From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=david.wei@intel.com; receiver=edk2-devel@lists.01.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E64BC207E4DF6 for ; Sun, 20 May 2018 21:09:16 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 May 2018 21:09:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,425,1520924400"; d="scan'208";a="57584314" Received: from zwei4-mobl1.ccr.corp.intel.com ([10.239.193.72]) by orsmga001.jf.intel.com with ESMTP; 20 May 2018 21:09:13 -0700 From: zwei4 To: edk2-devel@lists.01.org Cc: Yao, Jiewen Date: Mon, 21 May 2018 12:09:08 +0800 Message-Id: <20180521040908.16744-1-david.wei@intel.com> X-Mailer: git-send-email 2.14.1.windows.1 Subject: [Patch][edk2-platforms/devel-MinnowBoardMax-UDK2017] Bus Master DMA protection. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2018 04:09:17 -0000 (1) Clean up code which enables PCI Bus Master DMA before SMRAM lock. (2) Lock SMRAM before PCI bus enumeration at BDS stage. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: zwei4 CC: Yao, Jiewen --- .../Library/PlatformBdsLib/BdsPlatform.c | 150 ++++++++++++++------- .../VlvPlatformInitDxe/VlvPlatformInit.c | 12 +- 2 files changed, 111 insertions(+), 51 deletions(-) diff --git a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c index 697ad67a30..e7aa3b30e4 100644 --- a/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c +++ b/Vlv2TbltDevicePkg/Library/PlatformBdsLib/BdsPlatform.c @@ -1,6 +1,6 @@ /** @file - Copyright (c) 2004 - 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. @@ -37,7 +37,7 @@ Abstract: #include #include #include "PchAccess.h" -#include "PchRegs/PchRegsSata.h" +#include "PchRegs.h" #include #include @@ -142,6 +142,15 @@ DisableAhciCtlr ( } } +/** + Issues EndOfDxe event, installs gExitPmAuthProtocolGuid, and issues SMM lock envent. Bus Master DMA mus + not be enabled before SMM lock. + + @param VOID + + @retval None. + +**/ VOID InstallReadyToLock ( VOID @@ -151,7 +160,56 @@ InstallReadyToLock ( EFI_HANDLE Handle; EFI_SMM_ACCESS2_PROTOCOL *SmmAccess; EFI_ACPI_S3_SAVE_PROTOCOL *AcpiS3Save; + UINTN PciDeviceConfigAdd; + UINT16 VendorID; + UINT16 CommandReg; + UINT8 DevIndex; + UINT8 FunIndex; + + // + // Check Buster Master Enable bit of PCI devices,including PCIe root ports, on bus 0. + // + DEBUG ((DEBUG_ERROR, "BDS: Check Bus Master Enable of PCI devices before SMRAM lock: \n")); + + for (DevIndex = 0; DevIndex <= 31; DevIndex ++) { + + for (FunIndex = 0; FunIndex <= 7; FunIndex++) { + + if ((DevIndex == 0x00) && (FunIndex == 0x00)) { + continue; // Skip Root Bridge + } + + if ((DevIndex == 0x1A) && (FunIndex == 0x00)) { + continue; // Skip TXE + } + + if ((DevIndex == PCI_DEVICE_NUMBER_PCH_LPC) && (FunIndex == PCI_FUNCTION_NUMBER_PCH_LPC)) { + continue; // Skip LPC Bridge + } + + + PciDeviceConfigAdd = MmPciAddress (0, 0, DevIndex, FunIndex, 0); + VendorID = MmioRead16 (PciDeviceConfigAdd + PCI_DEVICE_ID_OFFSET); + // + // Check if PCI device is present. + // + if (VendorID == 0xffff) { + continue; + } + CommandReg = MmioRead16 (PciDeviceConfigAdd + PCI_COMMAND_OFFSET); + DEBUG ((DEBUG_ERROR, "PCI Device 0x%x Function 0x%x, Command Register Value = %x \n", \ + (UINT32)DevIndex, (UINT32)FunIndex, (UINT32)CommandReg)); + // + // Report error if Bus Master has been enabled. + // + if (((CommandReg & BIT2) == BIT2)) { + DEBUG ((DEBUG_ERROR, "Error: Bus Master is enabled before SMRAM lock!\n")); + ASSERT_EFI_ERROR(FALSE); + } + } + } + // // Install DxeSmmReadyToLock protocol prior to the processing of boot options // @@ -1790,6 +1848,18 @@ PlatformBdsPolicyBehavior ( switch (BootMode) { case BOOT_WITH_MINIMAL_CONFIGURATION: + + #ifdef TPM_ENABLED + TcgPhysicalPresenceLibProcessRequest(); + #endif + #ifdef FTPM_ENABLE + TrEEPhysicalPresenceLibProcessRequest(NULL); + #endif + // + // Close boot script and install ready to lock + // + InstallReadyToLock (); + PlatformBdsInitHotKeyEvent (); PlatformBdsConnectSimpleConsole (gPlatformSimpleConsole); @@ -1870,16 +1940,6 @@ PlatformBdsPolicyBehavior ( } - #ifdef TPM_ENABLED - TcgPhysicalPresenceLibProcessRequest(); - #endif - #ifdef FTPM_ENABLE - TrEEPhysicalPresenceLibProcessRequest(NULL); - #endif - // - // Close boot script and install ready to lock - // - InstallReadyToLock (); // // Give one chance to enter the setup if we @@ -1890,6 +1950,11 @@ PlatformBdsPolicyBehavior ( case BOOT_ASSUMING_NO_CONFIGURATION_CHANGES: + // + // Close boot script and install ready to lock + // + InstallReadyToLock (); + // // In no-configuration boot mode, we can connect the // console directly. @@ -1917,11 +1982,6 @@ PlatformBdsPolicyBehavior ( } } - // - // Close boot script and install ready to lock - // - InstallReadyToLock (); - // // Notes: current time out = 0 can not enter the // front page @@ -1936,6 +1996,15 @@ PlatformBdsPolicyBehavior ( case BOOT_ON_FLASH_UPDATE: + DEBUG((EFI_D_INFO, "ProcessCapsules Before EndOfDxe ......\n")); + Status = ProcessCapsules (); + DEBUG((EFI_D_INFO, "ProcessCapsules %r\n", Status)); + + // + // Close boot script and install ready to lock + // + InstallReadyToLock (); + // // Boot with the specific configuration // @@ -1965,25 +2034,19 @@ PlatformBdsPolicyBehavior ( PcdSetBool(PcdEsrtSyncFmp, FALSE); } - DEBUG((EFI_D_INFO, "ProcessCapsules Before EndOfDxe ......\n")); - Status = ProcessCapsules (); - DEBUG((EFI_D_INFO, "ProcessCapsules %r\n", Status)); - // - // Close boot script and install ready to lock - // - InstallReadyToLock (); - - - - PlatformBdsLockNonUpdatableFlash (); break; case BOOT_IN_RECOVERY_MODE: + // + // Close boot script and install ready to lock + // + InstallReadyToLock (); + // // In recovery mode, just connect platform console // and show up the front page @@ -2006,11 +2069,6 @@ PlatformBdsPolicyBehavior ( } } - // - // Close boot script and install ready to lock - // - InstallReadyToLock (); - // // In recovery boot mode, we still enter to the // frong page now @@ -2024,6 +2082,18 @@ FULL_CONFIGURATION: case BOOT_WITH_DEFAULT_SETTINGS: default: + #ifdef TPM_ENABLED + TcgPhysicalPresenceLibProcessRequest(); + #endif + #ifdef FTPM_ENABLE + TrEEPhysicalPresenceLibProcessRequest(NULL); + #endif + + // + // Close boot script and install ready to lock + // + InstallReadyToLock (); + // // Connect platform console // @@ -2077,19 +2147,7 @@ FULL_CONFIGURATION: PlatformBdsConnectSequence (); } } - #ifdef TPM_ENABLED - TcgPhysicalPresenceLibProcessRequest(); - #endif - #ifdef FTPM_ENABLE - TrEEPhysicalPresenceLibProcessRequest(NULL); - #endif - if (EsrtManagement != NULL) { - EsrtManagement->SyncEsrtFmp(); - } - // - // Close boot script and install ready to lock - // - InstallReadyToLock (); + // // Here we have enough time to do the enumeration of boot device diff --git a/Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInit.c b/Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInit.c index 5bbafa6f76..27f7f1be7c 100644 --- a/Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInit.c +++ b/Vlv2TbltDevicePkg/VlvPlatformInitDxe/VlvPlatformInit.c @@ -1,7 +1,7 @@ /*++ -Copyright (c) 1999 - 2017, Intel Corporation. All rights reserved +Copyright (c) 1999 - 2018, Intel Corporation. All rights reserved This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License that accompanies this distribution. @@ -86,9 +86,10 @@ PostPmInitCallBack ( UINT32 HiGTBaseAddress; // - // Enable Bus Master, I/O and Memory access on 0:2:0 + // Enable I/O and Memory access on 0:2:0. + // It's up to GOP driver to enable Bus Master of IGD. // - PciOr8 (PCI_LIB_ADDRESS(0, IGD_DEV, 0,IGD_R_CMD), (BIT2 | BIT1)); + PciOr8 (PCI_LIB_ADDRESS(0, IGD_DEV, 0,IGD_R_CMD), (BIT1)); // // only 32bit read/write is legal for device 0:2:0 @@ -171,9 +172,10 @@ IgdPmHook ( ASSERT (gDS!=NULL); // - // Enable Bus Master, I/O and Memory access on 0:2:0 + // Enable I/O and Memory access on 0:2:0. + // It's up to GOP driver to enable Bus Master of IGD. // - PciOr8(PCI_LIB_ADDRESS(0, IGD_DEV, 0, IGD_R_CMD), (BIT2 | BIT1 | BIT0)); + PciOr8(PCI_LIB_ADDRESS(0, IGD_DEV, 0, IGD_R_CMD), (BIT1 | BIT0)); // // Means Allocate 4MB for GTTMADDR -- 2.14.1.windows.1