[PATCH 0/7] Add VTd as IOMMU for UEFI.

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>
Subject: [PATCH 0/7] Add VTd as IOMMU for UEFI.
Date: Tue, 18 Jul 2017 15:51:30 +0800	[thread overview]
Message-ID: <1500364297-17072-1-git-send-email-jiewen.yao@intel.com> (raw)

This series patch adds Intel VTd as IOMMU for UEFI BIOS.

It can also be found at https://github.com/jyao1/edk2/tree/vtd.

EDKII IOMMU protocol is already defined in MdeModulePkg.
This patch use VTd to implement IOMMU protocol.

A platform may use VTd to harden the system to prevent DMA attack
once the DMAR table is produced. The VTd engine will be disabled
at EndOfDxe event.

Test:
1) The patch is tested on Intel Kabylake platform and Intel Broadwell platform.
System boot to X64 UEFI Windows 10 successfully, with VTd engine enabled in BIOS.

2) We tested USB XHCI, ATA AHCI and Intel Graphic with DMA protection.

3) If we do not enable DMA access correctly in translation table, the DMA
access is blocked, and the device driver will return error.

More platform tests are on the way.

This series patch includes 1 protocol.
1) EDKII_PLATFORM_VTD_POLICY_PROTOCOL
This protocol is produced by a platform policy module and consumed
by the IntelVTdDxe driver.

1.1) GetDeviceId() API provides ACPI device information for VTd
source ID conversion.

1.2) GetExceptionDeviceList() API provides a list of exception devices.
We notice that a UEFI device driver might not follow UEFI spec to call PCI
map/unmap function for DMA request.

A platform may choose to unsupport the request from exception devices
or add workaround to support these exception device by returning the
device information by using GetExceptionDeviceList().

IntelVTD driver will consume this API to enable all memory access
for the exception device.

This series patch includes below 2 drivers.

1) IntelVTdDxe
It produces IOMMU Protocol and provide DMA protection.

It registers ACPI_SDT callback to check DMAR table.
Once the DMAR table is installed, IntelVTdDxe will enable VTd engine
to start protecting.

In order to use this feature, a platform MUST publish DMAR table
before any DMA transaction. Typically, it is at PciEnumDone protocol
callback.

If a platform does not have VTd support, or VTd is disabled,
the DMA protection will not be activated.

2) PlatformVTdSampleDxe
This is just a sample driver to show how to produce GetDeviceId()
or GetExceptionDeviceList() API.

It should NOT be included directly by any production.

If a platform need produce EDKII_PLATFORM_VTD_POLICY_PROTOCOL, it
should have its own driver.

Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>

Jiewen Yao (7):
  IntelSiliconPkg/Include: Add VTD industry standard.
  IntelSiliconPkg/Include: Add PlatformVtdPolicy Protocol
  IntelSiliconPkg/Dec: Add ProtocolGuid.
  IntelSiliconPkg: Add VTd driver.
  IntelSiliconPkg/dsc: Add Vtd driver.
  IntelSiliconPkg: Add PlatformVTdSample driver.
  IntelSiliconPkg/dsc: Add PlatformVtd sample driver.

 IntelSiliconPkg/Include/IndustryStandard/Vtd.h                     | 345 +++++++
 IntelSiliconPkg/Include/Protocol/PlatformVtdPolicy.h               | 100 ++
 IntelSiliconPkg/IntelSiliconPkg.dec                                |   3 +
 IntelSiliconPkg/IntelSiliconPkg.dsc                                |  32 +
 IntelSiliconPkg/IntelVTdDxe/BmDma.c                                | 441 +++++++++
 IntelSiliconPkg/IntelVTdDxe/DmaProtection.c                        | 367 +++++++
 IntelSiliconPkg/IntelVTdDxe/DmaProtection.h                        | 501 ++++++++++
 IntelSiliconPkg/IntelVTdDxe/DmarAcpiTable.c                        | 998 ++++++++++++++++++++
 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.c                          | 353 +++++++
 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.inf                        |  79 ++
 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.uni                        |  20 +
 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxeExtra.uni                   |  20 +
 IntelSiliconPkg/IntelVTdDxe/PciInfo.c                              | 315 ++++++
 IntelSiliconPkg/IntelVTdDxe/TranslationTable.c                     | 969 +++++++++++++++++++
 IntelSiliconPkg/IntelVTdDxe/TranslationTableEx.c                   | 153 +++
 IntelSiliconPkg/IntelVTdDxe/VtdReg.c                               | 602 ++++++++++++
 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.c        | 339 +++++++
 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.inf      |  59 ++
 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.uni      |  20 +
 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxeExtra.uni |  20 +
 20 files changed, 5736 insertions(+)
 create mode 100644 IntelSiliconPkg/Include/IndustryStandard/Vtd.h
 create mode 100644 IntelSiliconPkg/Include/Protocol/PlatformVtdPolicy.h
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/BmDma.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/DmaProtection.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/DmaProtection.h
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/DmarAcpiTable.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.inf
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.uni
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxeExtra.uni
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/PciInfo.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/TranslationTable.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/TranslationTableEx.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/VtdReg.c
 create mode 100644 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.c
 create mode 100644 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.inf
 create mode 100644 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.uni
 create mode 100644 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxeExtra.uni

-- 
2.7.4.windows.1

next             reply	other threads:[~2017-07-18  7:50 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-18  7:51 Jiewen Yao [this message]
2017-07-18  7:51 ` [PATCH 1/7] IntelSiliconPkg/Include: Add VTD industry standard Jiewen Yao
2017-07-18  7:51 ` [PATCH 2/7] IntelSiliconPkg/Include: Add PlatformVtdPolicy Protocol Jiewen Yao
2017-07-26  8:36   ` Zeng, Star
2017-07-18  7:51 ` [PATCH 3/7] IntelSiliconPkg/Dec: Add ProtocolGuid Jiewen Yao
2017-07-18  7:51 ` [PATCH 4/7] IntelSiliconPkg: Add VTd driver Jiewen Yao
2017-07-18  7:51 ` [PATCH 5/7] IntelSiliconPkg/dsc: Add Vtd driver Jiewen Yao
2017-07-18  7:51 ` [PATCH 6/7] IntelSiliconPkg: Add PlatformVTdSample driver Jiewen Yao
2017-07-18  7:51 ` [PATCH 7/7] IntelSiliconPkg/dsc: Add PlatformVtd sample driver Jiewen Yao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1500364297-17072-1-git-send-email-jiewen.yao@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox