect data in the LockBox > from the runtime guest OS. Add an according assert to > LockBoxLibInitialize(). > > Furthermore, since our LockBox must not be selected with -D SMM_REQUIRE, > it makes sense to set aside memory for it only if -D SMM_REQUIRE is > absent. Modify InitializeRamRegions() accordingly. > > This patch completes the -D SMM_REQUIRE-related tweaking of the special > OVMF memory areas. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Laszlo Ersek <ler...@redhat.com> > --- > OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf | 3 ++ > OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf | 3 ++ > OvmfPkg/Library/LockBoxLib/LockBoxLib.c | 2 + > OvmfPkg/PlatformPei/MemDetect.c | 40 ++++++++++---------- > 4 files changed, 29 insertions(+), 19 deletions(-) > > diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf > b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf > index 7203d07..81c893e 100644 > --- a/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf > +++ b/OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf > @@ -42,3 +42,6 @@ [LibraryClasses] > [Pcd] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize > + > +[FeaturePcd] > + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire > diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf > b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf > index a4d27a5..08973a4 100644 > --- a/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf > +++ b/OvmfPkg/Library/LockBoxLib/LockBoxDxeLib.inf > @@ -43,3 +43,6 @@ [LibraryClasses] > [Pcd] > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize > + > +[FeaturePcd] > + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire > diff --git a/OvmfPkg/Library/LockBoxLib/LockBoxLib.c > b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c > index 89050ac..45481b9 100644 > --- a/OvmfPkg/Library/LockBoxLib/LockBoxLib.c > +++ b/OvmfPkg/Library/LockBoxLib/LockBoxLib.c > @@ -44,6 +44,8 @@ LockBoxLibInitialize ( > { > UINTN NumEntries; > > + ASSERT (!FeaturePcdGet (PcdSmmSmramRequire)); > + > if (PcdGet32 (PcdOvmfLockBoxStorageSize) < sizeof (LOCK_BOX_GLOBAL)) { > return RETURN_UNSUPPORTED; > } > diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c > index 1bdc2df..455fcbb 100644 > --- a/OvmfPkg/PlatformPei/MemDetect.c > +++ b/OvmfPkg/PlatformPei/MemDetect.c > @@ -407,25 +407,27 @@ InitializeRamRegions ( > } > > if (mBootMode != BOOT_ON_S3_RESUME) { > - // > - // Reserve the lock box storage area > - // > - // Since this memory range will be used on S3 resume, it must be > - // reserved as ACPI NVS. > - // > - // If S3 is unsupported, then various drivers might still write to the > - // LockBox area. We ought to prevent DXE from serving allocation requests > - // such that they would overlap the LockBox storage. > - // > - ZeroMem ( > - (VOID*)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase), > - (UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize) > - ); > - BuildMemoryAllocationHob ( > - (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase), > - (UINT64)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize), > - mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData > - ); > + if (!FeaturePcdGet (PcdSmmSmramRequire)) { > + // > + // Reserve the lock box storage area > + // > + // Since this memory range will be used on S3 resume, it must be > + // reserved as ACPI NVS. > + // > + // If S3 is unsupported, then various drivers might still write to the > + // LockBox area. We ought to prevent DXE from serving allocation > requests > + // such that they would overlap the LockBox storage. > + // > + ZeroMem ( > + (VOID*)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase), > + (UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize) > + ); > + BuildMemoryAllocationHob ( > + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageBase), > + (UINT64)(UINTN) PcdGet32 (PcdOvmfLockBoxStorageSize), > + mS3Supported ? EfiACPIMemoryNVS : EfiBootServicesData > + ); > + } > > if (FeaturePcdGet (PcdSmmSmramRequire)) { > UINT32 TsegSize; >
Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel