From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DEEE421955D8D for ; Wed, 3 May 2017 14:39:56 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4B77AC04B946; Wed, 3 May 2017 21:39:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4B77AC04B946 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=lersek@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 4B77AC04B946 Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-118.phx2.redhat.com [10.3.116.118]) by smtp.corp.redhat.com (Postfix) with ESMTP id 08C727E2FD; Wed, 3 May 2017 21:39:54 +0000 (UTC) From: Laszlo Ersek To: edk2-devel-01 Cc: Gary Ching-Pang Lin , Jordan Justen Date: Wed, 3 May 2017 23:39:45 +0200 Message-Id: <20170503213947.32290-4-lersek@redhat.com> In-Reply-To: <20170503213947.32290-1-lersek@redhat.com> References: <20170503213947.32290-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 03 May 2017 21:39:56 +0000 (UTC) Subject: [PATCH v2 3/5] OvmfPkg: introduce 4MB flash image (mainly) for Windows HCK X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 May 2017 21:39:57 -0000 The "Confirm64KilobytesOfUnauthenticatedVariableStorage" test case of the Secure Boot Logo Test ("Microsoft.UefiSecureBootLogo.Tests") suite in the Microsoft Hardware Certification Kit expects to be able to populate the variable store up to roughly 64 KB, with a series of 1 KB sized, unauthenticated variables. OVMF's current live varstore area is too small for this: 56 KB. Introduce the FD_SIZE_4MB build macro (equivalently, FD_SIZE_IN_KB=4096), which - enlarges the full flash image to 4MB -- QEMU supports up to 8MB, see FLASH_MAP_BASE_MIN in "hw/i386/pc_sysfw.c" --, - inside that, grows the varstore area / pflash chip to 528 KB, and within it, the live area from 56 KB to 256 KB. Importantly, a firmware binary built with -D FD_SIZE_4MB will *not* be compatible with a variable store that originates from a variable store template built *without* -D FD_SIZE_4MB. This is the reason for the large increase, as every such change breaks compatibility between a new firmware binary and old varstore files. Enlarging the varstore does not impact the performance of normal operations, as we keep the varstore block size 4KB. The performance of reclaim is affected, but that is expected (since reclaim has to rework the full live area). And, reclaim occurs proportionally less frequently. While at it, the FVMAIN_COMPACT volume (with the compressed FFS file in it) is also enlarged significantly, so that we have plenty of room for future DXEFV (and perhaps PEIFV) increments -- DXEFV has been growing steadily, and that increase shows through compression too. Right now the PEIFV and DXEFV volumes need no resizing. Here's a summary: Description Compression type Size [KB] ------------------------- ----------------- ---------------------- Non-volatile data storage open-coded binary 128 -> 528 ( +400) data Variable store 56 -> 256 ( +200) Event log 4 -> 4 ( +0) Working block 4 -> 4 ( +0) Spare area 64 -> 264 ( +200) FVMAIN_COMPACT uncompressed 1712 -> 3360 (+1648) FV FFS file LZMA compressed PEIFV uncompressed 896 -> 896 ( +0) individual PEI uncompressed modules DXEFV uncompressed 10240 -> 10240 ( +0) individual DXE uncompressed modules SECFV uncompressed 208 -> 208 ( +0) SEC driver reset vector code For now, the 2MB flash image remains the default. Cc: Gary Ching-Pang Lin Cc: Jordan Justen Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek --- Notes: v2: - use $(FD_SIZE_IN_KB) in conditional statements - Raise VARS_LIVE_SIZE by 8KB to 256KB, VARS_SPARE_SIZE by 8KB to 264KB, thereby raising the containing VARS_SIZE by 16KB to 528KB. To compensate, raise CODE_BASE_ADDRESS by 16KB, and shrink both FVMAIN_SIZE and the containing CODE_SIZE by 16KB. No change to FW_BASE_ADDRESS, FW_SIZE, SECFV_OFFSET, SECFV_SIZE. [Jordan] OvmfPkg/OvmfPkgIa32.dsc | 4 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++ OvmfPkg/OvmfPkgX64.dsc | 4 ++ OvmfPkg/OvmfPkg.fdf.inc | 28 ++++++++++ OvmfPkg/VarStore.fdf.inc | 54 +++++++++++++++++++- 5 files changed, 92 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 5a21840a55c9..26b807dde9fa 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -41,29 +41,33 @@ [Defines] DEFINE TLS_ENABLE = FALSE # # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to # one of the supported values, in place of any of the convenience macros, is # permitted. # !ifdef $(FD_SIZE_1MB) DEFINE FD_SIZE_IN_KB = 1024 !else !ifdef $(FD_SIZE_2MB) DEFINE FD_SIZE_IN_KB = 2048 !else +!ifdef $(FD_SIZE_4MB) + DEFINE FD_SIZE_IN_KB = 4096 +!else DEFINE FD_SIZE_IN_KB = 2048 !endif !endif +!endif [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG INTEL:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG MSFT:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG GCC:*_*_*_CC_FLAGS = -mno-mmx -mno-sse # # Disable deprecated APIs. # MSFT:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES INTEL:*_*_*_CC_FLAGS = /D DISABLE_NEW_DEPRECATED_INTERFACES diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 11866b7207c7..41f06a6b6a66 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -41,29 +41,33 @@ [Defines] DEFINE TLS_ENABLE = FALSE # # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to # one of the supported values, in place of any of the convenience macros, is # permitted. # !ifdef $(FD_SIZE_1MB) DEFINE FD_SIZE_IN_KB = 1024 !else !ifdef $(FD_SIZE_2MB) DEFINE FD_SIZE_IN_KB = 2048 !else +!ifdef $(FD_SIZE_4MB) + DEFINE FD_SIZE_IN_KB = 4096 +!else DEFINE FD_SIZE_IN_KB = 2048 !endif !endif +!endif [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG INTEL:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG MSFT:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG GCC:*_*_*_CC_FLAGS = -mno-mmx -mno-sse !ifdef $(SOURCE_DEBUG_ENABLE) MSFT:*_*_X64_GENFW_FLAGS = --keepexceptiontable GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable !endif diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 2fab544600f5..053c84b685c5 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -41,29 +41,33 @@ [Defines] DEFINE TLS_ENABLE = FALSE # # Flash size selection. Setting FD_SIZE_IN_KB on the command line directly to # one of the supported values, in place of any of the convenience macros, is # permitted. # !ifdef $(FD_SIZE_1MB) DEFINE FD_SIZE_IN_KB = 1024 !else !ifdef $(FD_SIZE_2MB) DEFINE FD_SIZE_IN_KB = 2048 !else +!ifdef $(FD_SIZE_4MB) + DEFINE FD_SIZE_IN_KB = 4096 +!else DEFINE FD_SIZE_IN_KB = 2048 !endif !endif +!endif [BuildOptions] GCC:*_UNIXGCC_*_CC_FLAGS = -DMDEPKG_NDEBUG GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG INTEL:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG MSFT:RELEASE_*_*_CC_FLAGS = /D MDEPKG_NDEBUG GCC:*_*_*_CC_FLAGS = -mno-mmx -mno-sse !ifdef $(SOURCE_DEBUG_ENABLE) MSFT:*_*_X64_GENFW_FLAGS = --keepexceptiontable GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable !endif diff --git a/OvmfPkg/OvmfPkg.fdf.inc b/OvmfPkg/OvmfPkg.fdf.inc index 4e72e35678a2..b3e0c472a1a8 100644 --- a/OvmfPkg/OvmfPkg.fdf.inc +++ b/OvmfPkg/OvmfPkg.fdf.inc @@ -6,55 +6,83 @@ # # This program and the accompanying materials are licensed and made available # under the terms and conditions of the BSD License which accompanies this # distribution. The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php # # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR # IMPLIED. # ## DEFINE BLOCK_SIZE = 0x1000 + +# +# A firmware binary built with FD_SIZE_IN_KB=1024, and a firmware binary built +# with FD_SIZE_IN_KB=2048, use the same variable store layout. +# +# Setting FD_SIZE_IN_KB to 4096 results in a different (much larger) variable +# store structure that is incompatible with both of the above-mentioned +# firmware binaries. +# +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) DEFINE VARS_SIZE = 0x20000 DEFINE VARS_BLOCKS = 0x20 DEFINE VARS_LIVE_SIZE = 0xE000 DEFINE VARS_SPARE_SIZE = 0x10000 +!endif !if $(FD_SIZE_IN_KB) == 1024 DEFINE FW_BASE_ADDRESS = 0xFFF00000 DEFINE FW_SIZE = 0x00100000 DEFINE FW_BLOCKS = 0x100 DEFINE CODE_BASE_ADDRESS = 0xFFF20000 DEFINE CODE_SIZE = 0x000E0000 DEFINE CODE_BLOCKS = 0xE0 DEFINE FVMAIN_SIZE = 0x000CC000 DEFINE SECFV_OFFSET = 0x000EC000 DEFINE SECFV_SIZE = 0x14000 !endif !if $(FD_SIZE_IN_KB) == 2048 DEFINE FW_BASE_ADDRESS = 0xFFE00000 DEFINE FW_SIZE = 0x00200000 DEFINE FW_BLOCKS = 0x200 DEFINE CODE_BASE_ADDRESS = 0xFFE20000 DEFINE CODE_SIZE = 0x001E0000 DEFINE CODE_BLOCKS = 0x1E0 DEFINE FVMAIN_SIZE = 0x001AC000 DEFINE SECFV_OFFSET = 0x001CC000 DEFINE SECFV_SIZE = 0x34000 !endif +!if $(FD_SIZE_IN_KB) == 4096 +DEFINE VARS_SIZE = 0x84000 +DEFINE VARS_BLOCKS = 0x84 +DEFINE VARS_LIVE_SIZE = 0x40000 +DEFINE VARS_SPARE_SIZE = 0x42000 + +DEFINE FW_BASE_ADDRESS = 0xFFC00000 +DEFINE FW_SIZE = 0x00400000 +DEFINE FW_BLOCKS = 0x400 +DEFINE CODE_BASE_ADDRESS = 0xFFC84000 +DEFINE CODE_SIZE = 0x0037C000 +DEFINE CODE_BLOCKS = 0x37C +DEFINE FVMAIN_SIZE = 0x00348000 +DEFINE SECFV_OFFSET = 0x003CC000 +DEFINE SECFV_SIZE = 0x34000 +!endif + SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress = $(FW_BASE_ADDRESS) SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareFdSize = $(FW_SIZE) SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareBlockSize = $(BLOCK_SIZE) SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase = $(FW_BASE_ADDRESS) SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize = $(VARS_LIVE_SIZE) SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogBase = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogSize = $(BLOCK_SIZE) SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase = gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogSize SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize = $(BLOCK_SIZE) diff --git a/OvmfPkg/VarStore.fdf.inc b/OvmfPkg/VarStore.fdf.inc index ce901c0109b1..742fed105334 100644 --- a/OvmfPkg/VarStore.fdf.inc +++ b/OvmfPkg/VarStore.fdf.inc @@ -5,68 +5,118 @@ # Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
# # This program and the accompanying materials are licensed and made available # under the terms and conditions of the BSD License which accompanies this # distribution. The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php # # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR # IMPLIED. # ## +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) 0x00000000|0x0000e000 +!endif +!if $(FD_SIZE_IN_KB) == 4096 +0x00000000|0x00040000 +!endif #NV_VARIABLE_STORE DATA = { ## This is the EFI_FIRMWARE_VOLUME_HEADER # ZeroVector [] 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, # FileSystemGuid: gEfiSystemNvDataFvGuid = # { 0xFFF12B8D, 0x7696, 0x4C8B, # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }} 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C, 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50, +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) # FvLength: 0x20000 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, +!endif +!if $(FD_SIZE_IN_KB) == 4096 + # FvLength: 0x84000 + 0x00, 0x40, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, +!endif # Signature "_FVH" # Attributes 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00, - # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision - 0x48, 0x00, 0x19, 0xF9, 0x00, 0x00, 0x00, 0x02, + # HeaderLength + 0x48, 0x00, +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) + # CheckSum + 0x19, 0xF9, +!endif +!if $(FD_SIZE_IN_KB) == 4096 + # CheckSum + 0xAF, 0xB8, +!endif + # ExtHeaderOffset #Reserved #Revision + 0x00, 0x00, 0x00, 0x02, +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) # Blockmap[0]: 0x20 Blocks * 0x1000 Bytes / Block 0x20, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, +!endif +!if $(FD_SIZE_IN_KB) == 4096 + # Blockmap[0]: 0x84 Blocks * 0x1000 Bytes / Block + 0x84, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, +!endif # Blockmap[1]: End 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ## This is the VARIABLE_STORE_HEADER # It is compatible with SECURE_BOOT_ENABLE == FALSE as well. # Signature: gEfiAuthenticatedVariableGuid = # { 0xaaf32c78, 0x947b, 0x439a, # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }} 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) # Size: 0xe000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xdfb8 # This can speed up the Variable Dispatch a bit. 0xB8, 0xDF, 0x00, 0x00, +!endif +!if $(FD_SIZE_IN_KB) == 4096 + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8 + # This can speed up the Variable Dispatch a bit. + 0xB8, 0xFF, 0x03, 0x00, +!endif # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) 0x0000e000|0x00001000 +!endif +!if $(FD_SIZE_IN_KB) == 4096 +0x00040000|0x00001000 +!endif #NV_EVENT_LOG +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) 0x0000f000|0x00001000 +!endif +!if $(FD_SIZE_IN_KB) == 4096 +0x00041000|0x00001000 +!endif #NV_FTW_WORKING DATA = { # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid = # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }} 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49, 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95, # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved 0x2c, 0xaf, 0x2c, 0x64, 0xFE, 0xFF, 0xFF, 0xFF, # WriteQueueSize: UINT64 0xE0, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } +!if ($(FD_SIZE_IN_KB) == 1024) || ($(FD_SIZE_IN_KB) == 2048) 0x00010000|0x00010000 +!endif +!if $(FD_SIZE_IN_KB) == 4096 +0x00042000|0x00042000 +!endif #NV_FTW_SPARE -- 2.9.3