[edk2] [PATCH v2 edk2-platforms] Platform/ARM/Drivers: Add Nor Flash Driver
Refactor the existing ArmPlatformPkg NOR flash driver to be usable as a StandaloneMM library. Some of the functionality not required in StandaloneMM, such as the block layer, is removed. This allows storing of EFI variables on NOR flash which is accessible only via the MM STANDALONE mode software Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Changes since v1: - This is a next version of patch “[edk2] [PATCH 0/2] Allow use of ArmPlatformPkg NOR flash driver in StandaloneMM” https://lists.01.org/pipermail/edk2-devel/2019-February/036882.html https://lists.01.org/pipermail/edk2-devel/2019-February/036884.html https://lists.01.org/pipermail/edk2-devel/2019-February/036883.html - ArmPlatformPkg/Drivers/NorFlashDxe driver supports block I/O and disk I/O protocols. This driver is required in StandaloneMM but the block I/O and disk I/O protocols are not required in StandaloneMM. - Instead of removing support for block I/O and disk I/O protocols, add a new refactored nor flash driver in "Platform/ARM/Drivers" - Addressed all the comments from Ard Biesheuvel. Platform/ARM/Drivers/StandaloneMmNorFlash/NorFlash.c | 982 Platform/ARM/Drivers/StandaloneMmNorFlash/NorFlash.h | 326 +++ Platform/ARM/Drivers/StandaloneMmNorFlash/NorFlashFvb.c| 740 +++ Platform/ARM/Drivers/StandaloneMmNorFlash/NorFlashStandaloneMm.c | 250 + Platform/ARM/Drivers/StandaloneMmNorFlash/NorFlashStandaloneMm.inf | 68 ++ 5 files changed, 2366 insertions(+) diff --git a/Platform/ARM/Drivers/StandaloneMmNorFlash/NorFlash.c b/Platform/ARM/Drivers/StandaloneMmNorFlash/NorFlash.c new file mode 100644 index 000..4ba4fb5 --- /dev/null +++ b/Platform/ARM/Drivers/StandaloneMmNorFlash/NorFlash.c @@ -0,0 +1,982 @@ +/** @file NorFlash.c + + Copyright (c) 2019, ARM Ltd. All rights reserved. + + This program and the accompanying materials + are licensed and made available under the terms and conditions of the + BSD License which accompanies this distribution. The full text of the + license may be found at http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include +#include + +#include "NorFlash.h" + +STATIC +UINT32 +NorFlashReadStatusRegister ( + IN NOR_FLASH_INSTANCE *Instance, + IN UINTN SR_Address + ) +{ + // Prepare to read the status register + SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_STATUS_REGISTER); + return MmioRead32 (Instance->DeviceBaseAddress); +} + +STATIC +BOOLEAN +NorFlashBlockIsLocked ( + IN NOR_FLASH_INSTANCE *Instance, + IN UINTN BlockAddress + ) +{ + UINT32LockStatus; + + // Send command for reading device id + SEND_NOR_COMMAND (BlockAddress, 2, P30_CMD_READ_DEVICE_ID); + + // Read block lock status + LockStatus = MmioRead32 (CREATE_NOR_ADDRESS (BlockAddress, 2)); + + // Decode block lock status + LockStatus = FOLD_32BIT_INTO_16BIT (LockStatus); + + if ((LockStatus & 0x2) != 0) { +DEBUG ((DEBUG_ERROR, "NorFlashBlockIsLocked: WARNING: Block LOCKED DOWN\n")); + } + + return ((LockStatus & 0x1) != 0); +} + +STATIC +EFI_STATUS +NorFlashUnlockSingleBlock ( + IN NOR_FLASH_INSTANCE *Instance, + IN UINTN BlockAddress + ) +{ + UINT32LockStatus; + + // Raise the Task Priority Level to TPL_NOTIFY to serialise all its operations + // and to protect shared data structures. + + if (FeaturePcdGet (PcdNorFlashCheckBlockLocked) == TRUE) { +do { + // Request a lock setup + SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_LOCK_BLOCK_SETUP); + + // Request an unlock + SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_UNLOCK_BLOCK); + + // Send command for reading device id + SEND_NOR_COMMAND (BlockAddress, 2, P30_CMD_READ_DEVICE_ID); + + // Read block lock status + LockStatus = MmioRead32 (CREATE_NOR_ADDRESS (BlockAddress, 2)); + + // Decode block lock status + LockStatus = FOLD_32BIT_INTO_16BIT (LockStatus); +} while ((LockStatus & 0x1) == 1); + } else { +// Request a lock setup +SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_LOCK_BLOCK_SETUP); + +// Request an unlock +SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_UNLOCK_BLOCK); + +// Wait until the status register gives us the all clear +do { + LockStatus = NorFlashReadStatusRegister (Instance, BlockAddress); +} while ((LockStatus & P30_SR_BIT_WRITE) != P30_SR_BIT_WRITE); + } + + // Put device back into Read Array mode + SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_READ_ARRAY); + + DEBUG ((DEBUG_BLKIO, +"UnlockSingleBlock: BlockAddress=0x%08x\n&
Re: [edk2] [PATCH edk2-platforms 0/2] Platforms/ARM/SgiPkg: apply product names for sgiclarka and sgiclarkh platforms
On Fri, Mar 15, 2019 at 4:55 PM Ard Biesheuvel wrote: > > On Fri, 15 Mar 2019 at 12:17, Jagadeesh Ujja wrote: > > > > hi Ard, > > > > On Fri, Mar 15, 2019 at 4:14 PM Ard Biesheuvel > > wrote: > > > > > > On Fri, 15 Mar 2019 at 09:21, Jagadeesh Ujja > > > wrote: > > > > > > > > hi Ard/Leif > > > > > > > > Please let me know if you have any comments on this patch set > > > > > > > > > > HI Jagadeesh, > > > > > > What does RdE1Edge or RdN1Edge mean? > > > > RdE1Edge/RdN1Edge are new product name > > Rd stands for reference design. > > > > The Neoverse E1 Edge Reference Design > > The Neoverse N1 Edge Reference Design > > > > So 'reference design' is the name of the platform based on the > Neoverse E1 and N1, respectively? yes , 'reference design' is a class of platform, in which we have Neoverse E1/N1 cores support. Going forward other cores can come in > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH edk2-platforms 0/2] Platforms/ARM/SgiPkg: apply product names for sgiclarka and sgiclarkh platforms
hi Ard, On Fri, Mar 15, 2019 at 4:14 PM Ard Biesheuvel wrote: > > On Fri, 15 Mar 2019 at 09:21, Jagadeesh Ujja wrote: > > > > hi Ard/Leif > > > > Please let me know if you have any comments on this patch set > > > > HI Jagadeesh, > > What does RdE1Edge or RdN1Edge mean? RdE1Edge/RdN1Edge are new product name Rd stands for reference design. The Neoverse E1 Edge Reference Design The Neoverse N1 Edge Reference Design More details can be found in the below links https://pcfiend.com/2019/02/20/arm-announces-neoverse-n1-e1-platforms-cpus-enabling-a-huge-jump-in-infrastructure-performance/ https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/arm-neoverse-n1-platform-accelerating-the-transformation-to-a-scalable-cloud-to-edge-infrastructure https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/arm-neoverse-e1-platform-empowering-the-infrastructure-to-meet-next-generation-throughput-demands thanks Jagadeesh > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH edk2-platforms 0/2] Platforms/ARM/SgiPkg: apply product names for sgiclarka and sgiclarkh platforms
hi Ard/Leif Please let me know if you have any comments on this patch set thanks Jagadeesh On Tue, Mar On Wed, Mar 13, 2019 at 2:18 PM Jagadeesh Ujja wrote: > > hi Ard/Leif > > Please let me know if you have any comments on this patch > > thanks > Jagadeesh > On Tue, Mar 5, 2019 at 12:20 PM Jagadeesh Ujja wrote: > > > > This patchset updates the product names for SGI-Clark.Ares and > > SGI-Clark.Helios platforms. > > The first patch replaces all uses of sgiclarka with rdn1edge. > > The second patch replaces all use of sgiclarkh with rde1edge. > > > > Jagadeesh Ujja (2): > > Platforms/ARM/SgiPkg: Rename SgiClarkAres to RdN1Edge > > Platforms/ARM/SgiPkg: Rename SgiClarkHelios to RdE1Edge > > > > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Dsdt.asl > > | 66 ++-- > > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Madt.aslc > > | 0 > > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHeliosAcpiTables.inf => > > RdE1EdgeAcpiTables.inf} | 6 +- > > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Dsdt.asl > > | 16 ++--- > > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Madt.aslc > > | 16 ++--- > > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAresAcpiTables.inf => > > RdN1EdgeAcpiTables.inf} | 6 +- > > Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.c > > | 12 ++-- > > Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.inf > > | 4 +- > > Platform/ARM/SgiPkg/Include/SgiPlatform.h > > | 8 +-- > > Platform/ARM/SgiPkg/SgiPlatform.dec > > | 4 +- > > Platform/ARM/SgiPkg/SgiPlatform.dsc > > | 4 +- > > Platform/ARM/SgiPkg/SgiPlatform.fdf > > | 4 +- > > 12 files changed, 73 insertions(+), 73 deletions(-) > > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => > > RdE1Edge}/Dsdt.asl (68%) > > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => > > RdE1Edge}/Madt.aslc (100%) > > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHeliosAcpiTables.inf => > > RdE1EdgeAcpiTables.inf} (91%) > > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Dsdt.asl > > (85%) > > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Madt.aslc > > (93%) > > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAresAcpiTables.inf => > > RdN1EdgeAcpiTables.inf} (92%) > > > > -- > > 2.7.4 > > > > > > ___ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH edk2-platforms v2 0/3] Platform/ARM/SgiPkg: Implement StandaloneMm based secure boot
hi Ard/Leif Please let me know if you have any comments on this patch set thanks Jagadeesh On Tue, Mar On Tue, Mar 12, 2019 at 9:45 PM Jagadeesh Ujja wrote: > > Changes since v1: > - Addressed all the comments from Ard Biesheuvel. > > Integrating various pieces together so that the authenticated variable store > runs entirely in standalone MM context residing in a secure partition. > This primarily involves adding all required library and drivers to platform > specific .DSC and .FDF files. This creates separate Nor flash region which > is visible to only StandaoneMm drivers, this Nor Flash will co-exist along > with general Nor flash region. > > Jagadeesh Ujja (3): > Platform/ARM/Sgi: define nor2 flash controller memory map > Platform/ARM/Sgi: allow MM_STANDALONE modules to use > NorFlashPlatformLib > Platform/ARM/SgiPkg: add MM based UEFI secure boot support > > Platform/ARM/SgiPkg/Include/SgiPlatform.h | 4 ++ > Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c | 63 > > Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf | 33 > ++ > Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc| 34 > ++- > Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf| 5 ++ > Platform/ARM/SgiPkg/SgiPlatform.dsc | 18 > +- > Platform/ARM/SgiPkg/SgiPlatform.fdf | 7 ++- > 7 files changed, 161 insertions(+), 3 deletions(-) > create mode 100644 > Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c > create mode 100644 > Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf > > -- > 2.7.4 > > In-Reply-To: > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH edk2-platforms 0/2] Platforms/ARM/SgiPkg: apply product names for sgiclarka and sgiclarkh platforms
hi Ard/Leif Please let me know if you have any comments on this patch thanks Jagadeesh On Tue, Mar 5, 2019 at 12:20 PM Jagadeesh Ujja wrote: > > This patchset updates the product names for SGI-Clark.Ares and > SGI-Clark.Helios platforms. > The first patch replaces all uses of sgiclarka with rdn1edge. > The second patch replaces all use of sgiclarkh with rde1edge. > > Jagadeesh Ujja (2): > Platforms/ARM/SgiPkg: Rename SgiClarkAres to RdN1Edge > Platforms/ARM/SgiPkg: Rename SgiClarkHelios to RdE1Edge > > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Dsdt.asl >| 66 ++-- > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Madt.aslc >| 0 > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHeliosAcpiTables.inf => > RdE1EdgeAcpiTables.inf} | 6 +- > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Dsdt.asl >| 16 ++--- > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Madt.aslc >| 16 ++--- > Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAresAcpiTables.inf => > RdN1EdgeAcpiTables.inf} | 6 +- > Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.c >| 12 ++-- > Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.inf >| 4 +- > Platform/ARM/SgiPkg/Include/SgiPlatform.h >| 8 +-- > Platform/ARM/SgiPkg/SgiPlatform.dec >| 4 +- > Platform/ARM/SgiPkg/SgiPlatform.dsc >| 4 +- > Platform/ARM/SgiPkg/SgiPlatform.fdf >| 4 +- > 12 files changed, 73 insertions(+), 73 deletions(-) > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Dsdt.asl > (68%) > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Madt.aslc > (100%) > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHeliosAcpiTables.inf => > RdE1EdgeAcpiTables.inf} (91%) > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Dsdt.asl > (85%) > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Madt.aslc > (93%) > rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAresAcpiTables.inf => > RdN1EdgeAcpiTables.inf} (92%) > > -- > 2.7.4 > > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH edk2-platforms v2 3/3] Platform/ARM/SgiPkg: add MM based UEFI secure boot support
This implements support for UEFI secure boot on SGI platforms using the standalone MM framework. This moves all of the software handling of the UEFI authenticated variable store into the standalone MM context residing in a secure partition. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 34 +++- Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++ Platform/ARM/SgiPkg/SgiPlatform.dsc | 18 ++- Platform/ARM/SgiPkg/SgiPlatform.fdf | 7 +++- 4 files changed, 61 insertions(+), 3 deletions(-) diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc index 49fc919..b6aa90b 100644 --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc @@ -26,6 +26,7 @@ SKUID_IDENTIFIER = DEFAULT FLASH_DEFINITION = Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf DEFINE DEBUG_MESSAGE = TRUE + DEFINE SECURE_BOOT_ENABLE = FALSE # LzmaF86 DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889 @@ -83,7 +84,17 @@ HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf - +!if $(SECURE_BOOT_ENABLE) == TRUE + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + NorFlashPlatformLib|Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf +!endif # # Pcd Section - list of all EDK II PCD Entries defined by this Platform @@ -100,6 +111,21 @@ gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2 +!if $(SECURE_BOOT_ENABLE) == TRUE + #Secure Storage + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + + ## NV Storage - 1MB*3 in NOR2 Flash + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x1040 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x0010 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x1050 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x0010 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x1060 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x0010 +!endif + ### # # Components Section - list of the modules and components that will be processed by compilation @@ -125,6 +151,12 @@ StandaloneMmPkg/Core/StandaloneMmCore.inf [Components.AARCH64] +!if $(SECURE_BOOT_ENABLE) == TRUE + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +!endif + StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf ### diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf index 810460c..8c05a03 100644 --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf @@ -55,6 +55,11 @@ READ_LOCK_CAP = TRUE READ_LOCK_STATUS = TRUE INF StandaloneMmPkg/Core/StandaloneMmCore.inf +!if $(SECURE_BOOT_ENABLE) == TRUE + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +!endif INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dsc b/Platform/ARM/SgiPkg/SgiPlatform.dsc index bdb4ecb..4ddeb65 100644 --- a/Platform/ARM/SgiPkg/SgiPlatform.dsc +++ b/Platform/ARM/SgiPkg/SgiPlatform.dsc @@ -26,6 +26,7 @@ SKUID_IDENTIFIER = DEFAULT
[edk2] [PATCH edk2-platforms v2 2/3] Platform/ARM/Sgi: allow MM_STANDALONE modules to use NorFlashPlatformLib
“NorFlashPlatformLib” library can be used by MM_STANDALONE drivers as well. When used in MM mode, the third instance of the NOR flash is used as the non-volatile storage. This NOR flash instance is partitioned into two regions - first 4MB space is used for secure boot and next 3MB for secure variable storage Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c | 63 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf | 33 ++ 2 files changed, 96 insertions(+) diff --git a/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c new file mode 100644 index 000..06e3f97 --- /dev/null +++ b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c @@ -0,0 +1,63 @@ +/** @file + + Copyright (c) 2019, ARM Ltd. All rights reserved. + + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +#include +#include +#include +#include +#include + +STATIC NOR_FLASH_DESCRIPTION mNorFlashDevices[] = { + { +// Secure Boot storage space of 4MB +SGI_EXP_SMC_CS2_BASE, +SGI_EXP_SMC_CS2_BASE, +SIZE_256KB * 16, +SIZE_256KB, + }, + { +//Secure variable storage space of 1MB*3 +SGI_EXP_SMC_CS2_BASE, +SGI_EXP_SMC_CS2_BASE + SIZE_256KB * 16, +SIZE_256KB * 12, +SIZE_256KB, + }, +}; + +EFI_STATUS +NorFlashPlatformInitialization ( + VOID + ) +{ + UINT64 SysRegFlash; + + SysRegFlash = SGI_EXP_SYSPH_SYSTEM_REGISTERS + SGI_SYSPH_SYS_REG_FLASH; + MmioOr32 (SysRegFlash, SGI_SYSPH_SYS_REG_FLASH_RWEN); + return EFI_SUCCESS; +} + +EFI_STATUS +NorFlashPlatformGetDevices ( + OUT NOR_FLASH_DESCRIPTION **NorFlashDevices, + OUT UINT32 *Count + ) +{ + if ((NorFlashDevices == NULL) || (Count == NULL)) { +return EFI_INVALID_PARAMETER; + } + + *NorFlashDevices = mNorFlashDevices; + *Count = ARRAY_SIZE (mNorFlashDevices); + return EFI_SUCCESS; +} diff --git a/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf new file mode 100644 index 000..d24eb21 --- /dev/null +++ b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf @@ -0,0 +1,33 @@ +#/** @file +# +# Copyright (c) 2019, ARM Ltd. All rights reserved. + +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License which accompanies this +# distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +#**/ + +[Defines] + INF_VERSION= 0x0001001A + BASE_NAME = NorFlashSgiLib + FILE_GUID = 2ce22190-b933-4d1e-99ba-8bf1f0768255 + MODULE_TYPE= BASE + LIBRARY_CLASS = NorFlashPlatformLib + +[Sources.common] + StandaloneMmNorFlashLib.c + +[Packages] + ArmPlatformPkg/ArmPlatformPkg.dec + MdePkg/MdePkg.dec + Platform/ARM/SgiPkg/SgiPlatform.dec + +[LibraryClasses] + BaseLib + DebugLib + IoLib -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH edk2-platforms v2 1/3] Platform/ARM/Sgi: define nor2 flash controller memory map
Add the definitions of NOR2 flash controller memory map. The NO2 flash can be used as an additional non-volatile storage by non-secure code or used as a non-volatile storage for secure variables by the StandaloneMM. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja Reviewed-by: Ard Biesheuvel --- Platform/ARM/SgiPkg/Include/SgiPlatform.h | 4 1 file changed, 4 insertions(+) diff --git a/Platform/ARM/SgiPkg/Include/SgiPlatform.h b/Platform/ARM/SgiPkg/Include/SgiPlatform.h index b9a662a..2a7b79d 100644 --- a/Platform/ARM/SgiPkg/Include/SgiPlatform.h +++ b/Platform/ARM/SgiPkg/Include/SgiPlatform.h @@ -27,6 +27,10 @@ #define SGI_EXP_SMC_CS1_BASE 0x0C00 #define SGI_EXP_SMC_CS1_SZSIZE_64MB +// Expansion AXI - SMC Chip Select 2 +#define SGI_EXP_SMC_CS2_BASE 0x1000 +#define SGI_EXP_SMC_CS2_SZSIZE_64MB + // Expansion AXI - SMSC 91C111 (Ethernet) #define SGI_EXP_SMSC91X_BASE 0x1800 #define SGI_EXP_SMSC91X_SZSIZE_64MB -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH edk2-platforms v2 0/3] Platform/ARM/SgiPkg: Implement StandaloneMm based secure boot
Changes since v1: - Addressed all the comments from Ard Biesheuvel. Integrating various pieces together so that the authenticated variable store runs entirely in standalone MM context residing in a secure partition. This primarily involves adding all required library and drivers to platform specific .DSC and .FDF files. This creates separate Nor flash region which is visible to only StandaoneMm drivers, this Nor Flash will co-exist along with general Nor flash region. Jagadeesh Ujja (3): Platform/ARM/Sgi: define nor2 flash controller memory map Platform/ARM/Sgi: allow MM_STANDALONE modules to use NorFlashPlatformLib Platform/ARM/SgiPkg: add MM based UEFI secure boot support Platform/ARM/SgiPkg/Include/SgiPlatform.h | 4 ++ Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c | 63 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf | 33 ++ Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc| 34 ++- Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf| 5 ++ Platform/ARM/SgiPkg/SgiPlatform.dsc | 18 +- Platform/ARM/SgiPkg/SgiPlatform.fdf | 7 ++- 7 files changed, 161 insertions(+), 3 deletions(-) create mode 100644 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c create mode 100644 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf -- 2.7.4 In-Reply-To: ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v3] StandaloneMmPkg/Library: Install Variable Arch Protocol
On Tue, Mar 5, 2019 at 7:39 PM Jagadeesh Ujja wrote: > Adding Achin, Jiewen > hi Jiewen, Achin > > On Mon, Mar 4, 2019 at 4:16 PM Ard Biesheuvel > wrote: > > > > (add StandaloneMmPkg maintainers) > > > Please let me know if you have any comments on this patch > > > On Mon, 4 Mar 2019 at 09:54, Jagadeesh Ujja wrote: > > > > > > In a system implementing the variable store in MM, there are no variable > > > arch protocol and variable write arch protocol installed into the > > > DXE_SMM protocol database. On such systems, it is not required to > > > locate these protocols by the DXE runtime variable drivers because > > > it can be assumed that these protocols are already installed in the > > > MM context. But then such an implementation will deviate from the > > > existing traditional MM based variable driver implementation. > > > > > > So in order to maintain consistency with the traditional MM variable > > > driver implementation, allow platforms to install these protocols into > > > the DXE protocol database but these protocol will not be consumed > > > by non-secure variable service runtime driver. > > > > > > The Platform which uses StandaloneMM based secure variable storage > > > have to include this library > > > > > > Example > > > In edk2-platforms/Platform/ARM/SgiPkg/SgiPlatform.dsc > > > > > > ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf { > > > > > > > > > NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf > > > } > > > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > > Signed-off-by: Jagadeesh Ujja > > > > Reviewed-by: Ard Biesheuvel > > > > > --- > > > Changes since v2: > > > - Addressed the comments from Ard Biesheuvel and Zeng Star > > > > > > Changes since v1: > > > - This is a next version of patch > > >“MdeModulePkg/VariableSmmRuntimeDxe: Refactor locating Variable Arch > > > Protocol”. > > >[https://lists.01.org/pipermail/edk2-devel/2019-February/036885.html] > > > - Addressed the comments from Ard Biesheuvel and Zeng Star > > > - Can this library be placed in MdePkg rather then the StandaloneMmPkg? > > > > > > StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c | > > > 54 > > > StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf | > > > 46 + > > > 2 files changed, 100 insertions(+) > > > > > > diff --git > > > a/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c > > > b/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c > > > new file mode 100644 > > > index 000..7e0f31b > > > --- /dev/null > > > +++ b/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c > > > @@ -0,0 +1,54 @@ > > > +/** @file > > > + Runtime DXE part corresponding to StanaloneMM variable module. > > > + > > > +This module installs variable arch protocol and variable write arch > > > protocol > > > +to StandaloneMM runtime variable service. > > > + > > > +Copyright (c) 2019, ARM Ltd. All rights reserved. > > > + > > > +This program and the accompanying materials > > > +are licensed and made available under the terms and conditions of the > > > BSD License > > > +which accompanies this distribution. The full text of the license may > > > be found at > > > +http://opensource.org/licenses/bsd-license.php. > > > + > > > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > > > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > > > IMPLIED. > > > + > > > +**/ > > > + > > > +#include > > > +#include > > > + > > > +/** > > > + The constructor function installs variable arch protocol and variable > > > + write arch protocol to StandaloneMM runtime variable service > > > + > > > + @param ImageHandle The firmware allocated handle for the EFI image. > > > + @param SystemTable A pointer to the Management mode System Table. > > > + > > > + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. > > > + > > > +**/ > > > +EFI_STATUS > > > +EFIAPI > > > +VariableMmDepende
Re: [edk2] [PATCH v3] StandaloneMmPkg/Library: Install Variable Arch Protocol
hi Jiewen, Achin On Mon, Mar 4, 2019 at 4:16 PM Ard Biesheuvel wrote: > > (add StandaloneMmPkg maintainers) > Please let me know if you have any comments on this patch > On Mon, 4 Mar 2019 at 09:54, Jagadeesh Ujja wrote: > > > > In a system implementing the variable store in MM, there are no variable > > arch protocol and variable write arch protocol installed into the > > DXE_SMM protocol database. On such systems, it is not required to > > locate these protocols by the DXE runtime variable drivers because > > it can be assumed that these protocols are already installed in the > > MM context. But then such an implementation will deviate from the > > existing traditional MM based variable driver implementation. > > > > So in order to maintain consistency with the traditional MM variable > > driver implementation, allow platforms to install these protocols into > > the DXE protocol database but these protocol will not be consumed > > by non-secure variable service runtime driver. > > > > The Platform which uses StandaloneMM based secure variable storage > > have to include this library > > > > Example > > In edk2-platforms/Platform/ARM/SgiPkg/SgiPlatform.dsc > > > > ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf { > > > > > > NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf > > } > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Jagadeesh Ujja > > Reviewed-by: Ard Biesheuvel > > > --- > > Changes since v2: > > - Addressed the comments from Ard Biesheuvel and Zeng Star > > > > Changes since v1: > > - This is a next version of patch > >“MdeModulePkg/VariableSmmRuntimeDxe: Refactor locating Variable Arch > > Protocol”. > >[https://lists.01.org/pipermail/edk2-devel/2019-February/036885.html] > > - Addressed the comments from Ard Biesheuvel and Zeng Star > > - Can this library be placed in MdePkg rather then the StandaloneMmPkg? > > > > StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c | 54 > > > > StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf | 46 > > + > > 2 files changed, 100 insertions(+) > > > > diff --git > > a/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c > > b/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c > > new file mode 100644 > > index 000..7e0f31b > > --- /dev/null > > +++ b/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c > > @@ -0,0 +1,54 @@ > > +/** @file > > + Runtime DXE part corresponding to StanaloneMM variable module. > > + > > +This module installs variable arch protocol and variable write arch > > protocol > > +to StandaloneMM runtime variable service. > > + > > +Copyright (c) 2019, ARM Ltd. All rights reserved. > > + > > +This program and the accompanying materials > > +are licensed and made available under the terms and conditions of the BSD > > License > > +which accompanies this distribution. The full text of the license may be > > found at > > +http://opensource.org/licenses/bsd-license.php. > > + > > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > > IMPLIED. > > + > > +**/ > > + > > +#include > > +#include > > + > > +/** > > + The constructor function installs variable arch protocol and variable > > + write arch protocol to StandaloneMM runtime variable service > > + > > + @param ImageHandle The firmware allocated handle for the EFI image. > > + @param SystemTable A pointer to the Management mode System Table. > > + > > + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +VariableMmDependencyLibConstructor ( > > + IN EFI_HANDLE ImageHandle, > > + IN EFI_SYSTEM_TABLE *SystemTable > > + ) > > +{ > > + EFI_STATUSStatus; > > + EFI_HANDLEHandle; > > + > > + Handle = NULL; > > + Status = gBS->InstallMultipleProtocolInterfaces ( > > + , > > + , > > + NULL, > > + , > > + NULL, > > + NULL > > + ); >
[edk2] [PATCH edk2-platforms 2/2] Platforms/ARM/SgiPkg: Rename SgiClarkHelios to RdE1Edge
Replace all usage of 'SgiClark' with 'RdN1E1Edge' and 'SgiClarkHelios with 'RdE1Edge' as per the updated product names. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Dsdt.asl | 66 ++-- Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Madt.aslc | 0 Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHeliosAcpiTables.inf => RdE1EdgeAcpiTables.inf} | 6 +- Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.c | 4 +- Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.inf | 2 +- Platform/ARM/SgiPkg/Include/SgiPlatform.h | 2 +- Platform/ARM/SgiPkg/SgiPlatform.dec | 2 +- Platform/ARM/SgiPkg/SgiPlatform.dsc | 2 +- Platform/ARM/SgiPkg/SgiPlatform.fdf | 2 +- 9 files changed, 43 insertions(+), 43 deletions(-) diff --git a/Platform/ARM/SgiPkg/AcpiTables/SgiClarkHelios/Dsdt.asl b/Platform/ARM/SgiPkg/AcpiTables/RdE1Edge/Dsdt.asl similarity index 68% rename from Platform/ARM/SgiPkg/AcpiTables/SgiClarkHelios/Dsdt.asl rename to Platform/ARM/SgiPkg/AcpiTables/RdE1Edge/Dsdt.asl index 7cfc419..c2f2dfb 100644 --- a/Platform/ARM/SgiPkg/AcpiTables/SgiClarkHelios/Dsdt.asl +++ b/Platform/ARM/SgiPkg/AcpiTables/RdE1Edge/Dsdt.asl @@ -20,195 +20,195 @@ DefinitionBlock ("DsdtTable.aml", "DSDT", 1, "ARMLTD", "ARMSGI", EFI_ACPI_ARM_OEM_REVISION) { Scope (_SB) { // -// HeliosCores 8X2 Processor declaration +// Neoverse-E1 8X2 Processor declaration // -Device (CP00) { // HeliosCore: Cluster 0, Cpu 0, Thread 0 +Device (CP00) { // Neoverse-E1: Cluster 0, Cpu 0, Thread 0 Name (_HID, "ACPI0007") Name (_UID, 0) Name (_STA, 0xF) } -Device (CP01) { // HeliosCore: Cluster 0, Cpu 0, Thread 1 +Device (CP01) { // Neoverse-E1: Cluster 0, Cpu 0, Thread 1 Name (_HID, "ACPI0007") Name (_UID, 1) Name (_STA, 0xF) } -Device (CP02) { // HeliosCore: Cluster 0, Cpu 1, Thread 0 +Device (CP02) { // Neoverse-E1: Cluster 0, Cpu 1, Thread 0 Name (_HID, "ACPI0007") Name (_UID, 2) Name (_STA, 0xF) } -Device (CP03) { // HeliosCore: Cluster 0, Cpu 1, Thread 1 +Device (CP03) { // Neoverse-E1: Cluster 0, Cpu 1, Thread 1 Name (_HID, "ACPI0007") Name (_UID, 3) Name (_STA, 0xF) } -Device (CP04) { // HeliosCore: Cluster 0, Cpu 2, Thread 0 +Device (CP04) { // Neoverse-E1: Cluster 0, Cpu 2, Thread 0 Name (_HID, "ACPI0007") Name (_UID, 4) Name (_STA, 0xF) } -Device (CP05) { // HeliosCore: Cluster 0, Cpu 2, Thread 1 +Device (CP05) { // Neoverse-E1: Cluster 0, Cpu 2, Thread 1 Name (_HID, "ACPI0007") Name (_UID, 5) Name (_STA, 0xF) } -Device (CP06) { // HeliosCore: Cluster 0, Cpu 3, Thread 0 +Device (CP06) { // Neoverse-E1: Cluster 0, Cpu 3, Thread 0 Name (_HID, "ACPI0007") Name (_UID, 6) Name (_STA, 0xF) } -Device (CP07) { // HeliosCore: Cluster 0, Cpu 3, Thread 1 +Device (CP07) { // Neoverse-E1: Cluster 0, Cpu 3, Thread 1 Name (_HID, "ACPI0007") Name (_UID, 7) Name (_STA, 0xF) } -Device (CP08) { // HeliosCore: Cluster 0, Cpu 4, Thread 0 +Device (CP08) { // Neoverse-E1: Cluster 0, Cpu 4, Thread 0 Name (_HID, "ACPI0007") Name (_UID, 8) Name (_STA, 0xF) } -Device (CP09) { // HeliosCore: Cluster 0, Cpu 4, Thread 1 +Device (CP09) { // Neoverse-E1: Cluster 0, Cpu 4, Thread 1 Name (_HID, "ACPI0007") Name (_UID, 9) Name (_STA, 0xF) } -Device (CP10) { // HeliosCore: Cluster 0, Cpu 5, Thread 0 +Device (CP10) { // Neoverse-E1: Cluster 0, Cpu 5, Thread 0 Name (_HID, "ACPI0007") Name (_UID, 10) Name (_STA, 0xF) } -Device (CP11) { // HeliosCore: Cluster 0, Cpu 5, Thread 1 +Device (CP11) { // Neoverse-E1: Cluster 0, Cpu 5, Thread 1 Name (_HID, "ACPI0007") Name (_UID, 11) Name (_STA, 0xF) } -Device (CP12) { // HeliosCore: Cluster 0, Cpu 6, Thread 0 +Device (CP12) { // Neoverse-E1: Cluster 0, Cpu 6, Thread 0 Name (_HID, "ACPI0007") Name (_UID, 12) Name (_STA, 0xF) } -Device (CP13) { // HeliosCore: Cluster 0, Cpu 6, Thread 1 +Device (CP13) { // Neoverse-E1: Cluster 0, Cpu 6, Thread 1 Name (_HID, "ACPI0007") Name (_UID, 13) Name (_STA,
[edk2] [PATCH edk2-platforms 1/2] Platforms/ARM/SgiPkg: Rename SgiClarkAres to RdN1Edge
Replace all usage of 'SgiClark' with 'RdN1E1Edge' and 'SgiClarkAres' with 'RdN1Edge' as per the updated product names. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Dsdt.asl | 16 Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Madt.aslc | 16 Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAresAcpiTables.inf => RdN1EdgeAcpiTables.inf} | 6 +++--- Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.c | 8 Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.inf | 2 +- Platform/ARM/SgiPkg/Include/SgiPlatform.h | 6 +++--- Platform/ARM/SgiPkg/SgiPlatform.dec | 2 +- Platform/ARM/SgiPkg/SgiPlatform.dsc | 2 +- Platform/ARM/SgiPkg/SgiPlatform.fdf | 2 +- 9 files changed, 30 insertions(+), 30 deletions(-) diff --git a/Platform/ARM/SgiPkg/AcpiTables/SgiClarkAres/Dsdt.asl b/Platform/ARM/SgiPkg/AcpiTables/RdN1Edge/Dsdt.asl similarity index 85% rename from Platform/ARM/SgiPkg/AcpiTables/SgiClarkAres/Dsdt.asl rename to Platform/ARM/SgiPkg/AcpiTables/RdN1Edge/Dsdt.asl index 69dc33c..9226229 100644 --- a/Platform/ARM/SgiPkg/AcpiTables/SgiClarkAres/Dsdt.asl +++ b/Platform/ARM/SgiPkg/AcpiTables/RdN1Edge/Dsdt.asl @@ -20,49 +20,49 @@ DefinitionBlock ("DsdtTable.aml", "DSDT", 1, "ARMLTD", "ARMSGI", EFI_ACPI_ARM_OEM_REVISION) { Scope (_SB) { -Device (CP00) { // Ares: Cluster 0, Cpu 0 +Device (CP00) { // Neoverse-N1: Cluster 0, Cpu 0 Name (_HID, "ACPI0007") Name (_UID, 0) Name (_STA, 0xF) } -Device (CP01) { // Ares: Cluster 0, Cpu 1 +Device (CP01) { // Neoverse-N1: Cluster 0, Cpu 1 Name (_HID, "ACPI0007") Name (_UID, 1) Name (_STA, 0xF) } -Device (CP02) { // Ares: Cluster 0, Cpu 2 +Device (CP02) { // Neoverse-N1: Cluster 0, Cpu 2 Name (_HID, "ACPI0007") Name (_UID, 2) Name (_STA, 0xF) } -Device (CP03) { // Ares: Cluster 0, Cpu 3 +Device (CP03) { // Neoverse-N1: Cluster 0, Cpu 3 Name (_HID, "ACPI0007") Name (_UID, 3) Name (_STA, 0xF) } -Device (CP04) { // Ares: Cluster 1, Cpu 0 +Device (CP04) { // Neoverse-N1: Cluster 1, Cpu 0 Name (_HID, "ACPI0007") Name (_UID, 4) Name (_STA, 0xF) } -Device (CP05) { // Ares: Cluster 1, Cpu 1 +Device (CP05) { // Neoverse-N1: Cluster 1, Cpu 1 Name (_HID, "ACPI0007") Name (_UID, 5) Name (_STA, 0xF) } -Device (CP06) { // Ares: Cluster 1, Cpu 2 +Device (CP06) { // Neoverse-N1: Cluster 1, Cpu 2 Name (_HID, "ACPI0007") Name (_UID, 6) Name (_STA, 0xF) } -Device (CP07) { // Ares: Cluster 1, Cpu 3 +Device (CP07) { // Neoverse-N1: Cluster 1, Cpu 3 Name (_HID, "ACPI0007") Name (_UID, 7) Name (_STA, 0xF) diff --git a/Platform/ARM/SgiPkg/AcpiTables/SgiClarkAres/Madt.aslc b/Platform/ARM/SgiPkg/AcpiTables/RdN1Edge/Madt.aslc similarity index 93% rename from Platform/ARM/SgiPkg/AcpiTables/SgiClarkAres/Madt.aslc rename to Platform/ARM/SgiPkg/AcpiTables/RdN1Edge/Madt.aslc index f60b62d..d29eda5 100644 --- a/Platform/ARM/SgiPkg/AcpiTables/SgiClarkAres/Madt.aslc +++ b/Platform/ARM/SgiPkg/AcpiTables/RdN1Edge/Madt.aslc @@ -120,36 +120,36 @@ STATIC EFI_ACPI_6_2_MULTIPLE_APIC_DESCRIPTION_TABLE Madt = { // Efficiency) // Note: The GIC Structure of the primary CPU must be the first entry // (see note in 5.2.12.14 GICC Structure of ACPI v6.2). -EFI_ACPI_6_2_GICC_STRUCTURE_INIT( // Ares-0 +EFI_ACPI_6_2_GICC_STRUCTURE_INIT( // Neoverse-N1-0 0, 0, GET_MPID(0x0, 0x0), EFI_ACPI_6_2_GIC_ENABLED, 23, FixedPcdGet32 (PcdGicDistributorBase), 0x2c02, 0x2c01, 25, 0 /* GicRBase */, 0 /* Efficiency */), -EFI_ACPI_6_2_GICC_STRUCTURE_INIT( // Ares-1 +EFI_ACPI_6_2_GICC_STRUCTURE_INIT( // Neoverse-N1-1 0, 1, GET_MPID(0x0, 0x100), EFI_ACPI_6_2_GIC_ENABLED, 23, FixedPcdGet32 (PcdGicDistributorBase), 0x2c02, 0x2c01, 25, 0 /* GicRBase */, 0 /* Efficiency */), -EFI_ACPI_6_2_GICC_STRUCTURE_INIT( // Ares-2 +EFI_ACPI_6_2_GICC_STRUCTURE_INIT( // Neoverse-N1-2 0, 2, GET_MPID(0x0, 0x200), EFI_ACPI_6_2_GIC_ENABLED, 23, FixedPcdGet32 (PcdGicDistributorBase), 0x2c02, 0x2c01, 25, 0 /* GicRBase */, 0 /* Efficiency */), -EFI_ACPI_6_2_GICC_STRUCTURE_INIT( // Ares-3 +EFI_ACPI_6_2_GICC_STRUCTURE_IN
[edk2] [PATCH edk2-platforms 0/2] Platforms/ARM/SgiPkg: apply product names for sgiclarka and sgiclarkh platforms
This patchset updates the product names for SGI-Clark.Ares and SGI-Clark.Helios platforms. The first patch replaces all uses of sgiclarka with rdn1edge. The second patch replaces all use of sgiclarkh with rde1edge. Jagadeesh Ujja (2): Platforms/ARM/SgiPkg: Rename SgiClarkAres to RdN1Edge Platforms/ARM/SgiPkg: Rename SgiClarkHelios to RdE1Edge Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Dsdt.asl | 66 ++-- Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Madt.aslc | 0 Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHeliosAcpiTables.inf => RdE1EdgeAcpiTables.inf} | 6 +- Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Dsdt.asl | 16 ++--- Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Madt.aslc | 16 ++--- Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAresAcpiTables.inf => RdN1EdgeAcpiTables.inf} | 6 +- Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.c | 12 ++-- Platform/ARM/SgiPkg/Drivers/PlatformDxe/PlatformDxe.inf | 4 +- Platform/ARM/SgiPkg/Include/SgiPlatform.h | 8 +-- Platform/ARM/SgiPkg/SgiPlatform.dec | 4 +- Platform/ARM/SgiPkg/SgiPlatform.dsc | 4 +- Platform/ARM/SgiPkg/SgiPlatform.fdf | 4 +- 12 files changed, 73 insertions(+), 73 deletions(-) rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Dsdt.asl (68%) rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHelios => RdE1Edge}/Madt.aslc (100%) rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkHeliosAcpiTables.inf => RdE1EdgeAcpiTables.inf} (91%) rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Dsdt.asl (85%) rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAres => RdN1Edge}/Madt.aslc (93%) rename Platform/ARM/SgiPkg/AcpiTables/{SgiClarkAresAcpiTables.inf => RdN1EdgeAcpiTables.inf} (92%) -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH edk2-platforms 3/3] Platform/ARM/SgiPkg: add MM based UEFI secure boot support
This implements support for UEFI secure boot on SGI platforms using the standalone MM framework. This moves all of the software handling of the UEFI authenticated variable store into the standalone MM context residing in a secure partition. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 33 +++- Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf | 5 +++ Platform/ARM/SgiPkg/SgiPlatform.dsc | 18 ++- Platform/ARM/SgiPkg/SgiPlatform.fdf | 9 +- 4 files changed, 62 insertions(+), 3 deletions(-) diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc index 65dd6ac..889be2f 100644 --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc @@ -75,7 +75,17 @@ HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf - +!if $(MM_SECURE_STORAGE_ENABLE) == TRUE + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + NorFlashPlatformLib|Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf +!endif # # Pcd Section - list of all EDK II PCD Entries defined by this Platform @@ -93,6 +103,21 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x7FF7 gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200 +!if $(MM_SECURE_STORAGE_ENABLE) == TRUE + #Secure Storage + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 + + ## NV Storage - 1MB*3 in NOR2 Flash + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x1040 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x0010 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x1050 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x0010 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x1060 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x0010 +!endif + ### # # Components Section - list of the modules and components that will be processed by compilation @@ -118,6 +143,12 @@ StandaloneMmPkg/Core/StandaloneMmCore.inf [Components.AARCH64] +!if $(MM_SECURE_STORAGE_ENABLE) == TRUE + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +!endif + StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf ### diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf index 810460c..04aa5cd 100644 --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf @@ -55,6 +55,11 @@ READ_LOCK_CAP = TRUE READ_LOCK_STATUS = TRUE INF StandaloneMmPkg/Core/StandaloneMmCore.inf +!if $(MM_SECURE_STORAGE_ENABLE) == TRUE + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +!endif INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf diff --git a/Platform/ARM/SgiPkg/SgiPlatform.dsc b/Platform/ARM/SgiPkg/SgiPlatform.dsc index bdb4ecb..cba2e1f 100644 --- a/Platform/ARM/SgiPkg/SgiPlatform.dsc +++ b/Platform/ARM/SgiPkg/SgiPlatform.dsc @@ -260,7 +260,15 @@ MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf +!if $(SECURE_BOOT_ENABLE) == TRUE + MdeModulePkg/Universal
[edk2] [PATCH edk2-platforms 2/3] Platform/ARM/Sgi: allow MM_STANDALONE modules to use NorFlashPlatformLib
“NorFlashPlatformLib” library can be used by MM_STANDALONE drivers as well. When used in MM mode, the third instance of the NOR flash is used as the non-volatile storage. This NOR flash instance is partitioned into two regions - first 4MB space is used for secure boot and next 3MB for secure variable storage Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c | 63 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf | 35 +++ 2 files changed, 98 insertions(+) diff --git a/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c new file mode 100644 index 000..06e3f97 --- /dev/null +++ b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c @@ -0,0 +1,63 @@ +/** @file + + Copyright (c) 2019, ARM Ltd. All rights reserved. + + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +#include +#include +#include +#include +#include + +STATIC NOR_FLASH_DESCRIPTION mNorFlashDevices[] = { + { +// Secure Boot storage space of 4MB +SGI_EXP_SMC_CS2_BASE, +SGI_EXP_SMC_CS2_BASE, +SIZE_256KB * 16, +SIZE_256KB, + }, + { +//Secure variable storage space of 1MB*3 +SGI_EXP_SMC_CS2_BASE, +SGI_EXP_SMC_CS2_BASE + SIZE_256KB * 16, +SIZE_256KB * 12, +SIZE_256KB, + }, +}; + +EFI_STATUS +NorFlashPlatformInitialization ( + VOID + ) +{ + UINT64 SysRegFlash; + + SysRegFlash = SGI_EXP_SYSPH_SYSTEM_REGISTERS + SGI_SYSPH_SYS_REG_FLASH; + MmioOr32 (SysRegFlash, SGI_SYSPH_SYS_REG_FLASH_RWEN); + return EFI_SUCCESS; +} + +EFI_STATUS +NorFlashPlatformGetDevices ( + OUT NOR_FLASH_DESCRIPTION **NorFlashDevices, + OUT UINT32 *Count + ) +{ + if ((NorFlashDevices == NULL) || (Count == NULL)) { +return EFI_INVALID_PARAMETER; + } + + *NorFlashDevices = mNorFlashDevices; + *Count = ARRAY_SIZE (mNorFlashDevices); + return EFI_SUCCESS; +} diff --git a/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf new file mode 100644 index 000..eedfacc --- /dev/null +++ b/Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf @@ -0,0 +1,35 @@ +#/** @file +# +# Copyright (c) 2019, ARM Ltd. All rights reserved. + +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License which accompanies this +# distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +#**/ + +[Defines] + INF_VERSION= 0x0001001A + BASE_NAME = NorFlashSgiLib + FILE_GUID = 2ce22190-b933-4d1e-99ba-8bf1f0768255 + MODULE_TYPE= MM_STANDALONE + VERSION_STRING = 1.0 + PI_SPECIFICATION_VERSION = 0x00010032 + LIBRARY_CLASS = NorFlashPlatformLib + +[Sources.common] + StandaloneMmNorFlashLib.c + +[Packages] + ArmPlatformPkg/ArmPlatformPkg.dec + MdePkg/MdePkg.dec + Platform/ARM/SgiPkg/SgiPlatform.dec + +[LibraryClasses] + BaseLib + DebugLib + IoLib -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH edk2-platforms 1/3] Platform/ARM/Sgi: define nor2 flash controller memory map
Add the definitions of NOR2 flash controller memory map. The NO2 flash can be used as an additional non-volatile storage by non-secure code or used as a non-volatile storage for secure variables by the StandaloneMM. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Platform/ARM/SgiPkg/Include/SgiPlatform.h | 4 1 file changed, 4 insertions(+) diff --git a/Platform/ARM/SgiPkg/Include/SgiPlatform.h b/Platform/ARM/SgiPkg/Include/SgiPlatform.h index b9a662a..2a7b79d 100644 --- a/Platform/ARM/SgiPkg/Include/SgiPlatform.h +++ b/Platform/ARM/SgiPkg/Include/SgiPlatform.h @@ -27,6 +27,10 @@ #define SGI_EXP_SMC_CS1_BASE 0x0C00 #define SGI_EXP_SMC_CS1_SZSIZE_64MB +// Expansion AXI - SMC Chip Select 2 +#define SGI_EXP_SMC_CS2_BASE 0x1000 +#define SGI_EXP_SMC_CS2_SZSIZE_64MB + // Expansion AXI - SMSC 91C111 (Ethernet) #define SGI_EXP_SMSC91X_BASE 0x1800 #define SGI_EXP_SMSC91X_SZSIZE_64MB -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH edk2-platforms 0/3] Platform/ARM/SgiPkg: Implement StandaloneMm based secure boot
Integrating various pieces together so that the authenticated variable store runs entirely in standalone MM context residing in a secure partition. This primarily involves adding all required library and drivers to platform specific .DSC and .FDF files. This creates separate Nor flash region which is visible to only StandaoneMm drivers, this Nor Flash will co-exist along with general Nor flash region. Jagadeesh Ujja (3): Platform/ARM/Sgi: define nor2 flash controller memory map Platform/ARM/Sgi: allow MM_STANDALONE modules to use NorFlashPlatformLib Platform/ARM/SgiPkg: add MM based UEFI secure boot support Platform/ARM/SgiPkg/Include/SgiPlatform.h | 4 ++ Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c | 63 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf | 35 +++ Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc| 33 +- Platform/ARM/SgiPkg/PlatformStandaloneMm.fdf| 5 ++ Platform/ARM/SgiPkg/SgiPlatform.dsc | 18 +- Platform/ARM/SgiPkg/SgiPlatform.fdf | 9 ++- 7 files changed, 164 insertions(+), 3 deletions(-) create mode 100644 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.c create mode 100644 Platform/ARM/SgiPkg/Library/NorFlashLib/StandaloneMmNorFlashLib.inf -- 2.7.4 In-Reply-To: ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v3] StandaloneMmPkg/Library: Install Variable Arch Protocol
In a system implementing the variable store in MM, there are no variable arch protocol and variable write arch protocol installed into the DXE_SMM protocol database. On such systems, it is not required to locate these protocols by the DXE runtime variable drivers because it can be assumed that these protocols are already installed in the MM context. But then such an implementation will deviate from the existing traditional MM based variable driver implementation. So in order to maintain consistency with the traditional MM variable driver implementation, allow platforms to install these protocols into the DXE protocol database but these protocol will not be consumed by non-secure variable service runtime driver. The Platform which uses StandaloneMM based secure variable storage have to include this library Example In edk2-platforms/Platform/ARM/SgiPkg/SgiPlatform.dsc ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf { NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf } Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Changes since v2: - Addressed the comments from Ard Biesheuvel and Zeng Star Changes since v1: - This is a next version of patch “MdeModulePkg/VariableSmmRuntimeDxe: Refactor locating Variable Arch Protocol”. [https://lists.01.org/pipermail/edk2-devel/2019-February/036885.html] - Addressed the comments from Ard Biesheuvel and Zeng Star - Can this library be placed in MdePkg rather then the StandaloneMmPkg? StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c | 54 StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf | 46 + 2 files changed, 100 insertions(+) diff --git a/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c b/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c new file mode 100644 index 000..7e0f31b --- /dev/null +++ b/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.c @@ -0,0 +1,54 @@ +/** @file + Runtime DXE part corresponding to StanaloneMM variable module. + +This module installs variable arch protocol and variable write arch protocol +to StandaloneMM runtime variable service. + +Copyright (c) 2019, ARM Ltd. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +/** + The constructor function installs variable arch protocol and variable + write arch protocol to StandaloneMM runtime variable service + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the Management mode System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +VariableMmDependencyLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUSStatus; + EFI_HANDLEHandle; + + Handle = NULL; + Status = gBS->InstallMultipleProtocolInterfaces ( + , + , + NULL, + , + NULL, + NULL + ); + ASSERT_EFI_ERROR (Status); + return EFI_SUCCESS; +} + diff --git a/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf b/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf new file mode 100644 index 000..e71c44d --- /dev/null +++ b/StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf @@ -0,0 +1,46 @@ +## @file +# Runtime DXE part corresponding to StanaloneMM variable module. +# +# This module installs variable arch protocol and variable write arch protocol +# to StandaloneMM runtime variable service. +# +# Copyright (c) 2019, ARM Ltd. All rights reserved. +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION= 0x0001001A + BASE_NAME = VariableMmDependency + FILE_GUID = 64BC4129-778E-4867-BA07-13999A4DEC3F + MODULE_TYPE= DXE_DRIVER + LIBRARY_CLASS
[edk2] [PATCH v2] MdePkg/Library: Install dummy variable arch protocol
In a system implementing the variable store in MM, there are no variable arch protocol and variable write arch protocol installed into the DXE_SMM protocol database. On such systems, it is not required to locate these protocols by the DXE runtime variable drivers because it can be assumed that these protocols are already installed in the MM context. But then such an implementation will deviate from the existing traditional MM based variable driver implementation. So in order to maintain consistency with the traditional MM variable driver implementation, allow platforms to install dummy versions of these protocols into the DXE protocol database but these protocol will not be consumed by non-secure variable service runtime driver. The Platform which uses StandaloneMM based secure variable storage have to include this library as below. ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf { NULL|MdePkg/Library/VariableMmDependency/VariableMmDependency.inf } Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Changes since v1: - This is a next version of patch “MdeModulePkg/VariableSmmRuntimeDxe: Refactor locating Variable Arch Protocol”. [https://lists.01.org/pipermail/edk2-devel/2019-February/036885.html] - Addressed the comments from Ard Biesheuvel and Zeng Star - Can this library be placed in MdePkg rather then the StandaloneMmPkg? MdePkg/Library/VariableMmDependency/VariableMmDependency.c | 85 MdePkg/Library/VariableMmDependency/VariableMmDependency.inf | 48 +++ 2 files changed, 133 insertions(+) diff --git a/MdePkg/Library/VariableMmDependency/VariableMmDependency.c b/MdePkg/Library/VariableMmDependency/VariableMmDependency.c new file mode 100644 index 000..6e5117e --- /dev/null +++ b/MdePkg/Library/VariableMmDependency/VariableMmDependency.c @@ -0,0 +1,85 @@ +/** @file + Runtime DXE part corresponding to StanaloneMM variable module. + +This module installs dummy variable arch protocol and dummy variable write arch protocol +to StandaloneMM runtime variable service. + +Copyright (c) 2019, ARM Ltd. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +/** + Notify the system that the SMM variable driver is ready. +**/ +VOID +VariableNotifySmmReady ( + VOID + ) +{ + EFI_STATUSStatus; + EFI_HANDLEHandle; + + Handle = NULL; + Status = gBS->InstallProtocolInterface ( + , + , + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); +} + +/** + Notify the system that the SMM variable write driver is ready. +**/ +VOID +VariableNotifySmmWriteReady ( + VOID + ) +{ + EFI_STATUSStatus; + EFI_HANDLEHandle; + + Handle = NULL; + Status = gBS->InstallProtocolInterface ( + , + , + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); +} + +/** + The constructor function calls and installs dummy variable arch protocol and + dummy variable write arch protocol to StandaloneMM runtime variable service + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the Management mode System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +VariableMmDependencyLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + VariableNotifySmmReady(); + VariableNotifySmmWriteReady(); + return EFI_SUCCESS; +} + diff --git a/MdePkg/Library/VariableMmDependency/VariableMmDependency.inf b/MdePkg/Library/VariableMmDependency/VariableMmDependency.inf new file mode 100644 index 000..09fd200 --- /dev/null +++ b/MdePkg/Library/VariableMmDependency/VariableMmDependency.inf @@ -0,0 +1,48 @@ +## @file +# Runtime DXE part corresponding to StanaloneMM variable module. +# +# This module installs dummy variable arch protocol and dummy variable write arch protocol +# to StandaloneMM runtime variable service. +# +# Copyright (c) 2019, ARM Ltd. All rights reserved. +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER
Re: [edk2] [PATCH] MdeModulePkg/VariableSmmRuntimeDxe: Refactor locating Variable Arch Protocol
Hi Ard/Star On Thu, Feb 21, 2019 at 3:15 PM Ard Biesheuvel wrote: > > On Thu, 21 Feb 2019 at 10:33, Zeng, Star wrote: > > > > On 2019/2/21 17:11, Ard Biesheuvel wrote: > > > On Thu, 21 Feb 2019 at 10:04, Laszlo Ersek wrote: > > >> > > >> On 02/20/19 13:23, Ard Biesheuvel wrote: > > >>> On Wed, 20 Feb 2019 at 06:53, Jagadeesh Ujja > > >>> wrote: > > >>>> > > >>>> hi Ard, > > >>>> On Tue, Feb 19, 2019 at 6:55 PM Ard Biesheuvel > > >>>> wrote: > > >>>>> > > >>>>> Hello Jagadeesh, > > >>>>> > > >>>>> On Tue, 19 Feb 2019 at 11:47, Jagadeesh Ujja > > >>>>> wrote: > > >>>>>> > > >>>>>> In preparation for providing a standalone MM based non-secure > > >>>>>> variable > > >>>>>> runtime driver, factor out some portions that are specific to the > > >>>>>> traditional driver, mainly related to locating variable arch protocol > > >>>>>> and variable write arch protocol, which are not required to be > > >>>>>> located > > >>>>>> when using standalone MM based secure variable implementation. > > >>>>>> > > >>>>> > > >>>>> While i think this change is correct from a technical perspective, I > > >>>>> don't think this is the right approach. > > >>>>> > > >>>> these changes are mandatory, this is one of the possible solution. > > >>>> > > >>>>> It was a deliberate decision to expose the MM services in a way that > > >>>>> only the producer of the communication protocol is aware of the > > >>>>> implementation details, i.e., whether it is backed by tradtional MM or > > >>>>> standalone MM. > > >>>>> > > >>>> can you please provide more details on how "exposing the MM services" > > >>>> will help to resolve the issue here. if this helps, definitely i will > > >>>> use that. > > >>>> > > >>> > > >>> Let me rephrase this for the benefit of the MdeModulePkg maintainers, > > >>> and ask them their opinion. > > >>> > > >>> Currently, the DXE runtime driver that produces the architectural > > >>> varstore protocols that are based on communication with MM components > > >>> living elsewhere, rely on the EFI protocol database for sequencing. > > >>> I.e., after dispatch, they wait for certain protocols to be installed > > >>> into the DXE protocol database by the SMM drivers before proceeding to > > >>> install the variable arch protocols. > > >>> > > >>> This does not work for standalone MM, since it has no access to the > > >>> DXE protocol database, nor is it needed, since it may be assumed that > > >>> the MM execution context is fully configured by the time the DXE phase > > >>> starts. > > >>> > > >>> Jagadeesh's proposal is to factor this out, and create two different > > >>> .INFs to build the same DXE runtime driver in two different ways. This > > >>> defeats the purpose of having an abstract MM communication protocol, > > >>> so it is something I would like to avoid. On the other hand, is it not > > >>> obvious how to parameterize this requirement in another way. > > >>> > > >>> For the moment, I could live with putting this into a library, and > > >>> leave it up to the platform to ensure the combination of the library > > >>> resolution with the driver that produces the MM communicate protocol > > >>> is a sane one. > > >>> > > >>> Any thoughts? > > >> > > >> I think I'm missing the gist of the library approach; still, would it be > > >> possible for affected platforms (i.e. those that depend on standalone > > >> MM) to procude the necessary DXE protocols (for unblocking the variable > > >> runtime driver) in a platform DXE driver? > > >> > > > > > > Yes, that is the other option: we could create a library that > > > unconditionally produces those protocols and hook it into the MM > > > communication driver via NULL librar
Re: [edk2] [PATCH] MdeModulePkg/VariableSmmRuntimeDxe: Refactor locating Variable Arch Protocol
hi Ard, On Tue, Feb 19, 2019 at 6:55 PM Ard Biesheuvel wrote: > > Hello Jagadeesh, > > On Tue, 19 Feb 2019 at 11:47, Jagadeesh Ujja wrote: > > > > In preparation for providing a standalone MM based non-secure variable > > runtime driver, factor out some portions that are specific to the > > traditional driver, mainly related to locating variable arch protocol > > and variable write arch protocol, which are not required to be located > > when using standalone MM based secure variable implementation. > > > > While i think this change is correct from a technical perspective, I > don't think this is the right approach. > these changes are mandatory, this is one of the possible solution. > It was a deliberate decision to expose the MM services in a way that > only the producer of the communication protocol is aware of the > implementation details, i.e., whether it is backed by tradtional MM or > standalone MM. > can you please provide more details on how "exposing the MM services" will help to resolve the issue here. if this helps, definitely i will use that. > By creating separate runtime DXE drivers that can work either with the > traditional MM or the standalone MM, you are defeating that, and so we > should discuss this at a more fundamental level, and also take into > account the other issue we ran into, where the communicate protocol > needs either the physical address of the comm buffer (in the > traditional MM case) or the virtual address (in the standalone MM > case). > > Both issues suggest that perhaps the 'abstract' MM communicate > protocol is not feasible in practice, in which case this patch would > probably be an appropriate course of action. > > If not, we should discuss how in general DXE runtime drivers that > DEPEX on protocols produced by SMM drivers should be implemented based > on this abstract MM model. One potential approach could be to > introduce a library that encapsulates this dependency, and leave it up > to the platform to make it depend on whichever dependencies it > defines. > > > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Jagadeesh Ujja > > --- > > MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > >| 18 > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c > >| 9 +- > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf > >| 1 + > > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMmRuntimeDxe.c > > | 42 + > > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMmRuntimeDxe.inf > > | 95 > > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMmRuntimeDxe.c > > | 45 ++ > > 6 files changed, 203 insertions(+), 7 deletions(-) > > > > diff --git > > a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > > b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > > index 9b294e6..c50 100644 > > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > > @@ -160,4 +160,22 @@ VariableHaveTcgProtocols ( > >VOID > >); > > > > +/** > > + Check whether the protocol is installed or not. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +VariableLocateSmmReady ( > > + VOID > > + ); > > + > > +/** > > + Check whether the protocol is installed or not. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +VariableLocateSmmWriteReady ( > > + VOID > > + ); > > + > > #endif > > diff --git > > a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c > > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c > > index 85d655d..2976f04 100644 > > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c > > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c > > @@ -47,7 +47,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > > EXPRESS OR IMPLIED. > > #include "PrivilegePolymorphic.h" > > > > EFI_HANDLE mHandle= NULL; > > -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable = NULL; > > EFI_EVENTmVirtualAddressChangeEvent = NULL; > > EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication = NULL; > > UINT8 *mVariable
Re: [edk2] [PATCH 2/2] ArmPlatformPkg/NorFlash: Allow reusability as a MM driver
On Tue, Feb 19, 2019 at 10:14 PM Ard Biesheuvel wrote: > > Hello Jagadeesh, > Hi Ard, Thank you for your valuable comments. Will do the appropriate changes based on your comments and publish in the next patchset Regards, Jagadeesh > On Tue, 19 Feb 2019 at 11:32, Jagadeesh Ujja wrote: > > > > Adapt the NorFlash driver to be used as a MM_STANDALONE driver to > > allow access to NOR flash for code executing in MM_STANDALONE mode. > > This allows storing of EFI variables on NOR flash which is accessible > > only via the MM STANDALONE mode software. > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Jagadeesh Ujja > > --- > > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c | 267 > > > > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 77 ++ > > 2 files changed, 344 insertions(+) > > > > diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c > > b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c > > new file mode 100644 > > index 000..1e3603c > > --- /dev/null > > +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c > > @@ -0,0 +1,267 @@ > > +/*++ @file NorFlashStandaloneMm.c > > + > > + Copyright (c) 2019, ARM Ltd. All rights reserved. > > + > > + This program and the accompanying materials > > + are licensed and made available under the terms and conditions of the BSD > > License > > + which accompanies this distribution. The full text of the license may be > > found at > > + http://opensource.org/licenses/bsd-license.php > > + > > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > > + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > > IMPLIED. > > + > > + --*/ > > + > > +#include > > + > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > +#include > > Please sort alphabetically - I know this originates in existing code, > but it is a brand new file so let's make it clean from the start. > > > + > > +#include > > +#include > > +#include > > I don't think we need this - please see below. > > > +#include "NorFlash.h" > > + > > +// > > +// Global variable declarations > > +// > > +NOR_FLASH_INSTANCE **mNorFlashInstances; > > +UINT32 mNorFlashDeviceCount; > > + > > These are definitions, not declarations. Could they be moved to a > shared .c file instead? > > > +extern NOR_FLASH_INSTANCE mNorFlashInstanceTemplate; > > Move this to a header? > > > + > > +EFI_STATUS > > +EFIAPI > > +NorFlashFvbInitialize ( > > + IN NOR_FLASH_INSTANCE* Instance > > + ) > > +{ > > + EFI_STATUS Status; > > + UINT32 FvbNumLba; > > + EFI_BOOT_MODE BootMode; > > + > > + DEBUG((DEBUG_BLKIO,"NorFlashFvbInitialize\n")); > > + ASSERT((Instance != NULL)); > > + > > + mFlashNvStorageVariableBase = FixedPcdGet32 > > (PcdFlashNvStorageVariableBase); > > + > > + // Set the index of the first LBA for the FVB > > + Instance->StartLba = (PcdGet32 (PcdFlashNvStorageVariableBase) - > > Instance->RegionBaseAddress) / Instance->Media.BlockSize; > > + > > Please wrap to 80 columns > > > + BootMode = GetBootModeHob (); > > Where does the boot mode HOB come from in standalone MM? > > > + if (BootMode == BOOT_WITH_DEFAULT_SETTINGS) { > > +Status = EFI_INVALID_PARAMETER; > > + } else { > > +// Determine if there is a valid header at the beginning of the > > NorFlash > > +Status = ValidateFvHeader (Instance); > > + } > > + > > > > + // Install the Default FVB header if required > > + if (EFI_ERROR(Status)) { > > +// There is no valid header, so time to install one. > > +DEBUG ((EFI_D_INFO, "%a: The FVB Header is not valid.\n", > > __FUNCTION__)); > > +DEBUG ((EFI_D_INFO, "%a: Installing a correct one for this volume.\n", > > + __FUNCTION__)); > > + > > Please use DEBUG_INFO not EFI_D_INFO (the latter form is deprecated) > > > +// Erase all the NorFlash that is reserved for variable storage > > +FvbNumLba = (PcdGet32(PcdFlashNvStorageVariableSize) + > > PcdGet32(PcdFlashNvStorageFtwWorkingSize) + > > PcdGet32(PcdFlashNvStorageFtwSpareSize)) / Instance->Media.B
[edk2] [PATCH] MdeModulePkg/VariableSmmRuntimeDxe: Refactor locating Variable Arch Protocol
In preparation for providing a standalone MM based non-secure variable runtime driver, factor out some portions that are specific to the traditional driver, mainly related to locating variable arch protocol and variable write arch protocol, which are not required to be located when using standalone MM based secure variable implementation. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h | 18 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 9 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMmRuntimeDxe.c | 42 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMmRuntimeDxe.inf | 95 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMmRuntimeDxe.c | 45 ++ 6 files changed, 203 insertions(+), 7 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h index 9b294e6..c50 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h @@ -160,4 +160,22 @@ VariableHaveTcgProtocols ( VOID ); +/** + Check whether the protocol is installed or not. +**/ +EFI_STATUS +EFIAPI +VariableLocateSmmReady ( + VOID + ); + +/** + Check whether the protocol is installed or not. +**/ +EFI_STATUS +EFIAPI +VariableLocateSmmWriteReady ( + VOID + ); + #endif diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c index 85d655d..2976f04 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -47,7 +47,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "PrivilegePolymorphic.h" EFI_HANDLE mHandle= NULL; -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable = NULL; EFI_EVENTmVirtualAddressChangeEvent = NULL; EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication = NULL; UINT8 *mVariableBuffer= NULL; @@ -991,7 +990,7 @@ SmmVariableReady ( { EFI_STATUSStatus; - Status = gBS->LocateProtocol (, NULL, (VOID **)); + Status = VariableLocateSmmReady (); if (EFI_ERROR (Status)) { return; } @@ -1068,12 +1067,8 @@ SmmVariableWriteReady ( ) { EFI_STATUSStatus; - VOID *ProtocolOps; - // - // Check whether the protocol is installed or not. - // - Status = gBS->LocateProtocol (, NULL, (VOID **) ); + Status = VariableLocateSmmWriteReady (); if (EFI_ERROR (Status)) { return; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf index bd73f7a..103acfa 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -41,6 +41,7 @@ # [Sources] + VariableTraditionalMmRuntimeDxe.c VariableSmmRuntimeDxe.c PrivilegePolymorphic.h Measurement.c diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMmRuntimeDxe.c new file mode 100644 index 000..0c039f1 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMmRuntimeDxe.c @@ -0,0 +1,42 @@ +/** @file + + Parts of the SMM/MM implementation that are specific to standalone MM + +Copyright (c) 2019, ARM Ltd. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Variable.h" + + +/** + Check whether the protocol is installed or not. +**/ +EFI_STATUS +EFIAPI +VariableLocateSmmReady ( + VOID + ) +{ + return TRUE; +} + +/** + Check whether the protocol is installed or not. +**/ +EFI_STATUS +EFIAPI +VariableLocateSmmWriteReady ( + VOID + ) +{ + return TRUE; +} diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneM
[edk2] [PATCH 1/2] ArmPlatformPkg/NorFlash: Refactor Nor Flash DXE driver
To allow the ArmPlatformPkg NOR flash driver to be reusable with StandaloneMM, refactor the DXE specfic portions into a separate file. This will then allow the common portions to be reused in StandaloneMM. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlash.c | 1136 + ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashDxe.h => NorFlash.h} | 62 +- ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashBlockIoDxe.c => NorFlashBlockIo.c} |6 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c | 1690 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf |7 +- ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashFvbDxe.c => NorFlashFvb.c} | 131 +- 6 files changed, 1552 insertions(+), 1480 deletions(-) diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlash.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlash.c new file mode 100644 index 000..725b783 --- /dev/null +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlash.c @@ -0,0 +1,1136 @@ +/** @file NorFlash.c + + Copyright (c) 2011 - 2019, ARM Ltd. All rights reserved. + + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include +#include + +#include "NorFlash.h" + + +NOR_FLASH_INSTANCE mNorFlashInstanceTemplate = { + NOR_FLASH_SIGNATURE, // Signature + NULL, // Handle ... NEED TO BE FILLED + + 0, // DeviceBaseAddress ... NEED TO BE FILLED + 0, // RegionBaseAddress ... NEED TO BE FILLED + 0, // Size ... NEED TO BE FILLED + 0, // StartLba + + { +EFI_BLOCK_IO_PROTOCOL_REVISION2, // Revision +NULL, // Media ... NEED TO BE FILLED +NorFlashBlockIoReset, // Reset; +NorFlashBlockIoReadBlocks, // ReadBlocks +NorFlashBlockIoWriteBlocks, // WriteBlocks +NorFlashBlockIoFlushBlocks // FlushBlocks + }, // BlockIoProtocol + + { +0, // MediaId ... NEED TO BE FILLED +FALSE, // RemovableMedia +TRUE, // MediaPresent +FALSE, // LogicalPartition +FALSE, // ReadOnly +FALSE, // WriteCaching; +0, // BlockSize ... NEED TO BE FILLED +4, // IoAlign +0, // LastBlock ... NEED TO BE FILLED +0, // LowestAlignedLba +1, // LogicalBlocksPerPhysicalBlock + }, //Media; + + { +EFI_DISK_IO_PROTOCOL_REVISION, // Revision +NorFlashDiskIoReadDisk,// ReadDisk +NorFlashDiskIoWriteDisk// WriteDisk + }, + + { +FvbGetAttributes, // GetAttributes +FvbSetAttributes, // SetAttributes +FvbGetPhysicalAddress, // GetPhysicalAddress +FvbGetBlockSize, // GetBlockSize +FvbRead, // Read +FvbWrite, // Write +FvbEraseBlocks, // EraseBlocks +NULL, //ParentHandle + }, // FvbProtoccol; + NULL, // ShadowBuffer + { +{ + { +HARDWARE_DEVICE_PATH, +HW_VENDOR_DP, +{ + (UINT8)(OFFSET_OF (NOR_FLASH_DEVICE_PATH, End)), + (UINT8)(OFFSET_OF (NOR_FLASH_DEVICE_PATH, End) >> 8) +} + }, + { 0x0, 0x0, 0x0, { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 } }, // GUID ... NEED TO BE FILLED +}, +0, // Index +{ + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { sizeof (EFI_DEVICE_PATH_PROTOCOL), 0 } +} +} // DevicePath +}; + + +UINT32 +NorFlashReadStatusRegister ( + IN NOR_FLASH_INSTANCE *Instance, + IN UINTN SR_Address + ) +{ + // Prepare to read the status register + SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_STATUS_REGISTER); + return MmioRead32 (Instance->DeviceBaseAddress); +} + +STATIC +BOOLEAN +NorFlashBlockIsLocked ( + IN NOR_FLASH_INSTANCE *Instance, + IN UINTN BlockAddress + ) +{ + UINT32LockStatus; + + // Send command for reading device id + SEND_NOR_COMMAND (BlockAddress, 2, P30_CMD_READ_DEVICE_ID); + + // Read block lock status + LockStatus = MmioRead32 (CREATE_NOR_ADDRESS(BlockAddress, 2)); + + // Decode block lock status + LockStatus = FOLD_32BIT_INTO_16BIT(LockStatus); + + if ((LockStatus & 0x2) != 0) { +DEBUG((EFI_D_ERROR, "NorFlashBlockIsLocked: WARNING: Block LOCKED DOWN\n")); + } + + return ((LockStatus & 0x1) != 0); +} + +STATIC +EFI_STATUS +NorFlashUnlockSingleBlock ( + IN NOR_FLASH_INSTANCE *Instance, + IN UINTN BlockAddress + ) +{ + UINT32LockStatus; + + // Raise the Task Priority Level to TPL_NOTIFY to ser
[edk2] [PATCH 2/2] ArmPlatformPkg/NorFlash: Allow reusability as a MM driver
Adapt the NorFlash driver to be used as a MM_STANDALONE driver to allow access to NOR flash for code executing in MM_STANDALONE mode. This allows storing of EFI variables on NOR flash which is accessible only via the MM STANDALONE mode software. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c | 267 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 77 ++ 2 files changed, 344 insertions(+) diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c new file mode 100644 index 000..1e3603c --- /dev/null +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c @@ -0,0 +1,267 @@ +/*++ @file NorFlashStandaloneMm.c + + Copyright (c) 2019, ARM Ltd. All rights reserved. + + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + --*/ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include "NorFlash.h" + +// +// Global variable declarations +// +NOR_FLASH_INSTANCE **mNorFlashInstances; +UINT32 mNorFlashDeviceCount; + +extern NOR_FLASH_INSTANCE mNorFlashInstanceTemplate; + +EFI_STATUS +EFIAPI +NorFlashFvbInitialize ( + IN NOR_FLASH_INSTANCE* Instance + ) +{ + EFI_STATUS Status; + UINT32 FvbNumLba; + EFI_BOOT_MODE BootMode; + + DEBUG((DEBUG_BLKIO,"NorFlashFvbInitialize\n")); + ASSERT((Instance != NULL)); + + mFlashNvStorageVariableBase = FixedPcdGet32 (PcdFlashNvStorageVariableBase); + + // Set the index of the first LBA for the FVB + Instance->StartLba = (PcdGet32 (PcdFlashNvStorageVariableBase) - Instance->RegionBaseAddress) / Instance->Media.BlockSize; + + BootMode = GetBootModeHob (); + if (BootMode == BOOT_WITH_DEFAULT_SETTINGS) { +Status = EFI_INVALID_PARAMETER; + } else { +// Determine if there is a valid header at the beginning of the NorFlash +Status = ValidateFvHeader (Instance); + } + + // Install the Default FVB header if required + if (EFI_ERROR(Status)) { +// There is no valid header, so time to install one. +DEBUG ((EFI_D_INFO, "%a: The FVB Header is not valid.\n", __FUNCTION__)); +DEBUG ((EFI_D_INFO, "%a: Installing a correct one for this volume.\n", + __FUNCTION__)); + +// Erase all the NorFlash that is reserved for variable storage +FvbNumLba = (PcdGet32(PcdFlashNvStorageVariableSize) + PcdGet32(PcdFlashNvStorageFtwWorkingSize) + PcdGet32(PcdFlashNvStorageFtwSpareSize)) / Instance->Media.BlockSize; + +Status = FvbEraseBlocks (>FvbProtocol, (EFI_LBA)0, FvbNumLba, EFI_LBA_LIST_TERMINATOR); +if (EFI_ERROR(Status)) { + return Status; +} + +// Install all appropriate headers +Status = InitializeFvAndVariableStoreHeaders (Instance); +if (EFI_ERROR(Status)) { + return Status; +} + } + + return Status; +} + +VOID +EFIAPI +NorFlashLock ( + NOR_FLASH_LOCK_CONTEXT*Context + ) +{ +} + +VOID +EFIAPI +NorFlashUnlock ( + NOR_FLASH_LOCK_CONTEXT*Context + ) +{ +} + +EFI_STATUS +NorFlashCreateInstance ( + IN UINTN NorFlashDeviceBase, + IN UINTN NorFlashRegionBase, + IN UINTN NorFlashSize, + IN UINT32 Index, + IN UINT32 BlockSize, + IN BOOLEANSupportFvb, + OUT NOR_FLASH_INSTANCE** NorFlashInstance + ) +{ + EFI_STATUS Status; + NOR_FLASH_INSTANCE* Instance; + + ASSERT(NorFlashInstance != NULL); + + Instance = AllocateRuntimeCopyPool (sizeof(NOR_FLASH_INSTANCE),); + if (Instance == NULL) { +return EFI_OUT_OF_RESOURCES; + } + + Instance->DeviceBaseAddress = NorFlashDeviceBase; + Instance->RegionBaseAddress = NorFlashRegionBase; + Instance->Size = NorFlashSize; + + Instance->BlockIoProtocol.Media = >Media; + Instance->Media.MediaId = Index; + Instance->Media.BlockSize = BlockSize; + Instance->Media.LastBlock = (NorFlashSize / BlockSize)-1; + + CopyGuid (>DevicePath.Vendor.Guid, ); + Instance->DevicePath.Index = (UINT8)Index; + + Instance->ShadowBuffer = AllocateRuntimePool (BlockSize);; + if (Instance->ShadowBuffer == NULL) { +return EFI_OUT_OF_RESOURCES; + } + + if (SupportFvb) { +NorFlashFvbInitialize (Instance); + +//Install DevicePath Protocol +Status = gMmst->MmInstallProtocolInterface ( + >Handl
[edk2] [PATCH 0/2] Allow use of ArmPlatformPkg NOR flash driver in StandaloneMM
In-Reply-To: This patch series refactors Arm Platform NorFlashDxe driver and extends it to be usable in StandaloneMM mode as well. This will be then useable on platforms that use StandaloneMM to implement secure EFI variables with NOR flash as the non-volatile storage. Jagadeesh Ujja (2): ArmPlatformPkg/NorFlash: Refactor Nor Flash DXE driver ArmPlatformPkg/NorFlash: Allow reusability as a MM driver ArmPlatformPkg/Drivers/NorFlashDxe/NorFlash.c | 1136 + ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashDxe.h => NorFlash.h} | 62 +- ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashBlockIoDxe.c => NorFlashBlockIo.c} |6 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c | 1690 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf |7 +- ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashFvbDxe.c => NorFlashFvb.c} | 131 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c | 267 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 77 + 8 files changed, 1896 insertions(+), 1480 deletions(-) create mode 100644 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlash.c rename ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashDxe.h => NorFlash.h} (87%) rename ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashBlockIoDxe.c => NorFlashBlockIo.c} (93%) rename ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashFvbDxe.c => NorFlashFvb.c} (84%) create mode 100644 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c create mode 100644 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH edk2-platforms] Platform/ARM/SgiPkg: Include HobLib, MmServicesTableLib and MemoryAllocationLib
hi Ard On Fri, Jan 25, 2019 at 3:32 PM Ard Biesheuvel wrote: > > On Fri, 25 Jan 2019 at 07:42, Jagadeesh Ujja wrote: > > > > Include the HobLib, MmServicesTableLib and MemoryAllocationLib libraries on > > Sgi platforms. These will be consumed by MM_STANDALONE drivers. > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Jagadeesh Ujja > > --- > > Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 5 + > > 1 file changed, 5 insertions(+) > > > > diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > index 2a17e9f..65dd6ac 100644 > > --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc > > @@ -71,6 +71,11 @@ > > > > > > StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf > > > > +[LibraryClasses.common.MM_STANDALONE] > > + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf > > + > > MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf > > + > > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf > > + > > Should you add the entrypoint library as well? in https://github.com/tianocore/edk2-platforms/blob/master/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc we already have StandaloneMmDriverEntryPoint|StandaloneMmPkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf Are you looking for this? > > > > > > # > > # Pcd Section - list of all EDK II PCD Entries defined by this Platform > > -- > > 2.7.4 > > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH edk2-platforms] Platform/ARM/SgiPkg: Include HobLib, MmServicesTableLib and MemoryAllocationLib
Include the HobLib, MmServicesTableLib and MemoryAllocationLib libraries on Sgi platforms. These will be consumed by MM_STANDALONE drivers. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc | 5 + 1 file changed, 5 insertions(+) diff --git a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc index 2a17e9f..65dd6ac 100644 --- a/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc +++ b/Platform/ARM/SgiPkg/PlatformStandaloneMm.dsc @@ -71,6 +71,11 @@ StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf +[LibraryClasses.common.MM_STANDALONE] + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf + # # Pcd Section - list of all EDK II PCD Entries defined by this Platform -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v3 11/11] CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use SmmCryptLib
“SmmCryptLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja Reviewed-by: Ard Biesheuvel --- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index 4829669..9a63419 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -30,7 +30,7 @@ MODULE_TYPE= DXE_SMM_DRIVER VERSION_STRING = 1.0 PI_SPECIFICATION_VERSION = 0x0001000A - LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE + LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE MM_STANDALONE # # The following information is for reference only and not required by the build tools. -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v3 10/11] ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver
Adapt the NorFlashDxe driver to be used as a MM_STANDALONE driver to allow access to NOR flash for code executing in MM_STANDALONE mode. This allows storing of EFI variables on NOR flash which is accessible only via the MM STANDALONE mode software. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h|4 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf |2 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c | 1339 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 ++ 5 files changed, 1470 insertions(+), 47 deletions(-) diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h index c0563f6..d149652 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h @@ -1,6 +1,6 @@ /** @file NorFlashDxe.h - Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved. + Copyright (c) 2011 - 2019, ARM Ltd. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -19,6 +19,7 @@ #include #include +#include #include #include @@ -30,6 +31,7 @@ #include #include #include +#include #define NOR_FLASH_ERASE_RETRY 10 diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf index a59a21a..6bf0ff2 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf @@ -44,6 +44,7 @@ UefiBootServicesTableLib UefiRuntimeLib DxeServicesTableLib + StandaloneMmServicesTableLib [Guids] gEfiSystemNvDataFvGuid @@ -57,6 +58,7 @@ gEfiDevicePathProtocolGuid gEfiFirmwareVolumeBlockProtocolGuid gEfiDiskIoProtocolGuid + gEfiSmmFirmwareVolumeBlockProtocolGuid [Pcd.common] gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c index e62ffbb..024da28 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c @@ -1,6 +1,6 @@ /*++ @file NorFlashFvbDxe.c - Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved. + Copyright (c) 2011 - 2019, ARM Ltd. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -720,27 +720,29 @@ NorFlashFvbInitialize ( DEBUG((DEBUG_BLKIO,"NorFlashFvbInitialize\n")); ASSERT((Instance != NULL)); - // - // Declare the Non-Volatile storage as EFI_MEMORY_RUNTIME - // - - // Note: all the NOR Flash region needs to be reserved into the UEFI Runtime memory; - // even if we only use the small block region at the top of the NOR Flash. - // The reason is when the NOR Flash memory is set into program mode, the command - // is written as the base of the flash region (ie: Instance->DeviceBaseAddress) - RuntimeMmioRegionSize = (Instance->RegionBaseAddress - Instance->DeviceBaseAddress) + Instance->Size; - - Status = gDS->AddMemorySpace ( - EfiGcdMemoryTypeMemoryMappedIo, - Instance->DeviceBaseAddress, RuntimeMmioRegionSize, - EFI_MEMORY_UC | EFI_MEMORY_RUNTIME - ); - ASSERT_EFI_ERROR (Status); - - Status = gDS->SetMemorySpaceAttributes ( - Instance->DeviceBaseAddress, RuntimeMmioRegionSize, - EFI_MEMORY_UC | EFI_MEMORY_RUNTIME); - ASSERT_EFI_ERROR (Status); + if (!InMm ()) { +// +// Declare the Non-Volatile storage as EFI_MEMORY_RUNTIME +// + +// Note: all the NOR Flash region needs to be reserved into the UEFI Runtime memory; +// even if we only use the small block region at the top of the NOR Flash. +// The reason is when the NOR Flash memory is set into program mode, the command +// is written as the base of the flash region (ie: Instance->DeviceBaseAddress) +RuntimeMmioRegionSize = (Instance->RegionBaseAddress - Instance->DeviceBaseAddress) + Instance->Size; + +Status = gDS->AddMemorySpace ( +EfiGcdMemoryTypeMemoryMappedIo, +Instance->DeviceBaseAddress, RuntimeMmioRegionSize, +EFI_MEMORY_UC | EFI_MEMORY_RUNTIME +); +ASSERT_EFI_ERROR (Status); + +Status = gDS->SetMemorySpaceAttributes ( +Instance->DeviceBaseAddress, RuntimeMmioRegionSize, +EFI_MEMORY_UC | EFI_MEMORY_RUNTIME); +ASSERT_EFI_ERROR (Status); + } mFlashNvStorageVariableBase = FixedPcdGet32 (PcdFlashNvStorageVariableBase); @@ -777,30 +779,32 @@ NorFlashFvbInitialize ( } } - // -
[edk2] [PATCH v3 09/11] MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library
“VarCheckLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja Reviewed-by: Ard Biesheuvel --- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf index 099f83d..c8cf810 100644 --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -2,6 +2,7 @@ # Provides variable check services and database management. # # Copyright (c) 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -21,12 +22,12 @@ FILE_GUID = 63E12D08-0C5D-47F8-95E4-09F89D7506C5 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v3 08/11] MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver
Adapt the variable runtime dxe driver to be used as a MM_STANDALONE driver to provide variable storage service in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 37 +++-- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c| 165 +++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 2 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 133 4 files changed, 280 insertions(+), 57 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 443cf07..ff30c98 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -18,6 +18,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. (C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -3277,19 +3278,21 @@ VariableServiceSetVariable ( } } - // - // Special Handling for MOR Lock variable. - // - Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); - if (Status == EFI_ALREADY_STARTED) { + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { // -// EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). -// Variable driver can just return SUCCESS. +// Special Handling for MOR Lock variable. // -return EFI_SUCCESS; - } - if (EFI_ERROR (Status)) { -return Status; +Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); +if (Status == EFI_ALREADY_STARTED) { + // + // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). + // Variable driver can just return SUCCESS. + // + return EFI_SUCCESS; +} +if (EFI_ERROR (Status)) { + return Status; +} } Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource); @@ -4098,12 +4101,14 @@ VariableWriteServiceInitialize ( } } - ReleaseLockOnlyAtBootTime (>VariableGlobal.VariableServicesLock); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +ReleaseLockOnlyAtBootTime (>VariableGlobal.VariableServicesLock); - // - // Initialize MOR Lock variable. - // - MorLockInit (); +// +// Initialize MOR Lock variable. +// +MorLockInit (); + } return Status; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 8c53f84..4834b4a 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -15,6 +15,7 @@ SmmVariableGetStatistics() should also do validation based on its own knowledge. Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -34,8 +35,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include +#include #include #include "Variable.h" +#include extern VARIABLE_INFO_ENTRY *gVariableInfo; EFI_HANDLE mSmmVariableHandle = NULL; @@ -218,11 +222,11 @@ GetFtwProtocol ( // // Locate Smm Fault Tolerent Write protocol // - Status = gSmst->SmmLocateProtocol ( -, -NULL, -FtwProtocol -); + Status = MmstLocateProtocol ( + , + NULL, + FtwProtocol + ); return Status; } @@ -248,11 +252,11 @@ GetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // - return gSmst->SmmHandleProtocol ( - FvBlockHandle, - , - (VOID **) FvBlock - ); + return MmstHandleProtocol ( + FvBlockHandle, + , + (VOID **) FvBlock + ); } @@ -287,13 +291,13 @@ GetFvbCountAndBuffer ( BufferSize = 0;
[edk2] [PATCH v3 07/11] MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone
Adapt the VariableSmmRuntimeDxe driver to communicate with a VariableSmm driver that is implemented as a MM Standalone driver. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf| 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 31 +--- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 ++ 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 7ef8a97..6bb35bb 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -131,6 +131,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c index 85d655d..1902348 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -14,6 +14,8 @@ InitCommunicateBuffer() is really function to check the variable data size. Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. + This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -179,7 +181,11 @@ SendCommunicateBuffer ( SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; CommSize = DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE; - Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBuffer, ); + } else { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + } ASSERT_EFI_ERROR (Status); SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) mVariableBuffer; @@ -991,9 +997,11 @@ SmmVariableReady ( { EFI_STATUSStatus; - Status = gBS->LocateProtocol (, NULL, (VOID **)); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gBS->LocateProtocol (, NULL, (VOID **)); +if (EFI_ERROR (Status)) { + return; +} } Status = gBS->LocateProtocol (, NULL, (VOID **) ); @@ -1069,13 +1077,14 @@ SmmVariableWriteReady ( { EFI_STATUSStatus; VOID *ProtocolOps; - - // - // Check whether the protocol is installed or not. - // - Status = gBS->LocateProtocol (, NULL, (VOID **) ); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +// +// Check whether the protocol is installed or not. +// +Status = gBS->LocateProtocol (, NULL, (VOID **) ); +if (EFI_ERROR (Status)) { + return; +} } // diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf index bd73f7a..c84dd2d 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -87,6 +87,9 @@ ## SOMETIMES_CONSUMES ## Variable:L"dbt" gEfiImageSecurityDatabaseGuid +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled + [Depex] gEfiSmmCommunicationProtocolGuid -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v3 06/11] MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver
Adapt the FaultTolerantWriteDxe driver to be used as a MM_STANDALONE driver to provide UEFI fault tolerant write protocol functionality for variable reclaim operation on EFI variables stored on a NOR flash that is only accessible to code executing in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf | 1 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 149 ++-- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf | 4 +- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf | 102 ++ MdeModulePkg/Universal/FaultTolerantWriteDxe/UpdateWorkingBlock.c | 27 ++-- 5 files changed, 223 insertions(+), 60 deletions(-) diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf index dcde58d..026bc60 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf @@ -77,6 +77,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled # # gBS->CalculateCrc32() is consumed in EntryPoint. diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c index 481fea3..0bb1246 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c @@ -44,6 +44,7 @@ This driver need to make sure the CommBuffer is not in the SMRAM range. Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -55,13 +56,17 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include +#include #include #include +#include #include #include #include "FaultTolerantWrite.h" #include "FaultTolerantWriteSmmCommon.h" #include +#include +#include EFI_EVENT mFvbRegistration = NULL; EFI_FTW_DEVICE*mFtwDevice = NULL; @@ -92,11 +97,11 @@ FtwGetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // - return gSmst->SmmHandleProtocol ( - FvBlockHandle, - , - (VOID **) FvBlock - ); + return MmstHandleProtocol ( + FvBlockHandle, + , + (VOID **) FvBlock + ); } /** @@ -119,11 +124,11 @@ FtwGetSarProtocol ( // // Locate Smm Swap Address Range protocol // - Status = gSmst->SmmLocateProtocol ( -, -NULL, -SarProtocol -); + Status = MmstLocateProtocol ( + , + NULL, + SarProtocol + ); return Status; } @@ -158,13 +163,13 @@ GetFvbCountAndBuffer ( BufferSize = 0; *NumberHandles = 0; *Buffer= NULL; - Status = gSmst->SmmLocateHandle ( -ByProtocol, -, -NULL, -, -*Buffer -); + Status = MmstLocateHandle ( + ByProtocol, + , + NULL, + , + *Buffer + ); if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) { return EFI_NOT_FOUND; } @@ -174,13 +179,13 @@ GetFvbCountAndBuffer ( return EFI_OUT_OF_RESOURCES; } - Status = gSmst->SmmLocateHandle ( -ByProtocol, -, -NULL, -, -*Buffer -); + Status = MmstLocateHandle ( + ByProtocol, + , + NULL, + , + *Buffer + ); *NumberHandles = BufferSize / sizeof(EFI_HANDLE); if (EFI_ERROR(Status)) { @@ -335,10 +340,16 @@ SmmFaultTolerantWriteHandler ( return EFI_SUCCESS; } CommBufferPayloadSize = TempCommBufferSize - SMM_FTW_COMMUNICATE_HEADER_SIZE; - - if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) { -DEBUG ((EFI_D_ERROR, "
[edk2] [PATCH v3 05/11] MdePkg/Library: Add CommonMmServicesLib library
Add a CommonMmServicesLib library will be used by both traditional SMM and Standalone MM drivers Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/Include/Library/CommonMmServicesLibrary.h | 131 MdePkg/Library/CommonMmServicesLibrary/CommonMmServicesLibrary.c | 224 MdePkg/Library/CommonMmServicesLibrary/CommonMmServicesLibrary.inf | 42 3 files changed, 397 insertions(+) diff --git a/MdePkg/Include/Library/CommonMmServicesLibrary.h b/MdePkg/Include/Library/CommonMmServicesLibrary.h new file mode 100644 index 000..0ed7572 --- /dev/null +++ b/MdePkg/Include/Library/CommonMmServicesLibrary.h @@ -0,0 +1,131 @@ +/** @file + Wrapper functions consumed by traditional SMM drivers and + Standalone MM Drivers + + Copyright (c) 2018, ARM Limited. All rights reserved. + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +#include +#include + +/** + Return the first Protocol Interface that matches the Protocol GUID. If + Registration is pasased in return a Protocol Instance that was just add + to the system. If Retistration is NULL return the first Protocol Interface + you find. + + @param Protocol The protocol to search for + @param Registration Optional Registration Key returned from + RegisterProtocolNotify() + @param Interface Return the Protocol interface (instance). + + @retval EFI_SUCCESSIf a valid Interface is returned + @retval EFI_INVALID_PARAMETER Invalid parameter + @retval EFI_NOT_FOUND Protocol interface not found + +**/ +EFI_STATUS +EFIAPI +MmstLocateProtocol( + IN EFI_GUID *Protocol, + IN VOID *Registration, OPTIONAL + OUT VOID **Interface + ); + + +/** + Registers a handler to execute within MM. + + @param HandlerHandler service funtion pointer. + @param HandlerTypePoints to the handler type or NULL for root MI handlers. + @param DispatchHandle On return, contains a unique handle which can be used to + later unregister the handler function. + + @retval EFI_SUCCESS Handler register success. + @retval EFI_INVALID_PARAMETER Handler or DispatchHandle is NULL. + +**/ +EFI_STATUS +EFIAPI +MmstiHandlerRegister ( + IN EFI_MM_HANDLER_ENTRY_POINTHandler, + IN CONST EFI_GUID*HandlerType OPTIONAL, + OUT EFI_HANDLE*DispatchHandle + ); + +/** + Locates the requested handle(s) and returns them in Buffer. + + @param SearchType The type of search to perform to locate the + handles + @param Protocol The protocol to search for + @param SearchKey Dependant on SearchType + @param BufferSize On input the size of Buffer. On output the + size of data returned. + @param Buffer The buffer to return the results in + + @retval EFI_BUFFER_TOO_SMALL Buffer too small, required buffer size is + returned in BufferSize. + @retval EFI_INVALID_PARAMETER Invalid parameter + @retval EFI_SUCCESSSuccessfully found the requested handle(s) and + returns them in Buffer. + +**/ +EFI_STATUS +EFIAPI +MmstLocateHandle ( + IN EFI_LOCATE_SEARCH_TYPE SearchType, + IN EFI_GUID*Protocol OPTIONAL, + IN VOID*SearchKey OPTIONAL, + IN OUT UINTN *BufferSize, + OUTEFI_HANDLE *Buffer + ); + +/** + Queries a handle to determine if it supports a specified protocol. + + @param UserHandle The handle being queried. + @param Protocol The published unique identifier of the protocol. + @param Interface Supplies the address where a pointer to the + corresponding Protocol Interface is returned. + + @return The requested protocol interface for the handle + +**/ +EFI_STATUS +EFIAPI +MmstHandleProtocol ( + IN EFI_HANDLE UserHandle, + IN EFI_GUID*Protocol, + OUT VOID**Interface + ); + +/** + Wrapper function to Smm/MmInstallProtocolInterfaceNotify. This is the public API which + Calls the private one which contains a BOOLEAN parameter for notifications + + @param UserHandle The handle to install the protocol handler on, + or NULL if a new handle is to be allocated + @param Protocol Th
[edk2] [PATCH v3 04/11] MdePkg/Include: Add StandaloneMmServicesTableLib library
Some of the existing DXE drivers can be refactored to execute within the Standalone MM execution environment as well. Allow such drivers to get access to the Standalone MM services tables. Add a mechanism to determine the execution mode is required. i.e, in MM or non-MM Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/Include/Library/StandaloneMmServicesTableLib.h| 43 MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c | 39 ++ MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf | 36 MdePkg/MdePkg.dec| 4 ++ 4 files changed, 122 insertions(+) diff --git a/MdePkg/Include/Library/StandaloneMmServicesTableLib.h b/MdePkg/Include/Library/StandaloneMmServicesTableLib.h new file mode 100644 index 000..3a27ac4 --- /dev/null +++ b/MdePkg/Include/Library/StandaloneMmServicesTableLib.h @@ -0,0 +1,43 @@ +/** @file + Provides a service to retrieve a pointer to the Standalone MM Services Table. + Provides a InMm implementation for RUNTIME DXE drivers + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2016 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __MM_SERVICES_TABLE_LIB_H__ +#define __MM_SERVICES_TABLE_LIB_H__ + +#include +#include + +extern EFI_MM_SYSTEM_TABLE *gMmst; + +/** + This function allows the caller to determine if the driver is executing in + Standalone Management Mode(SMM). + + This function returns TRUE if the driver is executing in SMM and FALSE if the + driver is not executing in SMM. + + @retval TRUE The driver is executing in Standalone Management Mode (SMM). + @retval FALSE The driver is not executing in Standalone Management Mode (SMM). + +**/ +BOOLEAN +EFIAPI +InMm ( + VOID + ); + +#endif diff --git a/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c b/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c new file mode 100644 index 000..6f37cd8 --- /dev/null +++ b/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c @@ -0,0 +1,39 @@ +/** @file + Standalone MM Services Table Library. + + Copyright (c) 2018, ARM Limited. All rights reserved. + + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +EFI_MM_SYSTEM_TABLE *gMmst = NULL; + +/** + This function allows the caller to determine if the driver is executing in + Standalone Management Mode(SMM). + + This function returns TRUE if the driver is executing in SMM and FALSE if the + driver is not executing in SMM. + + @retval TRUE The driver is executing in Standalone Management Mode (SMM). + @retval FALSE The driver is not executing in Standalone Management Mode (SMM). + +**/ +BOOLEAN +EFIAPI +InMm ( + VOID + ) +{ + return FALSE; +} diff --git a/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf b/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf new file mode 100644 index 000..c94b605 --- /dev/null +++ b/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf @@ -0,0 +1,36 @@ +## @file +# Provides StandaloneMmServicesTableLib. +# +# Copyright (c) 2018, ARM Limited. All rights reserved. +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions +# of the BSD License which accompanies this distribution. The +# full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = StandaloneMmServicesTableLib + FILE_GUID = 8099cfbf-9564-4c9b-9052-e66b1da88930 + MODULE_TYPE= DXE_RUNTIME_DRIVER + VERSION_STRING
[edk2] [PATCH v3 03/11] MdeModulePkg: Add a PCD to indicate Standalone MM supports secure variable
Add a flag that indicates whether Standalone MM mode supports secure storage of variables. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/MdeModulePkg.dec | 5 + 1 file changed, 5 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 217ede1..bc97ca1 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1041,6 +1041,11 @@ # @Prompt Enable UEFI Stack Guard. gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|FALSE|BOOLEAN|0x30001055 + ## This flag indicates secure variable functionality is implemented by Standalone MM + # TRUE - Secure variable storage supported by Standalone MM code. + # FALSE - Standalone MM code does not support secure storage of variables + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled|FALSE|BOOLEAN|0x30001056 + [PcdsFixedAtBuild, PcdsPatchableInModule] ## Dynamic type PCD can be registered callback function for Pcd setting action. # PcdMaxPeiPcdCallBackNumberPerPcdEntry indicates the maximum number of callback function -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v3 02/11] StandaloneMmPkg: Adding the library packages used by MM_STANDALONE drivers
Drivers of type MM_STANDALONE uses these libraries for accessing the hoblib and memory allocation. The Library being added are - StandaloneMmHobLib - StandaloneMmMemoryAllocationLib - StandaloneMmServicesTableLib Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c | 64 ++ StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c | 651 StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf | 48 ++ StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.c | 823 StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf | 45 ++ StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c | 64 ++ StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf | 36 + 7 files changed, 1731 insertions(+) diff --git a/StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c b/StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c new file mode 100644 index 000..ac5a1c0 --- /dev/null +++ b/StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c @@ -0,0 +1,64 @@ +/** @file + HOB Library implementation for Standalone MM Core. + +Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved. +Copyright (c) 2017 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include + +#include + +// +// Cache copy of HobList pointer. +// +extern VOID *gHobList; + +EFI_HOB_HANDOFF_INFO_TABLE* +HobConstructor ( + IN VOID *EfiMemoryBegin, + IN UINTN EfiMemoryLength, + IN VOID *EfiFreeMemoryBottom, + IN VOID *EfiFreeMemoryTop + ) +{ + EFI_HOB_HANDOFF_INFO_TABLE *Hob; + EFI_HOB_GENERIC_HEADER *HobEnd; + + Hob= EfiFreeMemoryBottom; + HobEnd = (EFI_HOB_GENERIC_HEADER *)(Hob+1); + + Hob->Header.HobType = EFI_HOB_TYPE_HANDOFF; + Hob->Header.HobLength = sizeof(EFI_HOB_HANDOFF_INFO_TABLE); + Hob->Header.Reserved= 0; + + HobEnd->HobType = EFI_HOB_TYPE_END_OF_HOB_LIST; + HobEnd->HobLength = sizeof(EFI_HOB_GENERIC_HEADER); + HobEnd->Reserved= 0; + + Hob->Version = EFI_HOB_HANDOFF_TABLE_VERSION; + Hob->BootMode= BOOT_WITH_FULL_CONFIGURATION; + + Hob->EfiMemoryTop= (UINTN)EfiMemoryBegin + EfiMemoryLength; + Hob->EfiMemoryBottom = (UINTN)EfiMemoryBegin; + Hob->EfiFreeMemoryTop= (UINTN)EfiFreeMemoryTop; + Hob->EfiFreeMemoryBottom = (EFI_PHYSICAL_ADDRESS)(UINTN)(HobEnd+1); + Hob->EfiEndOfHobList = (EFI_PHYSICAL_ADDRESS)(UINTN)HobEnd; + + gHobList = Hob; + + return Hob; +} diff --git a/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c b/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c new file mode 100644 index 000..e399058 --- /dev/null +++ b/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c @@ -0,0 +1,651 @@ +/** @file + HOB Library implementation for Standalone MM Core. + +Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved. +Copyright (c) 2017 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include + +#include + +// +// Cache copy of HobList pointer. +// +VOID *gHobList = NULL; + +EFI_MM_SYSTEM_TABLE *gMmst = NULL; + +/** + The constructor function caches the pointer to HOB list. + + The constructor function gets the start address of HOB list from system configuration table. + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor successfully gets HobList. + @retval Other value The constructor can't get HobList. + +**
[edk2] [PATCH v3 01/11] StandaloneMmPkg: Remove MM_STANDALONE LIBRARY_CLASS from StandaloneMmCoreHobLib
For MM_STANDALONE drivers hoblib information will be retrieved from StandaloneMmHobLib, hence removing from StandaloneMmCoreHobLib library class. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf index db19d3c..ac036e3 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf +++ b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf @@ -24,7 +24,7 @@ MODULE_TYPE= MM_CORE_STANDALONE VERSION_STRING = 1.0 PI_SPECIFICATION_VERSION = 0x00010032 - LIBRARY_CLASS = HobLib|MM_CORE_STANDALONE MM_STANDALONE + LIBRARY_CLASS = HobLib|MM_CORE_STANDALONE # # VALID_ARCHITECTURES = AARCH64 -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v3 00/11] Extend secure variable service to be usable from Standalone MM
In-Reply-To: Changes since v2: -Addressed the comments from Jian Wang - CommonMmServicesLib library implemented in MdePkg. - Picked the Reviewed-by tags from Ard Biesheuvel. Changes since v1: -Addressed the comments from Liming Gao - StandaloneMmServicesTableLib library implemented in MdePkg. - Addressed all the comments from Ard Biesheuvel. - For comment from Jian Wang about avoiding if..else, this requires a bit more clarity and so this comment has not been addressed. - All the patches in this series can be pulled from https://github.com/jagadeeshujja/edk2.git branch: topics/aarch64_secure_vars Changes since RFC v4: - Addressed all the comments from Liming Gao - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate presence of StandaloneMM support. - MdePkg.dec file updated to include StandaloneMmServiceTableLib and StandaloneMmRuntimeDxe library. - Platform specific changes will be posted in a seperate patchset. - AsmLfence wrapper function is supported for AArch64 platforms. - All the patches in this series can be pulled from https://github.com/jagadeeshujja/edk2 (branch: topics/aarch64_secure_vars) Changes since RFC v3: - Addressed all the comments from Liming Gao - Added a AArch64 implementation of AsmLfence which is a wrapper for MemoryFence. The changes in variable service driver in v3 of this patchset that used MemoryFence instead of AsmLfence have been removed. - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe library into MdePkg. - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and added to in to MdePkg. - Now with above changes, edk2 packages don't need to depend on StandaloneMmPkg/StandaloneMmPkg.dec - Addressed comments from Ting Ye - Removed the hacks in the v3 version. - Will relook into the “TimerWrapp.c” file and add a appropriate implementation of this for MM Standalone mode code. Changes since RFC v2: - Added 'Contributed-under' tag, removed Change-ID tag and maintained a single signed-off-by for the all the patches. Changes since RFC v1: - Addressed all the comments from Liming Gao - Removed the use of #ifdef/#else/#endif and used a Pcd instead to select between MM and non-MM paths. - Removed all dependencies on edk2-platforms. - Dropped the use of mMmst and used gSmst instead. - Added a dummy implementation UefiRuntimeServiceTableLib for MM_STANDALONE usage - Replaced all uses of AsmLfence with MemoryFence from variable service code. - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. This patch series extends the existing secure variable service support for use with Standalone MM. This is applicable to paltforms that use Standalone Management Mode to protect access to non-volatile memory (NOR flash in case of these patches) used to store the secure EFI variables. The first patch pulls in additional libraries from the staging branch of StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure variable service implementation supports only the traditional MM mode and so the rest of the patches extends the existing secure variable service support to be useable with Standalone MM mode as well. Jagadeesh Ujja (11): StandaloneMmPkg: Remove MM_STANDALONE LIBRARY_CLASS from StandaloneMmCoreHobLib StandaloneMmPkg: Adding the library packages used by MM_STANDALONE drivers MdeModulePkg: Add a PCD to indicate Standalone MM supports secure variable MdePkg/Include: Add StandaloneMmServicesTableLib library MdePkg/Library: Add CommonMmServicesLib library MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use SmmCryptLib ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h |4 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf |2 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c | 1339 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 ++ CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |2 +- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf |5 +- MdeModulePkg/MdeModulePkg.dec |5 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf |1
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
hi Ard On Wed, Jan 2, 2019 at 10:45 PM Ard Biesheuvel wrote: > > On Thu, 20 Dec 2018 at 15:23, Gao, Liming wrote: > > > > Jagadeesh: > > MdeModulePkg Variable service/Fault tolerant/Nor Flash driver depends on > > StandaloneMmServicesTableLib library class header file. This header file is > > added into MdePkg. It has two interfaces. One is global gMmst, another is > > function InMm(). So, there is no dependency issue here. > > And, MdePkg adds one StandaloneMmServicesTableLib library INF with empty > > implementation, this library is just for build. It sets gMmst=NULL, and > > always return FASLE in InMm(). This library can be used in MdeModulePkg.dsc > > to make Variable driver pass build. There is also no dependency issue here. > > Last, Platform DSC file will refer to the real StandaloneMmServicesTableLib > > library INF from StandaloneMmPkg. > > > > I think we should avoid the need for InMm() altogether for standalone > MM. It will always return TRUE for standalone MM modules, and it will > always return FALSE for other modules, so the distinction should be > made at build time. > > This means that we need to refactor the SMM 'server' modules and/or > libraries so that any code they cannot share (like boot services > invocations) are only included in the classic SMM versions. > > I have pushed my own prototype code here: > https://github.com/ardbiesheuvel/edk2/commits/standalone-mm > > There is some overlap with Jagadeesh's work. I will work with him > directly to resolve this before posting any new revisions. > InMm()” and “PcdStandaloneMmVariableEnabled” are defined to reuse the existing code as much as possible. Initially I have done separate copy of the file to avoid “if..else” but had a comment about “duplicating code primarily due to the maintenance overhead” So we are using “InMm()” and “PcdStandaloneMmVariableEnabled” PCD flag and trying to use the same code as much as possible. The patchset “Extend secure variable service to be usable from Standalone MM” as POC was submitted as RFC patches on “October 31, 2018”. Subsequent comments are fixed and we had 7 version of the patch set under review. Thanks Jagadeesh > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 10/11] SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library
On Thu, Jan 3, 2019 at 6:45 AM Zhang, Chao B wrote: > > Reviewed-by : Chao Zhang Hi Chao Zhang, Thanks for the review, I will not be having any new changes with this specific patch. Can you please merge this patch, so that I will not resubmit with other patch set Thanks Jagadeesh > > -Original Message----- > From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > Sent: Wednesday, January 2, 2019 9:14 PM > To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, Chao > B ; leif.lindh...@linaro.org; > ard.biesheu...@linaro.org; achin.gu...@arm.com; supreeth.venkat...@arm.com; > Wang, Jian J > Subject: [PATCH v2 10/11] SecurityPkg/AuthVariableLib: allow MM_STANDALONE > drivers to use this library > > “AuthVariableLib” library can be used by MM_STANDALONE drivers as well. > So add MM_STANDALONE as the module type this library supports. > > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Jagadeesh Ujja > Reviewed-by: Chao Zhang > --- > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > index 572ba4e..4294d3b 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > @@ -2,6 +2,7 @@ > # Provides authenticated variable services. > # > # Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. > +# Copyright (c) 2018, ARM Limited. All rights reserved. > # > # This program and the accompanying materials # are licensed and made > available under the terms and conditions @@ -21,12 +22,12 @@ >FILE_GUID = B23CF5FB-6FCC-4422-B145-D855DBC05457 >MODULE_TYPE= DXE_RUNTIME_DRIVER >VERSION_STRING = 1.0 > - LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER > DXE_SMM_DRIVER > + LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER > DXE_SMM_DRIVER MM_STANDALONE > > # > # The following information is for reference only and not required by the > build tools. > # > -# VALID_ARCHITECTURES = IA32 X64 > +# VALID_ARCHITECTURES = IA32 X64 AARCH64 > # > > [Sources] > -- > 2.7.4 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 10/13] MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library
Hi Ard, On Wed, Jan 2, 2019 at 6:35 PM Ard Biesheuvel wrote: > > On Fri, 14 Dec 2018 at 13:14, Jagadeesh Ujja wrote: > > > > “VarCheckLib” library can be used by MM_STANDALONE drivers as well. > > So add MM_STANDALONE as the module type this library supports. > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Jagadeesh Ujja > > --- > > MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > index 099f83d..c8cf810 100644 > > --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > @@ -2,6 +2,7 @@ > > # Provides variable check services and database management. > > # > > # Copyright (c) 2015, Intel Corporation. All rights reserved. > > +# Copyright (c) 2018, ARM Limited. All rights reserved. > > # > > # This program and the accompanying materials > > # are licensed and made available under the terms and conditions > > @@ -21,12 +22,12 @@ > >FILE_GUID = 63E12D08-0C5D-47F8-95E4-09F89D7506C5 > >MODULE_TYPE= DXE_RUNTIME_DRIVER > > Please change the module type to 'BASE' as well. Note that this may > require you to add > > #include > > to some source or header files. > > With that > > Reviewed-by: Ard Biesheuvel > Sorry Just now I submitted patch set v2, will take care of this review comments in the next patchset Thanks Jagadeesh > >VERSION_STRING = 1.0 > > - LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER > > DXE_SMM_DRIVER > > + LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER > > DXE_SMM_DRIVER MM_STANDALONE > > > > # > > # The following information is for reference only and not required by the > > build tools. > > # > > -# VALID_ARCHITECTURES = IA32 X64 > > +# VALID_ARCHITECTURES = IA32 X64 AARCH64 > > # > > > > [Sources] > > -- > > 2.7.4 > > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
hi Jian, On Fri, Dec 21, 2018 at 8:27 AM Wang, Jian J wrote: > > Jagadeesh, > > There're many places in this patch series where code similar to following is > added. > It'd better to wrap them into module private functions or even a library, if > necessary. > This can make the code cleaner (no if/else) and easier (central place) to > maintain in > the future. > > + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { > +Status = gSmst->SmmLocateProtocol ( > + , > + NULL, > + SarProtocol > + ); > + } else { > +Status = gMmst->MmLocateProtocol ( > + , > + NULL, > + SarProtocol > + ); > + } > Thank you for your comment. This patch series try to reuse code as much as possible between MM and non-MM code. So, in some changes, if..else was used which helps to reuse most of the other bits of code. To address your comment, can you please let me know how we could avoid this if..else without duplicating the too much code. I am not clear about " module private functions or even a library" comment that you have made. Can you please help me with this. Thanks, Jagadeesh. > Regards, > Jian > > > > -Original Message- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > Jagadeesh Ujja > > Sent: Friday, December 14, 2018 8:13 PM > > To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, Chao > > B ; leif.lindh...@linaro.org; > > ard.biesheu...@linaro.org > > Subject: [edk2] [PATCH 00/13] Extend secure variable service to be usable > > from > > Standalone MM > > > > Changes since RFC v4: > > - Addressed all the comments from Liming Gao > > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate > > presence of StandaloneMM support. > > - MdePkg.dec file updated to include StandaloneMmServiceTableLib and > > StandaloneMmRuntimeDxe library. > > - Platform specific changes will be posted in a seperate patchset. > > - AsmLfence wrapper function is supported for AArch64 platforms. > > - All the patches in this series can be pulled from > > https://github.com/jagadeeshujja/edk2 (branch: > > topics/aarch64_secure_vars) > > > > Changes since RFC v3: > > - Addressed all the comments from Liming Gao > > - Added a AArch64 implementation of AsmLfence which is a wrapper for > > MemoryFence. The changes in variable service driver in v3 of this > > patchset that used MemoryFence instead of AsmLfence have been removed. > > - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe > > library into MdePkg. > > - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and > > added to in to MdePkg. > > - Now with above changes, edk2 packages don't need to depend on > > StandaloneMmPkg/StandaloneMmPkg.dec > > - Addressed comments from Ting Ye > > - Removed the hacks in the v3 version. > > - Will relook into the “TimerWrapp.c” file and add a appropriate > > implementation of this for MM Standalone mode code. > > > > Changes since RFC v2: > > - Added 'Contributed-under' tag, removed Change-ID tag and > > maintained a single signed-off-by for the all the patches. > > > > Changes since RFC v1: > > - Addressed all the comments from Liming Gao > > - Removed the use of #ifdef/#else/#endif and used a Pcd instead to > > select between MM and non-MM paths. > > - Removed all dependencies on edk2-platforms. > > - Dropped the use of mMmst and used gSmst instead. > > - Added a dummy implementation UefiRuntimeServiceTableLib for > > MM_STANDALONE usage > > - Replaced all uses of AsmLfence with MemoryFence from variable > > service code. > > - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. > > > > This patch series extends the existing secure variable service support for > > use with Standalone MM. This is applicable to paltforms that use Standalone > > Management Mode to protect access to non-volatile memory (NOR flash in case > > of these patches) used to store the secure EFI variables. > > > > The first patch pulls in additional libraries from the staging branch of > > StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure > > variable > > service implementation supports only the traditional MM mode and so the rest > > of the patches extends the existing secure variable service support to be > > usea
[edk2] [PATCH v2 11/11] CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library
“SmmCryptLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf index 4829669..9a63419 100644 --- a/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf @@ -30,7 +30,7 @@ MODULE_TYPE= DXE_SMM_DRIVER VERSION_STRING = 1.0 PI_SPECIFICATION_VERSION = 0x0001000A - LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE + LIBRARY_CLASS = BaseCryptLib|DXE_SMM_DRIVER SMM_CORE MM_STANDALONE # # The following information is for reference only and not required by the build tools. -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 10/11] SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library
“AuthVariableLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja Reviewed-by: Chao Zhang --- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf index 572ba4e..4294d3b 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -2,6 +2,7 @@ # Provides authenticated variable services. # # Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -21,12 +22,12 @@ FILE_GUID = B23CF5FB-6FCC-4422-B145-D855DBC05457 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 09/11] ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver
Adapt the NorFlashDxe driver to be used as a MM_STANDALONE driver to allow access to NOR flash for code executing in MM_STANDALONE mode. This allows storing of EFI variables on NOR flash which is accessible only via the MM STANDALONE mode software. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h|4 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf |2 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c | 1339 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 ++ 5 files changed, 1470 insertions(+), 47 deletions(-) diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h index c0563f6..d149652 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h @@ -1,6 +1,6 @@ /** @file NorFlashDxe.h - Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved. + Copyright (c) 2011 - 2019, ARM Ltd. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -19,6 +19,7 @@ #include #include +#include #include #include @@ -30,6 +31,7 @@ #include #include #include +#include #define NOR_FLASH_ERASE_RETRY 10 diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf index a59a21a..6bf0ff2 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf @@ -44,6 +44,7 @@ UefiBootServicesTableLib UefiRuntimeLib DxeServicesTableLib + StandaloneMmServicesTableLib [Guids] gEfiSystemNvDataFvGuid @@ -57,6 +58,7 @@ gEfiDevicePathProtocolGuid gEfiFirmwareVolumeBlockProtocolGuid gEfiDiskIoProtocolGuid + gEfiSmmFirmwareVolumeBlockProtocolGuid [Pcd.common] gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c index e62ffbb..024da28 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c @@ -1,6 +1,6 @@ /*++ @file NorFlashFvbDxe.c - Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved. + Copyright (c) 2011 - 2019, ARM Ltd. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -720,27 +720,29 @@ NorFlashFvbInitialize ( DEBUG((DEBUG_BLKIO,"NorFlashFvbInitialize\n")); ASSERT((Instance != NULL)); - // - // Declare the Non-Volatile storage as EFI_MEMORY_RUNTIME - // - - // Note: all the NOR Flash region needs to be reserved into the UEFI Runtime memory; - // even if we only use the small block region at the top of the NOR Flash. - // The reason is when the NOR Flash memory is set into program mode, the command - // is written as the base of the flash region (ie: Instance->DeviceBaseAddress) - RuntimeMmioRegionSize = (Instance->RegionBaseAddress - Instance->DeviceBaseAddress) + Instance->Size; - - Status = gDS->AddMemorySpace ( - EfiGcdMemoryTypeMemoryMappedIo, - Instance->DeviceBaseAddress, RuntimeMmioRegionSize, - EFI_MEMORY_UC | EFI_MEMORY_RUNTIME - ); - ASSERT_EFI_ERROR (Status); - - Status = gDS->SetMemorySpaceAttributes ( - Instance->DeviceBaseAddress, RuntimeMmioRegionSize, - EFI_MEMORY_UC | EFI_MEMORY_RUNTIME); - ASSERT_EFI_ERROR (Status); + if (!InMm ()) { +// +// Declare the Non-Volatile storage as EFI_MEMORY_RUNTIME +// + +// Note: all the NOR Flash region needs to be reserved into the UEFI Runtime memory; +// even if we only use the small block region at the top of the NOR Flash. +// The reason is when the NOR Flash memory is set into program mode, the command +// is written as the base of the flash region (ie: Instance->DeviceBaseAddress) +RuntimeMmioRegionSize = (Instance->RegionBaseAddress - Instance->DeviceBaseAddress) + Instance->Size; + +Status = gDS->AddMemorySpace ( +EfiGcdMemoryTypeMemoryMappedIo, +Instance->DeviceBaseAddress, RuntimeMmioRegionSize, +EFI_MEMORY_UC | EFI_MEMORY_RUNTIME +); +ASSERT_EFI_ERROR (Status); + +Status = gDS->SetMemorySpaceAttributes ( +Instance->DeviceBaseAddress, RuntimeMmioRegionSize, +EFI_MEMORY_UC | EFI_MEMORY_RUNTIME); +ASSERT_EFI_ERROR (Status); + } mFlashNvStorageVariableBase = FixedPcdGet32 (PcdFlashNvStorageVariableBase); @@ -777,30 +779,32 @@ NorFlashFvbInitialize ( } } - // -
[edk2] [PATCH v2 08/11] MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library
“VarCheckLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf index 099f83d..c8cf810 100644 --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -2,6 +2,7 @@ # Provides variable check services and database management. # # Copyright (c) 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -21,12 +22,12 @@ FILE_GUID = 63E12D08-0C5D-47F8-95E4-09F89D7506C5 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 07/11] MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver
Adapt the variable runtime dxe driver to be used as a MM_STANDALONE driver to provide variable storage service in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 37 ++-- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c| 201 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 132 + 3 files changed, 312 insertions(+), 58 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 443cf07..ff30c98 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -18,6 +18,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. (C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -3277,19 +3278,21 @@ VariableServiceSetVariable ( } } - // - // Special Handling for MOR Lock variable. - // - Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); - if (Status == EFI_ALREADY_STARTED) { + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { // -// EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). -// Variable driver can just return SUCCESS. +// Special Handling for MOR Lock variable. // -return EFI_SUCCESS; - } - if (EFI_ERROR (Status)) { -return Status; +Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); +if (Status == EFI_ALREADY_STARTED) { + // + // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). + // Variable driver can just return SUCCESS. + // + return EFI_SUCCESS; +} +if (EFI_ERROR (Status)) { + return Status; +} } Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource); @@ -4098,12 +4101,14 @@ VariableWriteServiceInitialize ( } } - ReleaseLockOnlyAtBootTime (>VariableGlobal.VariableServicesLock); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +ReleaseLockOnlyAtBootTime (>VariableGlobal.VariableServicesLock); - // - // Initialize MOR Lock variable. - // - MorLockInit (); +// +// Initialize MOR Lock variable. +// +MorLockInit (); + } return Status; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 8c53f84..02b6638 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -15,6 +15,7 @@ SmmVariableGetStatistics() should also do validation based on its own knowledge. Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -34,6 +35,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include +#include #include #include "Variable.h" @@ -218,11 +221,19 @@ GetFtwProtocol ( // // Locate Smm Fault Tolerent Write protocol // - Status = gSmst->SmmLocateProtocol ( -, -NULL, -FtwProtocol -); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gMmst->MmLocateProtocol ( + , + NULL, + FtwProtocol + ); + } else { +Status = gSmst->SmmLocateProtocol ( + , + NULL, + FtwProtocol + ); + } return Status; } @@ -248,11 +259,19 @@ GetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // - return gSmst->SmmHandleProtocol ( - FvBlockHandle, - , - (VOID **) FvBlock - ); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +return gMmst->MmHandleProtocol ( +FvBlockHandle, +, +
[edk2] [PATCH v2 06/11] MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone
Adapt the VariableSmmRuntimeDxe driver to communicate with a VariableSmm driver that is implemented as a MM Standalone driver. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf| 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 31 +--- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 ++ 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 7ef8a97..6bb35bb 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -131,6 +131,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c index 85d655d..1902348 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -14,6 +14,8 @@ InitCommunicateBuffer() is really function to check the variable data size. Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. + This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -179,7 +181,11 @@ SendCommunicateBuffer ( SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; CommSize = DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE; - Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBuffer, ); + } else { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + } ASSERT_EFI_ERROR (Status); SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) mVariableBuffer; @@ -991,9 +997,11 @@ SmmVariableReady ( { EFI_STATUSStatus; - Status = gBS->LocateProtocol (, NULL, (VOID **)); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gBS->LocateProtocol (, NULL, (VOID **)); +if (EFI_ERROR (Status)) { + return; +} } Status = gBS->LocateProtocol (, NULL, (VOID **) ); @@ -1069,13 +1077,14 @@ SmmVariableWriteReady ( { EFI_STATUSStatus; VOID *ProtocolOps; - - // - // Check whether the protocol is installed or not. - // - Status = gBS->LocateProtocol (, NULL, (VOID **) ); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +// +// Check whether the protocol is installed or not. +// +Status = gBS->LocateProtocol (, NULL, (VOID **) ); +if (EFI_ERROR (Status)) { + return; +} } // diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf index bd73f7a..c84dd2d 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -87,6 +87,9 @@ ## SOMETIMES_CONSUMES ## Variable:L"dbt" gEfiImageSecurityDatabaseGuid +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled + [Depex] gEfiSmmCommunicationProtocolGuid -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 05/11] MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver
Adapt the FaultTolerantWriteDxe driver to be used as a MM_STANDALONE driver to provide UEFI fault tolerant write protocol functionality for variable reclaim operation on EFI variables stored on a NOR flash that is only accessible to code executing in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf | 1 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 203 +++- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf | 101 ++ MdeModulePkg/Universal/FaultTolerantWriteDxe/UpdateWorkingBlock.c | 27 +-- 4 files changed, 271 insertions(+), 61 deletions(-) diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf index dcde58d..026bc60 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf @@ -77,6 +77,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled # # gBS->CalculateCrc32() is consumed in EntryPoint. diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c index 481fea3..33f99e6 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c @@ -44,6 +44,7 @@ This driver need to make sure the CommBuffer is not in the SMRAM range. Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -55,13 +56,16 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include +#include #include #include +#include #include #include #include "FaultTolerantWrite.h" #include "FaultTolerantWriteSmmCommon.h" #include +#include EFI_EVENT mFvbRegistration = NULL; EFI_FTW_DEVICE*mFtwDevice = NULL; @@ -92,11 +96,19 @@ FtwGetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // - return gSmst->SmmHandleProtocol ( - FvBlockHandle, - , - (VOID **) FvBlock - ); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +return gSmst->SmmHandleProtocol ( +FvBlockHandle, +, +(VOID **) FvBlock +); + } else { +return gMmst->MmHandleProtocol ( +FvBlockHandle, +, +(VOID **) FvBlock +); + } } /** @@ -119,11 +131,19 @@ FtwGetSarProtocol ( // // Locate Smm Swap Address Range protocol // - Status = gSmst->SmmLocateProtocol ( -, -NULL, -SarProtocol -); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gSmst->SmmLocateProtocol ( + , + NULL, + SarProtocol + ); + } else { +Status = gMmst->MmLocateProtocol ( + , + NULL, + SarProtocol + ); + } return Status; } @@ -158,13 +178,23 @@ GetFvbCountAndBuffer ( BufferSize = 0; *NumberHandles = 0; *Buffer= NULL; - Status = gSmst->SmmLocateHandle ( -ByProtocol, -, -NULL, -, -*Buffer -); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gSmst->SmmLocateHandle ( + ByProtocol, + , + NULL, + , + *Buffer + ); + } else { +Status = gMmst->MmLocateHandle ( + ByProtocol, + , + NULL, + , + *Buffer + ); + } if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) { return EFI_
[edk2] [PATCH v2 04/11] MdePkg/Include: Add StandaloneMmServicesTableLib library
Some of the existing DXE drivers can be refactored to execute within the Standalone MM execution environment as well. Allow such drivers to get access to the Standalone MM services tables. Add a mechanism to determine the execution mode is required. i.e, in MM or non-MM Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/Include/Library/StandaloneMmServicesTableLib.h| 43 MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c | 39 ++ MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf | 36 MdePkg/MdePkg.dec| 4 ++ 4 files changed, 122 insertions(+) diff --git a/MdePkg/Include/Library/StandaloneMmServicesTableLib.h b/MdePkg/Include/Library/StandaloneMmServicesTableLib.h new file mode 100644 index 000..3a27ac4 --- /dev/null +++ b/MdePkg/Include/Library/StandaloneMmServicesTableLib.h @@ -0,0 +1,43 @@ +/** @file + Provides a service to retrieve a pointer to the Standalone MM Services Table. + Provides a InMm implementation for RUNTIME DXE drivers + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2016 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __MM_SERVICES_TABLE_LIB_H__ +#define __MM_SERVICES_TABLE_LIB_H__ + +#include +#include + +extern EFI_MM_SYSTEM_TABLE *gMmst; + +/** + This function allows the caller to determine if the driver is executing in + Standalone Management Mode(SMM). + + This function returns TRUE if the driver is executing in SMM and FALSE if the + driver is not executing in SMM. + + @retval TRUE The driver is executing in Standalone Management Mode (SMM). + @retval FALSE The driver is not executing in Standalone Management Mode (SMM). + +**/ +BOOLEAN +EFIAPI +InMm ( + VOID + ); + +#endif diff --git a/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c b/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c new file mode 100644 index 000..6f37cd8 --- /dev/null +++ b/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c @@ -0,0 +1,39 @@ +/** @file + Standalone MM Services Table Library. + + Copyright (c) 2018, ARM Limited. All rights reserved. + + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +EFI_MM_SYSTEM_TABLE *gMmst = NULL; + +/** + This function allows the caller to determine if the driver is executing in + Standalone Management Mode(SMM). + + This function returns TRUE if the driver is executing in SMM and FALSE if the + driver is not executing in SMM. + + @retval TRUE The driver is executing in Standalone Management Mode (SMM). + @retval FALSE The driver is not executing in Standalone Management Mode (SMM). + +**/ +BOOLEAN +EFIAPI +InMm ( + VOID + ) +{ + return FALSE; +} diff --git a/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf b/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf new file mode 100644 index 000..c94b605 --- /dev/null +++ b/MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf @@ -0,0 +1,36 @@ +## @file +# Provides StandaloneMmServicesTableLib. +# +# Copyright (c) 2018, ARM Limited. All rights reserved. +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions +# of the BSD License which accompanies this distribution. The +# full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = StandaloneMmServicesTableLib + FILE_GUID = 8099cfbf-9564-4c9b-9052-e66b1da88930 + MODULE_TYPE= DXE_RUNTIME_DRIVER + VERSION_STRING
[edk2] [PATCH v2 03/11] MdeModulePkg: Add a PCD to indicate Standalone MM supports secure variable
Add a flag that indicates whether Standalone MM mode supports secure storage of variables. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/MdeModulePkg.dec | 5 + 1 file changed, 5 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 41d2b04..badea4a 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1041,6 +1041,11 @@ # @Prompt Enable UEFI Stack Guard. gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|FALSE|BOOLEAN|0x30001055 + ## This flag indicates secure variable functionality is implemented by Standalone MM + # TRUE - Secure variable storage supported by Standalone MM code. + # FALSE - Standalone MM code does not support secure storage of variables + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled|FALSE|BOOLEAN|0x30001056 + [PcdsFixedAtBuild, PcdsPatchableInModule] ## Dynamic type PCD can be registered callback function for Pcd setting action. # PcdMaxPeiPcdCallBackNumberPerPcdEntry indicates the maximum number of callback function -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 02/11] StandaloneMmPkg: Adding the library packages used by MM_STANDALONE drivers
Drivers of type MM_STANDALONE uses these libraries for accessing the hoblib and memory allocation. The Library being added are - StandaloneMmHobLib - StandaloneMmMemoryAllocationLib - StandaloneMmServicesTableLib Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c | 64 ++ StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c | 651 StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf | 48 ++ StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.c | 823 StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf | 45 ++ StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c | 64 ++ StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf | 36 + 7 files changed, 1731 insertions(+) diff --git a/StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c b/StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c new file mode 100644 index 000..ac5a1c0 --- /dev/null +++ b/StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c @@ -0,0 +1,64 @@ +/** @file + HOB Library implementation for Standalone MM Core. + +Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved. +Copyright (c) 2017 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include + +#include + +// +// Cache copy of HobList pointer. +// +extern VOID *gHobList; + +EFI_HOB_HANDOFF_INFO_TABLE* +HobConstructor ( + IN VOID *EfiMemoryBegin, + IN UINTN EfiMemoryLength, + IN VOID *EfiFreeMemoryBottom, + IN VOID *EfiFreeMemoryTop + ) +{ + EFI_HOB_HANDOFF_INFO_TABLE *Hob; + EFI_HOB_GENERIC_HEADER *HobEnd; + + Hob= EfiFreeMemoryBottom; + HobEnd = (EFI_HOB_GENERIC_HEADER *)(Hob+1); + + Hob->Header.HobType = EFI_HOB_TYPE_HANDOFF; + Hob->Header.HobLength = sizeof(EFI_HOB_HANDOFF_INFO_TABLE); + Hob->Header.Reserved= 0; + + HobEnd->HobType = EFI_HOB_TYPE_END_OF_HOB_LIST; + HobEnd->HobLength = sizeof(EFI_HOB_GENERIC_HEADER); + HobEnd->Reserved= 0; + + Hob->Version = EFI_HOB_HANDOFF_TABLE_VERSION; + Hob->BootMode= BOOT_WITH_FULL_CONFIGURATION; + + Hob->EfiMemoryTop= (UINTN)EfiMemoryBegin + EfiMemoryLength; + Hob->EfiMemoryBottom = (UINTN)EfiMemoryBegin; + Hob->EfiFreeMemoryTop= (UINTN)EfiFreeMemoryTop; + Hob->EfiFreeMemoryBottom = (EFI_PHYSICAL_ADDRESS)(UINTN)(HobEnd+1); + Hob->EfiEndOfHobList = (EFI_PHYSICAL_ADDRESS)(UINTN)HobEnd; + + gHobList = Hob; + + return Hob; +} diff --git a/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c b/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c new file mode 100644 index 000..e399058 --- /dev/null +++ b/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c @@ -0,0 +1,651 @@ +/** @file + HOB Library implementation for Standalone MM Core. + +Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved. +Copyright (c) 2017 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include + +#include + +// +// Cache copy of HobList pointer. +// +VOID *gHobList = NULL; + +EFI_MM_SYSTEM_TABLE *gMmst = NULL; + +/** + The constructor function caches the pointer to HOB list. + + The constructor function gets the start address of HOB list from system configuration table. + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor successfully gets HobList. + @retval Other value The constructor can't get HobList. + +**
[edk2] [PATCH v2 01/11] StandaloneMmPkg: Remove MM_STANDALONE LIBRARY_CLASS from StandaloneMmCoreHobLib
For MM_STANDALONE drivers hoblib information will be retrieved from StandaloneMmHobLib, hence removing from StandaloneMmCoreHobLib library class. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf index db19d3c..ac036e3 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf +++ b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf @@ -24,7 +24,7 @@ MODULE_TYPE= MM_CORE_STANDALONE VERSION_STRING = 1.0 PI_SPECIFICATION_VERSION = 0x00010032 - LIBRARY_CLASS = HobLib|MM_CORE_STANDALONE MM_STANDALONE + LIBRARY_CLASS = HobLib|MM_CORE_STANDALONE # # VALID_ARCHITECTURES = AARCH64 -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH v2 00/11] Extend secure variable service to be usable from Standalone MM
In-Reply-To: Changes since v1: -Addressed the comments from Liming Gao - StandaloneMmServicesTableLib library implemented in MdePkg. - Addressed all the comments from Ard Biesheuvel. - For comment from Jian Wang about avoiding if..else, this requires a bit more clarity and so this comment has not been addressed. - All the patches in this series can be pulled from https://github.com/jagadeeshujja/edk2.git branch: topics/aarch64_secure_vars Changes since RFC v4: - Addressed all the comments from Liming Gao - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate presence of StandaloneMM support. - MdePkg.dec file updated to include StandaloneMmServiceTableLib and StandaloneMmRuntimeDxe library. - Platform specific changes will be posted in a seperate patchset. - AsmLfence wrapper function is supported for AArch64 platforms. - All the patches in this series can be pulled from https://github.com/jagadeeshujja/edk2 (branch: topics/aarch64_secure_vars) Changes since RFC v3: - Addressed all the comments from Liming Gao - Added a AArch64 implementation of AsmLfence which is a wrapper for MemoryFence. The changes in variable service driver in v3 of this patchset that used MemoryFence instead of AsmLfence have been removed. - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe library into MdePkg. - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and added to in to MdePkg. - Now with above changes, edk2 packages don't need to depend on StandaloneMmPkg/StandaloneMmPkg.dec - Addressed comments from Ting Ye - Removed the hacks in the v3 version. - Will relook into the “TimerWrapp.c” file and add a appropriate implementation of this for MM Standalone mode code. Changes since RFC v2: - Added 'Contributed-under' tag, removed Change-ID tag and maintained a single signed-off-by for the all the patches. Changes since RFC v1: - Addressed all the comments from Liming Gao - Removed the use of #ifdef/#else/#endif and used a Pcd instead to select between MM and non-MM paths. - Removed all dependencies on edk2-platforms. - Dropped the use of mMmst and used gSmst instead. - Added a dummy implementation UefiRuntimeServiceTableLib for MM_STANDALONE usage - Replaced all uses of AsmLfence with MemoryFence from variable service code. - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. This patch series extends the existing secure variable service support for use with Standalone MM. This is applicable to paltforms that use Standalone Management Mode to protect access to non-volatile memory (NOR flash in case of these patches) used to store the secure EFI variables. The first patch pulls in additional libraries from the staging branch of StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure variable service implementation supports only the traditional MM mode and so the rest of the patches extends the existing secure variable service support to be useable with Standalone MM mode as well. Jagadeesh Ujja (11): StandaloneMmPkg: Remove MM_STANDALONE LIBRARY_CLASS from StandaloneMmCoreHobLib StandaloneMmPkg: Adding the library packages used by MM_STANDALONE drivers MdeModulePkg: Add a PCD to indicate Standalone MM supports secure variable MdePkg/Include: Add StandaloneMmServicesTableLib library MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h |4 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf |2 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.c | 1339 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 ++ CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf |2 +- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf |5 +- MdeModulePkg/MdeModulePkg.dec |5 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf |1 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 203 ++- MdeModulePkg
Re: [edk2] [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: Add AsmLfence function
hi Ard, On Tue, Dec 18, 2018 at 7:38 AM Yao, Jiewen wrote: > > + Wu Hao, since he contributed the original patch. > > Ard > Would you please file a Bugzilla for that? Then we can start working on that. > Can you please file the Bugzilla, please do let me know, I am happy to file Bugzilla Thanks Ujja > Thank you > Yao Jiewen > > > -Original Message- > > From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] > > Sent: Monday, December 17, 2018 5:28 PM > > To: Yao, Jiewen > > Cc: edk2-devel@lists.01.org; Gao, Liming ; Zhang, > > Chao B > > Subject: Re: [edk2] [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: Add > > AsmLfence function > > > > On Mon, 17 Dec 2018 at 09:44, Yao, Jiewen wrote: > > > > > > Thanks Ard. > > > I have little concern about "Spec", because people may read it as > > "Specification", especially in our team. :) > > > > > > > I understand :-) > > > > SpeculationBarrier() is fine with me. > > > > > > > > > > > -Original Message- > > > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf > > Of > > > > Ard Biesheuvel > > > > Sent: Monday, December 17, 2018 4:35 PM > > > > To: Yao, Jiewen > > > > Cc: edk2-devel@lists.01.org; Gao, Liming ; > > Zhang, > > > > Chao B > > > > Subject: Re: [edk2] [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: > > Add > > > > AsmLfence function > > > > > > > > On Mon, 17 Dec 2018 at 09:30, Yao, Jiewen > > wrote: > > > > > > > > > > I reviewed the ARM white paper - > > > > > > file:///C:/Users/jyao1/Downloads/Cache_Speculation_Side-channels-v2.4.p > > > > df > > > > > > > > > > I agree with you that LoadFence might not be the best idea. > > > > > > > > > > How about SpeculationBarrier() ? > > > > > > > > > > > > > That works for me. Or SpecFence (). As long as it does not conflate > > > > memory ordering with controlling the side effects of speculative > > > > execution, it is ok with me. > > > > > > > > I'll contribute the ARM and AARCH64 implementations asap once the > > > > generic changes are posted on the list. > > > > > > > > Thanks, > > > > > > > > > > -Original Message- > > > > > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On > > Behalf > > > > Of > > > > > > Yao, Jiewen > > > > > > Sent: Monday, December 17, 2018 4:25 PM > > > > > > To: Ard Biesheuvel ; Leif Lindholm > > > > > > > > > > > > Cc: edk2-devel@lists.01.org; Zhang, Chao B > > ; > > > > > > Gao, Liming > > > > > > Subject: Re: [edk2] [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: > > > > Add > > > > > > AsmLfence function > > > > > > > > > > > > Hi Ard > > > > > > I am OK to refine it now. > > > > > > > > > > > > Do you have any proposal on the naming from ARM side? > > > > > > > > > > > > Thank you > > > > > > Yao Jiewen > > > > > > > > > > > > > -Original Message- > > > > > > > From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] > > > > > > > Sent: Monday, December 17, 2018 4:11 PM > > > > > > > To: Yao, Jiewen ; Leif Lindholm > > > > > > > > > > > > > > Cc: Gao, Liming ; Jagadeesh Ujja > > > > > > > ; edk2-devel@lists.01.org; Zhang, Chao > > B > > > > > > > > > > > > > > Subject: Re: [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: Add > > > > > > > AsmLfence function > > > > > > > > > > > > > > On Mon, 17 Dec 2018 at 08:45, Ard Biesheuvel > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > On Mon, 17 Dec 2018 at 04:29, Yao, Jiewen > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > I think we have below definition. > > > > > > > > > -- MemoryFence: Serialize load and store operatio
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Hi Liming, On Tue, Dec 18, 2018 at 10:07 AM Gao, Liming wrote: > > Jagadeesh: > StandaloneMmServicesTableLib library class header file is added into > MdePkg. Its library implementation is in MdePkg and StandaloneMmPkg. The one > in MdePkg produces the dummy implementation, and the one in StandaloneMmPkg > produces the real implementation. I don't see the reason to separate this > library class. > In this patchset series, the Variable service/Fault tolerant/Nor Flash driver are refactored to be usable as MM_STANDALONE driver. These drivers uses the following libraries from “StandaloneMmPkg”. - MmServicesTableLib|StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf - MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf Variable MM_STANDALONE driver is located at - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf FaultTolerant MM_STANDALONE is driver located at - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf These drivers look for “gMmst” which is defined in “MmServicesTableLib”. Ideally, “StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h” should have defined “gMmst” as an “extern EFI_MM_SYSTEM_TABLE *gMmst;”. In which case, we would have to add “StandaloneMmPkg/StandaloneMmPkg.dec” in other drivers listed below. - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf This will make “edk2 packages” to be depended on "StandaloneMmPkg/StandaloneMmPkg.dec". To avoid this, “StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h” is moved to “MdePkg/Include/Library/StandaloneMmServicesTableLib.h”. But, the implementation of “MmServicesTableLib” comes from “StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf”. Thanks Jagadeesh > Thanks > Liming > >-Original Message- > >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > >Sent: Monday, December 17, 2018 7:47 PM > >To: Gao, Liming > >Cc: edk2-devel@lists.01.org; Zhang, Chao B ; > >leif.lindh...@linaro.org; ard.biesheu...@linaro.org > >Subject: Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable > >from Standalone MM > > > >Hi Liming, > > > >On Mon, Dec 17, 2018 at 7:15 AM Gao, Liming wrote: > >> > >> One question here. Why separate StandaloneMmServicesTableLib to two > >library classes? Current MdePkg\Include\Library\SmmServicesTableLib.h is > >one library class. > >MdePkg\Library\SmmServicesTableLib\SmmServicesTableLib.inf is its > >implementation. StandaloneMmServicesTableLib should be same to it. > >> StandaloneMmServicesTableLib is the library class. > >MdePkg\Library\StandaloneMmRuntimeDxe is its library instance. > >> > >Thanks for your review. > > > >The implementation of the "StandaloneMmServicesTableLib" library class > >is at "StandaloneMmPkg/Library/StandaloneMmServicesTableLib/". As this > >patchset reuses some of the DXE_DRIVER drivers as MM_STANDALONE > >drivers, the "StandaloneMmServicesTableLib" library class definition > >was placed within MdePkg. The reason for splitting the library class > >definition (in MdePkg) and its implementation (in StandaloneMmPkg) was > >due to your comment that "edk2 packages" should not have any reference > >to StandaloneMmPkg.dec. > > > >The "StandaloneMmRuntimeDxe" library now just has an implementation of > >InMm(). And so, this can be kept as a separate library with no > >dependency on StandaloneMmPkg. So this was the reason to split > >"StandaloneMmRuntimeDxe" and "StandaloneMmServicesTableLib" into two > >separate libraries. > > > >thanks > >Jagadeesh > >> Thanks > >> Liming > >> >-Original Message- > >> >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > >> >Sent: Friday, December 14, 2018 8:13 PM > >> >To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, > >> >Chao B ; leif.lindh...@linaro.org; > >> >ard.biesheu...@linaro.org > >> >Subject: [PATCH 00/13] Extend secure variable service to be usable from > >> >Standalone MM > >> > > >> >Changes since RFC v4: > >> >- Addressed all the comments from Liming Gao > >> > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate > >> >presence of StandaloneMM su
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Hi Liming, On Mon, Dec 17, 2018 at 7:15 AM Gao, Liming wrote: > > One question here. Why separate StandaloneMmServicesTableLib to two library > classes? Current MdePkg\Include\Library\SmmServicesTableLib.h is one library > class. MdePkg\Library\SmmServicesTableLib\SmmServicesTableLib.inf is its > implementation. StandaloneMmServicesTableLib should be same to it. > StandaloneMmServicesTableLib is the library class. > MdePkg\Library\StandaloneMmRuntimeDxe is its library instance. > Thanks for your review. The implementation of the "StandaloneMmServicesTableLib" library class is at "StandaloneMmPkg/Library/StandaloneMmServicesTableLib/". As this patchset reuses some of the DXE_DRIVER drivers as MM_STANDALONE drivers, the "StandaloneMmServicesTableLib" library class definition was placed within MdePkg. The reason for splitting the library class definition (in MdePkg) and its implementation (in StandaloneMmPkg) was due to your comment that "edk2 packages" should not have any reference to StandaloneMmPkg.dec. The "StandaloneMmRuntimeDxe" library now just has an implementation of InMm(). And so, this can be kept as a separate library with no dependency on StandaloneMmPkg. So this was the reason to split "StandaloneMmRuntimeDxe" and "StandaloneMmServicesTableLib" into two separate libraries. thanks Jagadeesh > Thanks > Liming > >-Original Message- > >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > >Sent: Friday, December 14, 2018 8:13 PM > >To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, > >Chao B ; leif.lindh...@linaro.org; > >ard.biesheu...@linaro.org > >Subject: [PATCH 00/13] Extend secure variable service to be usable from > >Standalone MM > > > >Changes since RFC v4: > >- Addressed all the comments from Liming Gao > > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate > >presence of StandaloneMM support. > > - MdePkg.dec file updated to include StandaloneMmServiceTableLib and > >StandaloneMmRuntimeDxe library. > > - Platform specific changes will be posted in a seperate patchset. > > - AsmLfence wrapper function is supported for AArch64 platforms. > > - All the patches in this series can be pulled from > >https://github.com/jagadeeshujja/edk2 (branch: > >topics/aarch64_secure_vars) > > > >Changes since RFC v3: > >- Addressed all the comments from Liming Gao > > - Added a AArch64 implementation of AsmLfence which is a wrapper for > >MemoryFence. The changes in variable service driver in v3 of this > >patchset that used MemoryFence instead of AsmLfence have been > >removed. > > - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe > >library into MdePkg. > > - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled > >and > >added to in to MdePkg. > > - Now with above changes, edk2 packages don't need to depend on > >StandaloneMmPkg/StandaloneMmPkg.dec > >- Addressed comments from Ting Ye > > - Removed the hacks in the v3 version. > > - Will relook into the “TimerWrapp.c” file and add a appropriate > >implementation of this for MM Standalone mode code. > > > >Changes since RFC v2: > >- Added 'Contributed-under' tag, removed Change-ID tag and > > maintained a single signed-off-by for the all the patches. > > > >Changes since RFC v1: > >- Addressed all the comments from Liming Gao > > - Removed the use of #ifdef/#else/#endif and used a Pcd instead to > >select between MM and non-MM paths. > > - Removed all dependencies on edk2-platforms. > > - Dropped the use of mMmst and used gSmst instead. > > - Added a dummy implementation UefiRuntimeServiceTableLib for > >MM_STANDALONE usage > >- Replaced all uses of AsmLfence with MemoryFence from variable > > service code. > >- Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. > > > >This patch series extends the existing secure variable service support for > >use with Standalone MM. This is applicable to paltforms that use Standalone > >Management Mode to protect access to non-volatile memory (NOR flash in > >case > >of these patches) used to store the secure EFI variables. > > > >The first patch pulls in additional libraries from the staging branch of > >StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure > >variable > >service implementation supports only the traditional MM mode and so the > >rest > >of the patches extends the existing secure variable service support to be > >useable with Standalone MM mode as
[edk2] [PATCH 13/13] CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library
“BaseCryptLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 7 ++- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf| 4 CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 15 +-- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index f29445c..b6ebac5 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -7,6 +7,7 @@ # buffer overflow or integer overflow. # # Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -24,7 +25,7 @@ FILE_GUID = be3bb803-91b6-4da0-bd91-a8b21c18ca5d MODULE_TYPE= DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. @@ -85,6 +86,10 @@ OpensslLib IntrinsicLib PrintLib + PcdLib + +[Pcd] + gEfiMdePkgTokenSpaceGuid.PcdStandaloneMmCodeEnabled # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index 32628c8..fb16451 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -91,6 +91,10 @@ OpensslLib IntrinsicLib PrintLib + PcdLib + +[Pcd] + gEfiMdePkgTokenSpaceGuid.PcdStandaloneMmCodeEnabled # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c index 5f9b0c2..de8e756 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c @@ -3,6 +3,7 @@ for OpenSSL-based Cryptographic Library (used in DXE & RUNTIME). Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -77,12 +78,14 @@ time_t time (time_t *timer) time_t CalTime; UINTN Year; - // - // Get the current time and date information - // - Status = gRT->GetTime (, NULL); - if (EFI_ERROR (Status) || (Time.Year < 1970)) { -return 0; + if (!PcdGetBool (PcdStandaloneMmCodeEnabled)) { +// +// Get the current time and date information +// +Status = gRT->GetTime (, NULL); +if (EFI_ERROR (Status) || (Time.Year < 1970)) { + return 0; +} } // -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 12/13] SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library
“AuthVariableLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja Reviewed-by: Chao Zhang --- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf index 572ba4e..4294d3b 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -2,6 +2,7 @@ # Provides authenticated variable services. # # Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -21,12 +22,12 @@ FILE_GUID = B23CF5FB-6FCC-4422-B145-D855DBC05457 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 11/13] ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver
Adapt the NorFlashDxe driver to be used as a MM_STANDALONE driver to allow access to NOR flash for code executing in MM_STANDALONE mode. This allows storing of EFI variables on NOR flash which is accessible only via the MM STANDALONE mode software. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c | 2 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c| 210 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h| 5 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf | 2 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 - ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 +++ 6 files changed, 302 insertions(+), 89 deletions(-) diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c index 279b77c..4c002c7 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c @@ -1,6 +1,6 @@ /** @file NorFlashBlockIoDxe.c - Copyright (c) 2011-2013, ARM Ltd. All rights reserved. + Copyright (c) 2011-2018, ARM Ltd. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c index af40a4c..9c56010 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c @@ -1,6 +1,6 @@ /** @file NorFlashDxe.c - Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved. + Copyright (c) 2011 - 2018, ARM Ltd. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -138,29 +138,102 @@ NorFlashCreateInstance ( if (SupportFvb) { NorFlashFvbInitialize (Instance); +if (!InMm ()) { +Status = gBS->InstallMultipleProtocolInterfaces ( +>Handle, +, >DevicePath, +, >BlockIoProtocol, +, >FvbProtocol, +NULL +); +if (EFI_ERROR(Status)) { + FreePool (Instance); + return Status; +} +} else { + //Install DevicePath Protocol + Status = gMmst->MmInstallProtocolInterface ( +>Handle, +, +EFI_NATIVE_INTERFACE, +>DevicePath +); + if (EFI_ERROR(Status)) { +FreePool (Instance); +return Status; + } + //Install BlockIo Protocol + Status = gMmst->MmInstallProtocolInterface ( +>Handle, +, +EFI_NATIVE_INTERFACE, +>BlockIoProtocol +); + if (EFI_ERROR(Status)) { +FreePool (Instance); +return Status; + } -Status = gBS->InstallMultipleProtocolInterfaces ( - >Handle, - , >DevicePath, - , >BlockIoProtocol, - , >FvbProtocol, - NULL - ); -if (EFI_ERROR(Status)) { - FreePool (Instance); - return Status; + //Install FirmwareVolumeBlock Protocol + Status = gMmst->MmInstallProtocolInterface ( +>Handle, +, +EFI_NATIVE_INTERFACE, +>FvbProtocol +); + if (EFI_ERROR(Status)) { +FreePool (Instance); +return Status; + } } } else { -Status = gBS->InstallMultipleProtocolInterfaces ( ->Handle, -, >DevicePath, -, >BlockIoProtocol, -, >DiskIoProtocol, -NULL -); -if (EFI_ERROR(Status)) { - FreePool (Instance); - return Status; +if (!InMm ()) { + Status = gBS->InstallMultipleProtocolInterfaces ( + >Handle, + , >DevicePath, + , >BlockIoProtocol, + , >DiskIoProtocol, + NULL + ); + if (EFI_ERROR(Status)) { +FreePool (Instance); +return Status; + } +} else { + //Install DevicePath Protocol + Status = gMmst->MmInstallProtocolInterface ( +>Handle, +, +EFI_NATIVE_INTERFACE, +>De
[edk2] [PATCH 10/13] MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library
“VarCheckLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf index 099f83d..c8cf810 100644 --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -2,6 +2,7 @@ # Provides variable check services and database management. # # Copyright (c) 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -21,12 +22,12 @@ FILE_GUID = 63E12D08-0C5D-47F8-95E4-09F89D7506C5 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 09/13] MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver
Adapt the variable runtime dxe driver to be used as a MM_STANDALONE driver to provide variable storage service in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 37 ++-- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c| 201 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 132 + 3 files changed, 312 insertions(+), 58 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index d100b1d..e8976c1 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -18,6 +18,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. (C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -3277,19 +3278,21 @@ VariableServiceSetVariable ( } } - // - // Special Handling for MOR Lock variable. - // - Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); - if (Status == EFI_ALREADY_STARTED) { + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { // -// EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). -// Variable driver can just return SUCCESS. +// Special Handling for MOR Lock variable. // -return EFI_SUCCESS; - } - if (EFI_ERROR (Status)) { -return Status; +Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); +if (Status == EFI_ALREADY_STARTED) { + // + // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). + // Variable driver can just return SUCCESS. + // + return EFI_SUCCESS; +} +if (EFI_ERROR (Status)) { + return Status; +} } Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource); @@ -4098,12 +4101,14 @@ VariableWriteServiceInitialize ( } } - ReleaseLockOnlyAtBootTime (>VariableGlobal.VariableServicesLock); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +ReleaseLockOnlyAtBootTime (>VariableGlobal.VariableServicesLock); - // - // Initialize MOR Lock variable. - // - MorLockInit (); +// +// Initialize MOR Lock variable. +// +MorLockInit (); + } return Status; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 6dc19c2..59f3109 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -15,6 +15,7 @@ SmmVariableGetStatistics() should also do validation based on its own knowledge. Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -34,6 +35,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include +#include #include #include "Variable.h" @@ -218,11 +221,19 @@ GetFtwProtocol ( // // Locate Smm Fault Tolerent Write protocol // - Status = gSmst->SmmLocateProtocol ( -, -NULL, -FtwProtocol -); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gMmst->MmLocateProtocol ( + , + NULL, + FtwProtocol + ); + } else { +Status = gSmst->SmmLocateProtocol ( + , + NULL, + FtwProtocol + ); + } return Status; } @@ -248,11 +259,19 @@ GetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // - return gSmst->SmmHandleProtocol ( - FvBlockHandle, - , - (VOID **) FvBlock - ); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +return gMmst->MmHandleProtocol ( +FvBlockHandle, +, +
[edk2] [PATCH 08/13] MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone
Adapt the VariableSmmRuntimeDxe driver to communicate with a VariableSmm driver that is implemented as a MM Standalone driver. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf| 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 31 +--- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 ++ 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 868981c..4d768db 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -131,6 +131,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c index 85d655d..1902348 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -14,6 +14,8 @@ InitCommunicateBuffer() is really function to check the variable data size. Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. + This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -179,7 +181,11 @@ SendCommunicateBuffer ( SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; CommSize = DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE; - Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBuffer, ); + } else { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + } ASSERT_EFI_ERROR (Status); SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) mVariableBuffer; @@ -991,9 +997,11 @@ SmmVariableReady ( { EFI_STATUSStatus; - Status = gBS->LocateProtocol (, NULL, (VOID **)); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gBS->LocateProtocol (, NULL, (VOID **)); +if (EFI_ERROR (Status)) { + return; +} } Status = gBS->LocateProtocol (, NULL, (VOID **) ); @@ -1069,13 +1077,14 @@ SmmVariableWriteReady ( { EFI_STATUSStatus; VOID *ProtocolOps; - - // - // Check whether the protocol is installed or not. - // - Status = gBS->LocateProtocol (, NULL, (VOID **) ); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +// +// Check whether the protocol is installed or not. +// +Status = gBS->LocateProtocol (, NULL, (VOID **) ); +if (EFI_ERROR (Status)) { + return; +} } // diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf index bd73f7a..c84dd2d 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -87,6 +87,9 @@ ## SOMETIMES_CONSUMES ## Variable:L"dbt" gEfiImageSecurityDatabaseGuid +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled + [Depex] gEfiSmmCommunicationProtocolGuid -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 07/13] MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver
Adapt the FaultTolerantWriteDxe driver to be used as a MM_STANDALONE driver to provide UEFI fault tolerant write protocol functionality for variable reclaim operation on EFI variables stored on a NOR flash that is only accessible to code executing in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf | 1 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 203 +++- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf | 101 ++ MdeModulePkg/Universal/FaultTolerantWriteDxe/UpdateWorkingBlock.c | 27 +-- 4 files changed, 271 insertions(+), 61 deletions(-) diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf index dcde58d..026bc60 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf @@ -77,6 +77,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled # # gBS->CalculateCrc32() is consumed in EntryPoint. diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c index 27fcab1..c5c9452 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c @@ -44,6 +44,7 @@ This driver need to make sure the CommBuffer is not in the SMRAM range. Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -55,13 +56,16 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include +#include #include #include +#include #include #include #include "FaultTolerantWrite.h" #include "FaultTolerantWriteSmmCommon.h" #include +#include EFI_EVENT mFvbRegistration = NULL; EFI_FTW_DEVICE*mFtwDevice = NULL; @@ -92,11 +96,19 @@ FtwGetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // - return gSmst->SmmHandleProtocol ( - FvBlockHandle, - , - (VOID **) FvBlock - ); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +return gSmst->SmmHandleProtocol ( +FvBlockHandle, +, +(VOID **) FvBlock +); + } else { +return gMmst->MmHandleProtocol ( +FvBlockHandle, +, +(VOID **) FvBlock +); + } } /** @@ -119,11 +131,19 @@ FtwGetSarProtocol ( // // Locate Smm Swap Address Range protocol // - Status = gSmst->SmmLocateProtocol ( -, -NULL, -SarProtocol -); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gSmst->SmmLocateProtocol ( + , + NULL, + SarProtocol + ); + } else { +Status = gMmst->MmLocateProtocol ( + , + NULL, + SarProtocol + ); + } return Status; } @@ -158,13 +178,23 @@ GetFvbCountAndBuffer ( BufferSize = 0; *NumberHandles = 0; *Buffer= NULL; - Status = gSmst->SmmLocateHandle ( -ByProtocol, -, -NULL, -, -*Buffer -); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gSmst->SmmLocateHandle ( + ByProtocol, + , + NULL, + , + *Buffer + ); + } else { +Status = gMmst->MmLocateHandle ( + ByProtocol, + , + NULL, + , + *Buffer + ); + } if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) { return EFI_
[edk2] [PATCH 06/13] MdePkg/Library: Add StandaloneMmRuntimeDxe library
To resuse some the libraries in both MM and non-MM mode, a mechanism to determine the execution mode is required, i.e, in MM or non-MM. Add a new library for use by non-MM code to determine the current execution mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/Include/Library/StandaloneMmRuntimeDxe.h | 39 MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c | 36 ++ MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf | 36 ++ MdePkg/MdePkg.dec| 3 ++ 4 files changed, 114 insertions(+) diff --git a/MdePkg/Include/Library/StandaloneMmRuntimeDxe.h b/MdePkg/Include/Library/StandaloneMmRuntimeDxe.h new file mode 100644 index 000..9c45c4d --- /dev/null +++ b/MdePkg/Include/Library/StandaloneMmRuntimeDxe.h @@ -0,0 +1,39 @@ +/** @file + Provides a InMm implementation for RUNTIME DXE drivers + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2016 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __STANDALONE_MM_RUNTIME_DXE_H__ +#define __STANDALONE_MM_RUNTIME_DXE_H__ + +#include + +/** + This function allows the caller to determine if the driver is executing in + Standalone Management Mode(SMM). + + This function returns TRUE if the driver is executing in SMM and FALSE if the + driver is not executing in SMM. + + @retval TRUE The driver is executing in Standalone Management Mode (SMM). + @retval FALSE The driver is not executing in Standalone Management Mode (SMM). + +**/ +BOOLEAN +EFIAPI +InMm ( + VOID + ); + +#endif diff --git a/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c b/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c new file mode 100644 index 000..61ef59a --- /dev/null +++ b/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c @@ -0,0 +1,36 @@ +/** @file + StandaloneMmRuntimeDxe Library. + + Copyright (c) 2018, ARM Limited. All rights reserved. + + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +/** + This function allows the caller to determine if the driver is executing in + Standalone Management Mode(SMM). + + This function returns TRUE if the driver is executing in SMM and FALSE if the + driver is not executing in SMM. + + @retval TRUE The driver is executing in Standalone Management Mode (SMM). + @retval FALSE The driver is not executing in Standalone Management Mode (SMM). + +**/ +BOOLEAN +EFIAPI +InMm ( + VOID + ) +{ + return FALSE; +} diff --git a/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf b/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf new file mode 100644 index 000..43f5f26 --- /dev/null +++ b/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf @@ -0,0 +1,36 @@ +## @file +# Provides StandaloneMmRuntimeDxe. +# +# Copyright (c) 2018, ARM Limited. All rights reserved. +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions +# of the BSD License which accompanies this distribution. The +# full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = StandaloneMmRuntimeDxe + FILE_GUID = 8099cfbf-9564-4c9b-9052-e66b1da88930 + MODULE_TYPE= DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = StandaloneMmRuntimeDxe |DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + StandaloneMmRuntimeDxe.c + +[Packages] + MdePkg/MdePkg.dec + diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 17c90c
[edk2] [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: Add AsmLfence function
Variable service driver includes a call to AsmLfence. To reuse this driver on AArch64 based platforms, add an implementation of AsmLfence that acts as a wrapper on the AArch64 specific MemoryFence function. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/Include/Library/BaseLib.h | 33 +-- MdePkg/Library/BaseLib/AArch64/AsmLfence.S | 42 MdePkg/Library/BaseLib/AArch64/AsmLfence.asm | 41 +++ MdePkg/Library/BaseLib/BaseLib.inf | 2 + 4 files changed, 105 insertions(+), 13 deletions(-) diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h index 8cc0869..ca961ee 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -7697,19 +7697,6 @@ AsmWriteTr ( ); /** - Performs a serializing operation on all load-from-memory instructions that - were issued prior the AsmLfence function. - - Executes a LFENCE instruction. This function is only available on IA-32 and x64. - -**/ -VOID -EFIAPI -AsmLfence ( - VOID - ); - -/** Patch the immediate operand of an IA32 or X64 instruction such that the byte, word, dword or qword operand is encoded at the end of the instruction's binary representation. @@ -7752,4 +7739,24 @@ PatchInstructionX86 ( ); #endif // defined (MDE_CPU_IA32) || defined (MDE_CPU_X64) + +#if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64) || defined (MDE_CPU_AARCH64) + +/** + Performs a serializing operation on all load-from-memory instructions that + were issued prior the AsmLfence function. + + In case of IA-32 and x64, Executes a LFENCE instruction. + + In case of AArch64 this acts as a wrapper on the AArch64 + specific MemoryFence function + +**/ +VOID +EFIAPI +AsmLfence ( + VOID + ); + +#endif // defined (MDE_CPU_IA32) || defined (MDE_CPU_X64) || defined (MDE_CPU_AARCH64) #endif // !defined (__BASE_LIB__) diff --git a/MdePkg/Library/BaseLib/AArch64/AsmLfence.S b/MdePkg/Library/BaseLib/AArch64/AsmLfence.S new file mode 100644 index 000..2fd804b --- /dev/null +++ b/MdePkg/Library/BaseLib/AArch64/AsmLfence.S @@ -0,0 +1,42 @@ +##-- +# +# AsmLfence() for AArch64 +# +# Copyright (c) 2013-2018, ARM Ltd. All rights reserved. +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +##-- + +.text +.p2align 2 + +GCC_ASM_EXPORT(AsmLfence) + +# IMPORT +GCC_ASM_IMPORT(MemoryFence) + +#/** +# Used to serialize load and store operations. +# +# All loads and stores that proceed calls to this function are guaranteed to be +# globally visible when this function returns. +# +#**/ +#VOID +#EFIAPI +#AsmLfence ( +# VOID +# ); +# +ASM_PFX(AsmLfence): +stp x29, x30, [sp, #-16]! +bl MemoryFence +ldp x29, x30, [sp], #0x10 +ret diff --git a/MdePkg/Library/BaseLib/AArch64/AsmLfence.asm b/MdePkg/Library/BaseLib/AArch64/AsmLfence.asm new file mode 100644 index 000..7dd5659 --- /dev/null +++ b/MdePkg/Library/BaseLib/AArch64/AsmLfence.asm @@ -0,0 +1,41 @@ +;-- +; +; AsmLfence() for AArch64 +; +; Copyright (c) 2013-2018, ARM Ltd. All rights reserved. +; +; This program and the accompanying materials +; are licensed and made available under the terms and conditions of the BSD License +; which accompanies this distribution. The full text of the license may be found at +; http://opensource.org/licenses/bsd-license.php. +; +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +; +;-- + + EXPORT AsmLfence + AREA BaseLib_LowLevel, CODE, READONLY + # IMPORT + GCC_ASM_IMPORT(MemoryFence) + +;/** +; Used to serialize load and store operations. +; +; All loads and stores that proceed calls to this function are guaranteed to be +; globally visible when this function returns. +; +;**/ +;VOID +;EFIAPI +;AsmLfence ( +; VOID +; ); +; +AsmLfence +stp x29, x30, [sp, #-16]! +bl MemoryFence +ldp x29, x30, [sp], #0x10 +ret + + END diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf index b84e583..b7d7bcb 100644 --- a/MdePkg/Library/BaseLib/BaseLib.inf +++ b/MdePkg/Library/BaseLib/BaseLib.inf @@ -585,6 +585,7 @@ Math64.c AArch64/MemoryFence
[edk2] [PATCH 04/13] MdePkg/Include: add StandaloneMmServicesTableLib header file
Some of the existing DXE drivers can be refactored to execute within the Standalone MM execution environment as well. Allow such drivers to get access to the Standalone MM services tables. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/Include/Library/StandaloneMmServicesTableLib.h | 25 MdePkg/MdePkg.dec | 4 2 files changed, 29 insertions(+) diff --git a/MdePkg/Include/Library/StandaloneMmServicesTableLib.h b/MdePkg/Include/Library/StandaloneMmServicesTableLib.h new file mode 100644 index 000..db310ac --- /dev/null +++ b/MdePkg/Include/Library/StandaloneMmServicesTableLib.h @@ -0,0 +1,25 @@ +/** @file + Provides a service to retrieve a pointer to the Standalone MM Services Table. + Only available to Standalone MM module types. + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2016 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __MM_SERVICES_TABLE_LIB_H__ +#define __MM_SERVICES_TABLE_LIB_H__ + +#include + +extern EFI_MM_SYSTEM_TABLE *gMmst; + +#endif diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index af694fc..17c90c2 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -243,6 +243,10 @@ ## SafeIntLib|Include/Library/SafeIntLib.h + ## @libraryclass Provides a service to retrieve a pointer to the Standalone MM Services Table. + # Only available to MM_STANDALONE module types. + MmServicesTableLib|Include/Library/StandaloneMmServicesTableLib.h + [LibraryClasses.IA32, LibraryClasses.X64] ## @libraryclass Abstracts both S/W SMI generation and detection. ## -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 03/13] MdeModulePkg: Add a PCD to indicate Standalone MM supports secure variable
Add a flag that indicates whether Standalone MM mode supports secure storage of variables. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/MdeModulePkg.dec | 5 + 1 file changed, 5 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 41d2b04..badea4a 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1041,6 +1041,11 @@ # @Prompt Enable UEFI Stack Guard. gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|FALSE|BOOLEAN|0x30001055 + ## This flag indicates secure variable functionality is implemented by Standalone MM + # TRUE - Secure variable storage supported by Standalone MM code. + # FALSE - Standalone MM code does not support secure storage of variables + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled|FALSE|BOOLEAN|0x30001056 + [PcdsFixedAtBuild, PcdsPatchableInModule] ## Dynamic type PCD can be registered callback function for Pcd setting action. # PcdMaxPeiPcdCallBackNumberPerPcdEntry indicates the maximum number of callback function -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 02/13] MdePkg: Add a PCD that indicates presence of Standalone MM mode
Add a flag to indicate the presence of Standalone MM mode. For existing library and/or drivers that can be refactored to be used as a Standalone MM component, this flag can be used to choose the portions of the code that gets executed in Standalone MM. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/MdePkg.dec | 5 + 1 file changed, 5 insertions(+) diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 712bd46..af694fc 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -2073,6 +2073,11 @@ # @Prompt Fixed Debug Message Print Level. gEfiMdePkgTokenSpaceGuid.PcdFixedDebugPrintErrorLevel|0x|UINT32|0x30001016 + ## This flag indicates Standalone MM execution mode is enabled + # TRUE - Standalone MM execution mode is enabled + # FALSE - Standalone MM execution mode is not enabled + gEfiMdePkgTokenSpaceGuid.PcdStandaloneMmCodeEnabled|FALSE|BOOLEAN|0x30001017 + [PcdsFixedAtBuild,PcdsPatchableInModule] ## Indicates the maximum length of unicode string used in the following # BaseLib functions: StrLen(), StrSize(), StrCmp(), StrnCmp(), StrCpy(), StrnCpy() -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [PATCH 01/13] StandaloneMmPkg: Pull in additonal libraries from staging branch
Three additional library packages are being pulled into StandaloneMmPkg from the staging area in order to support the secure variable service. The three packages being pulled in are - StandaloneMmHobLib - StandaloneMmMemoryAllocationLib - StandaloneMmServicesTableLib Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf | 2 +- StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c | 64 ++ StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c | 655 StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf | 48 ++ StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.c | 824 StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf | 45 ++ StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c | 64 ++ StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf | 36 + 8 files changed, 1737 insertions(+), 1 deletion(-) diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf index db19d3c..ac036e3 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf +++ b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf @@ -24,7 +24,7 @@ MODULE_TYPE= MM_CORE_STANDALONE VERSION_STRING = 1.0 PI_SPECIFICATION_VERSION = 0x00010032 - LIBRARY_CLASS = HobLib|MM_CORE_STANDALONE MM_STANDALONE + LIBRARY_CLASS = HobLib|MM_CORE_STANDALONE # # VALID_ARCHITECTURES = AARCH64 diff --git a/StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c b/StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c new file mode 100644 index 000..ac5a1c0 --- /dev/null +++ b/StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c @@ -0,0 +1,64 @@ +/** @file + HOB Library implementation for Standalone MM Core. + +Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved. +Copyright (c) 2017 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +#include +#include +#include + +#include + +// +// Cache copy of HobList pointer. +// +extern VOID *gHobList; + +EFI_HOB_HANDOFF_INFO_TABLE* +HobConstructor ( + IN VOID *EfiMemoryBegin, + IN UINTN EfiMemoryLength, + IN VOID *EfiFreeMemoryBottom, + IN VOID *EfiFreeMemoryTop + ) +{ + EFI_HOB_HANDOFF_INFO_TABLE *Hob; + EFI_HOB_GENERIC_HEADER *HobEnd; + + Hob= EfiFreeMemoryBottom; + HobEnd = (EFI_HOB_GENERIC_HEADER *)(Hob+1); + + Hob->Header.HobType = EFI_HOB_TYPE_HANDOFF; + Hob->Header.HobLength = sizeof(EFI_HOB_HANDOFF_INFO_TABLE); + Hob->Header.Reserved= 0; + + HobEnd->HobType = EFI_HOB_TYPE_END_OF_HOB_LIST; + HobEnd->HobLength = sizeof(EFI_HOB_GENERIC_HEADER); + HobEnd->Reserved= 0; + + Hob->Version = EFI_HOB_HANDOFF_TABLE_VERSION; + Hob->BootMode= BOOT_WITH_FULL_CONFIGURATION; + + Hob->EfiMemoryTop= (UINTN)EfiMemoryBegin + EfiMemoryLength; + Hob->EfiMemoryBottom = (UINTN)EfiMemoryBegin; + Hob->EfiFreeMemoryTop= (UINTN)EfiFreeMemoryTop; + Hob->EfiFreeMemoryBottom = (EFI_PHYSICAL_ADDRESS)(UINTN)(HobEnd+1); + Hob->EfiEndOfHobList = (EFI_PHYSICAL_ADDRESS)(UINTN)HobEnd; + + gHobList = Hob; + + return Hob; +} diff --git a/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c b/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c new file mode 100644 index 000..591a78c --- /dev/null +++ b/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c @@ -0,0 +1,655 @@ +/** @file + HOB Library implementation for Standalone MM Core. + +Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved. +Copyright (c) 2017 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license
[edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Changes since RFC v4: - Addressed all the comments from Liming Gao - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate presence of StandaloneMM support. - MdePkg.dec file updated to include StandaloneMmServiceTableLib and StandaloneMmRuntimeDxe library. - Platform specific changes will be posted in a seperate patchset. - AsmLfence wrapper function is supported for AArch64 platforms. - All the patches in this series can be pulled from https://github.com/jagadeeshujja/edk2 (branch: topics/aarch64_secure_vars) Changes since RFC v3: - Addressed all the comments from Liming Gao - Added a AArch64 implementation of AsmLfence which is a wrapper for MemoryFence. The changes in variable service driver in v3 of this patchset that used MemoryFence instead of AsmLfence have been removed. - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe library into MdePkg. - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and added to in to MdePkg. - Now with above changes, edk2 packages don't need to depend on StandaloneMmPkg/StandaloneMmPkg.dec - Addressed comments from Ting Ye - Removed the hacks in the v3 version. - Will relook into the “TimerWrapp.c” file and add a appropriate implementation of this for MM Standalone mode code. Changes since RFC v2: - Added 'Contributed-under' tag, removed Change-ID tag and maintained a single signed-off-by for the all the patches. Changes since RFC v1: - Addressed all the comments from Liming Gao - Removed the use of #ifdef/#else/#endif and used a Pcd instead to select between MM and non-MM paths. - Removed all dependencies on edk2-platforms. - Dropped the use of mMmst and used gSmst instead. - Added a dummy implementation UefiRuntimeServiceTableLib for MM_STANDALONE usage - Replaced all uses of AsmLfence with MemoryFence from variable service code. - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. This patch series extends the existing secure variable service support for use with Standalone MM. This is applicable to paltforms that use Standalone Management Mode to protect access to non-volatile memory (NOR flash in case of these patches) used to store the secure EFI variables. The first patch pulls in additional libraries from the staging branch of StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure variable service implementation supports only the traditional MM mode and so the rest of the patches extends the existing secure variable service support to be useable with Standalone MM mode as well. Jagadeesh Ujja (13): StandaloneMmPkg: Pull in additonal libraries from staging branch MdePkg: Add a PCD that indicates presence of Standalone MM mode MdeModulePkg: Add a PCD to indicate Standalone MM supports secure variable MdePkg/Include: add StandaloneMmServicesTableLib header file MdePkg/Library/BaseLib/AArch64: Add AsmLfence function MdePkg/Library: Add StandaloneMmRuntimeDxe library MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c | 2 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c | 210 - ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h | 5 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf | 2 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 +-- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 ++ CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 7 +- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 4 + CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 15 +- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +- MdeModulePkg/MdeModulePkg.dec | 5 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf | 1 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 203 +++-- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
Re: [edk2] [RFC PATCH v4 00/12] Extend secure variable service to be usable from Standalone MM
Hi Liming, On Thu, Dec 13, 2018 at 8:02 PM Gao, Liming wrote: > > I add my comments. Thanks for the clarification. Will fix the patches accordingly. Regards, Jagadeesh. > > > -Original Message- > > From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > > Sent: Thursday, December 13, 2018 8:00 PM > > To: Gao, Liming > > Cc: edk2-devel@lists.01.org; Zhang, Chao B ; Leif > > Lindholm > > Subject: Re: [edk2] [RFC PATCH v4 00/12] Extend secure variable service to > > be usable from Standalone MM > > > > Hi Liming > > > > On Wed, Dec 12, 2018 at 8:44 PM Gao, Liming wrote: > > > > > > This version is better. I have some comments on edk2 coding style. > > > > Thank you for your review. Please see reply to your comments below. > > > > > > > > 1. This patch set can't be applied in edk2 trunk. Seemly, they base on > > > previous version edk2. > > > > The v4 patchset was based on the tip of the edk2 master branch on the > > day it was posted. The commit id on which this series was based is > > "f7f94ffe". > > > So, can you fork edk2 tree and upload these changes into your branch in fork > edk2 tree? If so, it will be easy for review. > > > > 2. Pcd is for Standalone MM Code, not specific for Variable. So, I > > > suggest to use the generic name PcdStandaloneMmCodeEnabled. Its > > description is also required to be updated. > > > > The intention of the changes done in the patchset is to reuse the > > variable service driver in MM_STANDALONE mode. There could be > > platforms that enable Standalone MM mode but would not want a secure > > storage for EFI variables. In which case, the PCD named > > PcdStandaloneMmCodeEnabled would not be sufficient. And this the > > reason it was named " PcdStandaloneMmVariableEnabled". > > > I see this PCD is also used in > CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c. So, I understand it is > general purpose, not only for Variable. > If it is for Variable only, please define this PCD into MdeModulePkg instead > of MdePkg. > > > > 3. Library header file name (StandaloneMmServicesTableLib.h) is also > > > library class name. Library class name and header file mapping > > is required to be listed in MdePkg.dec file [LibraryClasses] section. And, > > this header file doesn't need to include Library/DebugLib.h, > > because it doesn't depend on it. > > > 4. Library implementation INF file (StandaloneMmRuntimeDxe.inf) should > > > list its library class name in LIBRARY_CLASS of [Defines] > > section. Its library class name is StandaloneMmServicesTableLib. And, > > MdePkg library implementation depends on MdePkg.dec only in > > [Packages] section. > > > 5. Library implementation should implement all interfaces defined in > > > library class header file. StandaloneMmRuntimeDxe library > > should initialize gMmst as NULL if it has no real value. > > StandaloneMmRuntimeDxe library doesn't depend on any other library class. It > > doesn't need to list other library class in its [LibraryClasses] section of > > INF file. > > > > Point 3, 4 and 5 will be fixed > > > > > 6. When other module depends on this library class header file, it should > > > list StandaloneMmServicesTableLib in its [LibraryClasses] > > section of INF file. > > > 7. Platform DSC also needs to list LibraryClassName|Library > > > implementation INF in [LibraryClasses] section. > > > > Points 6 and 7 are taken care and are part of edk2platform specific > > changes, will post those changes soon > > > > > 8. I don't suggest to add AsmLfence API in BaseLib for AArch64, because > > > it is X86 specific API. I suggest to update Variable driver with > > the wrapper function FenceFunc() for AsmLfence() and MemoryFence(). > > FenceFunc can be implemented for the different arch in > > Variable driver. Variable driver will call FenceFunc() instead of > > AsmLfence(). So, only variable driver is required to be updated. There is > > no change in BaseLib. > > > > > Okay, the variable driver can be updated to call a wrapper > > "FenceFunc()" but wouldn't it be useful to add the architecture > > specific implantation of this in BaseLib. In that way, not just the > > variable driver but other drivers can use this implementation of > > "FenceFunc()". For instance, > > FaultTolerantWriteDxe/FaultTolerantWriteSmm.c does calls to > > AsmLfence() and an architecture specific implementation of &
Re: [edk2] [RFC PATCH v4 00/12] Extend secure variable service to be usable from Standalone MM
Hi Liming On Wed, Dec 12, 2018 at 8:44 PM Gao, Liming wrote: > > This version is better. I have some comments on edk2 coding style. Thank you for your review. Please see reply to your comments below. > > 1. This patch set can't be applied in edk2 trunk. Seemly, they base on > previous version edk2. The v4 patchset was based on the tip of the edk2 master branch on the day it was posted. The commit id on which this series was based is "f7f94ffe". > 2. Pcd is for Standalone MM Code, not specific for Variable. So, I suggest to > use the generic name PcdStandaloneMmCodeEnabled. Its description is also > required to be updated. The intention of the changes done in the patchset is to reuse the variable service driver in MM_STANDALONE mode. There could be platforms that enable Standalone MM mode but would not want a secure storage for EFI variables. In which case, the PCD named PcdStandaloneMmCodeEnabled would not be sufficient. And this the reason it was named " PcdStandaloneMmVariableEnabled". > 3. Library header file name (StandaloneMmServicesTableLib.h) is also library > class name. Library class name and header file mapping is required to be > listed in MdePkg.dec file [LibraryClasses] section. And, this header file > doesn't need to include Library/DebugLib.h, because it doesn't depend on it. > 4. Library implementation INF file (StandaloneMmRuntimeDxe.inf) should list > its library class name in LIBRARY_CLASS of [Defines] section. Its library > class name is StandaloneMmServicesTableLib. And, MdePkg library > implementation depends on MdePkg.dec only in [Packages] section. > 5. Library implementation should implement all interfaces defined in library > class header file. StandaloneMmRuntimeDxe library should initialize gMmst as > NULL if it has no real value. StandaloneMmRuntimeDxe library doesn't depend > on any other library class. It doesn't need to list other library class in > its [LibraryClasses] section of INF file. Point 3, 4 and 5 will be fixed > 6. When other module depends on this library class header file, it should > list StandaloneMmServicesTableLib in its [LibraryClasses] section of INF file. > 7. Platform DSC also needs to list LibraryClassName|Library implementation > INF in [LibraryClasses] section. Points 6 and 7 are taken care and are part of edk2platform specific changes, will post those changes soon > 8. I don't suggest to add AsmLfence API in BaseLib for AArch64, because it is > X86 specific API. I suggest to update Variable driver with the wrapper > function FenceFunc() for AsmLfence() and MemoryFence(). FenceFunc can be > implemented for the different arch in Variable driver. Variable driver will > call FenceFunc() instead of AsmLfence(). So, only variable driver is required > to be updated. There is no change in BaseLib. > Okay, the variable driver can be updated to call a wrapper "FenceFunc()" but wouldn't it be useful to add the architecture specific implantation of this in BaseLib. In that way, not just the variable driver but other drivers can use this implementation of "FenceFunc()". For instance, FaultTolerantWriteDxe/FaultTolerantWriteSmm.c does calls to AsmLfence() and an architecture specific implementation of "FenceFunc()" in BaseLib can be reused in FaultTolerantWriteDxe driver as well. > > -Original Message- > > From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > > Sent: Tuesday, December 11, 2018 2:22 PM > > To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, > > Chao B ; leif.lindh...@linaro.org > > Subject: [RFC PATCH v4 00/12] Extend secure variable service to be usable > > from Standalone MM > > > > Changes since v3: > > - Addressed all the comments from Liming Gao > > - Added a AArch64 implementation of AsmLfence which is a wrapper for > > MemoryFence. The changes in variable service driver in v3 of this > > patchset that used MemoryFence instead of AsmLfence have been removed. > > - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe > > library into MdePkg. > > - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and > > added to in to MdePkg. > > - Now with above changes, edk2 packages don't need to depend on > > StandaloneMmPkg/StandaloneMmPkg.dec > > - Addressed comments from Ting Ye > > - Removed the hacks in the v3 version. > > - Will relook into the “TimerWrapp.c” file and add a appropriate > > implementation of this for MM Standalone mode code. > > > > Changes since v2: > > - Added 'Contributed-under' tag, removed Change-ID tag and > > maintained a single signed-off-by for the all the patches. > > > > Changes s
[edk2] [RFC PATCH v4 12/12] CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library
“BaseCryptLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 7 ++- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf| 4 CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 15 +-- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index f29445c..7d93fe2 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -7,6 +7,7 @@ # buffer overflow or integer overflow. # # Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -24,7 +25,7 @@ FILE_GUID = be3bb803-91b6-4da0-bd91-a8b21c18ca5d MODULE_TYPE= DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. @@ -85,6 +86,10 @@ OpensslLib IntrinsicLib PrintLib + PcdLib + +[Pcd] + gEfiMdePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index 32628c8..4ce5a6f 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -91,6 +91,10 @@ OpensslLib IntrinsicLib PrintLib + PcdLib + +[Pcd] + gEfiMdePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c index 5f9b0c2..b7c57bb 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c @@ -3,6 +3,7 @@ for OpenSSL-based Cryptographic Library (used in DXE & RUNTIME). Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -77,12 +78,14 @@ time_t time (time_t *timer) time_t CalTime; UINTN Year; - // - // Get the current time and date information - // - Status = gRT->GetTime (, NULL); - if (EFI_ERROR (Status) || (Time.Year < 1970)) { -return 0; + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +// +// Get the current time and date information +// +Status = gRT->GetTime (, NULL); +if (EFI_ERROR (Status) || (Time.Year < 1970)) { + return 0; +} } // -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v4 11/12] SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library
“AuthVariableLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja Reviewed-by: Chao Zhang --- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf index 572ba4e..4294d3b 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -2,6 +2,7 @@ # Provides authenticated variable services. # # Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -21,12 +22,12 @@ FILE_GUID = B23CF5FB-6FCC-4422-B145-D855DBC05457 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v4 10/12] ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver
Adapt the NorFlashDxe driver to be used as a MM_STANDALONE driver to allow access to NOR flash for code executing in MM_STANDALONE mode. This allows storing of EFI variables on NOR flash which is accessible only via the MM STANDALONE mode software. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c | 2 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c| 210 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h| 4 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf | 3 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 - ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 +++ 6 files changed, 302 insertions(+), 89 deletions(-) diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c index 279b77c..4c002c7 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c @@ -1,6 +1,6 @@ /** @file NorFlashBlockIoDxe.c - Copyright (c) 2011-2013, ARM Ltd. All rights reserved. + Copyright (c) 2011-2018, ARM Ltd. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c index af40a4c..9c56010 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c @@ -1,6 +1,6 @@ /** @file NorFlashDxe.c - Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved. + Copyright (c) 2011 - 2018, ARM Ltd. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -138,29 +138,102 @@ NorFlashCreateInstance ( if (SupportFvb) { NorFlashFvbInitialize (Instance); +if (!InMm ()) { +Status = gBS->InstallMultipleProtocolInterfaces ( +>Handle, +, >DevicePath, +, >BlockIoProtocol, +, >FvbProtocol, +NULL +); +if (EFI_ERROR(Status)) { + FreePool (Instance); + return Status; +} +} else { + //Install DevicePath Protocol + Status = gMmst->MmInstallProtocolInterface ( +>Handle, +, +EFI_NATIVE_INTERFACE, +>DevicePath +); + if (EFI_ERROR(Status)) { +FreePool (Instance); +return Status; + } + //Install BlockIo Protocol + Status = gMmst->MmInstallProtocolInterface ( +>Handle, +, +EFI_NATIVE_INTERFACE, +>BlockIoProtocol +); + if (EFI_ERROR(Status)) { +FreePool (Instance); +return Status; + } -Status = gBS->InstallMultipleProtocolInterfaces ( - >Handle, - , >DevicePath, - , >BlockIoProtocol, - , >FvbProtocol, - NULL - ); -if (EFI_ERROR(Status)) { - FreePool (Instance); - return Status; + //Install FirmwareVolumeBlock Protocol + Status = gMmst->MmInstallProtocolInterface ( +>Handle, +, +EFI_NATIVE_INTERFACE, +>FvbProtocol +); + if (EFI_ERROR(Status)) { +FreePool (Instance); +return Status; + } } } else { -Status = gBS->InstallMultipleProtocolInterfaces ( ->Handle, -, >DevicePath, -, >BlockIoProtocol, -, >DiskIoProtocol, -NULL -); -if (EFI_ERROR(Status)) { - FreePool (Instance); - return Status; +if (!InMm ()) { + Status = gBS->InstallMultipleProtocolInterfaces ( + >Handle, + , >DevicePath, + , >BlockIoProtocol, + , >DiskIoProtocol, + NULL + ); + if (EFI_ERROR(Status)) { +FreePool (Instance); +return Status; + } +} else { + //Install DevicePath Protocol + Status = gMmst->MmInstallProtocolInterface ( +>Handle, +, +EFI_NATIVE_INTERFACE, +>De
[edk2] [RFC PATCH v4 09/12] MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library
“VarCheckLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf index 099f83d..c8cf810 100644 --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -2,6 +2,7 @@ # Provides variable check services and database management. # # Copyright (c) 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -21,12 +22,12 @@ FILE_GUID = 63E12D08-0C5D-47F8-95E4-09F89D7506C5 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v4 08/12] MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver
Adapt the variable runtime dxe driver to be used as a MM_STANDALONE driver to provide variable storage service in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 37 ++-- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c| 201 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 132 + 3 files changed, 312 insertions(+), 58 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index d100b1d..e8976c1 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -18,6 +18,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. (C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -3277,19 +3278,21 @@ VariableServiceSetVariable ( } } - // - // Special Handling for MOR Lock variable. - // - Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); - if (Status == EFI_ALREADY_STARTED) { + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { // -// EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). -// Variable driver can just return SUCCESS. +// Special Handling for MOR Lock variable. // -return EFI_SUCCESS; - } - if (EFI_ERROR (Status)) { -return Status; +Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); +if (Status == EFI_ALREADY_STARTED) { + // + // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). + // Variable driver can just return SUCCESS. + // + return EFI_SUCCESS; +} +if (EFI_ERROR (Status)) { + return Status; +} } Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource); @@ -4098,12 +4101,14 @@ VariableWriteServiceInitialize ( } } - ReleaseLockOnlyAtBootTime (>VariableGlobal.VariableServicesLock); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +ReleaseLockOnlyAtBootTime (>VariableGlobal.VariableServicesLock); - // - // Initialize MOR Lock variable. - // - MorLockInit (); +// +// Initialize MOR Lock variable. +// +MorLockInit (); + } return Status; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 6dc19c2..59f3109 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -15,6 +15,7 @@ SmmVariableGetStatistics() should also do validation based on its own knowledge. Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -34,6 +35,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include +#include #include #include "Variable.h" @@ -218,11 +221,19 @@ GetFtwProtocol ( // // Locate Smm Fault Tolerent Write protocol // - Status = gSmst->SmmLocateProtocol ( -, -NULL, -FtwProtocol -); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gMmst->MmLocateProtocol ( + , + NULL, + FtwProtocol + ); + } else { +Status = gSmst->SmmLocateProtocol ( + , + NULL, + FtwProtocol + ); + } return Status; } @@ -248,11 +259,19 @@ GetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // - return gSmst->SmmHandleProtocol ( - FvBlockHandle, - , - (VOID **) FvBlock - ); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +return gMmst->MmHandleProtocol ( +FvBlockHandle, +, +
[edk2] [RFC PATCH v4 07/12] MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone
Adapt the VariableSmmRuntimeDxe driver to communicate with a VariableSmm driver that is implemented as a MM Standalone driver. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf| 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 31 +--- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 ++ 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 868981c..beba675 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -131,6 +131,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES + gEfiMdePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c index 85d655d..1902348 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -14,6 +14,8 @@ InitCommunicateBuffer() is really function to check the variable data size. Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. + This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -179,7 +181,11 @@ SendCommunicateBuffer ( SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; CommSize = DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE; - Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBuffer, ); + } else { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + } ASSERT_EFI_ERROR (Status); SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) mVariableBuffer; @@ -991,9 +997,11 @@ SmmVariableReady ( { EFI_STATUSStatus; - Status = gBS->LocateProtocol (, NULL, (VOID **)); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gBS->LocateProtocol (, NULL, (VOID **)); +if (EFI_ERROR (Status)) { + return; +} } Status = gBS->LocateProtocol (, NULL, (VOID **) ); @@ -1069,13 +1077,14 @@ SmmVariableWriteReady ( { EFI_STATUSStatus; VOID *ProtocolOps; - - // - // Check whether the protocol is installed or not. - // - Status = gBS->LocateProtocol (, NULL, (VOID **) ); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +// +// Check whether the protocol is installed or not. +// +Status = gBS->LocateProtocol (, NULL, (VOID **) ); +if (EFI_ERROR (Status)) { + return; +} } // diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf index bd73f7a..ce63fe6 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -87,6 +87,9 @@ ## SOMETIMES_CONSUMES ## Variable:L"dbt" gEfiImageSecurityDatabaseGuid +[Pcd] + gEfiMdePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled + [Depex] gEfiSmmCommunicationProtocolGuid -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v4 06/12] MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver
Adapt the FaultTolerantWriteDxe driver to be used as a MM_STANDALONE driver to provide UEFI fault tolerant write protocol functionality for variable reclaim operation on EFI variables stored on a NOR flash that is only accessible to code executing in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf | 1 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 203 +++- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf | 101 ++ MdeModulePkg/Universal/FaultTolerantWriteDxe/UpdateWorkingBlock.c | 27 +-- 4 files changed, 271 insertions(+), 61 deletions(-) diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf index dcde58d..35b6c47 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf @@ -77,6 +77,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize ## CONSUMES + gEfiMdePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled # # gBS->CalculateCrc32() is consumed in EntryPoint. diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c index 27fcab1..c5c9452 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c @@ -44,6 +44,7 @@ This driver need to make sure the CommBuffer is not in the SMRAM range. Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -55,13 +56,16 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include +#include #include #include +#include #include #include #include "FaultTolerantWrite.h" #include "FaultTolerantWriteSmmCommon.h" #include +#include EFI_EVENT mFvbRegistration = NULL; EFI_FTW_DEVICE*mFtwDevice = NULL; @@ -92,11 +96,19 @@ FtwGetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // - return gSmst->SmmHandleProtocol ( - FvBlockHandle, - , - (VOID **) FvBlock - ); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +return gSmst->SmmHandleProtocol ( +FvBlockHandle, +, +(VOID **) FvBlock +); + } else { +return gMmst->MmHandleProtocol ( +FvBlockHandle, +, +(VOID **) FvBlock +); + } } /** @@ -119,11 +131,19 @@ FtwGetSarProtocol ( // // Locate Smm Swap Address Range protocol // - Status = gSmst->SmmLocateProtocol ( -, -NULL, -SarProtocol -); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gSmst->SmmLocateProtocol ( + , + NULL, + SarProtocol + ); + } else { +Status = gMmst->MmLocateProtocol ( + , + NULL, + SarProtocol + ); + } return Status; } @@ -158,13 +178,23 @@ GetFvbCountAndBuffer ( BufferSize = 0; *NumberHandles = 0; *Buffer= NULL; - Status = gSmst->SmmLocateHandle ( -ByProtocol, -, -NULL, -, -*Buffer -); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gSmst->SmmLocateHandle ( + ByProtocol, + , + NULL, + , + *Buffer + ); + } else { +Status = gMmst->MmLocateHandle ( + ByProtocol, + , + NULL, + , + *Buffer + ); + } if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) { return EFI_NOT_FOUND; } @
[edk2] [RFC PATCH v4 05/12] MdePkg/Library: Add StandaloneMmRuntimeDxe library
To resuse some the libraries in both MM and non-MM mode, a mechanism to determine the execution mode is required, i.e, in MM or non-MM. Add a new library for use by non-MM code to determine the current execution mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c | 36 + MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf | 42 2 files changed, 78 insertions(+) diff --git a/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c b/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c new file mode 100644 index 000..61ef59a --- /dev/null +++ b/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c @@ -0,0 +1,36 @@ +/** @file + StandaloneMmRuntimeDxe Library. + + Copyright (c) 2018, ARM Limited. All rights reserved. + + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include + +/** + This function allows the caller to determine if the driver is executing in + Standalone Management Mode(SMM). + + This function returns TRUE if the driver is executing in SMM and FALSE if the + driver is not executing in SMM. + + @retval TRUE The driver is executing in Standalone Management Mode (SMM). + @retval FALSE The driver is not executing in Standalone Management Mode (SMM). + +**/ +BOOLEAN +EFIAPI +InMm ( + VOID + ) +{ + return FALSE; +} diff --git a/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf b/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf new file mode 100644 index 000..741b229 --- /dev/null +++ b/MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf @@ -0,0 +1,42 @@ +## @file +# Provides StandaloneMmRuntimeDxe. +# +# Copyright (c) 2018, ARM Limited. All rights reserved. +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions +# of the BSD License which accompanies this distribution. The +# full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION= 0x00010005 + BASE_NAME = StandaloneMmRuntimeDxe + FILE_GUID = 8099cfbf-9564-4c9b-9052-e66b1da88930 + MODULE_TYPE= DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = StandaloneMmRuntimeDxe |DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + StandaloneMmRuntimeDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v4 04/12] MdePkg/Library/BaseLib/AArch64: Add AsmLfence function
Variable service driver includes a call to AsmLfence. To reuse this driver on AArch64 based platforms, add an implementation of AsmLfence that acts as a wrapper on the AArch64 specific MemoryFence function. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/Include/Library/BaseLib.h | 10 + MdePkg/Library/BaseLib/AArch64/AsmLfence.S | 42 MdePkg/Library/BaseLib/AArch64/AsmLfence.asm | 41 +++ MdePkg/Library/BaseLib/BaseLib.inf | 2 + 4 files changed, 95 insertions(+) diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h index 8cc0869..595cf90 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -126,6 +126,16 @@ typedef struct { #define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 8 +/** + Performs a serializing operation on all load-from-memory instructions that + were issued prior the AsmLfence function. +**/ +VOID +EFIAPI +AsmLfence ( + VOID + ); + #endif // defined (MDE_CPU_AARCH64) diff --git a/MdePkg/Library/BaseLib/AArch64/AsmLfence.S b/MdePkg/Library/BaseLib/AArch64/AsmLfence.S new file mode 100644 index 000..2fd804b --- /dev/null +++ b/MdePkg/Library/BaseLib/AArch64/AsmLfence.S @@ -0,0 +1,42 @@ +##-- +# +# AsmLfence() for AArch64 +# +# Copyright (c) 2013-2018, ARM Ltd. All rights reserved. +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +##-- + +.text +.p2align 2 + +GCC_ASM_EXPORT(AsmLfence) + +# IMPORT +GCC_ASM_IMPORT(MemoryFence) + +#/** +# Used to serialize load and store operations. +# +# All loads and stores that proceed calls to this function are guaranteed to be +# globally visible when this function returns. +# +#**/ +#VOID +#EFIAPI +#AsmLfence ( +# VOID +# ); +# +ASM_PFX(AsmLfence): +stp x29, x30, [sp, #-16]! +bl MemoryFence +ldp x29, x30, [sp], #0x10 +ret diff --git a/MdePkg/Library/BaseLib/AArch64/AsmLfence.asm b/MdePkg/Library/BaseLib/AArch64/AsmLfence.asm new file mode 100644 index 000..7dd5659 --- /dev/null +++ b/MdePkg/Library/BaseLib/AArch64/AsmLfence.asm @@ -0,0 +1,41 @@ +;-- +; +; AsmLfence() for AArch64 +; +; Copyright (c) 2013-2018, ARM Ltd. All rights reserved. +; +; This program and the accompanying materials +; are licensed and made available under the terms and conditions of the BSD License +; which accompanies this distribution. The full text of the license may be found at +; http://opensource.org/licenses/bsd-license.php. +; +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +; +;-- + + EXPORT AsmLfence + AREA BaseLib_LowLevel, CODE, READONLY + # IMPORT + GCC_ASM_IMPORT(MemoryFence) + +;/** +; Used to serialize load and store operations. +; +; All loads and stores that proceed calls to this function are guaranteed to be +; globally visible when this function returns. +; +;**/ +;VOID +;EFIAPI +;AsmLfence ( +; VOID +; ); +; +AsmLfence +stp x29, x30, [sp, #-16]! +bl MemoryFence +ldp x29, x30, [sp], #0x10 +ret + + END diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf index b84e583..b7d7bcb 100644 --- a/MdePkg/Library/BaseLib/BaseLib.inf +++ b/MdePkg/Library/BaseLib/BaseLib.inf @@ -585,6 +585,7 @@ Math64.c AArch64/MemoryFence.S | GCC + AArch64/AsmLfence.S | GCC AArch64/SwitchStack.S | GCC AArch64/EnableInterrupts.S| GCC AArch64/DisableInterrupts.S | GCC @@ -593,6 +594,7 @@ AArch64/CpuBreakpoint.S | GCC AArch64/MemoryFence.asm | MSFT + AArch64/AsmLfence.asm | MSFT AArch64/SwitchStack.asm | MSFT AArch64/EnableInterrupts.asm | MSFT AArch64/DisableInterrupts.asm | MSFT -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v4 03/12] MdePkg/Include: add StandaloneMmServicesTableLib header file
Some of the existing DXE drivers can be refactored to execute within the Standalone MM execution environment as well. Allow such drivers to get access to the Standalone MM services tables Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/Include/Library/StandaloneMmServicesTableLib.h | 45 1 file changed, 45 insertions(+) diff --git a/MdePkg/Include/Library/StandaloneMmServicesTableLib.h b/MdePkg/Include/Library/StandaloneMmServicesTableLib.h new file mode 100644 index 000..6e834a8 --- /dev/null +++ b/MdePkg/Include/Library/StandaloneMmServicesTableLib.h @@ -0,0 +1,45 @@ +/** @file + Provides a service to retrieve a pointer to the Standalone MM Services Table. + Only available to Standalone MM module types. + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2016 - 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __MM_SERVICES_TABLE_LIB_H__ +#define __MM_SERVICES_TABLE_LIB_H__ + +#include +#include + + +extern EFI_MM_SYSTEM_TABLE *gMmst; + + +/** + This function allows the caller to determine if the driver is executing in + Standalone Management Mode(SMM). + + This function returns TRUE if the driver is executing in SMM and FALSE if the + driver is not executing in SMM. + + @retval TRUE The driver is executing in Standalone Management Mode (SMM). + @retval FALSE The driver is not executing in Standalone Management Mode (SMM). + +**/ +BOOLEAN +EFIAPI +InMm ( + VOID + ); + +#endif -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v4 02/12] MdePkg: Add a PCD to enable secure storage of variables
Add a flag that allows selecting the variables to be stored on a secure or a non-secure non-volatile memory. In case of secure storage of variables, the variable service will be implemented by code executing within the Standalone MM. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdePkg/MdePkg.dec | 5 + 1 file changed, 5 insertions(+) diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 712bd46..dc2277d 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -2073,6 +2073,11 @@ # @Prompt Fixed Debug Message Print Level. gEfiMdePkgTokenSpaceGuid.PcdFixedDebugPrintErrorLevel|0x|UINT32|0x30001016 + ## This flag is used to enable the Secure Storage for the Variables. + # TRUE - Secure variable storage supported by Standalone MM code. + # FALSE - Non secure variable storage. + gEfiMdePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled|FALSE|BOOLEAN|0x30001017 + [PcdsFixedAtBuild,PcdsPatchableInModule] ## Indicates the maximum length of unicode string used in the following # BaseLib functions: StrLen(), StrSize(), StrCmp(), StrnCmp(), StrCpy(), StrnCpy() -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v4 00/12] Extend secure variable service to be usable from Standalone MM
Changes since v3: - Addressed all the comments from Liming Gao - Added a AArch64 implementation of AsmLfence which is a wrapper for MemoryFence. The changes in variable service driver in v3 of this patchset that used MemoryFence instead of AsmLfence have been removed. - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe library into MdePkg. - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and added to in to MdePkg. - Now with above changes, edk2 packages don't need to depend on StandaloneMmPkg/StandaloneMmPkg.dec - Addressed comments from Ting Ye - Removed the hacks in the v3 version. - Will relook into the “TimerWrapp.c” file and add a appropriate implementation of this for MM Standalone mode code. Changes since v2: - Added 'Contributed-under' tag, removed Change-ID tag and maintained a single signed-off-by for the all the patches. Changes since v1: - Addressed all the comments from Liming Gao - Removed the use of #ifdef/#else/#endif and used a Pcd instead to select between MM and non-MM paths. - Removed all dependencies on edk2-platforms. - Dropped the use of mMmst and used gSmst instead. - Added a dummy implementation UefiRuntimeServiceTableLib for MM_STANDALONE usage - Replaced all uses of AsmLfence with MemoryFence from variable service code. - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. This RFC patch series extends the existing secure variable service support for use with Standalone MM. This is applicable to paltforms that use Standalone Management Mode to protect access to non-volatile memory (NOR flash in case of these patches) used to store the secure EFI variables. The first patch pulls in additional libraries from the staging branch of StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure variable service implementation supports only the traditional MM mode and so the rest of the patches extends the existing secure variable service support to be useable with Standalone MM mode as well. This patch series is being posted as an RFC to get feedback on the approach taken in these patches. Jagadeesh Ujja (12): StandaloneMmPkg: Pull in additonal libraries from staging branch MdePkg: Add a PCD to enable secure storage of variables MdePkg/Include: add StandaloneMmServicesTableLib header file MdePkg/Library/BaseLib/AArch64: Add AsmLfence function MdePkg/Library: Add StandaloneMmRuntimeDxe library MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c | 2 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c | 210 - ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h | 4 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf | 3 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 +-- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 ++ CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 7 +- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 4 + CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 15 +- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf | 1 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 203 +++-- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf | 101 +++ MdeModulePkg/Universal/FaultTolerantWriteDxe/UpdateWorkingBlock.c | 27 +- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 37 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 201 - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 31 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + MdeModulePkg
Re: [edk2] [RFC PATCH v3 00/11] Extend secure variable service to be usable from Standalone MM
Hi Liming, On Thu, Nov 29, 2018 at 9:27 PM Gao, Liming wrote: > > My comment is below. > > 1. Please don't update MemoryFence() implementation. It will impact all > consumer code. AsmLfence() is X86 specific API. You can implement the > internal function in the arch specific source file to call AsmLfence() for > X86 and call MemoryFence() for ARM. This internal function will be called in > the common logic. > 2. On StandaloneMmServicesTableLib.h, I suggest to add it into MdePkg, and > add StandaloneMmRuntimeDxe library into MdePkg. This library sets gMmst is > NULL, and always return FALSE in InMm(). > 3. On PcdStandaloneMmEnable, I also suggest to add it into MdePkg. It can be > used to control the driver logic in the different packages. > > With 2 & 3, other edk2 packages don't need to depend on > StandaloneMmPkg/StandaloneMmPkg.dec Thank you for your comments. All your comments have been addressed and the next version of this patchset will include appropriate changes based on your comments. Regards, Jagadeesh. > > > -Original Message- > > From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > > Sent: Wednesday, November 28, 2018 5:35 PM > > To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, > > Chao B ; leif.lindh...@linaro.org; > > ard.biesheu...@linaro.org > > Subject: [RFC PATCH v3 00/11] Extend secure variable service to be usable > > from Standalone MM > > > > Changes since v2: > > - Added 'Contributed-under' tag, removed Change-ID tag and > > maintained a single signed-off-by for the all the patches. > > > > Changes since v1: > > - Addressed all the comments from Liming Gao > > - Removed the use of #ifdef/#else/#endif and used a Pcd instead to > > select between MM and non-MM paths. > > - Removed all dependencies on edk2-platforms. > > - Dropped the use of mMmst and used gSmst instead. > > - Added a dummy implementation UefiRuntimeServiceTableLib for > > MM_STANDALONE usage > > - Replaced all uses of AsmLfence with MemoryFence from variable > > service code. > > - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. > > > > This RFC patch series extends the existing secure variable service support > > for > > use with Standalone MM. This is applicable to paltforms that use Standalone > > Management Mode to protect access to non-volatile memory (NOR flash in case > > of these patches) used to store the secure EFI variables. > > > > The first patch pulls in additional libraries from the staging branch of > > StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure > > variable > > service implementation supports only the traditional MM mode and so the rest > > of the patches extends the existing secure variable service support to be > > useable with Standalone MM mode as well. > > > > This patch series is being posted as an RFC to get feedback on the approach > > taken > > in these patches. > > > > Jagadeesh Ujja (11): > > MdeModulePkg/Variable: replace all uses of AsmLfence with MemoryFence > > StandaloneMmPkg: Pull in additonal libraries from staging branch > > MdeModulePkg/Library: Add StandaloneMmRuntimeDxe library > > ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver > > MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver > > MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM > > Standalone > > MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver > > SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this > > library > > MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this > > library > > CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this > > library > > CryptoPkg/BaseCryptLib: Hack to get time in MM Standalone mode > > > > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf > > | 3 + > > ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashDxe.inf => > > NorFlashStandaloneMm.inf} > > | 28 +- > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > | 8 +- > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > | 5 + > > MdeModulePkg/Library/{VarCheckLib/VarCheckLib.inf => > > StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf} > > | 22 +- > > MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > | 5 +- > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > > | 2 + > > MdeModulePkg/Universal/FaultTolerantWriteDxe/{FaultTolerantWriteDxe.inf
[edk2] [RFC PATCH v3 11/11] CryptoPkg/BaseCryptLib: Hack to get time in MM Standalone mode
This is hack to get the time when executing in MM Standalone mode. It is not clear how to implement a function that gets the current time. So using this as a hack for now. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 5 CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf| 5 CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 27 +++- 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index c8aafefbab9c..df4aca6c20e2 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -76,6 +76,7 @@ [Sources.AARCH64] [Packages] MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] BaseLib @@ -86,6 +87,10 @@ [LibraryClasses] OpensslLib IntrinsicLib PrintLib + PcdLib + +[FeaturePcd] + gStandaloneMmPkgTokenSpaceGuid.PcdStandaloneMmEnable # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf index 32628c8835a6..651a6736ba48 100644 --- a/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf @@ -80,6 +80,7 @@ [Sources.AARCH64] [Packages] MdePkg/MdePkg.dec CryptoPkg/CryptoPkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] BaseLib @@ -91,6 +92,10 @@ [LibraryClasses] OpensslLib IntrinsicLib PrintLib + PcdLib + +[FeaturePcd] + gStandaloneMmPkgTokenSpaceGuid.PcdStandaloneMmEnable # # Remove these [BuildOptions] after this library is cleaned up diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c index 5f9b0c20d75d..d01b5c5fc113 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c @@ -3,6 +3,7 @@ for OpenSSL-based Cryptographic Library (used in DXE & RUNTIME). Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -77,12 +78,26 @@ time_t time (time_t *timer) time_t CalTime; UINTN Year; - // - // Get the current time and date information - // - Status = gRT->GetTime (, NULL); - if (EFI_ERROR (Status) || (Time.Year < 1970)) { -return 0; + if (!PcdGetBool (PcdStandaloneMmEnable)) { +// +// Get the current time and date information +// +Status = gRT->GetTime (, NULL); +if (EFI_ERROR (Status) || (Time.Year < 1970)) { + return 0; +} + } else { +// +//[ToDo] Find out a way to get the current time for code executing as MM_STANDALONE +// +Time.Year = 2007; +Time.Month = 11; +Time.Day = 29; +Time.Hour = 17; +Time.Minute = 43; +Time.Second = 30; + +Year = (UINTN) (Time.Year % 100); } // -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v3 10/11] CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library
“BaseCryptLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf index f29445ce3402..c8aafefbab9c 100644 --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -7,6 +7,7 @@ # buffer overflow or integer overflow. # # Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -24,7 +25,7 @@ [Defines] FILE_GUID = be3bb803-91b6-4da0-bd91-a8b21c18ca5d MODULE_TYPE= DXE_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS = BaseCryptLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v3 09/11] MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library
“VarCheckLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf index 099f83dd6aee..c8cf81063e06 100644 --- a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -2,6 +2,7 @@ # Provides variable check services and database management. # # Copyright (c) 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -21,12 +22,12 @@ [Defines] FILE_GUID = 63E12D08-0C5D-47F8-95E4-09F89D7506C5 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v3 08/11] SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library
“AuthVariableLib” library can be used by MM_STANDALONE drivers as well. So add MM_STANDALONE as the module type this library supports Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja Reviewed-by: Chao Zhang --- SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf index 572ba4e120d2..4294d3b1b0b8 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -2,6 +2,7 @@ # Provides authenticated variable services. # # Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -21,12 +22,12 @@ [Defines] FILE_GUID = B23CF5FB-6FCC-4422-B145-D855DBC05457 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v3 07/11] MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver
Adapt the variable runtime dxe driver to be used as a MM_STANDALONE driver to provide variable storage service in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/{VariableSmm.inf => VariableStandaloneMm.inf} | 43 ++--- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 37 ++-- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 201 3 files changed, 195 insertions(+), 86 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf similarity index 75% copy from MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf copy to MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf index 2fe72ff8a442..35654f5cfc9d 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -1,24 +1,13 @@ ## @file -# Provides SMM variable service. +# Provides MM variable service. # -# This module installs SMM variable protocol into SMM protocol database, -# which can be used by SMM driver, and installs SMM variable protocol -# into BS protocol database, which can be used to notify the SMM Runtime -# Dxe driver that the SMM variable service is ready. -# This module should be used with SMM Runtime DXE module together. The -# SMM Runtime DXE module would install variable arch protocol and variable -# write arch protocol based on SMM variable module. -# -# Caution: This module requires additional review when modified. -# This driver will have external input - variable data and communicate buffer in SMM mode. -# This external input must be validated carefully to avoid security issues such as -# buffer overflow or integer overflow. -#The whole SMM authentication variable design relies on the integrity of flash part and SMM. -# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory +# The whole MM authentication variable design relies on the integrity of flash part and MM. +# which is assumed to be protected by platform. All variable code and metadata in flash/MM Memory # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # # Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -29,22 +18,21 @@ ## [Defines] - INF_VERSION= 0x00010005 + INF_VERSION= 0x0001000A BASE_NAME = VariableSmm MODULE_UNI_FILE= VariableSmm.uni FILE_GUID = 23A089B3-EED5-4ac5-B2AB-43E3298C2343 - MODULE_TYPE= DXE_SMM_DRIVER + MODULE_TYPE= MM_STANDALONE VERSION_STRING = 1.0 - PI_SPECIFICATION_VERSION = 0x0001000A - ENTRY_POINT= VariableServiceInitialize + PI_SPECIFICATION_VERSION = 0x00010032 + ENTRY_POINT= StandaloneMmVariableServiceInitialize # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # - [Sources] Reclaim.c Variable.c @@ -59,23 +47,21 @@ [Sources] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] - UefiDriverEntryPoint + StandaloneMmDriverEntryPoint MemoryAllocationLib BaseLib SynchronizationLib - UefiLib - SmmServicesTableLib BaseMemoryLib DebugLib - DxeServicesTableLib HobLib PcdLib - SmmMemLib AuthVariableLib VarCheckLib - UefiBootServicesTableLib + MemLib + MmServicesTableLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid## CONSUMES @@ -85,7 +71,7 @@ [Protocols] ## PRODUCES ## UNDEFINED # SmiHandlerRegister gEfiSmmVariableProtocolGuid - gEfiSmmEndOfDxeProtocolGuid ## NOTIFY + ##gEfiSmmEndOfDxeProtocolGuid ## NOTIFY gEdkiiSmmVarCheckProtocolGuid ## PRODUCES gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES @@ -137,6 +123,7 @@ [Pcd] [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics## CONSUMES # statistic the information of varia
[edk2] [RFC PATCH v3 06/11] MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone
Adapt the VariableSmmRuntimeDxe driver to communicate with a VariableSmm driver that is implemented as a MM Standalone driver. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf| 2 ++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 4 +++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 31 +--- 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 868981ccaf30..f414b461d81c 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -51,6 +51,7 @@ [Sources] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] MemoryAllocationLib @@ -135,6 +136,7 @@ [Pcd] [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang + gStandaloneMmPkgTokenSpaceGuid.PcdStandaloneMmEnable [Depex] TRUE diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf index bd73f7ac29f2..b409fa2f5844 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -48,6 +48,7 @@ [Sources] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] MemoryAllocationLib @@ -87,6 +88,9 @@ [Guids] ## SOMETIMES_CONSUMES ## Variable:L"dbt" gEfiImageSecurityDatabaseGuid +[FeaturePcd] + gStandaloneMmPkgTokenSpaceGuid.PcdStandaloneMmEnable + [Depex] gEfiSmmCommunicationProtocolGuid diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c index 85d655dc19ff..da4af5f30ea2 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c @@ -14,6 +14,8 @@ InitCommunicateBuffer() is really function to check the variable data size. Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved. +Copyright (c) 2018, ARM Limited. All rights reserved. + This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -179,7 +181,11 @@ SendCommunicateBuffer ( SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; CommSize = DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE; - Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + if (PcdGetBool (PcdStandaloneMmEnable)) { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBuffer, ); + } else { +Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, ); + } ASSERT_EFI_ERROR (Status); SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) mVariableBuffer; @@ -991,9 +997,11 @@ SmmVariableReady ( { EFI_STATUSStatus; - Status = gBS->LocateProtocol (, NULL, (VOID **)); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmEnable)) { +Status = gBS->LocateProtocol (, NULL, (VOID **)); +if (EFI_ERROR (Status)) { + return; +} } Status = gBS->LocateProtocol (, NULL, (VOID **) ); @@ -1069,13 +1077,14 @@ SmmVariableWriteReady ( { EFI_STATUSStatus; VOID *ProtocolOps; - - // - // Check whether the protocol is installed or not. - // - Status = gBS->LocateProtocol (, NULL, (VOID **) ); - if (EFI_ERROR (Status)) { -return; + if (!PcdGetBool (PcdStandaloneMmEnable)) { +// +// Check whether the protocol is installed or not. +// +Status = gBS->LocateProtocol (, NULL, (VOID **) ); +if (EFI_ERROR (Status)) { + return; +} } // -- 2.7.4 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] [RFC PATCH v3 05/11] MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver
Adapt the FaultTolerantWriteDxe driver to be used as a MM_STANDALONE driver to provide UEFI fault tolerant write protocol functionality for variable reclaim operation on EFI variables stored on a NOR flash that is only accessible to code executing in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf | 2 + MdeModulePkg/Universal/FaultTolerantWriteDxe/{FaultTolerantWriteSmm.inf => FaultTolerantWriteStandaloneMm.inf} | 25 +-- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 203 +++- MdeModulePkg/Universal/FaultTolerantWriteDxe/UpdateWorkingBlock.c | 27 +-- 4 files changed, 185 insertions(+), 72 deletions(-) diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf index dcde58d63218..db45be0a9825 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf @@ -41,6 +41,7 @@ [Sources] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] UefiBootServicesTableLib @@ -69,6 +70,7 @@ [Protocols] [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFullFtwServiceEnable## CONSUMES + gStandaloneMmPkgTokenSpaceGuid.PcdStandaloneMmEnable [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase## SOMETIMES_CONSUMES diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf similarity index 79% copy from MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf copy to MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf index 606cc2266bda..724534b09b1b 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf @@ -7,6 +7,7 @@ # flash access. # # Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -18,19 +19,19 @@ ## [Defines] - INF_VERSION= 0x00010005 - BASE_NAME = SmmFaultTolerantWriteDxe + INF_VERSION= 0x0001001A + BASE_NAME = FaultTolerantWriteMmStandalone MODULE_UNI_FILE= SmmFaultTolerantWriteDxe.uni FILE_GUID = 470CB248-E8AC-473c-BB4F-81069A1FE6FD - MODULE_TYPE= DXE_SMM_DRIVER + MODULE_TYPE= MM_STANDALONE VERSION_STRING = 1.0 - PI_SPECIFICATION_VERSION = 0x0001000A - ENTRY_POINT= SmmFaultTolerantWriteInitialize + PI_SPECIFICATION_VERSION = 0x00010032 + ENTRY_POINT= StandaloneMmFaultTolerantWriteInitialize # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] @@ -44,18 +45,18 @@ [Sources] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] - SmmServicesTableLib MemoryAllocationLib BaseMemoryLib - UefiDriverEntryPoint DebugLib - UefiLib PcdLib ReportStatusCodeLib - SmmMemLib + MemLib + StandaloneMmDriverEntryPoint BaseLib + MmServicesTableLib [Guids] # @@ -77,6 +78,7 @@ [Protocols] [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFullFtwServiceEnable## CONSUMES + gStandaloneMmPkgTokenSpaceGuid.PcdStandaloneMmEnable [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase## SOMETIMES_CONSUMES @@ -93,7 +95,8 @@ [Pcd] # So add gEfiRuntimeArchProtocolGuid Depex here. # [Depex] - gEfiSmmFirmwareVolumeBlockProtocolGuid AND gEfiRuntimeArchProtocolGuid + TRUE + #gEfiSmmFirmwareVolumeBlockProtocolGuid AND gEfiRuntimeArchProtocolGuid [UserExtensions.TianoCore."ExtraFiles"] SmmFaultTolerantWriteDxeExtra.uni diff --git a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c index fabd713c7411..ace39fd4d233 100644 --- a/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c +++ b/MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c @@ -44,6 +44,7 @@ This driver need
[edk2] [RFC PATCH v3 04/11] ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver
Adapt the NorFlashDxe driver to be used as a MM_STANDALONE driver to allow access to NOR flash for code executing in MM_STANDALONE mode. This allows storing of EFI variables on NOR flash which is accessible only via the MM STANDALONE mode software. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf | 3 + ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashDxe.inf => NorFlashStandaloneMm.inf} | 28 +-- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h | 5 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c | 2 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c | 211 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 88 6 files changed, 240 insertions(+), 97 deletions(-) diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf index a59a21a03e0a..a704f69ef3aa 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf @@ -32,6 +32,7 @@ [Packages] MdeModulePkg/MdeModulePkg.dec ArmPlatformPkg/ArmPlatformPkg.dec EmbeddedPkg/EmbeddedPkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] IoLib @@ -44,6 +45,7 @@ [LibraryClasses] UefiBootServicesTableLib UefiRuntimeLib DxeServicesTableLib + StandaloneMmRuntimeDxe [Guids] gEfiSystemNvDataFvGuid @@ -57,6 +59,7 @@ [Protocols] gEfiDevicePathProtocolGuid gEfiFirmwareVolumeBlockProtocolGuid gEfiDiskIoProtocolGuid + gEfiSmmFirmwareVolumeBlockProtocolGuid [Pcd.common] gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf similarity index 71% copy from ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf copy to ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf index a59a21a03e0a..a6d0581b799c 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf @@ -2,7 +2,7 @@ # # Component description file for NorFlashDxe module # -# Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License @@ -16,11 +16,12 @@ [Defines] INF_VERSION= 0x00010005 - BASE_NAME = ArmVeNorFlashDxe - FILE_GUID = 93E34C7E-B50E-11DF-9223-2443DFD72085 - MODULE_TYPE= DXE_RUNTIME_DRIVER + BASE_NAME = StandaloneMmNorFlash + FILE_GUID = 166F677B-DAC9-4AE4-AD34-2FF2504B0637 + MODULE_TYPE= MM_STANDALONE VERSION_STRING = 1.0 - ENTRY_POINT= NorFlashInitialise + PI_SPECIFICATION_VERSION = 0x00010032 + ENTRY_POINT= StandaloneMmNorFlashInitialise [Sources.common] NorFlashDxe.c @@ -32,18 +33,21 @@ [Packages] MdeModulePkg/MdeModulePkg.dec ArmPlatformPkg/ArmPlatformPkg.dec EmbeddedPkg/EmbeddedPkg.dec + ArmPkg/ArmPkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec [LibraryClasses] + StandaloneMmDriverEntryPoint + BaseMemoryLib + ArmSvcLib + ArmLib IoLib BaseLib DebugLib HobLib + MemoryAllocationLib NorFlashPlatformLib - UefiLib - UefiDriverEntryPoint - UefiBootServicesTableLib - UefiRuntimeLib - DxeServicesTableLib + MmServicesTableLib [Guids] gEfiSystemNvDataFvGuid @@ -55,7 +59,7 @@ [Guids] [Protocols] gEfiBlockIoProtocolGuid gEfiDevicePathProtocolGuid - gEfiFirmwareVolumeBlockProtocolGuid + gEfiSmmFirmwareVolumeBlockProtocolGuid gEfiDiskIoProtocolGuid [Pcd.common] @@ -69,4 +73,4 @@ [Pcd.common] gArmPlatformTokenSpaceGuid.PcdNorFlashCheckBlockLocked [Depex] - gEfiCpuArchProtocolGuid + TRUE diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h index 5c07694fbfaa..e3932a190b27 100644 --- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h +++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h @@ -1,6 +1,6 @@ /** @file NorFlashDxe.h - Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved. + Copyright (c) 2011 - 2018, ARM Ltd. All rights reserved. This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -19,6 +19,7 @@ #include #include +#include #include #include @@ -30,6 +31,8 @@ #include #include #include +#include +#include #define NOR_FLASH_ERASE_RETRY 10 diff --
[edk2] [RFC PATCH v3 03/11] MdeModulePkg/Library: Add StandaloneMmRuntimeDxe library
To resuse some the libraries in both MM and non-MM mode, a mechanism to determine the execution mode is required, i.e, in MM or non-MM. Add a new library for use by non-MM code to determine the current execution mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Library/{AuthVariableLibNull/AuthVariableLibNull.inf => StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf} | 19 ++-- StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h => MdeModulePkg/Include/Library/StandaloneMmRuntimeDxe.h | 86 - StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c => MdeModulePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c | 100 +++- 3 files changed, 86 insertions(+), 119 deletions(-) diff --git a/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf b/MdeModulePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf similarity index 61% copy from MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf copy to MdeModulePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf index 900fef5d4989..5948fd27081c 100644 --- a/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf +++ b/MdeModulePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf @@ -1,7 +1,7 @@ ## @file -# Provides NULL authenticated variable services. +# Provides StandaloneMmRuntimeDxe. # -# Copyright (c) 2015, Intel Corporation. All rights reserved. +# Copyright (c) 2018, ARM Limited. All rights reserved. # # This program and the accompanying materials # are licensed and made available under the terms and conditions @@ -16,25 +16,28 @@ [Defines] INF_VERSION= 0x00010005 - BASE_NAME = AuthVariableLibNull - MODULE_UNI_FILE= AuthVariableLibNull.uni - FILE_GUID = 435CB0E4-7C9A-4BB7-9907-8FD4643E978A + BASE_NAME = StandaloneMmRuntimeDxe + FILE_GUID = 8099cfbf-9564-4c9b-9052-e66b1da88930 MODULE_TYPE= DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 - LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + LIBRARY_CLASS = StandaloneMmRuntimeDxe |DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE # # The following information is for reference only and not required by the build tools. # -# VALID_ARCHITECTURES = IA32 X64 +# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources] - AuthVariableLibNull.c + StandaloneMmRuntimeDxe.c [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec [LibraryClasses] + BaseLib + BaseMemoryLib DebugLib + MemoryAllocationLib + diff --git a/StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h b/MdeModulePkg/Include/Library/StandaloneMmRuntimeDxe.h similarity index 73% copy from StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h copy to MdeModulePkg/Include/Library/StandaloneMmRuntimeDxe.h index e7a670d3636d..e4a61f6a7b21 100644 --- a/StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h +++ b/MdeModulePkg/Include/Library/StandaloneMmRuntimeDxe.h @@ -1,47 +1,39 @@ -/** @file - Provides a service to retrieve a pointer to the Standalone MM Services Table. - Only available to Standalone MM module types. - -Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved. -Copyright (c) 2016 - 2018, ARM Limited. All rights reserved. - -This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#ifndef __MM_SERVICES_TABLE_LIB_H__ -#define __MM_SERVICES_TABLE_LIB_H__ - -#include -#include - -/// -/// Cache pointer to the Standalone MM Services Table - -extern EFI_MM_SYSTEM_TABLE *gMmst; - - -/** - This function allows the caller to determine if the driver is executing in - Standalone Management Mode(SMM). - - This function returns TRUE if the driver is executing in SMM and FALSE if the - driver is not executing in SMM. - - @retval TRUE The driver is executing in Standalone Management Mode (SMM). - @retval FALSE The driver is not executing in Standalone Management Mode (SMM). - -**/ -BOOLEAN -EFIAPI -InMm ( - VOID - ); - -#endif +/** @file + Provides a service to retrieve a pointer to the Standalone MM Services Table. + Only available to Standalone MM module types. + +Copyright (c) 2018, ARM Limited. All rights reserved. + +This program and the accompanying materials +ar
[edk2] [RFC PATCH v3 02/11] StandaloneMmPkg: Pull in additonal libraries from staging branch
Three additional library packages are being pulled into StandaloneMmPkg from the staging area in order to support the secure variable service. The three packages being pulled in are - StandaloneMmHobLib - StandaloneMmMemoryAllocationLib - StandaloneMmServicesTableLib Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf | 2 +- StandaloneMmPkg/Library/{StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf => StandaloneMmHobLib/StandaloneMmHobLib.inf} | 11 +-- StandaloneMmPkg/Library/{StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf => StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf} | 14 ++- StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf | 36 MdePkg/Include/Library/SmmServicesTableLib.h => StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h | 90 ++-- StandaloneMmPkg/Library/{StandaloneMmCoreHobLib => StandaloneMmHobLib}/AArch64/StandaloneMmCoreHobLibInternal.c | 4 +- StandaloneMmPkg/Library/{StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.c => StandaloneMmHobLib/StandaloneMmHobLib.c} | 55 +++- MdePkg/Library/UefiMemoryAllocationLib/MemoryAllocationLib.c => StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.c | 69 --- MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.c => StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c | 34 9 files changed, 203 insertions(+), 112 deletions(-) diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf index db19d3c926e8..ac036e31cf5e 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf +++ b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf @@ -24,7 +24,7 @@ [Defines] MODULE_TYPE= MM_CORE_STANDALONE VERSION_STRING = 1.0 PI_SPECIFICATION_VERSION = 0x00010032 - LIBRARY_CLASS = HobLib|MM_CORE_STANDALONE MM_STANDALONE + LIBRARY_CLASS = HobLib|MM_CORE_STANDALONE # # VALID_ARCHITECTURES = AARCH64 diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf b/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf similarity index 79% copy from StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf copy to StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf index db19d3c926e8..d73188ec1b57 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf +++ b/StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf @@ -20,17 +20,17 @@ [Defines] INF_VERSION= 0x0001001A BASE_NAME = HobLib - FILE_GUID = CF56EF2C-68D8-4BD5-9A8B-8A7BFCFF751C - MODULE_TYPE= MM_CORE_STANDALONE + FILE_GUID = 8262551B-AB2D-4E76-99FC-5EBB83F4988E + MODULE_TYPE= MM_STANDALONE VERSION_STRING = 1.0 PI_SPECIFICATION_VERSION = 0x00010032 - LIBRARY_CLASS = HobLib|MM_CORE_STANDALONE MM_STANDALONE - + LIBRARY_CLASS = HobLib|MM_STANDALONE + CONSTRUCTOR= HobLibConstructor # # VALID_ARCHITECTURES = AARCH64 # [Sources.Common] - StandaloneMmCoreHobLib.c + StandaloneMmHobLib.c [Sources.AARCH64] AArch64/StandaloneMmCoreHobLibInternal.c @@ -42,6 +42,7 @@ [Packages] [LibraryClasses] BaseMemoryLib DebugLib + MmServicesTableLib [Guids] gEfiHobListGuid ## CONSUMES ## SystemTable diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf b/StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf similarity index 76% copy from StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf copy to StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf index 3958655cb4cf..9ac03df4caad 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMe