BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that both the secrets and cpuid pages are reserved in the HOB,
extract the location details through fixed PCD and make it available
to the guest OS through the configuration table.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc:
The SetMemoryEncDec() is used by the higher level routines to set or clear
the page encryption mask for system RAM and Mmio address. When SEV-SNP is
active, in addition to set/clear page mask it also updates the RMP table.
The RMP table updates are required for the system RAM address and not
the
From: Tom Lendacky
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Use the SEV-SNP AP Creation NAE event to create and launch APs under
SEV-SNP. This capability will be advertised in the SEV Hypervisor
Feature Support PCD (PcdSevEsHypervisorFeatures).
Cc: Michael Roth
Cc: Eric Dong
When SEV-SNP is active, the CPUID and Secrets memory range contains the
information that is used during the VM boot. The content need to be persist
across the kexec boot. Mark the memory range as Reserved in the EFI map
so that guest OS or firmware does not use the range as a system RAM.
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or
clear the memory encryption attribute in the page table. When SEV-SNP
is active, we also need to change the page state in the RMP table so that
it is in sync with the
From: Michael Roth
During AP bringup, just after switching to long mode, APs will do some
cpuid calls to verify that the extended topology leaf (0xB) is available
so they can fetch their x2 APIC IDs from it. In the case of SEV-ES,
these cpuid instructions must be handled by direct use of the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that the physical address of the GHCB must
be registered with the hypervisor before using it. See the GHCB
specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Version 2 of the GHCB specification added a new VMGEXIT that the guest
could use for querying the hypervisor features. One of the immediate
users for it will be an AP creation code. When SEV-SNP is enabled, the
guest can use the newly added
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Now that OvmfPkg supports version 2 of the GHCB specification, bump the
protocol version.
Cc: Michael Roth
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Version 2 of the GHCB specification added the support to query the
hypervisor feature bitmap. The feature bitmap provide information
such as whether to use the AP create VmgExit or use the AP jump table
approach to create the APs. The
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MpInitLib uses the ConfidentialComputingAttr PCD to determine whether
AMD SEV is active so that it can use the VMGEXITs defined in the GHCB
specification to create APs.
Cc: Michael Roth
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Eric Dong
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
While initializing APs, the MpInitLib may need to know whether the
guest is running with active AMD SEV or Intel TDX memory encryption.
Add a new ConfidentialComputingGuestAttr PCD that can be used to query
the memory encryption attribute.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The VMM launch sequence should have pre-validated all the data pages used
in the Reset vector. The range does not cover the data pages used during
the SEC phase (mainly PEI and DXE firmware volume decompression memory).
When SEV-SNP is
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Previous commit introduced a generic confidential computing PCD that can
determine whether AMD SEV-ES is enabled. Update the MpInitLib to drop the
PcdSevEsIsEnabled in favor of PcdConfidentialComputingAttr.
Cc: Michael Roth
Cc: Ray Ni
Cc:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
When SEV-SNP is active, a memory region mapped encrypted in the page
table must be validated before access. There are two approaches that
can be taken to validate the system RAM detected during the PEI phase:
1) Validate on-demand
OR
2)
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Virtual Machine Privilege Level (VMPL) feature in the SEV-SNP
architecture allows a guest VM to divide its address space into four
levels. The level can be used to provide the hardware isolated
abstraction layers with a VM. The VMPL0 is the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the
system RAM. As the boot progress, each phase validates a fixed region of
the RAM. In the PEI phase, the PlatformPei detects all the available RAM
and calls to
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The initial page built during the SEC phase is used by the
MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The
page validation process requires using the PVALIDATE instruction; the
instruction accepts a virtual address of
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Create a function that can be used to determine if VM is running as an
SEV-SNP guest.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Many of the integrity guarantees of SEV-SNP are enforced through the
Reverse Map Table (RMP). Each RMP entry contains the GPA at which a
particular page of DRAM should be mapped. The guest can request the
hypervisor to add pages in the RMP
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure
that MMIO is only performed against the un-encrypted memory. If MMIO
is performed against encrypted memory, a #GP is raised.
The AmdSevDxe uses the functions provided
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
From: Michael Roth
SEV-SNP firmware allows a special guest page to be populated with
guest CPUID values so that they can be validated against supported
host features before being loaded into encrypted guest memory to be
used instead of hypervisor-provided values [1].
Add handling for this in
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc:
From: Michael Roth
CPUID instructions are issued during early boot to do things like probe
for SEV support. Currently these are handled by a minimal #VC handler
that uses the MSR-based GHCB protocol to fetch the CPUID values from
the hypervisor. When SEV-SNP is enabled, use the
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
An SEV-SNP guest requires that private memory (aka pages mapped encrypted)
must be validated before being accessed.
The validation process consist of the following sequence:
1) Set the memory encryption attribute in the page table (aka
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
In preparation for SEV-SNP support move clearing of the GHCB memory from
the ResetVector/AmdSev.asm to SecMain/AmdSev.c. The GHCB page is not
accessed until SevEsProtocolCheck() switch to full GHCB. So, the move
does not make any changes in
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Move all the SEV specific function in AmdSev.c.
No functional change intended.
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
During the SNP guest launch sequence, a special secrets page needs to be
inserted by the VMM. The PSP will populate the page; it will contain the
VM Platform Communication Key (VMPCKs) used by the guest to send and
receive secure messages to
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
The OvmfPkgX86 build reserves memory regions in MEMFD. The memory regions
get accessed in the SEC phase. AMD SEV-SNP require that the guest's
private memory be accepted or validated before access.
Introduce a Guided metadata structure that
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275
Move all the SEV specific function in AmdSev.c.
No functional change intended.
Cc: Michael Roth
Cc: James Bottomley
Cc: Min Xu
Cc: Jiewen Yao
Cc: Tom Lendacky
Cc: Jordan Justen
Cc: Ard Biesheuvel
Cc: Erdem Aktas
Cc: Gerd Hoffmann
Hi Gerd and Jiewen,
CI was a bit unstable during my v10 submission, so, I was not able to
run it to the completion. Finally, I managed to get the CI going,
and it reported few Windows 32-bit build errors. The v11 fixes those build
errors. Please consider this for the merge.
Thank you so much
On Fri, Oct 22, 2021 at 11:08 AM Ard Biesheuvel wrote:
>
> This patch triggers CI failures
>
> https://github.com/tianocore/edk2/pull/2114
>
> Please take a look and resubmit if there is anything to fix.
Looks like a missing comment?
>
> On Wed, 13 Oct 2021 at 20:43, Samer El-Haj-Mahmoud
>
I was reminded about this work earlier today, and thought I'd remind you
that the patches haven't been pushed yet.
--
Rebecca Cran
On 9/14/21 6:47 PM, Andrew Fish wrote:
Sorry the patches stalled out. I need to push them….
Thanks,
Andrew Fish
On Sep 14, 2021, at 4:47 PM, Rebecca Cran
Reviewed-by: Sai Chaganty
-Original Message-
From: devel@edk2.groups.io On Behalf Of Oram, Isaac W
Sent: Friday, October 15, 2021 2:26 PM
To: devel@edk2.groups.io
Cc: Chiu, Chasel ; Desimone, Nathaniel L
; Liming Gao ; Dong,
Eric
Subject: [edk2-devel][edk2-platforms][PATCH V1 11/11]
Reviewed-by: Sai Chaganty
-Original Message-
From: devel@edk2.groups.io On Behalf Of Oram, Isaac W
Sent: Friday, October 15, 2021 2:25 PM
To: devel@edk2.groups.io
Cc: Chiu, Chasel ; Desimone, Nathaniel L
; Benjamin Doron ;
Jeremy Soller
Subject: [edk2-devel][edk2-platforms][PATCH V1
Reviewed-by: Sai Chaganty
-Original Message-
From: devel@edk2.groups.io On Behalf Of Oram, Isaac W
Sent: Friday, October 15, 2021 2:25 PM
To: devel@edk2.groups.io
Cc: Chiu, Chasel ; Desimone, Nathaniel L
Subject: [edk2-devel][edk2-platforms][PATCH V1 05/11]
Reviewed-by: Sai Chaganty
-Original Message-
From: devel@edk2.groups.io On Behalf Of Oram, Isaac W
Sent: Friday, October 15, 2021 2:26 PM
To: devel@edk2.groups.io
Cc: Agyeman, Prince
Subject: [edk2-devel][edk2-platforms][PATCH V1 08/11]
SimicsOpenBoardPkg/ReportFvLib: Update
Reviewed-by: Sai Chaganty
-Original Message-
From: Oram, Isaac W
Sent: Friday, October 15, 2021 2:25 PM
To: devel@edk2.groups.io
Cc: Chiu, Chasel ; Desimone, Nathaniel L
; Chaganty, Rangasai V
; Kethi Reddy, Deepika
; Esakkithevar, Kathappan
Subject:
Reviewed-by: Sai Chaganty
-Original Message-
From: Oram, Isaac W
Sent: Friday, October 15, 2021 2:25 PM
To: devel@edk2.groups.io
Cc: Chaganty, Rangasai V ; Desimone, Nathaniel L
; Luo, Heng
Subject: [edk2-devel][edk2-platforms][PATCH V1 04/11]
TigerLakeOpenBoardPkg/ReportFvLib:
Hi Isaac,
Please update copyright year on SpiFvbServiceCommon.h, SpiFvbServiceCommon.c,
SpiFvbServiceSmm.inf, SpiFvbServiceStandaloneMm.inf, and SpiFvbServiceMm.c
Thanks,
Nate
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:26 PM
> To:
Hi Isaac,
Unlike the other platforms, you don't have a SMM and a PEI implementation in
the same directory here. Therefore, why take the "Pei" prefix off the directory
name here? Since this is a PEI specific implementation of a generic
LibraryClass, it is convention to keep the "Pei" prefix.
Reviewed-by: Nate DeSimone
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:25 PM
> To: devel@edk2.groups.io
> Cc: Desimone, Nathaniel L ; Chiu, Chasel
>
> Subject: [edk2-devel][edk2-platforms][PATCH V1 06/11]
> WhitleyOpenBoardPkg/ReportFvLib: Add board
Reviewed-by: Nate DeSimone
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:26 PM
> To: devel@edk2.groups.io
> Cc: Chiu, Chasel ; Desimone, Nathaniel L
>
> Subject: [edk2-devel][edk2-platforms][PATCH V1 07/11]
> PurleyOpenBoardPkg/ReportFvLib: Update
Reviewed-by: Nate DeSimone
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:26 PM
> To: devel@edk2.groups.io
> Cc: Chiu, Chasel ; Desimone, Nathaniel L
> ; Liming Gao
> ; Dong, Eric
> Subject: [edk2-devel][edk2-platforms][PATCH V1 11/11]
>
Hi Isaac,
Please see feedback inline.
Thanks,
Nate
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:26 PM
> To: devel@edk2.groups.io
> Cc: Chiu, Chasel ; Desimone, Nathaniel L
> ; Liming Gao
> ; Dong, Eric
> Subject: [edk2-devel][edk2-platforms][PATCH V1
Reviewed-by: Nate DeSimone
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:25 PM
> To: devel@edk2.groups.io
> Cc: Chiu, Chasel ; Desimone, Nathaniel L
>
> Subject: [edk2-devel][edk2-platforms][PATCH V1 05/11]
> WhiskeyLakeOpenBoardPkg/ReportFvLib: Switch
Reviewed-by: Nate DeSimone
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:25 PM
> To: devel@edk2.groups.io
> Cc: Chaganty, Rangasai V ; Desimone,
> Nathaniel L ; Luo, Heng
>
> Subject: [edk2-devel][edk2-platforms][PATCH V1 04/11]
>
Reviewed-by: Nate DeSimone
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:25 PM
> To: devel@edk2.groups.io
> Cc: Chiu, Chasel ; Desimone, Nathaniel L
> ; Benjamin Doron
> ; Jeremy Soller
> Subject: [edk2-devel][edk2-platforms][PATCH V1 03/11]
>
Reviewed-by: Nate DeSimone
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:25 PM
> To: devel@edk2.groups.io
> Cc: Chiu, Chasel ; Desimone, Nathaniel L
> ; Chaganty, Rangasai V
> ; Kethi Reddy, Deepika
> ; Esakkithevar, Kathappan
>
> Subject:
Hi Isaac,
Please see feedback inline.
Thanks,
Nate
> -Original Message-
> From: Oram, Isaac W
> Sent: Friday, October 15, 2021 2:25 PM
> To: devel@edk2.groups.io
> Cc: Chiu, Chasel ; Desimone, Nathaniel L
> ; Liming Gao
> ; Dong, Eric
> Subject: [edk2-devel][edk2-platforms][PATCH V1
This patch triggers CI failures
https://github.com/tianocore/edk2/pull/2114
Please take a look and resubmit if there is anything to fix.
On Wed, 13 Oct 2021 at 20:43, Samer El-Haj-Mahmoud
wrote:
>
> Ackd-by: Samer El-Haj-Mahmoud
>
> Any update on getting this reviewed/merged? We have
Hi Rebecca,
Thank you for this patch.
This patch looks good to me.
Reviewed-by: Sami Mujawar
Regards,
Sami Mujawar
On 18/10/2021 04:39 PM, Rebecca Cran wrote:
Remove the ClusterId and CoreId fields in the ARM_CORE_INFO structure in
favor of a new Mpidr field. Update code in
On 10/22/21 9:08 AM, Ard Biesheuvel wrote:
On Tue, 19 Oct 2021 at 22:35, Rebecca Cran wrote:
Add functions ArmCallSmc0/1/2/3 to do SMC calls with 0, 1, 2 or 3
arguments.
The functions return up to 3 values.
This is a lot of code to do something we already do in our code.
Care to elaborate
On Fri, 2021-10-22 at 11:48 -0400, Stefan Berger wrote:
> On 10/22/21 11:01 AM, James Bottomley wrote:
> > On Fri, 2021-10-22 at 10:52 -0400, Stefan Berger wrote:
> >
> > > along with the quote on the sha1 bank.
> > The validator shouldn't accept that quote ... it should require a
> > quote
On 10/22/21 11:01 AM, James Bottomley wrote:
On Fri, 2021-10-22 at 10:52 -0400, Stefan Berger wrote:
along with the quote on the sha1 bank.
The validator shouldn't accept that quote ... it should require a quote
covering all banks. This is the point: you can't fake the quote and
the
From: Guo Dong
PCH SMM module would install SMM SW dispatch2 protocol.
And it supports to register SMI handlers based on SMI APM
interrupt from the bootloader information gSmmRegisterInfoGuid.
It is possible to extend bootloader HOB to pass other information
to support more SMI sources.
If this
From: Guo Dong
Add SMM variable support for universal UEFI payload.
By default they are disabled.
Signed-off-by: Guo Dong
Cc: Ray Ni
Cc: Maurice Ma
Cc: Benjamin You
Reviewed-by: Ray Ni
Reviewed-by: Benjamin You
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 101 +++---
From: Guo Dong
SmmAccessDxe module would consume EFI_SMRAM_HOB_DESCRIPTOR_BLOCK HOB to
produce SMM access protocol gEfiSmmAccess2ProtocolGuid (open, close, lock,
and GetCapabilities.)
Signed-off-by: Guo Dong
Cc: Ray Ni
Cc: Maurice Ma
Cc: Benjamin You
Reviewed-by: Ray Ni
Reviewed-by:
From: Guo Dong
This is a common SPI Flash library used for the Intel platform that
supports SPI hardware sequence. This library provides actual SPI flash
operation via Intel PCH SPI controller.
Signed-off-by: Guo Dong
Cc: Ray Ni
Cc: Maurice Ma
Cc: Benjamin You
Reviewed-by: Ray Ni
From: Guo Dong
This FVB module is used to initialize NV variable region
and provide SMM FVB protocol to read/write SPI variable region.
This module consume HOB gNvVariableInfoGuid and depends on
FlashDeviceLib for the actual SPI device operate.
During FVB initialization, it will initialize the
From: Guo Dong
V3: Add SMM communication region EFI_ALLOCATED check
in UefiPayloadPkg/BlSupportSmm/BlSupportSmm.c
V2: Added SMM communication region size check
Fixed ECC reported issues and other minor update.
https://bugzilla.tianocore.org/show_bug.cgi?id=3084
Currently UEFI payload
From: Guo Dong
This library provides FlashDeviceLib APIs based on
SpiFlashLib and consumed by FVB driver.
Signed-off-by: Guo Dong
Cc: Ray Ni
Cc: Maurice Ma
Cc: Benjamin You
Reviewed-by: Ray Ni
Reviewed-by: Benjamin You
---
.../Include/Library/FlashDeviceLib.h | 108
From: Guo Dong
This module is only used for SMM S3 support for the bootloader that
doesn't support SMM.
The payload would save SMM rebase info to SMM communication area in
normal boot and expect the bootloader in S3 path to rebase the SMM
and trigger SMI by writing 0xB2 port with the given value
From: Guo Dong
This module consumes SMM Registers HOB (SMI_GBL_EN and SMI_APM_EN) to
install SMM control 2 protocol gEfiSmmControl2ProtocolGuid.
The protocol activate() would set SMI_GBL_EN and SMI_APM_EN and trigger
SMI by writing to IO port 0xB3 and 0xB2.
Signed-off-by: Guo Dong
Cc: Ray Ni
From: Ian Chiu
https://bugzilla.tianocore.org/show_bug.cgi?id=3703
MMIO base address size will overflow while finding two or more Host
controller in the system. Correct it and support 32 and 64 bits address
space.
Signed-off-by: Ian Chiu
Cc: Maggie Chu
Cc: Ray Ni
Cc: Hao A Wu
---
Hi Rebecca,
On Tue, 19 Oct 2021 at 22:35, Rebecca Cran wrote:
>
> Add functions ArmCallSmc0/1/2/3 to do SMC calls with 0, 1, 2 or 3
> arguments.
> The functions return up to 3 values.
>
This is a lot of code to do something we already do in our code.
Care to elaborate what the use case is
On Fri, 2021-10-22 at 10:52 -0400, Stefan Berger wrote:
> On 10/22/21 10:17 AM, James Bottomley wrote:
> > On Fri, 2021-10-22 at 09:13 -0400, Stefan Berger wrote:
> > > On 10/22/21 8:40 AM, James Bottomley wrote:
> > >
> > > > On Fri, 2021-10-22 at 07:57 -0400, Stefan Berger wrote:
> > > > > On
On 10/22/21 10:17 AM, James Bottomley wrote:
On Fri, 2021-10-22 at 09:13 -0400, Stefan Berger wrote:
On 10/22/21 8:40 AM, James Bottomley wrote:
On Fri, 2021-10-22 at 07:57 -0400, Stefan Berger wrote:
On 10/22/21 7:49 AM, James Bottomley wrote:
On Fri, 2021-10-22 at 06:50 -0400, Stefan
Corrects the AcpiProcessorUid for Multi socket/package.
The ProcessorInfoBuffer.Location.Package holds the stale entry
of the last processor. In multi-socket system it holds
the Socket/Package number of last socket/package, resulting
wrong AcpiProcessorUid assignment for socket 0 processors.
Detects the APIC mode by calling GetApicMode().
if current platform is in X2APIC mode sets the
global mX2ApicEnabled.
Also install the APIC NMI structure only if
platform is not in X2APIC mode.
Cc: Chasel Chiu
Cc: Nate DeSimone
Cc: Liming Gao
Cc: Eric Dong
Signed-off-by: Abdul Lateef Attar
Fixes the APIC table creation based on APIC mode.
Also fixes the AcpiProcessorUid for multi-socket system.
Abdul Lateef Attar (2):
MinPlatformPkg: Update APIC Table based on mode
MinPlatformPkg: AcpiProcessorUid for multi-socket
Platform/Intel/MinPlatformPkg/Acpi/AcpiTables/AcpiPlatform.c |
On Fri, 2021-10-22 at 09:13 -0400, Stefan Berger wrote:
> On 10/22/21 8:40 AM, James Bottomley wrote:
>
> > On Fri, 2021-10-22 at 07:57 -0400, Stefan Berger wrote:
> > > On 10/22/21 7:49 AM, James Bottomley wrote:
> > > > On Fri, 2021-10-22 at 06:50 -0400, Stefan Berger wrote:
> > > > [...]
> > >
On 10/22/21 2:31 AM, Gerd Hoffmann wrote:
Hi,
FYI: TPM 2 does not provide backwards compatibility to TPM 1.2. TPM 1.2 is
its own implementation that is incompatible with TPM 2.
So the extension 'Compat12' is a bit odd in this case.
Suggestions for a better name?
On 10/22/21 8:40 AM, James Bottomley wrote:
On Fri, 2021-10-22 at 07:57 -0400, Stefan Berger wrote:
On 10/22/21 7:49 AM, James Bottomley wrote:
On Fri, 2021-10-22 at 06:50 -0400, Stefan Berger wrote:
[...]
I see this also but when I get into Linux and run tpm2_pcrread I
see the SHA1 bank
On Fri, 2021-10-22 at 07:57 -0400, Stefan Berger wrote:
> On 10/22/21 7:49 AM, James Bottomley wrote:
> > On Fri, 2021-10-22 at 06:50 -0400, Stefan Berger wrote:
> > [...]
> > > I see this also but when I get into Linux and run tpm2_pcrread I
> > > see the SHA1 bank active but not having received
On 10/22/21 7:49 AM, James Bottomley wrote:
On Fri, 2021-10-22 at 06:50 -0400, Stefan Berger wrote:
[...]
I see this also but when I get into Linux and run tpm2_pcrread I see
the SHA1 bank active but not having received any PCR extensions from
the firmware, which is not supposed to happen.
On Fri, 2021-10-22 at 06:50 -0400, Stefan Berger wrote:
[...]
> I see this also but when I get into Linux and run tpm2_pcrread I see
> the SHA1 bank active but not having received any PCR extensions from
> the firmware, which is not supposed to happen.
That's not entirely correct: the TCG
Hi,
> > TPM2 Active PCR Hash SHA1, SHA256
> > Algorithm
> > Active PCR Banks SHA256
> I see this also but when I get into Linux and run tpm2_pcrread I see the
> SHA1 bank active but not having received any PCR extensions from the
> firmware, which is not supposed
Hi Mike,
Could you look into this and let me know if there is anything else need to be
done.
Regards,
JP
-Original Message-
From: Jayaprakash, N
Sent: 20 October 2021 23:15
To: Kinney, Michael D ; devel@edk2.groups.io
Cc: Rebecca Cran
Subject: RE: [edk2-devel] [edk2-libc Patch 1/1]
On 10/22/21 2:39 AM, Gerd Hoffmann wrote:
On Thu, Oct 21, 2021 at 09:24:55AM -0400, Stefan Berger wrote:
On 10/21/21 8:20 AM, Gerd Hoffmann wrote:
Allows to compile OVMF without HashInstanceLibSha1,
i.e. no SHA1 hash support in TPM/TCG modules.
Does that then mean that the SHA1 bank in a
On 10/22/21 3:01 AM, Gerd Hoffmann wrote:
On Thu, Oct 21, 2021 at 12:13:51PM -0400, Stefan Berger wrote:
A few more comments to this series:
- Is there a use case where TPM2_ENABLE_CONFIG is disabled, meaning where
there should not be a TPM 2 menu entry? It's worth considering dropping this
Patch merged.
PR: https://github.com/tianocore/edk2/pull/2107
On 22-Oct-21 11:47, Maciej Rabeda wrote:
Thanks for the patch.
Reviewed-by: Maciej Rabeda
On 18-Oct-21 09:21, Lin, Gary (HPS OE-Linux) wrote:
https://bugzilla.tianocore.org/show_bug.cgi?id=3694
HttpBootCheckImageType() was using
Hi Vineel,
I do not have any problems with this patch. Before I merge, I would like
Jiaxin to look at it, since he has submitted that code.
Thanks,
Maciej
On 15-Oct-21 02:54, Vineel Kovvuri wrote:
The current UEFI implementation of HTTPS during its TLS configuration uses
Thanks for the patch.
Reviewed-by: Maciej Rabeda
On 18-Oct-21 09:21, Lin, Gary (HPS OE-Linux) wrote:
https://bugzilla.tianocore.org/show_bug.cgi?id=3694
HttpBootCheckImageType() was using the case-sensitive AsciiStrCmp() to
check the file extensions and this could reject the images with
On Thu, Oct 21, 2021 at 12:13:51PM -0400, Stefan Berger wrote:
> A few more comments to this series:
>
> - Is there a use case where TPM2_ENABLE_CONFIG is disabled, meaning where
> there should not be a TPM 2 menu entry? It's worth considering dropping this
> option because a user does need to
On Thu, Oct 21, 2021 at 09:24:55AM -0400, Stefan Berger wrote:
>
> On 10/21/21 8:20 AM, Gerd Hoffmann wrote:
> > Allows to compile OVMF without HashInstanceLibSha1,
> > i.e. no SHA1 hash support in TPM/TCG modules.
>
> Does that then mean that the SHA1 bank in a TPM 2 stays untouched, meaning
>
On Thu, Oct 21, 2021 at 11:44:54AM -0400, Stefan Berger wrote:
>
> On 10/21/21 8:20 AM, Gerd Hoffmann wrote:
> > Rename TPM_ENABLE to TPM2_ENABLE and TPM_CONFIG_ENABLE to
> > TPM2_CONFIG_ENABLE so they are in line with the ArmVirtPkg
> > config option names.
> >
> > Add separate TPM1_ENABLE
Hi,
> FYI: TPM 2 does not provide backwards compatibility to TPM 1.2. TPM 1.2 is
> its own implementation that is incompatible with TPM 2.
>
> So the extension 'Compat12' is a bit odd in this case.
Suggestions for a better name?
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links:
From: Vu Nguyen
There are secure and non-secure watchdog timers supported in the Mt.
Jade system. They are used to monitor the system booting like system
firmware, UEFI, and OS. The system will be reset if the timer expires.
So, this patch adds the configuration screen for the watchdog timer
From: Quan Nguyen
This supports user to enable/disable RAS APEI components running in the
system firmware such as HEST, BERT, and EINJ.
Cc: Thang Nguyen
Cc: Chuong Tran
Cc: Phong Vo
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Ard Biesheuvel
Cc: Nate DeSimone
Signed-off-by: Nhi Pham
This supports:
* Enable/Disable APEI Support
* Enable/Disable CPPC Support
* Enable/Disable LPI support
* Enable/Disable Max Performance Mode
Cc: Thang Nguyen
Cc: Chuong Tran
Cc: Phong Vo
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Ard Biesheuvel
Cc: Nate DeSimone
Signed-off-by: Nhi Pham
This screen is to add configuration regarding CPU. Currently, this
screen just adds a option for SubNUMA mode selection.
Cc: Thang Nguyen
Cc: Chuong Tran
Cc: Phong Vo
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Ard Biesheuvel
Cc: Nate DeSimone
Signed-off-by: Nhi Pham
Reviewed-by: Leif
From: Vu Nguyen
Provide memory screen with below info:
* Memory total capacity
* Memory RAS and Performance Configuration
* Per DIMM Information
Cc: Thang Nguyen
Cc: Chuong Tran
Cc: Phong Vo
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Ard Biesheuvel
Cc: Nate DeSimone
Signed-off-by: Nhi
Provide screen menu with basic platform information include:
* Platform name
* SCP firmware info
* System bus clock frequency.
Cc: Thang Nguyen
Cc: Chuong Tran
Cc: Phong Vo
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Ard Biesheuvel
Cc: Nate DeSimone
Signed-off-by: Nhi Pham
Reviewed-by:
From: Vu Nguyen
This change allows to configure the PCIe bifurcation mode and update
the ACPI IORT tables based on the PCIe User setting.
Cc: Thang Nguyen
Cc: Chuong Tran
Cc: Phong Vo
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Ard Biesheuvel
Cc: Nate DeSimone
Signed-off-by: Nhi Pham
From: Vu Nguyen
This menu screen allows the user to:
- Enable/Disable each Root Complex
- Enable/Disable SMMU support
- Enable/Disable Strong Ordering
- Set Bifurcation mode for each Root Complex
Cc: Thang Nguyen
Cc: Chuong Tran
Cc: Phong Vo
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Ard
From: Vu Nguyen
Helps to show various system information like CPU info and Board Setting
values to UART console during boot process.
Cc: Thang Nguyen
Cc: Chuong Tran
Cc: Phong Vo
Cc: Leif Lindholm
Cc: Michael D Kinney
Cc: Ard Biesheuvel
Cc: Nate DeSimone
Signed-off-by: Nhi Pham
From: Quan Nguyen
This supports various SMBIOS tables type 0, 1, 2, 3, 4, 7, 8, 9, 11,
13, 16, 17, 19, 24 and 32.
SMBIOS Type 1, 2 and 3 are hardcoded as Host-BMC communication is not
supported yet. And, this module does not support fixup tables to reflect
changes of the system at booting time.
1 - 100 of 120 matches
Mail list logo