Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
On Thu, 3 Jan 2019 at 10:52, Ard Biesheuvel wrote: > > On Thu, 3 Jan 2019 at 08:43, Jagadeesh Ujja wrote: > > > > hi Ard > > > > On Wed, Jan 2, 2019 at 10:45 PM Ard Biesheuvel > > wrote: > > > > > > On Thu, 20 Dec 2018 at 15:23, Gao, Liming wrote: > > > > > > > > Jagadeesh: > > > > MdeModulePkg Variable service/Fault tolerant/Nor Flash driver depends > > > > on StandaloneMmServicesTableLib library class header file. This header > > > > file is added into MdePkg. It has two interfaces. One is global gMmst, > > > > another is function InMm(). So, there is no dependency issue here. > > > > And, MdePkg adds one StandaloneMmServicesTableLib library INF with > > > > empty implementation, this library is just for build. It sets > > > > gMmst=NULL, and always return FASLE in InMm(). This library can be used > > > > in MdeModulePkg.dsc to make Variable driver pass build. There is also > > > > no dependency issue here. Last, Platform DSC file will refer to the > > > > real StandaloneMmServicesTableLib library INF from StandaloneMmPkg. > > > > > > > > > > I think we should avoid the need for InMm() altogether for standalone > > > MM. It will always return TRUE for standalone MM modules, and it will > > > always return FALSE for other modules, so the distinction should be > > > made at build time. > > > > > > This means that we need to refactor the SMM 'server' modules and/or > > > libraries so that any code they cannot share (like boot services > > > invocations) are only included in the classic SMM versions. > > > > > > I have pushed my own prototype code here: > > > https://github.com/ardbiesheuvel/edk2/commits/standalone-mm > > > > > > There is some overlap with Jagadeesh's work. I will work with him > > > directly to resolve this before posting any new revisions. > > > > > InMm()” and “PcdStandaloneMmVariableEnabled” are defined to reuse the > > existing code as much as possible. > > Initially I have done separate copy of the file to avoid “if..else” > > but had a comment about “duplicating code primarily due to the > > maintenance overhead” > > > > We shouldn't rely on runtime functions and PCDs to make build time decision. > > Lots of the SMM code can be refactored. As Jian suggested, we could > introduce a helper library with implementations for the MM protocol > handling and memory allocation routines exposed via the system table, > so that the users can invoke the abstract library. > Actually, looking at the PI spec, it seems that SMM is deprecated, and so we should port these drivers to the new MM system table entirely. ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
On Thu, 3 Jan 2019 at 08:43, Jagadeesh Ujja wrote: > > hi Ard > > On Wed, Jan 2, 2019 at 10:45 PM Ard Biesheuvel > wrote: > > > > On Thu, 20 Dec 2018 at 15:23, Gao, Liming wrote: > > > > > > Jagadeesh: > > > MdeModulePkg Variable service/Fault tolerant/Nor Flash driver depends > > > on StandaloneMmServicesTableLib library class header file. This header > > > file is added into MdePkg. It has two interfaces. One is global gMmst, > > > another is function InMm(). So, there is no dependency issue here. > > > And, MdePkg adds one StandaloneMmServicesTableLib library INF with empty > > > implementation, this library is just for build. It sets gMmst=NULL, and > > > always return FASLE in InMm(). This library can be used in > > > MdeModulePkg.dsc to make Variable driver pass build. There is also no > > > dependency issue here. Last, Platform DSC file will refer to the real > > > StandaloneMmServicesTableLib library INF from StandaloneMmPkg. > > > > > > > I think we should avoid the need for InMm() altogether for standalone > > MM. It will always return TRUE for standalone MM modules, and it will > > always return FALSE for other modules, so the distinction should be > > made at build time. > > > > This means that we need to refactor the SMM 'server' modules and/or > > libraries so that any code they cannot share (like boot services > > invocations) are only included in the classic SMM versions. > > > > I have pushed my own prototype code here: > > https://github.com/ardbiesheuvel/edk2/commits/standalone-mm > > > > There is some overlap with Jagadeesh's work. I will work with him > > directly to resolve this before posting any new revisions. > > > InMm()” and “PcdStandaloneMmVariableEnabled” are defined to reuse the > existing code as much as possible. > Initially I have done separate copy of the file to avoid “if..else” > but had a comment about “duplicating code primarily due to the > maintenance overhead” > We shouldn't rely on runtime functions and PCDs to make build time decision. Lots of the SMM code can be refactored. As Jian suggested, we could introduce a helper library with implementations for the MM protocol handling and memory allocation routines exposed via the system table, so that the users can invoke the abstract library. As for the various boot services calls: these just have to be factored out or replaced. - gBS->CalculcateCrc32 () in the FTW driver can just be replaced with the version from BaseLib (but only for the standalone MM version) - MorLockInitAtEndOfDxe() in the variable driver attempts to locate some TCG protocols to infer whether the variable may have been set by platform firmware, this code just needs to be dropped in the standalone MM version - the ArmPkg NOR flash driver needs some refactoring in any case, since all the block I/O and disk I/O routines can be dropped for standalone MM. So of course, we have to take the maintenance burden into account, and so we have to refactor carefully so that we share as much code as possible. But relying on InMm() and PCDs is not acceptable. > So we are using “InMm()” and “PcdStandaloneMmVariableEnabled” PCD flag > and trying to use the same code as much as possible. > > The patchset “Extend secure variable service to be usable from > Standalone MM” as POC was submitted as RFC patches on “October 31, > 2018”. > Subsequent comments are fixed and we had 7 version of the patch set > under review. > I'm not sure why you are bringing this up, but it is irrelevant. This is important stuff that touches a lot of different packages, so if it takes 20 revisions, so be it. ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
hi Ard On Wed, Jan 2, 2019 at 10:45 PM Ard Biesheuvel wrote: > > On Thu, 20 Dec 2018 at 15:23, Gao, Liming wrote: > > > > Jagadeesh: > > MdeModulePkg Variable service/Fault tolerant/Nor Flash driver depends on > > StandaloneMmServicesTableLib library class header file. This header file is > > added into MdePkg. It has two interfaces. One is global gMmst, another is > > function InMm(). So, there is no dependency issue here. > > And, MdePkg adds one StandaloneMmServicesTableLib library INF with empty > > implementation, this library is just for build. It sets gMmst=NULL, and > > always return FASLE in InMm(). This library can be used in MdeModulePkg.dsc > > to make Variable driver pass build. There is also no dependency issue here. > > Last, Platform DSC file will refer to the real StandaloneMmServicesTableLib > > library INF from StandaloneMmPkg. > > > > I think we should avoid the need for InMm() altogether for standalone > MM. It will always return TRUE for standalone MM modules, and it will > always return FALSE for other modules, so the distinction should be > made at build time. > > This means that we need to refactor the SMM 'server' modules and/or > libraries so that any code they cannot share (like boot services > invocations) are only included in the classic SMM versions. > > I have pushed my own prototype code here: > https://github.com/ardbiesheuvel/edk2/commits/standalone-mm > > There is some overlap with Jagadeesh's work. I will work with him > directly to resolve this before posting any new revisions. > InMm()” and “PcdStandaloneMmVariableEnabled” are defined to reuse the existing code as much as possible. Initially I have done separate copy of the file to avoid “if..else” but had a comment about “duplicating code primarily due to the maintenance overhead” So we are using “InMm()” and “PcdStandaloneMmVariableEnabled” PCD flag and trying to use the same code as much as possible. The patchset “Extend secure variable service to be usable from Standalone MM” as POC was submitted as RFC patches on “October 31, 2018”. Subsequent comments are fixed and we had 7 version of the patch set under review. Thanks Jagadeesh > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Hi Jagadeesh, Since those code are used in different drivers, a new library would be better. For example, we could have a CommonMmServicesLibrary, in which following interfaces are defined ((just for example) EFI_STATUS MmstLocateProtocol( IN EFI_GUID *Protocol, IN VOID *Registration, OPTIONAL OUT VOID **Interface ) { EFI_STATUS Status; if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { Status = gSmst->SmmLocateProtocol ( , NULL, SarProtocol ); } else { Status = gMmst->MmLocateProtocol ( , NULL, SarProtocol ); } return Status; } Then you can use MmstLocateProtocol() in FaultTolerantWriteDxe, Variable driver, etc. This applies to other interfaces like InstallProtocolInterface, AllocatePage in SMM/MM system table. Regards, Jian > -Original Message- > From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > Sent: Wednesday, January 02, 2019 9:19 PM > To: Wang, Jian J > Cc: edk2-devel@lists.01.org; Gao, Liming ; Zhang, Chao > B ; leif.lindh...@linaro.org; > ard.biesheu...@linaro.org > Subject: Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable > from Standalone MM > > hi Jian, > > On Fri, Dec 21, 2018 at 8:27 AM Wang, Jian J wrote: > > > > Jagadeesh, > > > > There're many places in this patch series where code similar to following is > added. > > It'd better to wrap them into module private functions or even a library, if > necessary. > > This can make the code cleaner (no if/else) and easier (central place) to > maintain in > > the future. > > > > + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { > > +Status = gSmst->SmmLocateProtocol ( > > + , > > + NULL, > > + SarProtocol > > + ); > > + } else { > > +Status = gMmst->MmLocateProtocol ( > > + , > > + NULL, > > + SarProtocol > > + ); > > + } > > > Thank you for your comment. This patch series try to reuse code as > much as possible between MM and non-MM code. So, in some changes, > if..else was used which helps to reuse most of the other bits of code. > To address your comment, can you please let me know how we could avoid > this if..else without duplicating the too much code. I am not clear > about " module private functions or even a library" comment that you > have made. Can you please help me with this. > > Thanks, > Jagadeesh. > > > Regards, > > Jian > > > > > > > -Original Message- > > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > > Jagadeesh Ujja > > > Sent: Friday, December 14, 2018 8:13 PM > > > To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, > Chao > > > B ; leif.lindh...@linaro.org; > > > ard.biesheu...@linaro.org > > > Subject: [edk2] [PATCH 00/13] Extend secure variable service to be usable > from > > > Standalone MM > > > > > > Changes since RFC v4: > > > - Addressed all the comments from Liming Gao > > > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate > > > presence of StandaloneMM support. > > > - MdePkg.dec file updated to include StandaloneMmServiceTableLib and > > > StandaloneMmRuntimeDxe library. > > > - Platform specific changes will be posted in a seperate patchset. > > > - AsmLfence wrapper function is supported for AArch64 platforms. > > > - All the patches in this series can be pulled from > > > https://github.com/jagadeeshujja/edk2 (branch: > topics/aarch64_secure_vars) > > > > > > Changes since RFC v3: > > > - Addressed all the comments from Liming Gao > > > - Added a AArch64 implementation of AsmLfence which is a wrapper for > > > MemoryFence. The changes in variable service driver in v3 of this > > > patchset that used MemoryFence instead of AsmLfence have been > removed. > > > - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe > > > library into MdePkg. > > > - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled > and > > > added to in to MdePkg. > > > - Now with above changes, edk2 packages don't need to depend on > > > StandaloneMmPkg/StandaloneMmPkg.dec > > > - Addressed comments from Ting Ye >
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
On Thu, 20 Dec 2018 at 15:23, Gao, Liming wrote: > > Jagadeesh: > MdeModulePkg Variable service/Fault tolerant/Nor Flash driver depends on > StandaloneMmServicesTableLib library class header file. This header file is > added into MdePkg. It has two interfaces. One is global gMmst, another is > function InMm(). So, there is no dependency issue here. > And, MdePkg adds one StandaloneMmServicesTableLib library INF with empty > implementation, this library is just for build. It sets gMmst=NULL, and > always return FASLE in InMm(). This library can be used in MdeModulePkg.dsc > to make Variable driver pass build. There is also no dependency issue here. > Last, Platform DSC file will refer to the real StandaloneMmServicesTableLib > library INF from StandaloneMmPkg. > I think we should avoid the need for InMm() altogether for standalone MM. It will always return TRUE for standalone MM modules, and it will always return FALSE for other modules, so the distinction should be made at build time. This means that we need to refactor the SMM 'server' modules and/or libraries so that any code they cannot share (like boot services invocations) are only included in the classic SMM versions. I have pushed my own prototype code here: https://github.com/ardbiesheuvel/edk2/commits/standalone-mm There is some overlap with Jagadeesh's work. I will work with him directly to resolve this before posting any new revisions. ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
hi Jian, On Fri, Dec 21, 2018 at 8:27 AM Wang, Jian J wrote: > > Jagadeesh, > > There're many places in this patch series where code similar to following is > added. > It'd better to wrap them into module private functions or even a library, if > necessary. > This can make the code cleaner (no if/else) and easier (central place) to > maintain in > the future. > > + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { > +Status = gSmst->SmmLocateProtocol ( > + , > + NULL, > + SarProtocol > + ); > + } else { > +Status = gMmst->MmLocateProtocol ( > + , > + NULL, > + SarProtocol > + ); > + } > Thank you for your comment. This patch series try to reuse code as much as possible between MM and non-MM code. So, in some changes, if..else was used which helps to reuse most of the other bits of code. To address your comment, can you please let me know how we could avoid this if..else without duplicating the too much code. I am not clear about " module private functions or even a library" comment that you have made. Can you please help me with this. Thanks, Jagadeesh. > Regards, > Jian > > > > -Original Message- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > Jagadeesh Ujja > > Sent: Friday, December 14, 2018 8:13 PM > > To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, Chao > > B ; leif.lindh...@linaro.org; > > ard.biesheu...@linaro.org > > Subject: [edk2] [PATCH 00/13] Extend secure variable service to be usable > > from > > Standalone MM > > > > Changes since RFC v4: > > - Addressed all the comments from Liming Gao > > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate > > presence of StandaloneMM support. > > - MdePkg.dec file updated to include StandaloneMmServiceTableLib and > > StandaloneMmRuntimeDxe library. > > - Platform specific changes will be posted in a seperate patchset. > > - AsmLfence wrapper function is supported for AArch64 platforms. > > - All the patches in this series can be pulled from > > https://github.com/jagadeeshujja/edk2 (branch: > > topics/aarch64_secure_vars) > > > > Changes since RFC v3: > > - Addressed all the comments from Liming Gao > > - Added a AArch64 implementation of AsmLfence which is a wrapper for > > MemoryFence. The changes in variable service driver in v3 of this > > patchset that used MemoryFence instead of AsmLfence have been removed. > > - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe > > library into MdePkg. > > - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and > > added to in to MdePkg. > > - Now with above changes, edk2 packages don't need to depend on > > StandaloneMmPkg/StandaloneMmPkg.dec > > - Addressed comments from Ting Ye > > - Removed the hacks in the v3 version. > > - Will relook into the “TimerWrapp.c” file and add a appropriate > > implementation of this for MM Standalone mode code. > > > > Changes since RFC v2: > > - Added 'Contributed-under' tag, removed Change-ID tag and > > maintained a single signed-off-by for the all the patches. > > > > Changes since RFC v1: > > - Addressed all the comments from Liming Gao > > - Removed the use of #ifdef/#else/#endif and used a Pcd instead to > > select between MM and non-MM paths. > > - Removed all dependencies on edk2-platforms. > > - Dropped the use of mMmst and used gSmst instead. > > - Added a dummy implementation UefiRuntimeServiceTableLib for > > MM_STANDALONE usage > > - Replaced all uses of AsmLfence with MemoryFence from variable > > service code. > > - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. > > > > This patch series extends the existing secure variable service support for > > use with Standalone MM. This is applicable to paltforms that use Standalone > > Management Mode to protect access to non-volatile memory (NOR flash in case > > of these patches) used to store the secure EFI variables. > > > > The first patch pulls in additional libraries from the staging branch of > > StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure > > variable > > service implementation supports only the traditional MM mode and so the rest > > of the patches extends the existing secure variable service support to be > > usea
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Jagadeesh, There're many places in this patch series where code similar to following is added. It'd better to wrap them into module private functions or even a library, if necessary. This can make the code cleaner (no if/else) and easier (central place) to maintain in the future. + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { +Status = gSmst->SmmLocateProtocol ( + , + NULL, + SarProtocol + ); + } else { +Status = gMmst->MmLocateProtocol ( + , + NULL, + SarProtocol + ); + } Regards, Jian > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jagadeesh Ujja > Sent: Friday, December 14, 2018 8:13 PM > To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, Chao > B ; leif.lindh...@linaro.org; > ard.biesheu...@linaro.org > Subject: [edk2] [PATCH 00/13] Extend secure variable service to be usable from > Standalone MM > > Changes since RFC v4: > - Addressed all the comments from Liming Gao > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate > presence of StandaloneMM support. > - MdePkg.dec file updated to include StandaloneMmServiceTableLib and > StandaloneMmRuntimeDxe library. > - Platform specific changes will be posted in a seperate patchset. > - AsmLfence wrapper function is supported for AArch64 platforms. > - All the patches in this series can be pulled from > https://github.com/jagadeeshujja/edk2 (branch: topics/aarch64_secure_vars) > > Changes since RFC v3: > - Addressed all the comments from Liming Gao > - Added a AArch64 implementation of AsmLfence which is a wrapper for > MemoryFence. The changes in variable service driver in v3 of this > patchset that used MemoryFence instead of AsmLfence have been removed. > - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe > library into MdePkg. > - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and > added to in to MdePkg. > - Now with above changes, edk2 packages don't need to depend on > StandaloneMmPkg/StandaloneMmPkg.dec > - Addressed comments from Ting Ye > - Removed the hacks in the v3 version. > - Will relook into the “TimerWrapp.c” file and add a appropriate > implementation of this for MM Standalone mode code. > > Changes since RFC v2: > - Added 'Contributed-under' tag, removed Change-ID tag and > maintained a single signed-off-by for the all the patches. > > Changes since RFC v1: > - Addressed all the comments from Liming Gao > - Removed the use of #ifdef/#else/#endif and used a Pcd instead to > select between MM and non-MM paths. > - Removed all dependencies on edk2-platforms. > - Dropped the use of mMmst and used gSmst instead. > - Added a dummy implementation UefiRuntimeServiceTableLib for > MM_STANDALONE usage > - Replaced all uses of AsmLfence with MemoryFence from variable > service code. > - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. > > This patch series extends the existing secure variable service support for > use with Standalone MM. This is applicable to paltforms that use Standalone > Management Mode to protect access to non-volatile memory (NOR flash in case > of these patches) used to store the secure EFI variables. > > The first patch pulls in additional libraries from the staging branch of > StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure > variable > service implementation supports only the traditional MM mode and so the rest > of the patches extends the existing secure variable service support to be > useable with Standalone MM mode as well. > > Jagadeesh Ujja (13): > StandaloneMmPkg: Pull in additonal libraries from staging branch > MdePkg: Add a PCD that indicates presence of Standalone MM mode > MdeModulePkg: Add a PCD to indicate Standalone MM supports secure > variable > MdePkg/Include: add StandaloneMmServicesTableLib header file > MdePkg/Library/BaseLib/AArch64: Add AsmLfence function > MdePkg/Library: Add StandaloneMmRuntimeDxe library > MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver > MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM > Standalone > MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver > MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this > library > ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver > SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this > library > CryptoPkg/BaseCryptLib: allow MM_STANDALONE d
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Jagadeesh: MdeModulePkg Variable service/Fault tolerant/Nor Flash driver depends on StandaloneMmServicesTableLib library class header file. This header file is added into MdePkg. It has two interfaces. One is global gMmst, another is function InMm(). So, there is no dependency issue here. And, MdePkg adds one StandaloneMmServicesTableLib library INF with empty implementation, this library is just for build. It sets gMmst=NULL, and always return FASLE in InMm(). This library can be used in MdeModulePkg.dsc to make Variable driver pass build. There is also no dependency issue here. Last, Platform DSC file will refer to the real StandaloneMmServicesTableLib library INF from StandaloneMmPkg. Thanks Liming > -Original Message- > From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > Sent: Tuesday, December 18, 2018 7:19 PM > To: Gao, Liming > Cc: edk2-devel@lists.01.org; Zhang, Chao B > Subject: Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable > from Standalone MM > > Hi Liming, > > On Tue, Dec 18, 2018 at 10:07 AM Gao, Liming wrote: > > > > Jagadeesh: > > StandaloneMmServicesTableLib library class header file is added into > > MdePkg. Its library implementation is in MdePkg and > StandaloneMmPkg. The one in MdePkg produces the dummy implementation, and the > one in StandaloneMmPkg produces the real > implementation. I don't see the reason to separate this library class. > > > > In this patchset series, the Variable service/Fault tolerant/Nor Flash > driver are refactored to be usable as MM_STANDALONE driver. These > drivers uses the following libraries from “StandaloneMmPkg”. > > - > MmServicesTableLib|StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf > - > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf > > Variable MM_STANDALONE driver is located at > - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf > > FaultTolerant MM_STANDALONE is driver located at > - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c > - > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf > > These drivers look for “gMmst” which is defined in > “MmServicesTableLib”. Ideally, > “StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h” > should have defined “gMmst” as an “extern EFI_MM_SYSTEM_TABLE > *gMmst;”. > In which case, we would have to add > “StandaloneMmPkg/StandaloneMmPkg.dec” in other drivers listed below. > > - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > > This will make “edk2 packages” to be depended on > "StandaloneMmPkg/StandaloneMmPkg.dec". > > To avoid this, > “StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h” > is moved to “MdePkg/Include/Library/StandaloneMmServicesTableLib.h”. > But, the implementation of “MmServicesTableLib” comes from > “StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf”. > > Thanks > Jagadeesh > > > Thanks > > Liming > > >-Original Message- > > >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > > >Sent: Monday, December 17, 2018 7:47 PM > > >To: Gao, Liming > > >Cc: edk2-devel@lists.01.org; Zhang, Chao B ; > > >leif.lindh...@linaro.org; ard.biesheu...@linaro.org > > >Subject: Re: [edk2] [PATCH 00/13] Extend secure variable service to be > > >usable > > >from Standalone MM > > > > > >Hi Liming, > > > > > >On Mon, Dec 17, 2018 at 7:15 AM Gao, Liming wrote: > > >> > > >> One question here. Why separate StandaloneMmServicesTableLib to two > > >library classes? Current MdePkg\Include\Library\SmmServicesTableLib.h is > > >one library class. > > >MdePkg\Library\SmmServicesTableLib\SmmServicesTableLib.inf is its > > >implementation. StandaloneMmServicesTableLib should be same to it. > > >> StandaloneMmServicesTableLib is the library class. > > >MdePkg\Library\StandaloneMmRuntimeDxe is its library instance. > > >> > > >Thanks for your review. > > > > > >The implementation of the "StandaloneMmServicesTableLib" library class > > >is at "StandaloneMmPkg/Library/StandaloneMmServicesTableLib/". As this > > >patchset reuses some of the DXE_DRIVER drivers as MM_STANDALONE > > >drivers, the "StandaloneMmServicesTableLib" library clas
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Hi Liming, On Tue, Dec 18, 2018 at 10:07 AM Gao, Liming wrote: > > Jagadeesh: > StandaloneMmServicesTableLib library class header file is added into > MdePkg. Its library implementation is in MdePkg and StandaloneMmPkg. The one > in MdePkg produces the dummy implementation, and the one in StandaloneMmPkg > produces the real implementation. I don't see the reason to separate this > library class. > In this patchset series, the Variable service/Fault tolerant/Nor Flash driver are refactored to be usable as MM_STANDALONE driver. These drivers uses the following libraries from “StandaloneMmPkg”. - MmServicesTableLib|StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf - MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf Variable MM_STANDALONE driver is located at - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf FaultTolerant MM_STANDALONE is driver located at - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf These drivers look for “gMmst” which is defined in “MmServicesTableLib”. Ideally, “StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h” should have defined “gMmst” as an “extern EFI_MM_SYSTEM_TABLE *gMmst;”. In which case, we would have to add “StandaloneMmPkg/StandaloneMmPkg.dec” in other drivers listed below. - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf This will make “edk2 packages” to be depended on "StandaloneMmPkg/StandaloneMmPkg.dec". To avoid this, “StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h” is moved to “MdePkg/Include/Library/StandaloneMmServicesTableLib.h”. But, the implementation of “MmServicesTableLib” comes from “StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf”. Thanks Jagadeesh > Thanks > Liming > >-Original Message- > >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > >Sent: Monday, December 17, 2018 7:47 PM > >To: Gao, Liming > >Cc: edk2-devel@lists.01.org; Zhang, Chao B ; > >leif.lindh...@linaro.org; ard.biesheu...@linaro.org > >Subject: Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable > >from Standalone MM > > > >Hi Liming, > > > >On Mon, Dec 17, 2018 at 7:15 AM Gao, Liming wrote: > >> > >> One question here. Why separate StandaloneMmServicesTableLib to two > >library classes? Current MdePkg\Include\Library\SmmServicesTableLib.h is > >one library class. > >MdePkg\Library\SmmServicesTableLib\SmmServicesTableLib.inf is its > >implementation. StandaloneMmServicesTableLib should be same to it. > >> StandaloneMmServicesTableLib is the library class. > >MdePkg\Library\StandaloneMmRuntimeDxe is its library instance. > >> > >Thanks for your review. > > > >The implementation of the "StandaloneMmServicesTableLib" library class > >is at "StandaloneMmPkg/Library/StandaloneMmServicesTableLib/". As this > >patchset reuses some of the DXE_DRIVER drivers as MM_STANDALONE > >drivers, the "StandaloneMmServicesTableLib" library class definition > >was placed within MdePkg. The reason for splitting the library class > >definition (in MdePkg) and its implementation (in StandaloneMmPkg) was > >due to your comment that "edk2 packages" should not have any reference > >to StandaloneMmPkg.dec. > > > >The "StandaloneMmRuntimeDxe" library now just has an implementation of > >InMm(). And so, this can be kept as a separate library with no > >dependency on StandaloneMmPkg. So this was the reason to split > >"StandaloneMmRuntimeDxe" and "StandaloneMmServicesTableLib" into two > >separate libraries. > > > >thanks > >Jagadeesh > >> Thanks > >> Liming > >> >-Original Message- > >> >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > >> >Sent: Friday, December 14, 2018 8:13 PM > >> >To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, > >> >Chao B ; leif.lindh...@linaro.org; > >> >ard.biesheu...@linaro.org > >> >Subject: [PATCH 00/13] Extend secure variable service to be usable from > >> >Standalone MM > >> > > >> >Changes since RFC v4: > >> >- Addressed all the comments from Liming Gao > >> > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate > >> >presence of StandaloneMM su
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Jagadeesh: StandaloneMmServicesTableLib library class header file is added into MdePkg. Its library implementation is in MdePkg and StandaloneMmPkg. The one in MdePkg produces the dummy implementation, and the one in StandaloneMmPkg produces the real implementation. I don't see the reason to separate this library class. Thanks Liming >-Original Message- >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] >Sent: Monday, December 17, 2018 7:47 PM >To: Gao, Liming >Cc: edk2-devel@lists.01.org; Zhang, Chao B ; >leif.lindh...@linaro.org; ard.biesheu...@linaro.org >Subject: Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable >from Standalone MM > >Hi Liming, > >On Mon, Dec 17, 2018 at 7:15 AM Gao, Liming wrote: >> >> One question here. Why separate StandaloneMmServicesTableLib to two >library classes? Current MdePkg\Include\Library\SmmServicesTableLib.h is >one library class. >MdePkg\Library\SmmServicesTableLib\SmmServicesTableLib.inf is its >implementation. StandaloneMmServicesTableLib should be same to it. >> StandaloneMmServicesTableLib is the library class. >MdePkg\Library\StandaloneMmRuntimeDxe is its library instance. >> >Thanks for your review. > >The implementation of the "StandaloneMmServicesTableLib" library class >is at "StandaloneMmPkg/Library/StandaloneMmServicesTableLib/". As this >patchset reuses some of the DXE_DRIVER drivers as MM_STANDALONE >drivers, the "StandaloneMmServicesTableLib" library class definition >was placed within MdePkg. The reason for splitting the library class >definition (in MdePkg) and its implementation (in StandaloneMmPkg) was >due to your comment that "edk2 packages" should not have any reference >to StandaloneMmPkg.dec. > >The "StandaloneMmRuntimeDxe" library now just has an implementation of >InMm(). And so, this can be kept as a separate library with no >dependency on StandaloneMmPkg. So this was the reason to split >"StandaloneMmRuntimeDxe" and "StandaloneMmServicesTableLib" into two >separate libraries. > >thanks >Jagadeesh >> Thanks >> Liming >> >-Original Message- >> >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] >> >Sent: Friday, December 14, 2018 8:13 PM >> >To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, >> >Chao B ; leif.lindh...@linaro.org; >> >ard.biesheu...@linaro.org >> >Subject: [PATCH 00/13] Extend secure variable service to be usable from >> >Standalone MM >> > >> >Changes since RFC v4: >> >- Addressed all the comments from Liming Gao >> > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate >> >presence of StandaloneMM support. >> > - MdePkg.dec file updated to include StandaloneMmServiceTableLib and >> >StandaloneMmRuntimeDxe library. >> > - Platform specific changes will be posted in a seperate patchset. >> > - AsmLfence wrapper function is supported for AArch64 platforms. >> > - All the patches in this series can be pulled from >> >https://github.com/jagadeeshujja/edk2 (branch: >> >topics/aarch64_secure_vars) >> > >> >Changes since RFC v3: >> >- Addressed all the comments from Liming Gao >> > - Added a AArch64 implementation of AsmLfence which is a wrapper for >> >MemoryFence. The changes in variable service driver in v3 of this >> >patchset that used MemoryFence instead of AsmLfence have been >> >removed. >> > - Added StandaloneMmServicesTableLib.h and >StandaloneMmRuntimeDxe >> >library into MdePkg. >> > - Renamed PcdStandaloneMmEnable as >PcdStandaloneMmVariableEnabled >> >and >> >added to in to MdePkg. >> > - Now with above changes, edk2 packages don't need to depend on >> >StandaloneMmPkg/StandaloneMmPkg.dec >> >- Addressed comments from Ting Ye >> > - Removed the hacks in the v3 version. >> > - Will relook into the “TimerWrapp.c” file and add a appropriate >> >implementation of this for MM Standalone mode code. >> > >> >Changes since RFC v2: >> >- Added 'Contributed-under' tag, removed Change-ID tag and >> > maintained a single signed-off-by for the all the patches. >> > >> >Changes since RFC v1: >> >- Addressed all the comments from Liming Gao >> > - Removed the use of #ifdef/#else/#endif and used a Pcd instead to >> >select between MM and non-MM paths. >> > - Removed all dependencies on edk2-platforms. >> > - Dropped the use of mMmst and used gSmst instead. >> &g
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Hi Liming, On Mon, Dec 17, 2018 at 7:15 AM Gao, Liming wrote: > > One question here. Why separate StandaloneMmServicesTableLib to two library > classes? Current MdePkg\Include\Library\SmmServicesTableLib.h is one library > class. MdePkg\Library\SmmServicesTableLib\SmmServicesTableLib.inf is its > implementation. StandaloneMmServicesTableLib should be same to it. > StandaloneMmServicesTableLib is the library class. > MdePkg\Library\StandaloneMmRuntimeDxe is its library instance. > Thanks for your review. The implementation of the "StandaloneMmServicesTableLib" library class is at "StandaloneMmPkg/Library/StandaloneMmServicesTableLib/". As this patchset reuses some of the DXE_DRIVER drivers as MM_STANDALONE drivers, the "StandaloneMmServicesTableLib" library class definition was placed within MdePkg. The reason for splitting the library class definition (in MdePkg) and its implementation (in StandaloneMmPkg) was due to your comment that "edk2 packages" should not have any reference to StandaloneMmPkg.dec. The "StandaloneMmRuntimeDxe" library now just has an implementation of InMm(). And so, this can be kept as a separate library with no dependency on StandaloneMmPkg. So this was the reason to split "StandaloneMmRuntimeDxe" and "StandaloneMmServicesTableLib" into two separate libraries. thanks Jagadeesh > Thanks > Liming > >-Original Message- > >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] > >Sent: Friday, December 14, 2018 8:13 PM > >To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, > >Chao B ; leif.lindh...@linaro.org; > >ard.biesheu...@linaro.org > >Subject: [PATCH 00/13] Extend secure variable service to be usable from > >Standalone MM > > > >Changes since RFC v4: > >- Addressed all the comments from Liming Gao > > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate > >presence of StandaloneMM support. > > - MdePkg.dec file updated to include StandaloneMmServiceTableLib and > >StandaloneMmRuntimeDxe library. > > - Platform specific changes will be posted in a seperate patchset. > > - AsmLfence wrapper function is supported for AArch64 platforms. > > - All the patches in this series can be pulled from > >https://github.com/jagadeeshujja/edk2 (branch: > >topics/aarch64_secure_vars) > > > >Changes since RFC v3: > >- Addressed all the comments from Liming Gao > > - Added a AArch64 implementation of AsmLfence which is a wrapper for > >MemoryFence. The changes in variable service driver in v3 of this > >patchset that used MemoryFence instead of AsmLfence have been > >removed. > > - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe > >library into MdePkg. > > - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled > >and > >added to in to MdePkg. > > - Now with above changes, edk2 packages don't need to depend on > >StandaloneMmPkg/StandaloneMmPkg.dec > >- Addressed comments from Ting Ye > > - Removed the hacks in the v3 version. > > - Will relook into the “TimerWrapp.c” file and add a appropriate > >implementation of this for MM Standalone mode code. > > > >Changes since RFC v2: > >- Added 'Contributed-under' tag, removed Change-ID tag and > > maintained a single signed-off-by for the all the patches. > > > >Changes since RFC v1: > >- Addressed all the comments from Liming Gao > > - Removed the use of #ifdef/#else/#endif and used a Pcd instead to > >select between MM and non-MM paths. > > - Removed all dependencies on edk2-platforms. > > - Dropped the use of mMmst and used gSmst instead. > > - Added a dummy implementation UefiRuntimeServiceTableLib for > >MM_STANDALONE usage > >- Replaced all uses of AsmLfence with MemoryFence from variable > > service code. > >- Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. > > > >This patch series extends the existing secure variable service support for > >use with Standalone MM. This is applicable to paltforms that use Standalone > >Management Mode to protect access to non-volatile memory (NOR flash in > >case > >of these patches) used to store the secure EFI variables. > > > >The first patch pulls in additional libraries from the staging branch of > >StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure > >variable > >service implementation supports only the traditional MM mode and so the > >rest > >of the patches extends the existing secure variable service support to be > >useable with Standalone MM mode as well. > > > >Jagadeesh Ujja (13): > > StandaloneMmPkg: Pull in additonal libraries from staging branch > > MdePkg: Add a PCD that indicates presence of Standalone MM mode > > MdeModulePkg: Add a PCD to indicate Standalone MM supports secure > >variable > > MdePkg/Include: add StandaloneMmServicesTableLib header file > > MdePkg/Library/BaseLib/AArch64: Add AsmLfence function > > MdePkg/Library: Add StandaloneMmRuntimeDxe library > > MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM
Re: [edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
One question here. Why separate StandaloneMmServicesTableLib to two library classes? Current MdePkg\Include\Library\SmmServicesTableLib.h is one library class. MdePkg\Library\SmmServicesTableLib\SmmServicesTableLib.inf is its implementation. StandaloneMmServicesTableLib should be same to it. StandaloneMmServicesTableLib is the library class. MdePkg\Library\StandaloneMmRuntimeDxe is its library instance. Thanks Liming >-Original Message- >From: Jagadeesh Ujja [mailto:jagadeesh.u...@arm.com] >Sent: Friday, December 14, 2018 8:13 PM >To: edk2-devel@lists.01.org; Gao, Liming ; Zhang, >Chao B ; leif.lindh...@linaro.org; >ard.biesheu...@linaro.org >Subject: [PATCH 00/13] Extend secure variable service to be usable from >Standalone MM > >Changes since RFC v4: >- Addressed all the comments from Liming Gao > - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate >presence of StandaloneMM support. > - MdePkg.dec file updated to include StandaloneMmServiceTableLib and >StandaloneMmRuntimeDxe library. > - Platform specific changes will be posted in a seperate patchset. > - AsmLfence wrapper function is supported for AArch64 platforms. > - All the patches in this series can be pulled from >https://github.com/jagadeeshujja/edk2 (branch: >topics/aarch64_secure_vars) > >Changes since RFC v3: >- Addressed all the comments from Liming Gao > - Added a AArch64 implementation of AsmLfence which is a wrapper for >MemoryFence. The changes in variable service driver in v3 of this >patchset that used MemoryFence instead of AsmLfence have been >removed. > - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe >library into MdePkg. > - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled >and >added to in to MdePkg. > - Now with above changes, edk2 packages don't need to depend on >StandaloneMmPkg/StandaloneMmPkg.dec >- Addressed comments from Ting Ye > - Removed the hacks in the v3 version. > - Will relook into the “TimerWrapp.c” file and add a appropriate >implementation of this for MM Standalone mode code. > >Changes since RFC v2: >- Added 'Contributed-under' tag, removed Change-ID tag and > maintained a single signed-off-by for the all the patches. > >Changes since RFC v1: >- Addressed all the comments from Liming Gao > - Removed the use of #ifdef/#else/#endif and used a Pcd instead to >select between MM and non-MM paths. > - Removed all dependencies on edk2-platforms. > - Dropped the use of mMmst and used gSmst instead. > - Added a dummy implementation UefiRuntimeServiceTableLib for >MM_STANDALONE usage >- Replaced all uses of AsmLfence with MemoryFence from variable > service code. >- Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. > >This patch series extends the existing secure variable service support for >use with Standalone MM. This is applicable to paltforms that use Standalone >Management Mode to protect access to non-volatile memory (NOR flash in >case >of these patches) used to store the secure EFI variables. > >The first patch pulls in additional libraries from the staging branch of >StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure >variable >service implementation supports only the traditional MM mode and so the >rest >of the patches extends the existing secure variable service support to be >useable with Standalone MM mode as well. > >Jagadeesh Ujja (13): > StandaloneMmPkg: Pull in additonal libraries from staging branch > MdePkg: Add a PCD that indicates presence of Standalone MM mode > MdeModulePkg: Add a PCD to indicate Standalone MM supports secure >variable > MdePkg/Include: add StandaloneMmServicesTableLib header file > MdePkg/Library/BaseLib/AArch64: Add AsmLfence function > MdePkg/Library: Add StandaloneMmRuntimeDxe library > MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver > MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM >Standalone > MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver > MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this >library > ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver > SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this >library > CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this >library > > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c >| 2 +- > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c > | >210 - > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h > | >5 +- > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf > | >2 + > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c >| 96 +-- > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf >| 76 ++ > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf >
[edk2] [PATCH 00/13] Extend secure variable service to be usable from Standalone MM
Changes since RFC v4: - Addressed all the comments from Liming Gao - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate presence of StandaloneMM support. - MdePkg.dec file updated to include StandaloneMmServiceTableLib and StandaloneMmRuntimeDxe library. - Platform specific changes will be posted in a seperate patchset. - AsmLfence wrapper function is supported for AArch64 platforms. - All the patches in this series can be pulled from https://github.com/jagadeeshujja/edk2 (branch: topics/aarch64_secure_vars) Changes since RFC v3: - Addressed all the comments from Liming Gao - Added a AArch64 implementation of AsmLfence which is a wrapper for MemoryFence. The changes in variable service driver in v3 of this patchset that used MemoryFence instead of AsmLfence have been removed. - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe library into MdePkg. - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and added to in to MdePkg. - Now with above changes, edk2 packages don't need to depend on StandaloneMmPkg/StandaloneMmPkg.dec - Addressed comments from Ting Ye - Removed the hacks in the v3 version. - Will relook into the “TimerWrapp.c” file and add a appropriate implementation of this for MM Standalone mode code. Changes since RFC v2: - Added 'Contributed-under' tag, removed Change-ID tag and maintained a single signed-off-by for the all the patches. Changes since RFC v1: - Addressed all the comments from Liming Gao - Removed the use of #ifdef/#else/#endif and used a Pcd instead to select between MM and non-MM paths. - Removed all dependencies on edk2-platforms. - Dropped the use of mMmst and used gSmst instead. - Added a dummy implementation UefiRuntimeServiceTableLib for MM_STANDALONE usage - Replaced all uses of AsmLfence with MemoryFence from variable service code. - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. This patch series extends the existing secure variable service support for use with Standalone MM. This is applicable to paltforms that use Standalone Management Mode to protect access to non-volatile memory (NOR flash in case of these patches) used to store the secure EFI variables. The first patch pulls in additional libraries from the staging branch of StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure variable service implementation supports only the traditional MM mode and so the rest of the patches extends the existing secure variable service support to be useable with Standalone MM mode as well. Jagadeesh Ujja (13): StandaloneMmPkg: Pull in additonal libraries from staging branch MdePkg: Add a PCD that indicates presence of Standalone MM mode MdeModulePkg: Add a PCD to indicate Standalone MM supports secure variable MdePkg/Include: add StandaloneMmServicesTableLib header file MdePkg/Library/BaseLib/AArch64: Add AsmLfence function MdePkg/Library: Add StandaloneMmRuntimeDxe library MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c | 2 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c | 210 - ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h | 5 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf | 2 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 +-- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 ++ CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 7 +- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 4 + CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 15 +- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +- MdeModulePkg/MdeModulePkg.dec | 5 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf | 1 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 203 +++-- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf