[edk2-devel] [PATCH v2 5/5] OvmfPkg/VirtHstiDxe: add README.md

Fri, 19 Apr 2024 05:31:47 -0700 

Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Konstantin Kostiuk <kkost...@redhat.com>
Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
 OvmfPkg/VirtHstiDxe/README.md | 48 +++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 OvmfPkg/VirtHstiDxe/README.md

diff --git a/OvmfPkg/VirtHstiDxe/README.md b/OvmfPkg/VirtHstiDxe/README.md
new file mode 100644
index 000000000000..c3975b854715
--- /dev/null
+++ b/OvmfPkg/VirtHstiDxe/README.md
@@ -0,0 +1,48 @@
+
+# virtual machine platform hsti driver
+
+This driver supports three tests.
+
+## VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK
+
+Verify the SMM memory is properly locked down.
+
+Supported platforms:
+ * Qemu Q35 (SMM_REQUIRE=TRUE builds).
+
+## VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH
+
+Verify the variable store is not writable for normal (not SMM) code.
+
+Supported platforms:
+ * Qemu Q35 (SMM_REQUIRE=TRUE builds).
+
+## VIRT_HSTI_BYTE0_READONLY_CODE_FLASH
+
+Verify the firmware code is not writable for the guest.
+
+Supported platforms:
+ * Qemu Q35
+ * Qemu PC
+
+# qemu flash configuration
+
+With qemu being configured properly flash behavior should be this:
+
+configuration                  |  OVMF_CODE.fd  |  OVMF_VARS.fd
+-------------------------------|----------------|---------------
+SMM_REQUIRE=TRUE, SMM mode     |  read-only     |  writable
+SMM_REQUIRE=TRUE, normal mode  |  read-only (1) |  read-only (2)
+SMM_REQUIRE=FALSE              |  read-only (3) |  writable
+
+VIRT_HSTI_BYTE0_READONLY_CODE_FLASH will verify (1) + (3).
+VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH will verify (2).
+
+## qemu command line for SMM_REQUIRE=TRUE builds
+```
+qemu-system-x86-64 -M q35,smm=on,pflash0=code,pflash1=vars \
+  -blockdev node-name=code,driver=file,filename=OVMF_CODE.fd,read-only=on \
+  -blockdev node-name=vars,driver=file,filename=OVMF_VARS.fd \
+  -global driver=cfi.pflash01,property=secure,value=on \
+  [ ... more options here ... ]
+```
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118027): https://edk2.groups.io/g/devel/message/118027
Mute This Topic: https://groups.io/mt/105616663/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to