From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id A38BA21CB02F2
 for <edk2-devel@lists.01.org>; Tue, 18 Jul 2017 00:50:23 -0700 (PDT)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 18 Jul 2017 00:52:16 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.40,377,1496127600"; d="scan'208";a="1173809563"
Received: from jyao1-mobl.ccr.corp.intel.com ([10.239.192.64])
 by fmsmga001.fm.intel.com with ESMTP; 18 Jul 2017 00:51:52 -0700
From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Star Zeng <star.zeng@intel.com>
Date: Tue, 18 Jul 2017 15:51:30 +0800
Message-Id: <1500364297-17072-1-git-send-email-jiewen.yao@intel.com>
X-Mailer: git-send-email 2.7.4.windows.1
Subject: [PATCH 0/7] Add VTd as IOMMU for UEFI.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jul 2017 07:50:23 -0000

This series patch adds Intel VTd as IOMMU for UEFI BIOS.

It can also be found at https://github.com/jyao1/edk2/tree/vtd.

EDKII IOMMU protocol is already defined in MdeModulePkg.
This patch use VTd to implement IOMMU protocol.

A platform may use VTd to harden the system to prevent DMA attack
once the DMAR table is produced. The VTd engine will be disabled
at EndOfDxe event.

Test:
1) The patch is tested on Intel Kabylake platform and Intel Broadwell platform.
System boot to X64 UEFI Windows 10 successfully, with VTd engine enabled in BIOS.

2) We tested USB XHCI, ATA AHCI and Intel Graphic with DMA protection.

3) If we do not enable DMA access correctly in translation table, the DMA
access is blocked, and the device driver will return error.

More platform tests are on the way.


This series patch includes 1 protocol.
1) EDKII_PLATFORM_VTD_POLICY_PROTOCOL
This protocol is produced by a platform policy module and consumed
by the IntelVTdDxe driver.

1.1) GetDeviceId() API provides ACPI device information for VTd
source ID conversion.

1.2) GetExceptionDeviceList() API provides a list of exception devices.
We notice that a UEFI device driver might not follow UEFI spec to call PCI
map/unmap function for DMA request.

A platform may choose to unsupport the request from exception devices
or add workaround to support these exception device by returning the
device information by using GetExceptionDeviceList().

IntelVTD driver will consume this API to enable all memory access
for the exception device.


This series patch includes below 2 drivers.

1) IntelVTdDxe
It produces IOMMU Protocol and provide DMA protection.

It registers ACPI_SDT callback to check DMAR table.
Once the DMAR table is installed, IntelVTdDxe will enable VTd engine
to start protecting.

In order to use this feature, a platform MUST publish DMAR table
before any DMA transaction. Typically, it is at PciEnumDone protocol
callback.

If a platform does not have VTd support, or VTd is disabled,
the DMA protection will not be activated.

2) PlatformVTdSampleDxe
This is just a sample driver to show how to produce GetDeviceId()
or GetExceptionDeviceList() API.

It should NOT be included directly by any production.

If a platform need produce EDKII_PLATFORM_VTD_POLICY_PROTOCOL, it
should have its own driver.

Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>

Jiewen Yao (7):
  IntelSiliconPkg/Include: Add VTD industry standard.
  IntelSiliconPkg/Include: Add PlatformVtdPolicy Protocol
  IntelSiliconPkg/Dec: Add ProtocolGuid.
  IntelSiliconPkg: Add VTd driver.
  IntelSiliconPkg/dsc: Add Vtd driver.
  IntelSiliconPkg: Add PlatformVTdSample driver.
  IntelSiliconPkg/dsc: Add PlatformVtd sample driver.

 IntelSiliconPkg/Include/IndustryStandard/Vtd.h                     | 345 +++++++
 IntelSiliconPkg/Include/Protocol/PlatformVtdPolicy.h               | 100 ++
 IntelSiliconPkg/IntelSiliconPkg.dec                                |   3 +
 IntelSiliconPkg/IntelSiliconPkg.dsc                                |  32 +
 IntelSiliconPkg/IntelVTdDxe/BmDma.c                                | 441 +++++++++
 IntelSiliconPkg/IntelVTdDxe/DmaProtection.c                        | 367 +++++++
 IntelSiliconPkg/IntelVTdDxe/DmaProtection.h                        | 501 ++++++++++
 IntelSiliconPkg/IntelVTdDxe/DmarAcpiTable.c                        | 998 ++++++++++++++++++++
 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.c                          | 353 +++++++
 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.inf                        |  79 ++
 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.uni                        |  20 +
 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxeExtra.uni                   |  20 +
 IntelSiliconPkg/IntelVTdDxe/PciInfo.c                              | 315 ++++++
 IntelSiliconPkg/IntelVTdDxe/TranslationTable.c                     | 969 +++++++++++++++++++
 IntelSiliconPkg/IntelVTdDxe/TranslationTableEx.c                   | 153 +++
 IntelSiliconPkg/IntelVTdDxe/VtdReg.c                               | 602 ++++++++++++
 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.c        | 339 +++++++
 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.inf      |  59 ++
 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.uni      |  20 +
 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxeExtra.uni |  20 +
 20 files changed, 5736 insertions(+)
 create mode 100644 IntelSiliconPkg/Include/IndustryStandard/Vtd.h
 create mode 100644 IntelSiliconPkg/Include/Protocol/PlatformVtdPolicy.h
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/BmDma.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/DmaProtection.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/DmaProtection.h
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/DmarAcpiTable.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.inf
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxe.uni
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/IntelVTdDxeExtra.uni
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/PciInfo.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/TranslationTable.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/TranslationTableEx.c
 create mode 100644 IntelSiliconPkg/IntelVTdDxe/VtdReg.c
 create mode 100644 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.c
 create mode 100644 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.inf
 create mode 100644 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxe.uni
 create mode 100644 IntelSiliconPkg/PlatformVTdSampleDxe/PlatformVTdSampleDxeExtra.uni

-- 
2.7.4.windows.1