Reviewed-by: Andrei Warkentin
From: Samer El-Haj-Mahmoud
Sent: Tuesday, July 21, 2020 9:01 PM
To: devel@edk2.groups.io
Cc: Leif Lindholm ; Pete Batard ; Andrei
Warkentin ; Ard Biesheuvel
Subject: [edk2-platform][PATCH v1 3/3] Platforms/RaspberryPi: Fix GOP
Reviewed-by: Andrei Warkentin
From: Samer El-Haj-Mahmoud
Sent: Tuesday, July 21, 2020 9:01 PM
To: devel@edk2.groups.io
Cc: Leif Lindholm ; Pete Batard ; Andrei
Warkentin ; Ard Biesheuvel
Subject: [edk2-platform][PATCH v1 2/3] Platforms/RaspberryPi: Return GOP
Reviewed-by: Andrei Warkentin
Not using mLastMode is definitely an improvement, thanks. Esp. since mLastMode
isn't a very good name for the variable (i.e. it's not the last mode set, it's
the last possible/valid mode index, based on the virtual resolution modes
enabled via Pcd/HII)
From: Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Signed-off-by: Jiewen Yao
---
SecurityPkg/Include/Ppi/Tcg.h | 60 +++
1 file changed, 60 insertions(+)
create mode 100644
From: Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Signed-off-by: Jiewen Yao
---
SecurityPkg/SecurityPkg.dsc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/SecurityPkg.dsc
From: Jiewen Yao
And do some code clean with updated function
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Cc: Rahul Kumar
Signed-off-by: Jiewen Yao
---
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 110 +---
From: Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Signed-off-by: Jiewen Yao
---
.../PeiTpmMeasurementLib.c| 74 +++
.../PeiTpmMeasurementLib.inf | 50 +
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Currently, we have TCG/TCG2 protocol and DxeTpmMeasurementLib to let DXE
module extend the TCG event.
There is more and more use case in PEI phase that a PEIM need extend TCG
event, such as BootGuard, FSP, Microcode measurement. Currently,
From: Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Cc: Rahul Kumar
Signed-off-by: Jiewen Yao
---
SecurityPkg/Tcg/TcgPei/TcgPei.c | 61 ---
SecurityPkg/Tcg/TcgPei/TcgPei.inf | 3 +-
2 files
From: Jiewen Yao
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao
Cc: Jian J Wang
Cc: Qi Zhang
Signed-off-by: Jiewen Yao
---
SecurityPkg/SecurityPkg.dec | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
A hypervisor is not allowed to update an SEV-ES guest's register state,
so when booting an SEV-ES guest AP, the hypervisor is not allowed to
set the RIP to the guest requested value. Instead an SEV-ES AP must be
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
After having transitioned from UEFI to the OS, the OS will need to boot
the APs. For an SEV-ES guest, the APs will have been parked by UEFI using
GHCB pages allocated by UEFI. The hypervisor will write to the GHCB
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Typically, an AP is booted using the INIT-SIPI-SIPI sequence. This
sequence is intercepted by the hypervisor, which sets the AP's registers
to the values requested by the sequence. At that point, the hypervisor can
start
From: Tom Lendacky
Register reviewers for the SEV-related files in OvmfPkg.
Cc: Andrew Fish
Cc: Laszlo Ersek
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Brijesh Singh
Acked-by: Brijesh Singh
Reviewed-by: Laszlo Ersek
Signed-off-by: Tom Lendacky
---
Maintainers.txt | 10 ++
1
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Before UEFI transfers control to the OS, it must park the AP. This is
done using the AsmRelocateApLoop function to transition into 32-bit
non-paging mode. For an SEV-ES guest, a few additional things must be
done:
-
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
When starting APs in an SMP configuration, the AP needs to know if it is
running as an SEV-ES guest in order to assign a GHCB page.
Add a field to the CPU_MP_DATA structure that will indicate if SEV-ES is
enabled. This
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
A hypervisor is not allowed to update an SEV-ES guests register state,
so when booting an SEV-ES guest AP, the hypervisor is not allowed to
set the RIP to the guest requested value. Instead, an SEV-ES AP must be
Reviewed-by: Jian J Wang
Regards,
Jian
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Guomin
> Jiang
> Sent: Monday, July 20, 2020 7:30 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric ; Ni, Ray ; Laszlo Ersek
> ; Kumar, Rahul1
> Subject: [edk2-devel] [PATCH v6 07/10]
Guomin,
Just two minor grammar corrections below.
With them fixed,
Reviewed-by: Jian J Wang
> -Original Message-
> From: Jiang, Guomin
> Sent: Monday, July 20, 2020 7:30 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J ; Wu, Hao A ;
> Bi, Dandan ; Gao, Liming ; De,
> Debkumar ; Han,
Guomin,
Sorry I missed several issues in this patch. See comments below.
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Guomin
> Jiang
> Sent: Monday, July 20, 2020 7:30 PM
> To: devel@edk2.groups.io
> Cc: Michael Kubacki ; Dong, Eric
> ; Ni, Ray ; Laszlo Ersek
> ;
Reviewed-by: Jian J Wang
Regards,
Jian
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Guomin
> Jiang
> Sent: Monday, July 20, 2020 7:30 PM
> To: devel@edk2.groups.io
> Cc: Michael Kubacki ; Dong, Eric
> ; Ni, Ray ; Laszlo Ersek
> ; Kumar, Rahul1
> Subject:
Reviewed-by: Jian J Wang
Regards,
Jian
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Guomin
> Jiang
> Sent: Monday, July 20, 2020 7:30 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J ; Wu, Hao A ;
> Laszlo Ersek
> Subject: [edk2-devel] [PATCH v6 01/10] MdeModulePkg:
Here is a case.
diff --git a/BaseTools/BinWrappers/PosixLike/AmlToHex
b/BaseTools/BinWrappers/PosixLike/AmlToC
similarity index 97%
rename from BaseTools/BinWrappers/PosixLike/AmlToHex
rename to BaseTools/BinWrappers/PosixLike/AmlToC
index
Guomin,
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Guomin
> Jiang
> Sent: Monday, July 20, 2020 7:30 PM
> To: devel@edk2.groups.io
> Cc: Wang, Jian J ; Wu, Hao A ;
> Laszlo Ersek
> Subject: [edk2-devel] [PATCH v6 01/10] MdeModulePkg: Add new PCD to
> control the
Hi Bob,
Can you provide a sample that the file attribute is not the next line.
Even if the case you mentioned is present, I seem that have not affect on the
current behavior, isn't it?
Thanks.
Guomin
> -Original Message-
> From: Feng, Bob C
> Sent: Wednesday, July 22, 2020 10:08 AM
>
yes, i am ok with that.
thank you!
Yao, Jiewen
> 在 2020年7月22日,上午10:08,Zhang, Qi1 写道:
>
> Can we move this requirement implementation to
> https://bugzilla.tianocore.org/show_bug.cgi?id=2376: Need add a FSP binary
> measurement.
>
> 3) Add more API in TpmMeasurementLib, such as
Guomin,
I have two comments.
1. Please only descript the patch's function in the commit message.
2. The file attribute is not always the next line of the line starts with "diff
--git"
Thanks,
Bob
-Original Message-
From: Jiang, Guomin
Sent: Tuesday, July 21, 2020 6:38 PM
To: Gao,
Can we move this requirement implementation to
https://bugzilla.tianocore.org/show_bug.cgi?id=2376: Need add a FSP binary
measurement.
3) Add more API in TpmMeasurementLib, such as MeasureFirmwareBlob,
MeasureHandoffTable for TPM PFP rev 105 support - add description for the
FirmwareBlob and
Handle incorrect parameters passed to DisplayDxe GOP functions
QueryMode(), SetMode(), and Blt().
This fixes Blt_Conf and QueryMode_Conf failures
reported by SCT tests at:
https://github.com/pftf/RPi4/issues/73
Cc: Leif Lindholm
Cc: Pete Batard
Cc: Andrei Warkentin
Cc: Ard Biesheuvel
Guomin:
OK. Please add this information in the patch for better reading. With this
change, Reviewed-by: Liming Gao
Thanks
Liming
-Original Message-
From: Jiang, Guomin
Sent: 2020年7月21日 18:38
To: Gao, Liming ; devel@edk2.groups.io
Cc: Feng, Bob C
Subject: RE: [PATCH 1/1]
Return correct values of PixelInformation in QueryMode().
This fixes the QueryMode_Func failures reported by SCT tests at
https://github.com/pftf/RPi4/issues/73
Cc: Leif Lindholm
Cc: Pete Batard
Cc: Andrei Warkentin
Cc: Ard Biesheuvel
Signed-off-by: Samer El-Haj-Mahmoud
---
GOP SetMode() returns the frame buffer size in FrameBufferSize.
The value is obtained from the RPi mailbox call to AllocateBuffer
(tag RPI_MBOX_ALLOC_FB), which for a native resolution of 1920 x 1080
returns 8355840 bytes. The size should be 1920 x 1080 x 4 (bytes/pixel),
or 8294400 bytes, as
This series fixes various failures reported by SCT for
EFI_GRAPHICS_OUTPUT_PROTOCOL (https://github.com/pftf/RPi4/issues/73)
Cc: Leif Lindholm
Cc: Pete Batard
Cc: Andrei Warkentin
Cc: Ard Biesheuvel
Signed-off-by: Samer El-Haj-Mahmoud
Samer El-Haj-Mahmoud (3):
Platforms/RaspberryPi: Fix
Reviewed-by: Zhang, Qi1
BRs
Qi Zhang
> -Original Message-
> From: Jiang, Guomin
> Sent: Monday, July 20, 2020 7:30 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J ;
> Chao Zhang ; Zhang, Qi1 ;
> Kumar, Rahul1
> Subject: [PATCH v6 09/10] SecurityPkg/TcgPei: Use Migrated
Reviewed-by: Zhang, Qi1
BRs
Qi Zhang
> -Original Message-
> From: Jiang, Guomin
> Sent: Monday, July 20, 2020 7:30 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J ;
> Chao Zhang ; Zhang, Qi1 ;
> Kumar, Rahul1
> Subject: [PATCH v6 06/10] SecurityPkg/Tcg2Pei: Use Migrated
*Reminder:* TianoCore Bug Triage - APAC / NAMO
*When:* Tuesday, 21 July 2020, 6:30pm to 7:30pm, (GMT-07:00) America/Los Angeles
*Where:* https://bluejeans.com/889357567?src=join_info
View Event ( https://edk2.groups.io/g/devel/viewevent?eventid=816382 )
*Organizer:* Brian Richardson
To avoid inconsistency, please add comments in the BZ or in commit message
of this patch.
With all comments addressed,
Reviewed-by: Jian J Wang
Regards,
Jian
> -Original Message-
> From: Yao, Jiewen
> Sent: Tuesday, July 21, 2020 11:05 PM
> To: Wang, Jian J ; devel@edk2.groups.io;
Reviewed-by: Guomin Jiang
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Abner
> Chang
> Sent: Friday, March 6, 2020 1:36 PM
> To: devel@edk2.groups.io
> Cc: abner.ch...@hpe.com; Daniel Schaefer ;
> Wang, Jian J ; Lu, XiaoyuX ;
> Leif Lindholm ; Gilbert Chen
> Subject:
Hi Tom,
Nasm is a cross-OS assembly code and can be used in Linux.
So I think we don't need implement the same function in GccInline.c, we can
just use the nasm file in Linux.
Thanks
Zhiguang
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of
> Lendacky, Thomas
> Sent:
Hi Ming,
The new posted change https://edk2.groups.io/g/devel/topic/75412007#62327 may
be helpful for this issue.
Can you add the change in your code and verify it?
Thanks
Guomin
> -Original Message-
> From: Ming Huang
> Sent: Friday, July 3, 2020 8:49 PM
> To: Jiang, Guomin ;
The topic is done or dropped?
Any status update or decision making?
Thanks
Guomin
> -Original Message-
> From: Kinney, Michael D
> Sent: Tuesday, July 7, 2020 11:42 PM
> To: devel@edk2.groups.io; l...@mellanox.com; Jiang, Guomin
> ; Xu, Wei6 ; Gao, Liming
> ; Ni, Ray ; Zimmer, Vincent
>
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Reserve a fixed area of memory for SEV-ES use and set a fixed PCD,
PcdSevEsWorkAreaBase, to this value.
This area will be used by SEV-ES support for two purposes:
1. Communicating the SEV-ES status during BSP boot to
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Currently, the OVMF code relies on the hypervisor to enable the cache
support on the processor in order to improve the boot speed. However,
with SEV-ES, the hypervisor is not allowed to change the CR0 register
to enable
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
During BSP startup, the reset vector code will issue a CPUID instruction
while in 32-bit mode. When running as an SEV-ES guest, this will trigger
a #VC exception.
Add exception handling support to the early reset vector
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Create an SEV-ES workarea PCD. This PCD will be used for BSP communication
during SEC and for AP startup during PEI and DXE phases, the latter is the
reason for creating it in the UefiCpuPkg.
Cc: Eric Dong
Cc: Ray Ni
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Protect the SEV-ES work area memory used by an SEV-ES guest.
Regarding the lifecycle of the SEV-ES memory area:
PcdSevEsWorkArea
(a) when and how it is initialized after first boot of the VM
If SEV-ES is enabled,
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
An SEV-ES guest will generate a #VC exception when it encounters a
non-automatic exit (NAE) event. It is expected that the #VC exception
handler will communicate with the hypervisor using the GHCB to handle
the NAE
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
The flash detection routine will attempt to determine how the flash
device behaves (e.g. ROM, RAM, Flash). But when SEV-ES is enabled and
the flash device behaves as a ROM device (meaning it is marked read-only
by the
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
The SEV support will clear the C-bit from non-RAM areas. The early GDT
lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT
will be read as un-encrypted even though it is encrypted. This will result
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Create a function that can be used to determine if the VM is running
as an SEV-ES guest.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Reviewed-by: Laszlo Ersek
Signed-off-by: Tom Lendacky
---
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Protect the memory used by an SEV-ES guest when S3 is supported. This
includes the page table used to break down the 2MB page that contains
the GHCB so that it can be marked un-encrypted, as well as the GHCB
area.
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Allocate memory for the GHCB pages and the per-CPU variable pages during
SEV initialization for use during Pei and Dxe phases. The GHCB page(s)
must be shared pages, so clear the encryption mask from the current page
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
When SEV-ES is enabled, then SEV is also enabled. Add support to the SEV
initialization function to also check for SEV-ES being enabled, and if
enabled, set the SEV-ES enabled PCD (PcdSevEsIsEnabled).
Cc: Jordan Justen
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
A GHCB page is needed during the Sec phase, so this new page must be
created. Since the #VC exception handler routines assume that a per-CPU
variable area is immediately after the GHCB, this per-CPU variable area
must
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a DR7 read or write intercept generates a #VC exception.
The #VC handler must provide special support to the guest for this. On
a DR7 write, the #VC handler must cache the value and issue a VMGEXIT
to
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a VMMCALL intercept generates a #VC exception. VMGEXIT must
be used to allow the hypervisor to handle this intercept.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Acked-by: Laszlo Ersek
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a INVD intercept generates a #VC exception. VMGEXIT must be
used to allow the hypervisor to handle this intercept.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Acked-by: Laszlo Ersek
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a RDTSCP intercept generates a #VC exception. VMGEXIT must be
used to allow the hypervisor to handle this intercept.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Acked-by: Laszlo Ersek
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a MONITOR/MONITORX intercept generates a #VC exception.
VMGEXIT must be used to allow the hypervisor to handle this intercept.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Acked-by: Laszlo
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a MWAIT/MWAITX intercept generates a #VC exception.
VMGEXIT must be used to allow the hypervisor to handle this intercept.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Acked-by: Laszlo Ersek
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a RDTSC intercept generates a #VC exception. VMGEXIT must be
used to allow the hypervisor to handle this intercept.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Acked-by: Laszlo Ersek
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a RDPMC intercept generates a #VC exception. VMGEXIT must be
used to allow the hypervisor to handle this intercept.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Acked-by: Laszlo Ersek
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a NPF intercept for an NPT entry with a reserved bit set
generates a #VC exception. This condition is assumed to be an MMIO access.
VMGEXIT must be used to allow the hypervisor to handle this intercept.
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a WBINVD intercept generates a #VC exception. VMGEXIT must be
used to allow the hypervisor to handle this intercept.
Cc: Jordan Justen
Cc: Laszlo Ersek
Cc: Ard Biesheuvel
Acked-by: Laszlo Ersek
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a CPUID intercept generates a #VC exception. VMGEXIT must be
used to allow the hypervisor to handle this intercept.
Add support to construct the required GHCB values to support a CPUID NAE
event.
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Add support to the #VC exception handler to handle string IO. This
requires expanding the IO instruction parsing to recognize string based
IO instructions as well as preparing an un-encrypted buffer to be used
to
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a MSR_PROT intercept generates a #VC exception. VMGEXIT must
be used to allow the hypervisor to handle this intercept.
Add support to construct the required GHCB values to support an MSR_PROT
NAE event.
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a IOIO_PROT intercept generates a #VC exception. VMGEXIT
must be used to allow the hypervisor to handle this intercept.
Add support to construct the required GHCB values to support a IOIO_PROT
NAE event.
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Add base support to handle #VC exceptions. Update the common exception
handlers to invoke the VmgExitHandleVc () function of the VmgExitLib
library when a #VC is encountered. A non-zero return code will propagate
to the
From: Tom Lendacky
The base VmgExitLib library provides a default limited interface. As it
does not provide full support, create an OVMF version of this library to
begin the process of providing full support of SEV-ES within OVMF.
SEV-ES support is only provided for X64 builds, so only
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Under SEV-ES, a CPUID instruction requires the current value of the XCR0
register. In order to retrieve that value, the XGETBV instruction needs
to be executed.
Provide the necessary support to execute the XGETBV
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
The GHCB is used by an SEV-ES guest for communicating between the guest
and the hypervisor. Create the GHCB definition as defined by the GHCB
protocol definition.
Cc: Michael D Kinney
Cc: Liming Gao
Signed-off-by: Tom
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
To support handling #VC exceptions and issuing VMGEXIT instructions,
create a library with functions that can be used to perform these
#VC/VMGEXIT related operations. This includes functions for:
- Handling #VC
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
GHCB pages must be mapped as shared pages, so modify the process of
creating identity mapped pagetable entries so that GHCB entries are
created without the encryption bit set. The GHCB range consists of
two pages per
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Various CpuExceptionHandlerLib libraries will updated to use the new
VmgExitLib library. To prevent any build breakage, update the OvmfPkg
DSC files that use a form of the CpuExceptionHandlerLib library to
include the
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Various CpuExceptionHandlerLib libraries will updated to use the new
VmgExitLib library. To prevent any build breakage, update the
UefiPayloadPkg DSC files that use a form of the CpuExceptionHandlerLib
library to include
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
VMGEXIT is a new instruction used for Hypervisor/Guest communication when
running as an SEV-ES guest. A VMGEXIT will cause an automatic exit (AE)
to occur, resulting in a #VMEXIT with an exit code value of 0x403.
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
For SEV-ES, the GHCB page address is stored in the GHCB MSR register
(0xc0010130). Define the register and the format used for register
during GHCB protocol negotiation.
Cc: Michael D Kinney
Cc: Liming Gao
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
A new dynamic UefiCpuPkg PCD is needed to support SEV-ES under OVMF:
- PcdSevEsIsEnabled: BOOLEAN value used to indicate if SEV-ES is enabled
Cc: Eric Dong
Cc: Ray Ni
Cc: Laszlo Ersek
Reviewed-by: Eric Dong
From: Tom Lendacky
This patch series provides support for running EDK2/OVMF under SEV-ES.
Secure Encrypted Virtualization - Encrypted State (SEV-ES) expands on the
SEV support to protect the guest register state from the hypervisor. See
"AMD64 Architecture Programmer's Manual Volume 2: System
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
Two new dynamic MdeModulePkg PCDs are needed to support SEV-ES under OVMF:
- PcdGhcbBase: UINT64 value that is the base address of the GHCB
allocation.
- PcdGhcbSize: UINT64 value
Hi Pranav,
On Sun, Jul 19, 2020 at 2:19 PM Pranav Madhu wrote:
>
> Changes since v3:
> - Addressed all the comments from Leif. As part of the clean up that
> resulted from addressing the comments, some of the comments where not
> applicable anymore (due to fragments of code that had comments
Hi Pranav,
On Sun, Jul 19, 2020 at 2:19 PM Pranav Madhu wrote:
>
> From: Deepak Pandey
>
> A slave error is generated when host accesses the config space of
> non-available device or unimplemented function on a given bus. So
> implement a Neoverse N1 SoC specific PciExpressLib library with a
>
Hi,
This patchset enables HttpDynamicCommand (Shell command "http") which can be
used on ArmVirt and Ovmf platforms. HttpDynamicCommand needs to be available
in the tree before this patchset can be applied. The patchset needs to
be tested on both platforms.
BZ reference: 2857
Thank you,
Vladimir
Enable HttpDynamicCommand (http Shell command)
Signed-off-by: Vladimir Olovyannikov
---
ArmVirtPkg/ArmVirt.dsc.inc | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index cf44fc73890b..c7d52175ee37 100644
---
Enable HttpDynamicCommand (Shell command "http") for OvmfPkg platforms
Signed-off-by: Vladimir Olovyannikov
---
OvmfPkg/OvmfPkgIa32.dsc| 6 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 6 ++
OvmfPkg/OvmfPkgX64.dsc | 6 ++
OvmfPkg/OvmfXen.dsc| 6 ++
4 files changed, 24
Reviewed-by: Maciej Rabeda
On 20-Jul-20 10:37, Zhang, Shenglei wrote:
Add configuration IgnoreFiles for package config files.
So users can rely on this to skip license conflict for
some generated files.
Cc: Maciej Rabeda
Cc: Jiaxin Wu
Cc: Siyuan Fu
Signed-off-by: Shenglei Zhang
---
Right. That can be implemented as separated patch.
> -Original Message-
> From: Wang, Jian J
> Sent: Tuesday, July 21, 2020 5:16 PM
> To: devel@edk2.groups.io; Wang, Jian J ; Zhang, Qi1
>
> Cc: Yao, Jiewen
> Subject: RE: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib:
>
Leif,
Sorry about this patch cause some build break.
I'd agree to split the tools_def.template into multiple smaller files that
would be helpful for maintenance.
Thanks,
Bob
-Original Message-
From: Leif Lindholm
Sent: Tuesday, July 21, 2020 8:51 PM
To: devel@edk2.groups.io
Cc:
Hello Leif,
I actually submitted this modification on the build flags because of the error
that you fixed. I submitted a similar modification here
https://edk2.groups.io/g/devel/message/61832 . I should have waited before
modifying the flags, my apologizes.
I tried building edk2 top-level
Commit dbd546a32d5a
("BaseTools: Add gcc flag to warn on void* pointer arithmetic")
does its work and triggers build errors in this library.
Update the affected code to build correctly again.
Cc: Pierre Gondois
Cc: Laszlo Ersek
Cc: Bob Feng
Signed-off-by: Leif Lindholm
---
Pierre - can you
Reviewed-by: Chasel Chiu
> -Original Message-
> From: Kuo, IanX
> Sent: Tuesday, July 21, 2020 3:29 PM
> To: devel@edk2.groups.io
> Cc: Lu, James ; Kumar, Chandana C
> ; Prabhala, Varalakshmi A
> ; Gao, Liming ;
> Kuo, IanX ; Chaganty, Rangasai V
> ; Chiu, Chasel
> Subject:
It is used to judge if the current change is for submodule.
The attribute of submodule is 16, just like the file attribute of file is
10644.
Normally, the changed file will begin with 'diff --git' and the next line like
' index 954f66c056e..04300e71f38 100644' which end with the attribute,
Sorry, missing word in previous email. It should be
"following requirement is not embodied in"
Regards,
Jian
> -Original Message-
> From: devel@edk2.groups.io On Behalf Of Wang, Jian
> J
> Sent: Tuesday, July 21, 2020 5:00 PM
> To: Zhang, Qi1 ; devel@edk2.groups.io
> Cc: Yao, Jiewen
>
This version is good to me. Reviewed-by: Liming Gao
-Original Message-
From: Kuo, IanX
Sent: 2020年7月21日 15:29
To: devel@edk2.groups.io
Cc: Lu, James ; Kumar, Chandana C
; Prabhala, Varalakshmi A
; Gao, Liming ; Kuo,
IanX ; Chaganty, Rangasai V
; Chiu, Chasel
Subject:
Reviewed-by: Jian J Wang
Regards,
Jian
> -Original Message-
> From: Zhang, Qi1
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J ;
> Zhang, Qi1
> Subject: [PATCH v4 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib.
>
> From: Jiewen Yao
Qi,
Two format issues inlined below.
In addition, according to bz2841, following requirement is embodied in
this patch. Maybe there's discussion before deciding not to implement
it. If so, please update bz2841 to state it explicitly.
3) Add more API in TpmMeasurementLib, such as
Qi,
A few comments below.
Regards,
Jian
> -Original Message-
> From: Zhang, Qi1
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J ;
> Zhang, Qi1 ; Kumar, Rahul1
> Subject: [PATCH v4 4/6] SecurityPkg/Tcg2: Add TcgPpi
>
> From: Jiewen
Reviewed-by: Jian J Wang
Regards,
Jian
> -Original Message-
> From: Zhang, Qi1
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J ;
> Zhang, Qi1
> Subject: [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao
Reviewed-by: Jian J Wang
Regards,
Jian
> -Original Message-
> From: Zhang, Qi1
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen ; Wang, Jian J ;
> Zhang, Qi1
> Subject: [PATCH v4 2/6] SecurityPkg/dec: Add TcgPpi.
>
> From: Jiewen Yao
>
> REF:
1 - 100 of 108 matches
Mail list logo