* [PATCH edk2-platforms v2 0/4] add MM based UEFI secure boot on SbsaQemu
@ 2021-03-01 5:19 Masahisa Kojima
2021-03-01 5:19 ` [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image Masahisa Kojima
` (3 more replies)
0 siblings, 4 replies; 13+ messages in thread
From: Masahisa Kojima @ 2021-03-01 5:19 UTC (permalink / raw)
To: devel
Cc: Masahisa Kojima, Ard Biesheuvel, Leif Lindholm, Graeme Gregory,
Radoslaw Biernacki, Shashi Mallela
This patch series implment the UEFI secure boot on SbsaQemu.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Graeme Gregory <graeme@nuviainc.com>
Cc: Radoslaw Biernacki <rad@semihalf.com>
Cc: Shashi Mallela <shashi.mallela@linaro.org>
v2:
- get aligned to the tf-a update, it supports 512 cores
and memory map is updated.
Masahisa Kojima (4):
SbsaQemu: Build infrastructure for StandaloneMm image
SbsaQemu: add MM based UEFI secure boot support
SbsaQemu: add standalone MM build instruction
SbsaQemu: fix typo
Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 43 +++--
.../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 171 ++++++++++++++++++
Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 84 ++++++++-
.../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 96 ++++++++++
.../Library/SbsaQemuLib/SbsaQemuLib.inf | 2 +
.../Library/SbsaQemuLib/SbsaQemuMem.c | 37 +++-
Platform/Qemu/SbsaQemu/Readme.md | 37 +++-
7 files changed, 450 insertions(+), 20 deletions(-)
create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
--
2.17.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image
2021-03-01 5:19 [PATCH edk2-platforms v2 0/4] add MM based UEFI secure boot on SbsaQemu Masahisa Kojima
@ 2021-03-01 5:19 ` Masahisa Kojima
2021-03-01 17:05 ` Leif Lindholm
2021-03-01 5:19 ` [PATCH edk2-platforms v2 2/4] SbsaQemu: add MM based UEFI secure boot support Masahisa Kojima
` (2 subsequent siblings)
3 siblings, 1 reply; 13+ messages in thread
From: Masahisa Kojima @ 2021-03-01 5:19 UTC (permalink / raw)
To: devel
Cc: Masahisa Kojima, Ard Biesheuvel, Leif Lindholm, Graeme Gregory,
Radoslaw Biernacki, Shashi Mallela
Add the build infrastructure for compilation of StandaloneMm image.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---
.../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 132 ++++++++++++++++++
Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 6 +-
.../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 93 ++++++++++++
3 files changed, 228 insertions(+), 3 deletions(-)
create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
new file mode 100644
index 000000000000..87f5ee351eaa
--- /dev/null
+++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
@@ -0,0 +1,132 @@
+#
+# Copyright (c) 2020, Linaro Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+################################################################################
+#
+# Defines Section - statements that will be processed to create a Makefile.
+#
+################################################################################
+[Defines]
+ PLATFORM_NAME = SbsaQemuStandaloneMm
+ PLATFORM_GUID = A64CC0F5-7ACD-4975-BBE7-7EF6739C8668
+ PLATFORM_VERSION = 1.0
+ DSC_SPECIFICATION = 0x00010011
+ OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
+ SUPPORTED_ARCHITECTURES = AARCH64
+ BUILD_TARGETS = DEBUG|RELEASE|NOOPT
+ SKUID_IDENTIFIER = DEFAULT
+ FLASH_DEFINITION = Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
+ DEFINE DEBUG_MESSAGE = TRUE
+
+ # LzmaF86
+ DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
+
+################################################################################
+#
+# Library Class section - list of all Library Classes needed by this Platform.
+#
+################################################################################
+[LibraryClasses]
+ #
+ # Basic
+ #
+ BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
+ BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
+ ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
+ FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
+ HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
+ IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
+ MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
+ MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
+ PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+ PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
+ PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
+
+ #
+ # Entry point
+ #
+ StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf
+
+ ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
+ StandaloneMmMmuLib|ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.inf
+ ArmSvcLib|ArmPkg/Library/ArmSvcLib/ArmSvcLib.inf
+ CacheMaintenanceLib|ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
+ PeCoffExtraActionLib|StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/StandaloneMmPeCoffExtraActionLib.inf
+
+ # ARM PL011 UART Driver
+ PL011UartClockLib|ArmPlatformPkg/Library/PL011UartClockLib/PL011UartClockLib.inf
+ PL011UartLib|ArmPlatformPkg/Library/PL011UartLib/PL011UartLib.inf
+ SerialPortLib|ArmPlatformPkg/Library/PL011SerialPortLib/PL011SerialPortLib.inf
+
+ StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf
+
+ #
+ # It is not possible to prevent the ARM compiler for generic intrinsic functions.
+ # This library provides the instrinsic functions generate by a given compiler.
+ # And NULL mean link this library into all ARM images.
+ #
+ NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
+
+[LibraryClasses.common.MM_STANDALONE]
+ HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
+ MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
+ MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
+
+################################################################################
+#
+# Pcd Section - list of all EDK II PCD Entries defined by this Platform
+#
+################################################################################
+[PcdsFixedAtBuild]
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800000CF
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xff
+ gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
+
+ ## PL011 - Serial Terminal
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x60040000
+ gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200
+
+ gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
+
+###################################################################################################
+#
+# Components Section - list of the modules and components that will be processed by compilation
+# tools and the EDK II tools to generate PE32/PE32+/Coff image files.
+#
+# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
+# into firmware volume images. This section is just a list of modules to compile from
+# source into UEFI-compliant binaries.
+# It is the FDF file that contains information on combining binary files into firmware
+# volume images, whose concept is beyond UEFI and is described in PI specification.
+# Binary modules do not need to be listed in this section, as they should be
+# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
+# Logo (Logo.bmp), and etc.
+# There may also be modules listed in this section that are not required in the FDF file,
+# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
+# generated for it, but the binary will not be put into any firmware volume.
+#
+###################################################################################################
+[Components.common]
+ #
+ # MM Core
+ #
+ StandaloneMmPkg/Core/StandaloneMmCore.inf
+ StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+
+###################################################################################################
+#
+# BuildOptions Section - Define the module specific tool chain flags that should be used as
+# the default flags for a module. These flags are appended to any
+# standard flags that are defined by the build process. They can be
+# applied for any modules or only those modules with the specific
+# module style (EDK or EDKII) specified in [Components] section.
+#
+###################################################################################################
+[BuildOptions.AARCH64]
+ GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 -march=armv8-a+nofp
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
index c35e3ed44054..b61ae1891233 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
@@ -21,10 +21,10 @@
[FD.SBSA_FLASH0]
BaseAddress = 0x00000000
-Size = 0x00200000
+Size = 0x00400000
ErasePolarity = 1
BlockSize = 0x00001000
-NumBlocks = 0x200
+NumBlocks = 0x400
################################################################################
#
@@ -47,7 +47,7 @@ [FD.SBSA_FLASH0]
FILE = Platform/Qemu/Sbsa/bl1.bin
# and FIP (BL2 + BL31)
-0x00008000|0x00020000
+0x00008000|0x00300000
FILE = Platform/Qemu/Sbsa/fip.bin
################################################################################
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
new file mode 100644
index 000000000000..a1acefcfb0a7
--- /dev/null
+++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
@@ -0,0 +1,93 @@
+#
+# Copyright (c) 2020, Linaro Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+################################################################################
+#
+# FD Section
+# The [FD] Section is made up of the definition statements and a
+# description of what goes into the Flash Device Image. Each FD section
+# defines one flash "device" image. A flash device image may be one of
+# the following: Removable media bootable image (like a boot floppy
+# image,) an Option ROM image (that would be "flashed" into an add-in
+# card,) a System "Flash" image (that would be burned into a system's
+# flash) or an Update ("Capsule") image that will be used to update and
+# existing system flash.
+#
+################################################################################
+
+[FD.STANDALONE_MM]
+BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
+Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
+ErasePolarity = 1
+
+BlockSize = 0x00001000
+NumBlocks = 0x0e00
+
+0x00000000|0x00280000
+gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize
+FV = FVMAIN_COMPACT
+
+[FV.FVMAIN_COMPACT]
+FvAlignment = 16
+ERASE_POLARITY = 1
+MEMORY_MAPPED = TRUE
+STICKY_WRITE = TRUE
+LOCK_CAP = TRUE
+LOCK_STATUS = TRUE
+WRITE_DISABLED_CAP = TRUE
+WRITE_ENABLED_CAP = TRUE
+WRITE_STATUS = TRUE
+WRITE_LOCK_CAP = TRUE
+WRITE_LOCK_STATUS = TRUE
+READ_DISABLED_CAP = TRUE
+READ_ENABLED_CAP = TRUE
+READ_STATUS = TRUE
+READ_LOCK_CAP = TRUE
+READ_LOCK_STATUS = TRUE
+
+ INF StandaloneMmPkg/Core/StandaloneMmCore.inf
+ INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+
+################################################################################
+#
+# Rules are use with the [FV] section's module INF type to define
+# how an FFS file is created for a given INF file. The following Rule are the default
+# rules for the different module type. User can add the customized rules to define the
+# content of the FFS file.
+#
+################################################################################
+
+
+############################################################################
+# Example of a DXE_DRIVER FFS file with a Checksum encapsulation section #
+############################################################################
+#
+#[Rule.Common.DXE_DRIVER]
+# FILE DRIVER = $(NAMED_GUID) {
+# DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
+# COMPRESS PI_STD {
+# GUIDED {
+# PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
+# UI STRING="$(MODULE_NAME)" Optional
+# VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+# }
+# }
+# }
+#
+############################################################################
+
+[Rule.Common.MM_CORE_STANDALONE]
+ FILE SEC = $(NAMED_GUID) RELOCS_STRIPPED FIXED {
+ PE32 PE32 Align = Auto $(INF_OUTPUT)/$(MODULE_NAME).efi
+ }
+
+[Rule.Common.MM_STANDALONE]
+ FILE MM_STANDALONE = $(NAMED_GUID) {
+ SMM_DEPEX SMM_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
+ PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
+ UI STRING="$(MODULE_NAME)" Optional
+ VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
+ }
--
2.17.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH edk2-platforms v2 2/4] SbsaQemu: add MM based UEFI secure boot support
2021-03-01 5:19 [PATCH edk2-platforms v2 0/4] add MM based UEFI secure boot on SbsaQemu Masahisa Kojima
2021-03-01 5:19 ` [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image Masahisa Kojima
@ 2021-03-01 5:19 ` Masahisa Kojima
2021-03-01 17:22 ` Leif Lindholm
2021-03-01 5:19 ` [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction Masahisa Kojima
2021-03-01 5:19 ` [PATCH edk2-platforms v2 4/4] SbsaQemu: fix typo Masahisa Kojima
3 siblings, 1 reply; 13+ messages in thread
From: Masahisa Kojima @ 2021-03-01 5:19 UTC (permalink / raw)
To: devel
Cc: Masahisa Kojima, Ard Biesheuvel, Leif Lindholm, Graeme Gregory,
Radoslaw Biernacki, Shashi Mallela
This implements support for UEFI secure boot on SbsaQemu using
the standalone MM framework. This moves all of the software handling
of the UEFI authenticated variable store into the standalone MM
context residing in a secure partition.
Secure variable storage is located at 0x01000000 in secure NOR Flash.
Non-secure shared memory between UEFI and standalone MM
is allocated at the top of DRAM.
DRAM size of SbsaQemu varies depends on the QEMU parameter,
the non-secure shared memory base address is passed from
trusted-firmware through the device tree "/reserved-memory" node.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---
Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 43 +++++++---
.../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 39 +++++++++
Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 +++++++++++++++++--
.../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +-
.../Library/SbsaQemuLib/SbsaQemuLib.inf | 2 +
.../Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++-
6 files changed, 190 insertions(+), 20 deletions(-)
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
index c1f8a4696560..a75116ee70fc 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
@@ -28,6 +28,8 @@ [Defines]
DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
+ DEFINE SECURE_BOOT_ENABLE = FALSE
+
#
# Network definition
#
@@ -152,12 +154,10 @@ [LibraryClasses.common]
# Secure Boot dependencies
#
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
- AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
# re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
- VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
@@ -171,6 +171,7 @@ [LibraryClasses.common]
ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
+
NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
@@ -300,6 +301,8 @@ [PcdsFeatureFlag.common]
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
+
[PcdsFixedAtBuild.common]
gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000
gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000
@@ -551,6 +554,9 @@ [PcdsDynamicDefault.common]
gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisAssetTag|L"AT0000"
gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisSKU|L"SK0000"
+ gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000
+ gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000
+
################################################################################
#
# Components Section - list of all EDK II Modules needed by this Platform
@@ -604,7 +610,6 @@ [Components.common]
ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
ArmPkg/Drivers/CpuPei/CpuPei.inf
-
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
@@ -628,24 +633,40 @@ [Components.common]
#
ArmPkg/Drivers/CpuDxe/CpuDxe.inf
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
- <LibraryClasses>
- NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
- # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
- BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
- }
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
<LibraryClasses>
+!if $(SECURE_BOOT_ENABLE) == TRUE
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+!endif
}
- SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
+ #
+ # Variable services
+ #
+!if $(SECURE_BOOT_ENABLE) == FALSE
+ MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
+ <LibraryClasses>
+ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+ VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
+ BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+ }
+!else
+ ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf {
+ <LibraryClasses>
+ NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
+ }
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
index 87f5ee351eaa..b80379acd1ad 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
+++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
@@ -77,6 +77,18 @@ [LibraryClasses.common.MM_STANDALONE]
HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+ SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
+ TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
+ VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
+ ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf
################################################################################
#
@@ -94,6 +106,20 @@ [PcdsFixedAtBuild]
gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
+ gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000
+ gArmTokenSpaceGuid.PcdFdSize|0x000C0000
+
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
+
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000
+
###################################################################################################
#
# Components Section - list of the modules and components that will be processed by compilation
@@ -118,6 +144,19 @@ [Components.common]
#
StandaloneMmPkg/Core/StandaloneMmCore.inf
StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
+ ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
+ MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
+
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
+ <LibraryClasses>
+ DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
+ # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
+ BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+ VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
+ VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
+ }
###################################################################################################
#
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
index b61ae1891233..a46a47063ccc 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
@@ -21,10 +21,10 @@
[FD.SBSA_FLASH0]
BaseAddress = 0x00000000
-Size = 0x00400000
+Size = 0x01100000
ErasePolarity = 1
BlockSize = 0x00001000
-NumBlocks = 0x400
+NumBlocks = 0x1100
################################################################################
#
@@ -50,6 +50,66 @@ [FD.SBSA_FLASH0]
0x00008000|0x00300000
FILE = Platform/Qemu/Sbsa/fip.bin
+!if $(SECURE_BOOT_ENABLE)
+## Place for Secure Variables.
+# Must be aligned to Flash Block size 0x40000
+0x01000000|0x00040000
+gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
+#NV_VARIABLE_STORE
+DATA = {
+ ## This is the EFI_FIRMWARE_VOLUME_HEADER
+ # ZeroVector []
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ # FileSystemGuid: gEfiSystemNvDataFvGuid =
+ # { 0xFFF12B8D, 0x7696, 0x4C8B,
+ # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }}
+ 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C,
+ 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50,
+ # FvLength: 0xC0000
+ 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
+ # Signature "_FVH" # Attributes
+ 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00,
+ # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision
+ 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02,
+ # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block
+ 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
+ # Blockmap[1]: End
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ ## This is the VARIABLE_STORE_HEADER
+ # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
+ # Signature: gEfiAuthenticatedVariableGuid =
+ # { 0xaaf32c78, 0x947b, 0x439a,
+ # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
+ 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+ 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+ # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
+ # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8
+ # This can speed up the Variable Dispatch a bit.
+ 0xB8, 0xFF, 0x03, 0x00,
+ # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32
+ 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+}
+
+0x01040000|0x00040000
+gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
+#NV_FTW_WORKING
+DATA = {
+ # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid =
+ # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }}
+ 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49,
+ 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95,
+ # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved
+ 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF,
+ # WriteQueueSize: UINT64
+ 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00
+}
+
+0x01080000|0x00040000
+gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
+#NV_FTW_SPARE
+!endif
+
################################################################################
#
# FD Section for FLASH1
@@ -169,15 +229,25 @@ [FV.FvMain]
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
- INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
- INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
- INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+ #
+ # Variable services
+ #
+!if $(SECURE_BOOT_ENABLE) == FALSE
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
+ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
+ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+!else
+ INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
+ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!endif
+
#
# Multiple Console IO support
#
@@ -189,7 +259,6 @@ [FV.FvMain]
INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
- INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
#
@@ -294,6 +363,7 @@ [FV.FVMAIN_COMPACT]
INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
INF ArmPkg/Drivers/CpuPei/CpuPei.inf
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
+
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
# IDE/AHCI Support
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
index a1acefcfb0a7..dbe1555c68f2 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
+++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
@@ -19,8 +19,8 @@
################################################################################
[FD.STANDALONE_MM]
-BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
-Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
+BaseAddress = 0x20002000
+Size = 0x00e00000
ErasePolarity = 1
BlockSize = 0x00001000
@@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT]
READ_LOCK_STATUS = TRUE
INF StandaloneMmPkg/Core/StandaloneMmCore.inf
+ INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
+ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
+ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
################################################################################
diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
index c067a80cc715..1d7f12202ecc 100644
--- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
+++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
@@ -40,6 +40,8 @@ [Pcd]
gArmTokenSpaceGuid.PcdSystemMemoryBase
gArmTokenSpaceGuid.PcdSystemMemorySize
gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress
+ gArmTokenSpaceGuid.PcdMmBufferBase
+ gArmTokenSpaceGuid.PcdMmBufferSize
[FixedPcd]
gArmTokenSpaceGuid.PcdFdBaseAddress
diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
index 8c2eb0b6a028..fa164ff455f5 100644
--- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
+++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
@@ -25,15 +25,20 @@ SbsaQemuLibConstructor (
{
VOID *DeviceTreeBase;
INT32 Node, Prev;
- UINT64 NewBase, CurBase;
+ UINT64 NewBase, CurBase, NsBufBase;
UINT64 NewSize, CurSize;
+ UINT32 NsBufSize;
CONST CHAR8 *Type;
INT32 Len;
CONST UINT64 *RegProp;
RETURN_STATUS PcdStatus;
+ INT32 ParentOffset;
+ INT32 Offset;
NewBase = 0;
NewSize = 0;
+ NsBufBase = 0;
+ NsBufSize = 0;
DeviceTreeBase = (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress);
ASSERT (DeviceTreeBase != NULL);
@@ -73,9 +78,39 @@ SbsaQemuLibConstructor (
}
}
+ // StandaloneMM non-secure shared buffer is allocated at the top of
+ // the system memory by trusted-firmware using "/reserved-memory" node.
+ ParentOffset = fdt_path_offset(DeviceTreeBase, "/reserved-memory");
+ if (ParentOffset < 0) {
+ DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n",
+ __FUNCTION__));
+ }
+ Offset = fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-mm");
+ if (Offset < 0) {
+ DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n",
+ __FUNCTION__));
+ }
+ // Get the 'reg' property of this node. 8 byte quantities for base address
+ // and 4 byte quantities for size.
+ RegProp = fdt_getprop (DeviceTreeBase, Offset, "reg", &Len);
+ if (RegProp != 0 && Len == (sizeof (UINT64) + sizeof(UINT32))) {
+ NsBufBase = fdt64_to_cpu (ReadUnaligned64 (RegProp));
+ NsBufSize = fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1)));
+
+ DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n",
+ __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1));
+ } else {
+ DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len %d\n",
+ __FUNCTION__, Len));
+ }
+
+ NewSize -= NsBufSize;
+
// Make sure the start of DRAM matches our expectation
ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase);
PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize);
+ PcdStatus = PcdSet64S (PcdMmBufferBase, NsBufBase);
+ PcdStatus = PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize);
ASSERT_RETURN_ERROR (PcdStatus);
return RETURN_SUCCESS;
--
2.17.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction
2021-03-01 5:19 [PATCH edk2-platforms v2 0/4] add MM based UEFI secure boot on SbsaQemu Masahisa Kojima
2021-03-01 5:19 ` [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image Masahisa Kojima
2021-03-01 5:19 ` [PATCH edk2-platforms v2 2/4] SbsaQemu: add MM based UEFI secure boot support Masahisa Kojima
@ 2021-03-01 5:19 ` Masahisa Kojima
2021-03-01 17:23 ` Leif Lindholm
2021-03-01 5:19 ` [PATCH edk2-platforms v2 4/4] SbsaQemu: fix typo Masahisa Kojima
3 siblings, 1 reply; 13+ messages in thread
From: Masahisa Kojima @ 2021-03-01 5:19 UTC (permalink / raw)
To: devel
Cc: Masahisa Kojima, Ard Biesheuvel, Leif Lindholm, Graeme Gregory,
Radoslaw Biernacki, Shashi Mallela
This commit adds the standalone MM build instruction
to enable UEFI secure boot.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---
Platform/Qemu/SbsaQemu/Readme.md | 35 ++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md
index 63786d9d0fd3..cdee8b41507e 100644
--- a/Platform/Qemu/SbsaQemu/Readme.md
+++ b/Platform/Qemu/SbsaQemu/Readme.md
@@ -104,6 +104,41 @@ Create a directory $WORKSPACE that would hold source code of the components.
truncate -s 256M SBSA_FLASH[01].fd
```
+## Build UEFI with standalone MM based UEFI secure boot
+
+1. Compile standalone MM image
+
+ ```
+ cd $WORKSPACE
+ build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMM.dsc
+ ```
+
+2. Compile TF-A with BL32(Secure Payload)
+
+ Detailed build instructions can be found on the following link:
+ https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu-sbsa.rst
+
+ Then copy `bl1.bin` and `fip.bin` to the the edk2-non-osi directory:
+
+3. Compile UEFI with UEFI secure boot enabled
+
+ ```
+ cd $WORKSPACE
+ build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc -DSECURE_BOOT_ENABLE=TRUE
+ ```
+
+ Copy SBSA_FLASH0.fd and SBSA_FLASH1.fd to top $WORKSPACE directory.
+ Then extend the file size to match the machine flash size.
+ ```
+ cp Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH[01].fd .
+ truncate -s 256M SBSA_FLASH[01].fd
+ ```
+
+ To keep the UEFI variable storage after the succeeding build, use `dd` instead of `cp`.
+ ```
+ dd if=./Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH0.fd of=./SBSA_FLASH0.fd conv=notrunc bs=2M count=8
+ ```
+
# Running
The resulting SBSA_FLASH0.fd file will contain Secure flash0 image (TF-A code).
--
2.17.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH edk2-platforms v2 4/4] SbsaQemu: fix typo
2021-03-01 5:19 [PATCH edk2-platforms v2 0/4] add MM based UEFI secure boot on SbsaQemu Masahisa Kojima
` (2 preceding siblings ...)
2021-03-01 5:19 ` [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction Masahisa Kojima
@ 2021-03-01 5:19 ` Masahisa Kojima
2021-03-01 17:24 ` Leif Lindholm
3 siblings, 1 reply; 13+ messages in thread
From: Masahisa Kojima @ 2021-03-01 5:19 UTC (permalink / raw)
To: devel
Cc: Masahisa Kojima, Ard Biesheuvel, Leif Lindholm, Graeme Gregory,
Radoslaw Biernacki, Shashi Mallela
Fix typo in Readme.md
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---
Platform/Qemu/SbsaQemu/Readme.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md
index cdee8b41507e..abee24df0e9d 100644
--- a/Platform/Qemu/SbsaQemu/Readme.md
+++ b/Platform/Qemu/SbsaQemu/Readme.md
@@ -97,7 +97,7 @@ Create a directory $WORKSPACE that would hold source code of the components.
cd $WORKSPACE
build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
```
- Copy SBSA_FLASH0.fd and SBSA_FLASH0.fd to top $WORKSPACE directory.
+ Copy SBSA_FLASH0.fd and SBSA_FLASH1.fd to top $WORKSPACE directory.
Then extend the file size to match the machine flash size.
```
cp Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH[01].fd .
--
2.17.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image
2021-03-01 5:19 ` [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image Masahisa Kojima
@ 2021-03-01 17:05 ` Leif Lindholm
2021-03-02 12:45 ` Masahisa Kojima
0 siblings, 1 reply; 13+ messages in thread
From: Leif Lindholm @ 2021-03-01 17:05 UTC (permalink / raw)
To: Masahisa Kojima
Cc: devel, Ard Biesheuvel, Graeme Gregory, Radoslaw Biernacki,
Shashi Mallela
On Mon, Mar 01, 2021 at 14:19:49 +0900, Masahisa Kojima wrote:
> Add the build infrastructure for compilation of StandaloneMm image.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 132 ++++++++++++++++++
Please use --stat=1000 --stat-graph-width=20 when generating patches.
> Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 6 +-
It is not immediately obvious to me why the pre-existing
SbsaQemuStandaloneMm.dsc needs to change. Is this something that can
be clarified in commit message?
Best Regards,
Leif
> .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 93 ++++++++++++
> 3 files changed, 228 insertions(+), 3 deletions(-)
> create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
>
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> new file mode 100644
> index 000000000000..87f5ee351eaa
> --- /dev/null
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> @@ -0,0 +1,132 @@
> +#
> +# Copyright (c) 2020, Linaro Limited. All rights reserved.
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +
> +################################################################################
> +#
> +# Defines Section - statements that will be processed to create a Makefile.
> +#
> +################################################################################
> +[Defines]
> + PLATFORM_NAME = SbsaQemuStandaloneMm
> + PLATFORM_GUID = A64CC0F5-7ACD-4975-BBE7-7EF6739C8668
> + PLATFORM_VERSION = 1.0
> + DSC_SPECIFICATION = 0x00010011
> + OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
> + SUPPORTED_ARCHITECTURES = AARCH64
> + BUILD_TARGETS = DEBUG|RELEASE|NOOPT
> + SKUID_IDENTIFIER = DEFAULT
> + FLASH_DEFINITION = Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> + DEFINE DEBUG_MESSAGE = TRUE
> +
> + # LzmaF86
> + DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
> +
> +################################################################################
> +#
> +# Library Class section - list of all Library Classes needed by this Platform.
> +#
> +################################################################################
> +[LibraryClasses]
> + #
> + # Basic
> + #
> + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
> + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
> + ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
> + FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
> + HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
> + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
> + MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
> + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
> + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
> + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
> + ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
> +
> + #
> + # Entry point
> + #
> + StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf
> +
> + ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
> + StandaloneMmMmuLib|ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.inf
> + ArmSvcLib|ArmPkg/Library/ArmSvcLib/ArmSvcLib.inf
> + CacheMaintenanceLib|ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
> + PeCoffExtraActionLib|StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/StandaloneMmPeCoffExtraActionLib.inf
> +
> + # ARM PL011 UART Driver
> + PL011UartClockLib|ArmPlatformPkg/Library/PL011UartClockLib/PL011UartClockLib.inf
> + PL011UartLib|ArmPlatformPkg/Library/PL011UartLib/PL011UartLib.inf
> + SerialPortLib|ArmPlatformPkg/Library/PL011SerialPortLib/PL011SerialPortLib.inf
> +
> + StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf
> +
> + #
> + # It is not possible to prevent the ARM compiler for generic intrinsic functions.
> + # This library provides the instrinsic functions generate by a given compiler.
> + # And NULL mean link this library into all ARM images.
> + #
> + NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
> +
> +[LibraryClasses.common.MM_STANDALONE]
> + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> +
> +################################################################################
> +#
> +# Pcd Section - list of all EDK II PCD Entries defined by this Platform
> +#
> +################################################################################
> +[PcdsFixedAtBuild]
> + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800000CF
> + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xff
> + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
> +
> + ## PL011 - Serial Terminal
> + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x60040000
> + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200
> +
> + gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
> +
> +###################################################################################################
> +#
> +# Components Section - list of the modules and components that will be processed by compilation
> +# tools and the EDK II tools to generate PE32/PE32+/Coff image files.
> +#
> +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
> +# into firmware volume images. This section is just a list of modules to compile from
> +# source into UEFI-compliant binaries.
> +# It is the FDF file that contains information on combining binary files into firmware
> +# volume images, whose concept is beyond UEFI and is described in PI specification.
> +# Binary modules do not need to be listed in this section, as they should be
> +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
> +# Logo (Logo.bmp), and etc.
> +# There may also be modules listed in this section that are not required in the FDF file,
> +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
> +# generated for it, but the binary will not be put into any firmware volume.
> +#
> +###################################################################################################
> +[Components.common]
> + #
> + # MM Core
> + #
> + StandaloneMmPkg/Core/StandaloneMmCore.inf
> + StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> +
> +###################################################################################################
> +#
> +# BuildOptions Section - Define the module specific tool chain flags that should be used as
> +# the default flags for a module. These flags are appended to any
> +# standard flags that are defined by the build process. They can be
> +# applied for any modules or only those modules with the specific
> +# module style (EDK or EDKII) specified in [Components] section.
> +#
> +###################################################################################################
> +[BuildOptions.AARCH64]
> + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 -march=armv8-a+nofp
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> index c35e3ed44054..b61ae1891233 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> @@ -21,10 +21,10 @@
>
> [FD.SBSA_FLASH0]
> BaseAddress = 0x00000000
> -Size = 0x00200000
> +Size = 0x00400000
> ErasePolarity = 1
> BlockSize = 0x00001000
> -NumBlocks = 0x200
> +NumBlocks = 0x400
>
> ################################################################################
> #
> @@ -47,7 +47,7 @@ [FD.SBSA_FLASH0]
> FILE = Platform/Qemu/Sbsa/bl1.bin
>
> # and FIP (BL2 + BL31)
> -0x00008000|0x00020000
> +0x00008000|0x00300000
> FILE = Platform/Qemu/Sbsa/fip.bin
>
> ################################################################################
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> new file mode 100644
> index 000000000000..a1acefcfb0a7
> --- /dev/null
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> @@ -0,0 +1,93 @@
> +#
> +# Copyright (c) 2020, Linaro Limited. All rights reserved.
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +
> +################################################################################
> +#
> +# FD Section
> +# The [FD] Section is made up of the definition statements and a
> +# description of what goes into the Flash Device Image. Each FD section
> +# defines one flash "device" image. A flash device image may be one of
> +# the following: Removable media bootable image (like a boot floppy
> +# image,) an Option ROM image (that would be "flashed" into an add-in
> +# card,) a System "Flash" image (that would be burned into a system's
> +# flash) or an Update ("Capsule") image that will be used to update and
> +# existing system flash.
> +#
> +################################################################################
> +
> +[FD.STANDALONE_MM]
> +BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
> +Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
> +ErasePolarity = 1
> +
> +BlockSize = 0x00001000
> +NumBlocks = 0x0e00
> +
> +0x00000000|0x00280000
> +gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize
> +FV = FVMAIN_COMPACT
> +
> +[FV.FVMAIN_COMPACT]
> +FvAlignment = 16
> +ERASE_POLARITY = 1
> +MEMORY_MAPPED = TRUE
> +STICKY_WRITE = TRUE
> +LOCK_CAP = TRUE
> +LOCK_STATUS = TRUE
> +WRITE_DISABLED_CAP = TRUE
> +WRITE_ENABLED_CAP = TRUE
> +WRITE_STATUS = TRUE
> +WRITE_LOCK_CAP = TRUE
> +WRITE_LOCK_STATUS = TRUE
> +READ_DISABLED_CAP = TRUE
> +READ_ENABLED_CAP = TRUE
> +READ_STATUS = TRUE
> +READ_LOCK_CAP = TRUE
> +READ_LOCK_STATUS = TRUE
> +
> + INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> + INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> +
> +################################################################################
> +#
> +# Rules are use with the [FV] section's module INF type to define
> +# how an FFS file is created for a given INF file. The following Rule are the default
> +# rules for the different module type. User can add the customized rules to define the
> +# content of the FFS file.
> +#
> +################################################################################
> +
> +
> +############################################################################
> +# Example of a DXE_DRIVER FFS file with a Checksum encapsulation section #
> +############################################################################
> +#
> +#[Rule.Common.DXE_DRIVER]
> +# FILE DRIVER = $(NAMED_GUID) {
> +# DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
> +# COMPRESS PI_STD {
> +# GUIDED {
> +# PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
> +# UI STRING="$(MODULE_NAME)" Optional
> +# VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
> +# }
> +# }
> +# }
> +#
> +############################################################################
> +
> +[Rule.Common.MM_CORE_STANDALONE]
> + FILE SEC = $(NAMED_GUID) RELOCS_STRIPPED FIXED {
> + PE32 PE32 Align = Auto $(INF_OUTPUT)/$(MODULE_NAME).efi
> + }
> +
> +[Rule.Common.MM_STANDALONE]
> + FILE MM_STANDALONE = $(NAMED_GUID) {
> + SMM_DEPEX SMM_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
> + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
> + UI STRING="$(MODULE_NAME)" Optional
> + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
> + }
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH edk2-platforms v2 2/4] SbsaQemu: add MM based UEFI secure boot support
2021-03-01 5:19 ` [PATCH edk2-platforms v2 2/4] SbsaQemu: add MM based UEFI secure boot support Masahisa Kojima
@ 2021-03-01 17:22 ` Leif Lindholm
2021-03-03 6:35 ` Masahisa Kojima
0 siblings, 1 reply; 13+ messages in thread
From: Leif Lindholm @ 2021-03-01 17:22 UTC (permalink / raw)
To: Masahisa Kojima
Cc: devel, Ard Biesheuvel, Graeme Gregory, Radoslaw Biernacki,
Shashi Mallela
On Mon, Mar 01, 2021 at 14:19:50 +0900, Masahisa Kojima wrote:
> This implements support for UEFI secure boot on SbsaQemu using
> the standalone MM framework. This moves all of the software handling
> of the UEFI authenticated variable store into the standalone MM
> context residing in a secure partition.
>
> Secure variable storage is located at 0x01000000 in secure NOR Flash.
>
> Non-secure shared memory between UEFI and standalone MM
> is allocated at the top of DRAM.
> DRAM size of SbsaQemu varies depends on the QEMU parameter,
> the non-secure shared memory base address is passed from
> trusted-firmware through the device tree "/reserved-memory" node.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 43 +++++++---
> .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 39 +++++++++
> Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 +++++++++++++++++--
> .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +-
> .../Library/SbsaQemuLib/SbsaQemuLib.inf | 2 +
> .../Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++-
> 6 files changed, 190 insertions(+), 20 deletions(-)
>
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> index c1f8a4696560..a75116ee70fc 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> @@ -28,6 +28,8 @@ [Defines]
>
> DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
>
> + DEFINE SECURE_BOOT_ENABLE = FALSE
> +
> #
> # Network definition
> #
> @@ -152,12 +154,10 @@ [LibraryClasses.common]
> # Secure Boot dependencies
> #
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>
> # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
> PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
>
> - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>
> @@ -171,6 +171,7 @@ [LibraryClasses.common]
> ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
>
> TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
> +
This blank line is added for no apparent reason.
> NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
>
> CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
> @@ -300,6 +301,8 @@ [PcdsFeatureFlag.common]
> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
>
> + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
> +
> [PcdsFixedAtBuild.common]
> gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000
> gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000
> @@ -551,6 +554,9 @@ [PcdsDynamicDefault.common]
> gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisAssetTag|L"AT0000"
> gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisSKU|L"SK0000"
>
> + gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000
> + gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000
> +
> ################################################################################
> #
> # Components Section - list of all EDK II Modules needed by this Platform
> @@ -604,7 +610,6 @@ [Components.common]
> ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
> ArmPkg/Drivers/CpuPei/CpuPei.inf
>
> -
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
> <LibraryClasses>
> NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
> @@ -628,24 +633,40 @@ [Components.common]
> #
> ArmPkg/Drivers/CpuDxe/CpuDxe.inf
> MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> - <LibraryClasses>
> - NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> - # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> - BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> - }
> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
> <LibraryClasses>
> +!if $(SECURE_BOOT_ENABLE) == TRUE
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> +!endif
> }
> - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
> EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
> EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
>
> + #
> + # Variable services
> + #
> +!if $(SECURE_BOOT_ENABLE) == FALSE
> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> + <LibraryClasses>
> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
Would this diff be neater if this if statement moved up to the
original location of the
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
stanza?
> + }
> +!else
> + ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf {
> + <LibraryClasses>
> + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
> + }
> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> +!endif
> +
> MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
> MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
> MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> index 87f5ee351eaa..b80379acd1ad 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> @@ -77,6 +77,18 @@ [LibraryClasses.common.MM_STANDALONE]
> HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> + NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
> + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
> + TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
> + ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf
>
> ################################################################################
> #
> @@ -94,6 +106,20 @@ [PcdsFixedAtBuild]
>
> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
>
> + gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000
> + gArmTokenSpaceGuid.PcdFdSize|0x000C0000
> +
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> +
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000
> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000
> +
> ###################################################################################################
> #
> # Components Section - list of the modules and components that will be processed by compilation
> @@ -118,6 +144,19 @@ [Components.common]
> #
> StandaloneMmPkg/Core/StandaloneMmCore.inf
> StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> +
> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
> + <LibraryClasses>
> + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> + }
>
> ###################################################################################################
> #
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> index b61ae1891233..a46a47063ccc 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> @@ -21,10 +21,10 @@
>
> [FD.SBSA_FLASH0]
> BaseAddress = 0x00000000
> -Size = 0x00400000
> +Size = 0x01100000
> ErasePolarity = 1
> BlockSize = 0x00001000
> -NumBlocks = 0x400
> +NumBlocks = 0x1100
>
> ################################################################################
> #
> @@ -50,6 +50,66 @@ [FD.SBSA_FLASH0]
> 0x00008000|0x00300000
> FILE = Platform/Qemu/Sbsa/fip.bin
>
> +!if $(SECURE_BOOT_ENABLE)
> +## Place for Secure Variables.
> +# Must be aligned to Flash Block size 0x40000
> +0x01000000|0x00040000
> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
> +#NV_VARIABLE_STORE
> +DATA = {
> + ## This is the EFI_FIRMWARE_VOLUME_HEADER
> + # ZeroVector []
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + # FileSystemGuid: gEfiSystemNvDataFvGuid =
> + # { 0xFFF12B8D, 0x7696, 0x4C8B,
> + # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }}
> + 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C,
> + 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50,
> + # FvLength: 0xC0000
> + 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
> + # Signature "_FVH" # Attributes
> + 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00,
> + # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision
> + 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02,
> + # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block
> + 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
> + # Blockmap[1]: End
> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> + ## This is the VARIABLE_STORE_HEADER
> + # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
> + # Signature: gEfiAuthenticatedVariableGuid =
> + # { 0xaaf32c78, 0x947b, 0x439a,
> + # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
> + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
> + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
> + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
> + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8
> + # This can speed up the Variable Dispatch a bit.
> + 0xB8, 0xFF, 0x03, 0x00,
> + # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32
> + 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
> +}
> +
> +0x01040000|0x00040000
> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
> +#NV_FTW_WORKING
> +DATA = {
> + # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid =
> + # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }}
> + 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49,
> + 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95,
> + # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved
> + 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF,
> + # WriteQueueSize: UINT64
> + 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00
> +}
> +
> +0x01080000|0x00040000
> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
> +#NV_FTW_SPARE
> +!endif
> +
> ################################################################################
> #
> # FD Section for FLASH1
> @@ -169,15 +229,25 @@ [FV.FvMain]
> INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> - INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
> INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
> INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
> INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
>
> + #
> + # Variable services
> + #
> +!if $(SECURE_BOOT_ENABLE) == FALSE
> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> +!else
> + INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> +!endif
> +
> #
> # Multiple Console IO support
> #
> @@ -189,7 +259,6 @@ [FV.FvMain]
>
> INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
> INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
> - INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
> INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
>
> #
> @@ -294,6 +363,7 @@ [FV.FVMAIN_COMPACT]
> INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
> INF ArmPkg/Drivers/CpuPei/CpuPei.inf
> INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
> +
Another spuriously added blank line.
> INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
>
> # IDE/AHCI Support
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> index a1acefcfb0a7..dbe1555c68f2 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> @@ -19,8 +19,8 @@
> ################################################################################
>
> [FD.STANDALONE_MM]
> -BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
> -Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
> +BaseAddress = 0x20002000
> +Size = 0x00e00000
> ErasePolarity = 1
>
> BlockSize = 0x00001000
> @@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT]
> READ_LOCK_STATUS = TRUE
>
> INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
>
> ################################################################################
> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> index c067a80cc715..1d7f12202ecc 100644
> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> @@ -40,6 +40,8 @@ [Pcd]
> gArmTokenSpaceGuid.PcdSystemMemoryBase
> gArmTokenSpaceGuid.PcdSystemMemorySize
> gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress
> + gArmTokenSpaceGuid.PcdMmBufferBase
> + gArmTokenSpaceGuid.PcdMmBufferSize
>
> [FixedPcd]
> gArmTokenSpaceGuid.PcdFdBaseAddress
> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> index 8c2eb0b6a028..fa164ff455f5 100644
> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> @@ -25,15 +25,20 @@ SbsaQemuLibConstructor (
> {
> VOID *DeviceTreeBase;
> INT32 Node, Prev;
> - UINT64 NewBase, CurBase;
> + UINT64 NewBase, CurBase, NsBufBase;
> UINT64 NewSize, CurSize;
> + UINT32 NsBufSize;
> CONST CHAR8 *Type;
> INT32 Len;
> CONST UINT64 *RegProp;
> RETURN_STATUS PcdStatus;
> + INT32 ParentOffset;
> + INT32 Offset;
>
> NewBase = 0;
> NewSize = 0;
> + NsBufBase = 0;
> + NsBufSize = 0;
>
> DeviceTreeBase = (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress);
> ASSERT (DeviceTreeBase != NULL);
> @@ -73,9 +78,39 @@ SbsaQemuLibConstructor (
> }
> }
>
> + // StandaloneMM non-secure shared buffer is allocated at the top of
> + // the system memory by trusted-firmware using "/reserved-memory" node.
> + ParentOffset = fdt_path_offset(DeviceTreeBase, "/reserved-memory");
> + if (ParentOffset < 0) {
> + DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n",
> + __FUNCTION__));
> + }
> + Offset = fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-mm");
> + if (Offset < 0) {
> + DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n",
> + __FUNCTION__));
> + }
> + // Get the 'reg' property of this node. 8 byte quantities for base address
> + // and 4 byte quantities for size.
> + RegProp = fdt_getprop (DeviceTreeBase, Offset, "reg", &Len);
> + if (RegProp != 0 && Len == (sizeof (UINT64) + sizeof(UINT32))) {
> + NsBufBase = fdt64_to_cpu (ReadUnaligned64 (RegProp));
> + NsBufSize = fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1)));
> +
> + DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n",
> + __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1));
> + } else {
> + DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len %d\n",
> + __FUNCTION__, Len));
> + }
Could the above device-tree parsing be moved to a helper function in
Silicon/Qemu/SbsaQemu/Library/FdtHelperLib/ ?
(Yes, I should also move the memory node parsing there, but it wasn't
quite worth creating the library just for that before.)
Best Regards,
Leif
> +
> + NewSize -= NsBufSize;
> +
> // Make sure the start of DRAM matches our expectation
> ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase);
> PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize);
> + PcdStatus = PcdSet64S (PcdMmBufferBase, NsBufBase);
> + PcdStatus = PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize);
> ASSERT_RETURN_ERROR (PcdStatus);
>
> return RETURN_SUCCESS;
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction
2021-03-01 5:19 ` [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction Masahisa Kojima
@ 2021-03-01 17:23 ` Leif Lindholm
0 siblings, 0 replies; 13+ messages in thread
From: Leif Lindholm @ 2021-03-01 17:23 UTC (permalink / raw)
To: Masahisa Kojima
Cc: devel, Ard Biesheuvel, Graeme Gregory, Radoslaw Biernacki,
Shashi Mallela
On Mon, Mar 01, 2021 at 14:19:51 +0900, Masahisa Kojima wrote:
> This commit adds the standalone MM build instruction
> to enable UEFI secure boot.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
> Platform/Qemu/SbsaQemu/Readme.md | 35 ++++++++++++++++++++++++++++++++
> 1 file changed, 35 insertions(+)
>
> diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md
> index 63786d9d0fd3..cdee8b41507e 100644
> --- a/Platform/Qemu/SbsaQemu/Readme.md
> +++ b/Platform/Qemu/SbsaQemu/Readme.md
> @@ -104,6 +104,41 @@ Create a directory $WORKSPACE that would hold source code of the components.
> truncate -s 256M SBSA_FLASH[01].fd
> ```
>
> +## Build UEFI with standalone MM based UEFI secure boot
> +
> +1. Compile standalone MM image
> +
> + ```
> + cd $WORKSPACE
> + build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMM.dsc
> + ```
> +
> +2. Compile TF-A with BL32(Secure Payload)
> +
> + Detailed build instructions can be found on the following link:
> + https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu-sbsa.rst
> +
> + Then copy `bl1.bin` and `fip.bin` to the the edk2-non-osi directory:
> +
> +3. Compile UEFI with UEFI secure boot enabled
Suggest replacing the first UEFI on line above with "EDK2".
/
Leif
> +
> + ```
> + cd $WORKSPACE
> + build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc -DSECURE_BOOT_ENABLE=TRUE
> + ```
> +
> + Copy SBSA_FLASH0.fd and SBSA_FLASH1.fd to top $WORKSPACE directory.
> + Then extend the file size to match the machine flash size.
> + ```
> + cp Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH[01].fd .
> + truncate -s 256M SBSA_FLASH[01].fd
> + ```
> +
> + To keep the UEFI variable storage after the succeeding build, use `dd` instead of `cp`.
> + ```
> + dd if=./Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH0.fd of=./SBSA_FLASH0.fd conv=notrunc bs=2M count=8
> + ```
> +
> # Running
>
> The resulting SBSA_FLASH0.fd file will contain Secure flash0 image (TF-A code).
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH edk2-platforms v2 4/4] SbsaQemu: fix typo
2021-03-01 5:19 ` [PATCH edk2-platforms v2 4/4] SbsaQemu: fix typo Masahisa Kojima
@ 2021-03-01 17:24 ` Leif Lindholm
0 siblings, 0 replies; 13+ messages in thread
From: Leif Lindholm @ 2021-03-01 17:24 UTC (permalink / raw)
To: Masahisa Kojima
Cc: devel, Ard Biesheuvel, Graeme Gregory, Radoslaw Biernacki,
Shashi Mallela
On Mon, Mar 01, 2021 at 14:19:52 +0900, Masahisa Kojima wrote:
> Fix typo in Readme.md
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Leif Lindholm <leif@nuviainc.com>
> ---
> Platform/Qemu/SbsaQemu/Readme.md | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/Platform/Qemu/SbsaQemu/Readme.md b/Platform/Qemu/SbsaQemu/Readme.md
> index cdee8b41507e..abee24df0e9d 100644
> --- a/Platform/Qemu/SbsaQemu/Readme.md
> +++ b/Platform/Qemu/SbsaQemu/Readme.md
> @@ -97,7 +97,7 @@ Create a directory $WORKSPACE that would hold source code of the components.
> cd $WORKSPACE
> build -b RELEASE -a AARCH64 -t GCC5 -p edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> ```
> - Copy SBSA_FLASH0.fd and SBSA_FLASH0.fd to top $WORKSPACE directory.
> + Copy SBSA_FLASH0.fd and SBSA_FLASH1.fd to top $WORKSPACE directory.
> Then extend the file size to match the machine flash size.
> ```
> cp Build/SbsaQemu/RELEASE_GCC5/FV/SBSA_FLASH[01].fd .
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image
2021-03-01 17:05 ` Leif Lindholm
@ 2021-03-02 12:45 ` Masahisa Kojima
2021-03-02 14:13 ` Leif Lindholm
0 siblings, 1 reply; 13+ messages in thread
From: Masahisa Kojima @ 2021-03-02 12:45 UTC (permalink / raw)
To: Leif Lindholm
Cc: edk2-devel-groups-io, Ard Biesheuvel, Graeme Gregory,
Radoslaw Biernacki, Shashi Mallela
Hi Leif,
Thank you for you comments.
On Tue, 2 Mar 2021 at 02:05, Leif Lindholm <leif@nuviainc.com> wrote:
>
> On Mon, Mar 01, 2021 at 14:19:49 +0900, Masahisa Kojima wrote:
> > Add the build infrastructure for compilation of StandaloneMm image.
> >
> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> > ---
> > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 132 ++++++++++++++++++
>
> Please use --stat=1000 --stat-graph-width=20 when generating patches.
Sorry I forgot to add these options, will be included in the next version.
>
> > Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 6 +-
>
> It is not immediately obvious to me why the pre-existing
> SbsaQemuStandaloneMm.dsc needs to change. Is this something that can
> be clarified in commit message?
I probably does not understand your comment correctly, but
SbsaQemuStandaloneMm.dsc
is newly created file with this commit.
Thanks,
Masahisa
>
> Best Regards,
>
> Leif
>
> > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 93 ++++++++++++
> > 3 files changed, 228 insertions(+), 3 deletions(-)
> > create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> >
> > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > new file mode 100644
> > index 000000000000..87f5ee351eaa
> > --- /dev/null
> > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > @@ -0,0 +1,132 @@
> > +#
> > +# Copyright (c) 2020, Linaro Limited. All rights reserved.
> > +#
> > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > +#
> > +
> > +################################################################################
> > +#
> > +# Defines Section - statements that will be processed to create a Makefile.
> > +#
> > +################################################################################
> > +[Defines]
> > + PLATFORM_NAME = SbsaQemuStandaloneMm
> > + PLATFORM_GUID = A64CC0F5-7ACD-4975-BBE7-7EF6739C8668
> > + PLATFORM_VERSION = 1.0
> > + DSC_SPECIFICATION = 0x00010011
> > + OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
> > + SUPPORTED_ARCHITECTURES = AARCH64
> > + BUILD_TARGETS = DEBUG|RELEASE|NOOPT
> > + SKUID_IDENTIFIER = DEFAULT
> > + FLASH_DEFINITION = Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > + DEFINE DEBUG_MESSAGE = TRUE
> > +
> > + # LzmaF86
> > + DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
> > +
> > +################################################################################
> > +#
> > +# Library Class section - list of all Library Classes needed by this Platform.
> > +#
> > +################################################################################
> > +[LibraryClasses]
> > + #
> > + # Basic
> > + #
> > + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> > + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> > + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
> > + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
> > + ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
> > + FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
> > + HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
> > + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
> > + MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
> > + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
> > + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
> > + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
> > + ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
> > +
> > + #
> > + # Entry point
> > + #
> > + StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf
> > +
> > + ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
> > + StandaloneMmMmuLib|ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.inf
> > + ArmSvcLib|ArmPkg/Library/ArmSvcLib/ArmSvcLib.inf
> > + CacheMaintenanceLib|ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
> > + PeCoffExtraActionLib|StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/StandaloneMmPeCoffExtraActionLib.inf
> > +
> > + # ARM PL011 UART Driver
> > + PL011UartClockLib|ArmPlatformPkg/Library/PL011UartClockLib/PL011UartClockLib.inf
> > + PL011UartLib|ArmPlatformPkg/Library/PL011UartLib/PL011UartLib.inf
> > + SerialPortLib|ArmPlatformPkg/Library/PL011SerialPortLib/PL011SerialPortLib.inf
> > +
> > + StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf
> > +
> > + #
> > + # It is not possible to prevent the ARM compiler for generic intrinsic functions.
> > + # This library provides the instrinsic functions generate by a given compiler.
> > + # And NULL mean link this library into all ARM images.
> > + #
> > + NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
> > +
> > +[LibraryClasses.common.MM_STANDALONE]
> > + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> > + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> > + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> > +
> > +################################################################################
> > +#
> > +# Pcd Section - list of all EDK II PCD Entries defined by this Platform
> > +#
> > +################################################################################
> > +[PcdsFixedAtBuild]
> > + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800000CF
> > + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xff
> > + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
> > +
> > + ## PL011 - Serial Terminal
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x60040000
> > + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200
> > +
> > + gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
> > +
> > +###################################################################################################
> > +#
> > +# Components Section - list of the modules and components that will be processed by compilation
> > +# tools and the EDK II tools to generate PE32/PE32+/Coff image files.
> > +#
> > +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
> > +# into firmware volume images. This section is just a list of modules to compile from
> > +# source into UEFI-compliant binaries.
> > +# It is the FDF file that contains information on combining binary files into firmware
> > +# volume images, whose concept is beyond UEFI and is described in PI specification.
> > +# Binary modules do not need to be listed in this section, as they should be
> > +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
> > +# Logo (Logo.bmp), and etc.
> > +# There may also be modules listed in this section that are not required in the FDF file,
> > +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
> > +# generated for it, but the binary will not be put into any firmware volume.
> > +#
> > +###################################################################################################
> > +[Components.common]
> > + #
> > + # MM Core
> > + #
> > + StandaloneMmPkg/Core/StandaloneMmCore.inf
> > + StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> > +
> > +###################################################################################################
> > +#
> > +# BuildOptions Section - Define the module specific tool chain flags that should be used as
> > +# the default flags for a module. These flags are appended to any
> > +# standard flags that are defined by the build process. They can be
> > +# applied for any modules or only those modules with the specific
> > +# module style (EDK or EDKII) specified in [Components] section.
> > +#
> > +###################################################################################################
> > +[BuildOptions.AARCH64]
> > + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 -march=armv8-a+nofp
> > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > index c35e3ed44054..b61ae1891233 100644
> > --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > @@ -21,10 +21,10 @@
> >
> > [FD.SBSA_FLASH0]
> > BaseAddress = 0x00000000
> > -Size = 0x00200000
> > +Size = 0x00400000
> > ErasePolarity = 1
> > BlockSize = 0x00001000
> > -NumBlocks = 0x200
> > +NumBlocks = 0x400
> >
> > ################################################################################
> > #
> > @@ -47,7 +47,7 @@ [FD.SBSA_FLASH0]
> > FILE = Platform/Qemu/Sbsa/bl1.bin
> >
> > # and FIP (BL2 + BL31)
> > -0x00008000|0x00020000
> > +0x00008000|0x00300000
> > FILE = Platform/Qemu/Sbsa/fip.bin
> >
> > ################################################################################
> > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > new file mode 100644
> > index 000000000000..a1acefcfb0a7
> > --- /dev/null
> > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > @@ -0,0 +1,93 @@
> > +#
> > +# Copyright (c) 2020, Linaro Limited. All rights reserved.
> > +#
> > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > +#
> > +
> > +################################################################################
> > +#
> > +# FD Section
> > +# The [FD] Section is made up of the definition statements and a
> > +# description of what goes into the Flash Device Image. Each FD section
> > +# defines one flash "device" image. A flash device image may be one of
> > +# the following: Removable media bootable image (like a boot floppy
> > +# image,) an Option ROM image (that would be "flashed" into an add-in
> > +# card,) a System "Flash" image (that would be burned into a system's
> > +# flash) or an Update ("Capsule") image that will be used to update and
> > +# existing system flash.
> > +#
> > +################################################################################
> > +
> > +[FD.STANDALONE_MM]
> > +BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
> > +Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
> > +ErasePolarity = 1
> > +
> > +BlockSize = 0x00001000
> > +NumBlocks = 0x0e00
> > +
> > +0x00000000|0x00280000
> > +gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize
> > +FV = FVMAIN_COMPACT
> > +
> > +[FV.FVMAIN_COMPACT]
> > +FvAlignment = 16
> > +ERASE_POLARITY = 1
> > +MEMORY_MAPPED = TRUE
> > +STICKY_WRITE = TRUE
> > +LOCK_CAP = TRUE
> > +LOCK_STATUS = TRUE
> > +WRITE_DISABLED_CAP = TRUE
> > +WRITE_ENABLED_CAP = TRUE
> > +WRITE_STATUS = TRUE
> > +WRITE_LOCK_CAP = TRUE
> > +WRITE_LOCK_STATUS = TRUE
> > +READ_DISABLED_CAP = TRUE
> > +READ_ENABLED_CAP = TRUE
> > +READ_STATUS = TRUE
> > +READ_LOCK_CAP = TRUE
> > +READ_LOCK_STATUS = TRUE
> > +
> > + INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> > + INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> > +
> > +################################################################################
> > +#
> > +# Rules are use with the [FV] section's module INF type to define
> > +# how an FFS file is created for a given INF file. The following Rule are the default
> > +# rules for the different module type. User can add the customized rules to define the
> > +# content of the FFS file.
> > +#
> > +################################################################################
> > +
> > +
> > +############################################################################
> > +# Example of a DXE_DRIVER FFS file with a Checksum encapsulation section #
> > +############################################################################
> > +#
> > +#[Rule.Common.DXE_DRIVER]
> > +# FILE DRIVER = $(NAMED_GUID) {
> > +# DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
> > +# COMPRESS PI_STD {
> > +# GUIDED {
> > +# PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
> > +# UI STRING="$(MODULE_NAME)" Optional
> > +# VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
> > +# }
> > +# }
> > +# }
> > +#
> > +############################################################################
> > +
> > +[Rule.Common.MM_CORE_STANDALONE]
> > + FILE SEC = $(NAMED_GUID) RELOCS_STRIPPED FIXED {
> > + PE32 PE32 Align = Auto $(INF_OUTPUT)/$(MODULE_NAME).efi
> > + }
> > +
> > +[Rule.Common.MM_STANDALONE]
> > + FILE MM_STANDALONE = $(NAMED_GUID) {
> > + SMM_DEPEX SMM_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
> > + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
> > + UI STRING="$(MODULE_NAME)" Optional
> > + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
> > + }
> > --
> > 2.17.1
> >
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image
2021-03-02 12:45 ` Masahisa Kojima
@ 2021-03-02 14:13 ` Leif Lindholm
2021-03-03 0:27 ` Masahisa Kojima
0 siblings, 1 reply; 13+ messages in thread
From: Leif Lindholm @ 2021-03-02 14:13 UTC (permalink / raw)
To: Masahisa Kojima
Cc: edk2-devel-groups-io, Ard Biesheuvel, Graeme Gregory,
Radoslaw Biernacki, Shashi Mallela
On Tue, Mar 02, 2021 at 21:45:26 +0900, Masahisa Kojima wrote:
> Hi Leif,
>
> Thank you for you comments.
>
> On Tue, 2 Mar 2021 at 02:05, Leif Lindholm <leif@nuviainc.com> wrote:
> >
> > On Mon, Mar 01, 2021 at 14:19:49 +0900, Masahisa Kojima wrote:
> > > Add the build infrastructure for compilation of StandaloneMm image.
> > >
> > > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> > > ---
> > > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 132 ++++++++++++++++++
> >
> > Please use --stat=1000 --stat-graph-width=20 when generating patches.
>
> Sorry I forgot to add these options, will be included in the next version.
>
> >
> > > Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 6 +-
> >
> > It is not immediately obvious to me why the pre-existing
> > SbsaQemuStandaloneMm.dsc needs to change. Is this something that can
> > be clarified in commit message?
>
> I probably does not understand your comment correctly, but
> SbsaQemuStandaloneMm.dsc
> is newly created file with this commit.
Sorry, that's just my brain failure: I meant to say SbsaQemu.fdf.
Regards,
Leif
> Thanks,
> Masahisa
>
> >
> > Best Regards,
> >
> > Leif
> >
> > > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 93 ++++++++++++
> > > 3 files changed, 228 insertions(+), 3 deletions(-)
> > > create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > > create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > >
> > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > > new file mode 100644
> > > index 000000000000..87f5ee351eaa
> > > --- /dev/null
> > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > > @@ -0,0 +1,132 @@
> > > +#
> > > +# Copyright (c) 2020, Linaro Limited. All rights reserved.
> > > +#
> > > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +#
> > > +
> > > +################################################################################
> > > +#
> > > +# Defines Section - statements that will be processed to create a Makefile.
> > > +#
> > > +################################################################################
> > > +[Defines]
> > > + PLATFORM_NAME = SbsaQemuStandaloneMm
> > > + PLATFORM_GUID = A64CC0F5-7ACD-4975-BBE7-7EF6739C8668
> > > + PLATFORM_VERSION = 1.0
> > > + DSC_SPECIFICATION = 0x00010011
> > > + OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
> > > + SUPPORTED_ARCHITECTURES = AARCH64
> > > + BUILD_TARGETS = DEBUG|RELEASE|NOOPT
> > > + SKUID_IDENTIFIER = DEFAULT
> > > + FLASH_DEFINITION = Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > > + DEFINE DEBUG_MESSAGE = TRUE
> > > +
> > > + # LzmaF86
> > > + DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
> > > +
> > > +################################################################################
> > > +#
> > > +# Library Class section - list of all Library Classes needed by this Platform.
> > > +#
> > > +################################################################################
> > > +[LibraryClasses]
> > > + #
> > > + # Basic
> > > + #
> > > + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> > > + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> > > + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
> > > + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
> > > + ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
> > > + FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
> > > + HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
> > > + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
> > > + MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
> > > + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
> > > + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > > + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
> > > + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
> > > + ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
> > > +
> > > + #
> > > + # Entry point
> > > + #
> > > + StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf
> > > +
> > > + ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
> > > + StandaloneMmMmuLib|ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.inf
> > > + ArmSvcLib|ArmPkg/Library/ArmSvcLib/ArmSvcLib.inf
> > > + CacheMaintenanceLib|ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
> > > + PeCoffExtraActionLib|StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/StandaloneMmPeCoffExtraActionLib.inf
> > > +
> > > + # ARM PL011 UART Driver
> > > + PL011UartClockLib|ArmPlatformPkg/Library/PL011UartClockLib/PL011UartClockLib.inf
> > > + PL011UartLib|ArmPlatformPkg/Library/PL011UartLib/PL011UartLib.inf
> > > + SerialPortLib|ArmPlatformPkg/Library/PL011SerialPortLib/PL011SerialPortLib.inf
> > > +
> > > + StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf
> > > +
> > > + #
> > > + # It is not possible to prevent the ARM compiler for generic intrinsic functions.
> > > + # This library provides the instrinsic functions generate by a given compiler.
> > > + # And NULL mean link this library into all ARM images.
> > > + #
> > > + NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
> > > +
> > > +[LibraryClasses.common.MM_STANDALONE]
> > > + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> > > + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> > > + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> > > +
> > > +################################################################################
> > > +#
> > > +# Pcd Section - list of all EDK II PCD Entries defined by this Platform
> > > +#
> > > +################################################################################
> > > +[PcdsFixedAtBuild]
> > > + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800000CF
> > > + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xff
> > > + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
> > > +
> > > + ## PL011 - Serial Terminal
> > > + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x60040000
> > > + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200
> > > +
> > > + gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
> > > +
> > > +###################################################################################################
> > > +#
> > > +# Components Section - list of the modules and components that will be processed by compilation
> > > +# tools and the EDK II tools to generate PE32/PE32+/Coff image files.
> > > +#
> > > +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
> > > +# into firmware volume images. This section is just a list of modules to compile from
> > > +# source into UEFI-compliant binaries.
> > > +# It is the FDF file that contains information on combining binary files into firmware
> > > +# volume images, whose concept is beyond UEFI and is described in PI specification.
> > > +# Binary modules do not need to be listed in this section, as they should be
> > > +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
> > > +# Logo (Logo.bmp), and etc.
> > > +# There may also be modules listed in this section that are not required in the FDF file,
> > > +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
> > > +# generated for it, but the binary will not be put into any firmware volume.
> > > +#
> > > +###################################################################################################
> > > +[Components.common]
> > > + #
> > > + # MM Core
> > > + #
> > > + StandaloneMmPkg/Core/StandaloneMmCore.inf
> > > + StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> > > +
> > > +###################################################################################################
> > > +#
> > > +# BuildOptions Section - Define the module specific tool chain flags that should be used as
> > > +# the default flags for a module. These flags are appended to any
> > > +# standard flags that are defined by the build process. They can be
> > > +# applied for any modules or only those modules with the specific
> > > +# module style (EDK or EDKII) specified in [Components] section.
> > > +#
> > > +###################################################################################################
> > > +[BuildOptions.AARCH64]
> > > + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 -march=armv8-a+nofp
> > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > > index c35e3ed44054..b61ae1891233 100644
> > > --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > > @@ -21,10 +21,10 @@
> > >
> > > [FD.SBSA_FLASH0]
> > > BaseAddress = 0x00000000
> > > -Size = 0x00200000
> > > +Size = 0x00400000
> > > ErasePolarity = 1
> > > BlockSize = 0x00001000
> > > -NumBlocks = 0x200
> > > +NumBlocks = 0x400
> > >
> > > ################################################################################
> > > #
> > > @@ -47,7 +47,7 @@ [FD.SBSA_FLASH0]
> > > FILE = Platform/Qemu/Sbsa/bl1.bin
> > >
> > > # and FIP (BL2 + BL31)
> > > -0x00008000|0x00020000
> > > +0x00008000|0x00300000
> > > FILE = Platform/Qemu/Sbsa/fip.bin
> > >
> > > ################################################################################
> > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > > new file mode 100644
> > > index 000000000000..a1acefcfb0a7
> > > --- /dev/null
> > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > > @@ -0,0 +1,93 @@
> > > +#
> > > +# Copyright (c) 2020, Linaro Limited. All rights reserved.
> > > +#
> > > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > > +#
> > > +
> > > +################################################################################
> > > +#
> > > +# FD Section
> > > +# The [FD] Section is made up of the definition statements and a
> > > +# description of what goes into the Flash Device Image. Each FD section
> > > +# defines one flash "device" image. A flash device image may be one of
> > > +# the following: Removable media bootable image (like a boot floppy
> > > +# image,) an Option ROM image (that would be "flashed" into an add-in
> > > +# card,) a System "Flash" image (that would be burned into a system's
> > > +# flash) or an Update ("Capsule") image that will be used to update and
> > > +# existing system flash.
> > > +#
> > > +################################################################################
> > > +
> > > +[FD.STANDALONE_MM]
> > > +BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
> > > +Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
> > > +ErasePolarity = 1
> > > +
> > > +BlockSize = 0x00001000
> > > +NumBlocks = 0x0e00
> > > +
> > > +0x00000000|0x00280000
> > > +gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize
> > > +FV = FVMAIN_COMPACT
> > > +
> > > +[FV.FVMAIN_COMPACT]
> > > +FvAlignment = 16
> > > +ERASE_POLARITY = 1
> > > +MEMORY_MAPPED = TRUE
> > > +STICKY_WRITE = TRUE
> > > +LOCK_CAP = TRUE
> > > +LOCK_STATUS = TRUE
> > > +WRITE_DISABLED_CAP = TRUE
> > > +WRITE_ENABLED_CAP = TRUE
> > > +WRITE_STATUS = TRUE
> > > +WRITE_LOCK_CAP = TRUE
> > > +WRITE_LOCK_STATUS = TRUE
> > > +READ_DISABLED_CAP = TRUE
> > > +READ_ENABLED_CAP = TRUE
> > > +READ_STATUS = TRUE
> > > +READ_LOCK_CAP = TRUE
> > > +READ_LOCK_STATUS = TRUE
> > > +
> > > + INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> > > + INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> > > +
> > > +################################################################################
> > > +#
> > > +# Rules are use with the [FV] section's module INF type to define
> > > +# how an FFS file is created for a given INF file. The following Rule are the default
> > > +# rules for the different module type. User can add the customized rules to define the
> > > +# content of the FFS file.
> > > +#
> > > +################################################################################
> > > +
> > > +
> > > +############################################################################
> > > +# Example of a DXE_DRIVER FFS file with a Checksum encapsulation section #
> > > +############################################################################
> > > +#
> > > +#[Rule.Common.DXE_DRIVER]
> > > +# FILE DRIVER = $(NAMED_GUID) {
> > > +# DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
> > > +# COMPRESS PI_STD {
> > > +# GUIDED {
> > > +# PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
> > > +# UI STRING="$(MODULE_NAME)" Optional
> > > +# VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
> > > +# }
> > > +# }
> > > +# }
> > > +#
> > > +############################################################################
> > > +
> > > +[Rule.Common.MM_CORE_STANDALONE]
> > > + FILE SEC = $(NAMED_GUID) RELOCS_STRIPPED FIXED {
> > > + PE32 PE32 Align = Auto $(INF_OUTPUT)/$(MODULE_NAME).efi
> > > + }
> > > +
> > > +[Rule.Common.MM_STANDALONE]
> > > + FILE MM_STANDALONE = $(NAMED_GUID) {
> > > + SMM_DEPEX SMM_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
> > > + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
> > > + UI STRING="$(MODULE_NAME)" Optional
> > > + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
> > > + }
> > > --
> > > 2.17.1
> > >
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image
2021-03-02 14:13 ` Leif Lindholm
@ 2021-03-03 0:27 ` Masahisa Kojima
0 siblings, 0 replies; 13+ messages in thread
From: Masahisa Kojima @ 2021-03-03 0:27 UTC (permalink / raw)
To: Leif Lindholm
Cc: edk2-devel-groups-io, Ard Biesheuvel, Graeme Gregory,
Radoslaw Biernacki, Shashi Mallela
On Tue, 2 Mar 2021 at 23:13, Leif Lindholm <leif@nuviainc.com> wrote:
>
> On Tue, Mar 02, 2021 at 21:45:26 +0900, Masahisa Kojima wrote:
> > Hi Leif,
> >
> > Thank you for you comments.
> >
> > On Tue, 2 Mar 2021 at 02:05, Leif Lindholm <leif@nuviainc.com> wrote:
> > >
> > > On Mon, Mar 01, 2021 at 14:19:49 +0900, Masahisa Kojima wrote:
> > > > Add the build infrastructure for compilation of StandaloneMm image.
> > > >
> > > > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> > > > ---
> > > > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 132 ++++++++++++++++++
> > >
> > > Please use --stat=1000 --stat-graph-width=20 when generating patches.
> >
> > Sorry I forgot to add these options, will be included in the next version.
> >
> > >
> > > > Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 6 +-
> > >
> > > It is not immediately obvious to me why the pre-existing
> > > SbsaQemuStandaloneMm.dsc needs to change. Is this something that can
> > > be clarified in commit message?
> >
> > I probably does not understand your comment correctly, but
> > SbsaQemuStandaloneMm.dsc
> > is newly created file with this commit.
>
> Sorry, that's just my brain failure: I meant to say SbsaQemu.fdf.
SbsaQemu.fdf is modified to extend the FLASH0 region enough big to
contain StandaloneMM image(BL32).
I will note in the commit message in the next version.
Thanks,
Masahisa
>
> Regards,
>
> Leif
>
> > Thanks,
> > Masahisa
> >
> > >
> > > Best Regards,
> > >
> > > Leif
> > >
> > > > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 93 ++++++++++++
> > > > 3 files changed, 228 insertions(+), 3 deletions(-)
> > > > create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > > > create mode 100644 Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > > >
> > > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > > > new file mode 100644
> > > > index 000000000000..87f5ee351eaa
> > > > --- /dev/null
> > > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > > > @@ -0,0 +1,132 @@
> > > > +#
> > > > +# Copyright (c) 2020, Linaro Limited. All rights reserved.
> > > > +#
> > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +#
> > > > +
> > > > +################################################################################
> > > > +#
> > > > +# Defines Section - statements that will be processed to create a Makefile.
> > > > +#
> > > > +################################################################################
> > > > +[Defines]
> > > > + PLATFORM_NAME = SbsaQemuStandaloneMm
> > > > + PLATFORM_GUID = A64CC0F5-7ACD-4975-BBE7-7EF6739C8668
> > > > + PLATFORM_VERSION = 1.0
> > > > + DSC_SPECIFICATION = 0x00010011
> > > > + OUTPUT_DIRECTORY = Build/$(PLATFORM_NAME)
> > > > + SUPPORTED_ARCHITECTURES = AARCH64
> > > > + BUILD_TARGETS = DEBUG|RELEASE|NOOPT
> > > > + SKUID_IDENTIFIER = DEFAULT
> > > > + FLASH_DEFINITION = Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > > > + DEFINE DEBUG_MESSAGE = TRUE
> > > > +
> > > > + # LzmaF86
> > > > + DEFINE COMPRESSION_TOOL_GUID = D42AE6BD-1352-4bfb-909A-CA72A6EAE889
> > > > +
> > > > +################################################################################
> > > > +#
> > > > +# Library Class section - list of all Library Classes needed by this Platform.
> > > > +#
> > > > +################################################################################
> > > > +[LibraryClasses]
> > > > + #
> > > > + # Basic
> > > > + #
> > > > + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
> > > > + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> > > > + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
> > > > + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
> > > > + ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
> > > > + FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf
> > > > + HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
> > > > + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
> > > > + MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf
> > > > + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf
> > > > + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
> > > > + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
> > > > + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
> > > > + ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
> > > > +
> > > > + #
> > > > + # Entry point
> > > > + #
> > > > + StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf
> > > > +
> > > > + ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
> > > > + StandaloneMmMmuLib|ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.inf
> > > > + ArmSvcLib|ArmPkg/Library/ArmSvcLib/ArmSvcLib.inf
> > > > + CacheMaintenanceLib|ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
> > > > + PeCoffExtraActionLib|StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/StandaloneMmPeCoffExtraActionLib.inf
> > > > +
> > > > + # ARM PL011 UART Driver
> > > > + PL011UartClockLib|ArmPlatformPkg/Library/PL011UartClockLib/PL011UartClockLib.inf
> > > > + PL011UartLib|ArmPlatformPkg/Library/PL011UartLib/PL011UartLib.inf
> > > > + SerialPortLib|ArmPlatformPkg/Library/PL011SerialPortLib/PL011SerialPortLib.inf
> > > > +
> > > > + StandaloneMmCoreEntryPoint|StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf
> > > > +
> > > > + #
> > > > + # It is not possible to prevent the ARM compiler for generic intrinsic functions.
> > > > + # This library provides the instrinsic functions generate by a given compiler.
> > > > + # And NULL mean link this library into all ARM images.
> > > > + #
> > > > + NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
> > > > +
> > > > +[LibraryClasses.common.MM_STANDALONE]
> > > > + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> > > > + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> > > > + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> > > > +
> > > > +################################################################################
> > > > +#
> > > > +# Pcd Section - list of all EDK II PCD Entries defined by this Platform
> > > > +#
> > > > +################################################################################
> > > > +[PcdsFixedAtBuild]
> > > > + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800000CF
> > > > + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xff
> > > > + gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
> > > > +
> > > > + ## PL011 - Serial Terminal
> > > > + gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x60040000
> > > > + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate|115200
> > > > +
> > > > + gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
> > > > +
> > > > +###################################################################################################
> > > > +#
> > > > +# Components Section - list of the modules and components that will be processed by compilation
> > > > +# tools and the EDK II tools to generate PE32/PE32+/Coff image files.
> > > > +#
> > > > +# Note: The EDK II DSC file is not used to specify how compiled binary images get placed
> > > > +# into firmware volume images. This section is just a list of modules to compile from
> > > > +# source into UEFI-compliant binaries.
> > > > +# It is the FDF file that contains information on combining binary files into firmware
> > > > +# volume images, whose concept is beyond UEFI and is described in PI specification.
> > > > +# Binary modules do not need to be listed in this section, as they should be
> > > > +# specified in the FDF file. For example: Shell binary (Shell_Full.efi), FAT binary (Fat.efi),
> > > > +# Logo (Logo.bmp), and etc.
> > > > +# There may also be modules listed in this section that are not required in the FDF file,
> > > > +# When a module listed here is excluded from FDF file, then UEFI-compliant binary will be
> > > > +# generated for it, but the binary will not be put into any firmware volume.
> > > > +#
> > > > +###################################################################################################
> > > > +[Components.common]
> > > > + #
> > > > + # MM Core
> > > > + #
> > > > + StandaloneMmPkg/Core/StandaloneMmCore.inf
> > > > + StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> > > > +
> > > > +###################################################################################################
> > > > +#
> > > > +# BuildOptions Section - Define the module specific tool chain flags that should be used as
> > > > +# the default flags for a module. These flags are appended to any
> > > > +# standard flags that are defined by the build process. They can be
> > > > +# applied for any modules or only those modules with the specific
> > > > +# module style (EDK or EDKII) specified in [Components] section.
> > > > +#
> > > > +###################################################################################################
> > > > +[BuildOptions.AARCH64]
> > > > + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 -march=armv8-a+nofp
> > > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > > > index c35e3ed44054..b61ae1891233 100644
> > > > --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > > > @@ -21,10 +21,10 @@
> > > >
> > > > [FD.SBSA_FLASH0]
> > > > BaseAddress = 0x00000000
> > > > -Size = 0x00200000
> > > > +Size = 0x00400000
> > > > ErasePolarity = 1
> > > > BlockSize = 0x00001000
> > > > -NumBlocks = 0x200
> > > > +NumBlocks = 0x400
> > > >
> > > > ################################################################################
> > > > #
> > > > @@ -47,7 +47,7 @@ [FD.SBSA_FLASH0]
> > > > FILE = Platform/Qemu/Sbsa/bl1.bin
> > > >
> > > > # and FIP (BL2 + BL31)
> > > > -0x00008000|0x00020000
> > > > +0x00008000|0x00300000
> > > > FILE = Platform/Qemu/Sbsa/fip.bin
> > > >
> > > > ################################################################################
> > > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > > > new file mode 100644
> > > > index 000000000000..a1acefcfb0a7
> > > > --- /dev/null
> > > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > > > @@ -0,0 +1,93 @@
> > > > +#
> > > > +# Copyright (c) 2020, Linaro Limited. All rights reserved.
> > > > +#
> > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > +#
> > > > +
> > > > +################################################################################
> > > > +#
> > > > +# FD Section
> > > > +# The [FD] Section is made up of the definition statements and a
> > > > +# description of what goes into the Flash Device Image. Each FD section
> > > > +# defines one flash "device" image. A flash device image may be one of
> > > > +# the following: Removable media bootable image (like a boot floppy
> > > > +# image,) an Option ROM image (that would be "flashed" into an add-in
> > > > +# card,) a System "Flash" image (that would be burned into a system's
> > > > +# flash) or an Update ("Capsule") image that will be used to update and
> > > > +# existing system flash.
> > > > +#
> > > > +################################################################################
> > > > +
> > > > +[FD.STANDALONE_MM]
> > > > +BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
> > > > +Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
> > > > +ErasePolarity = 1
> > > > +
> > > > +BlockSize = 0x00001000
> > > > +NumBlocks = 0x0e00
> > > > +
> > > > +0x00000000|0x00280000
> > > > +gArmTokenSpaceGuid.PcdFvBaseAddress|gArmTokenSpaceGuid.PcdFvSize
> > > > +FV = FVMAIN_COMPACT
> > > > +
> > > > +[FV.FVMAIN_COMPACT]
> > > > +FvAlignment = 16
> > > > +ERASE_POLARITY = 1
> > > > +MEMORY_MAPPED = TRUE
> > > > +STICKY_WRITE = TRUE
> > > > +LOCK_CAP = TRUE
> > > > +LOCK_STATUS = TRUE
> > > > +WRITE_DISABLED_CAP = TRUE
> > > > +WRITE_ENABLED_CAP = TRUE
> > > > +WRITE_STATUS = TRUE
> > > > +WRITE_LOCK_CAP = TRUE
> > > > +WRITE_LOCK_STATUS = TRUE
> > > > +READ_DISABLED_CAP = TRUE
> > > > +READ_ENABLED_CAP = TRUE
> > > > +READ_STATUS = TRUE
> > > > +READ_LOCK_CAP = TRUE
> > > > +READ_LOCK_STATUS = TRUE
> > > > +
> > > > + INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> > > > + INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> > > > +
> > > > +################################################################################
> > > > +#
> > > > +# Rules are use with the [FV] section's module INF type to define
> > > > +# how an FFS file is created for a given INF file. The following Rule are the default
> > > > +# rules for the different module type. User can add the customized rules to define the
> > > > +# content of the FFS file.
> > > > +#
> > > > +################################################################################
> > > > +
> > > > +
> > > > +############################################################################
> > > > +# Example of a DXE_DRIVER FFS file with a Checksum encapsulation section #
> > > > +############################################################################
> > > > +#
> > > > +#[Rule.Common.DXE_DRIVER]
> > > > +# FILE DRIVER = $(NAMED_GUID) {
> > > > +# DXE_DEPEX DXE_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
> > > > +# COMPRESS PI_STD {
> > > > +# GUIDED {
> > > > +# PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
> > > > +# UI STRING="$(MODULE_NAME)" Optional
> > > > +# VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
> > > > +# }
> > > > +# }
> > > > +# }
> > > > +#
> > > > +############################################################################
> > > > +
> > > > +[Rule.Common.MM_CORE_STANDALONE]
> > > > + FILE SEC = $(NAMED_GUID) RELOCS_STRIPPED FIXED {
> > > > + PE32 PE32 Align = Auto $(INF_OUTPUT)/$(MODULE_NAME).efi
> > > > + }
> > > > +
> > > > +[Rule.Common.MM_STANDALONE]
> > > > + FILE MM_STANDALONE = $(NAMED_GUID) {
> > > > + SMM_DEPEX SMM_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex
> > > > + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi
> > > > + UI STRING="$(MODULE_NAME)" Optional
> > > > + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
> > > > + }
> > > > --
> > > > 2.17.1
> > > >
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH edk2-platforms v2 2/4] SbsaQemu: add MM based UEFI secure boot support
2021-03-01 17:22 ` Leif Lindholm
@ 2021-03-03 6:35 ` Masahisa Kojima
0 siblings, 0 replies; 13+ messages in thread
From: Masahisa Kojima @ 2021-03-03 6:35 UTC (permalink / raw)
To: Leif Lindholm
Cc: edk2-devel-groups-io, Ard Biesheuvel, Graeme Gregory,
Radoslaw Biernacki, Shashi Mallela
On Tue, 2 Mar 2021 at 02:22, Leif Lindholm <leif@nuviainc.com> wrote:
>
> On Mon, Mar 01, 2021 at 14:19:50 +0900, Masahisa Kojima wrote:
> > This implements support for UEFI secure boot on SbsaQemu using
> > the standalone MM framework. This moves all of the software handling
> > of the UEFI authenticated variable store into the standalone MM
> > context residing in a secure partition.
> >
> > Secure variable storage is located at 0x01000000 in secure NOR Flash.
> >
> > Non-secure shared memory between UEFI and standalone MM
> > is allocated at the top of DRAM.
> > DRAM size of SbsaQemu varies depends on the QEMU parameter,
> > the non-secure shared memory base address is passed from
> > trusted-firmware through the device tree "/reserved-memory" node.
> >
> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> > ---
> > Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 43 +++++++---
> > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 39 +++++++++
> > Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 +++++++++++++++++--
> > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +-
> > .../Library/SbsaQemuLib/SbsaQemuLib.inf | 2 +
> > .../Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++-
> > 6 files changed, 190 insertions(+), 20 deletions(-)
> >
> > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> > index c1f8a4696560..a75116ee70fc 100644
> > --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> > +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> > @@ -28,6 +28,8 @@ [Defines]
> >
> > DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
> >
> > + DEFINE SECURE_BOOT_ENABLE = FALSE
> > +
> > #
> > # Network definition
> > #
> > @@ -152,12 +154,10 @@ [LibraryClasses.common]
> > # Secure Boot dependencies
> > #
> > TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
> > - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> >
> > # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree
> > PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
> >
> > - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> > VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> > VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> >
> > @@ -171,6 +171,7 @@ [LibraryClasses.common]
> > ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
> >
> > TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
> > +
>
> This blank line is added for no apparent reason.
>
> > NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
> >
> > CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
> > @@ -300,6 +301,8 @@ [PcdsFeatureFlag.common]
> > gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE
> > gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE
> >
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE
> > +
> > [PcdsFixedAtBuild.common]
> > gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000
> > gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000
> > @@ -551,6 +554,9 @@ [PcdsDynamicDefault.common]
> > gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisAssetTag|L"AT0000"
> > gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisSKU|L"SK0000"
> >
> > + gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000
> > + gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000
> > +
> > ################################################################################
> > #
> > # Components Section - list of all EDK II Modules needed by this Platform
> > @@ -604,7 +610,6 @@ [Components.common]
> > ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
> > ArmPkg/Drivers/CpuPei/CpuPei.inf
> >
> > -
> > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
> > <LibraryClasses>
> > NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
> > @@ -628,24 +633,40 @@ [Components.common]
> > #
> > ArmPkg/Drivers/CpuDxe/CpuDxe.inf
> > MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> > - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> > - <LibraryClasses>
> > - NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> > - # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> > - BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> > - }
> > MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
> > <LibraryClasses>
> > +!if $(SECURE_BOOT_ENABLE) == TRUE
> > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> > +!endif
> > }
> > - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> > MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> > - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> > MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> > MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
> > EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
> > EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
> >
> > + #
> > + # Variable services
> > + #
> > +!if $(SECURE_BOOT_ENABLE) == FALSE
> > + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> > + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> > + <LibraryClasses>
> > + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> > + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
> > + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> > + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> > + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
>
> Would this diff be neater if this if statement moved up to the
> original location of the
> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
> stanza?
>
> > + }
> > +!else
> > + ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf {
> > + <LibraryClasses>
> > + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf
> > + }
> > + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> > + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> > +!endif
> > +
> > MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
> > MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
> > MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
> > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > index 87f5ee351eaa..b80379acd1ad 100644
> > --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc
> > @@ -77,6 +77,18 @@ [LibraryClasses.common.MM_STANDALONE]
> > HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
> > MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
> > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
> > + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf
> > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> > + NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf
> > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> > + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
> > + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
> > + TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
> > + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
> > + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
> > + ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf
> >
> > ################################################################################
> > #
> > @@ -94,6 +106,20 @@ [PcdsFixedAtBuild]
> >
> > gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2
> >
> > + gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000
> > + gArmTokenSpaceGuid.PcdFdSize|0x000C0000
> > +
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
> > + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
> > +
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000
> > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000
> > +
> > ###################################################################################################
> > #
> > # Components Section - list of the modules and components that will be processed by compilation
> > @@ -118,6 +144,19 @@ [Components.common]
> > #
> > StandaloneMmPkg/Core/StandaloneMmCore.inf
> > StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> > + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> > + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> > +
> > + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf {
> > + <LibraryClasses>
> > + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
> > + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
> > + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf
> > + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region
> > + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
> > + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
> > + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
> > + }
> >
> > ###################################################################################################
> > #
> > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > index b61ae1891233..a46a47063ccc 100644
> > --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> > @@ -21,10 +21,10 @@
> >
> > [FD.SBSA_FLASH0]
> > BaseAddress = 0x00000000
> > -Size = 0x00400000
> > +Size = 0x01100000
> > ErasePolarity = 1
> > BlockSize = 0x00001000
> > -NumBlocks = 0x400
> > +NumBlocks = 0x1100
> >
> > ################################################################################
> > #
> > @@ -50,6 +50,66 @@ [FD.SBSA_FLASH0]
> > 0x00008000|0x00300000
> > FILE = Platform/Qemu/Sbsa/fip.bin
> >
> > +!if $(SECURE_BOOT_ENABLE)
> > +## Place for Secure Variables.
> > +# Must be aligned to Flash Block size 0x40000
> > +0x01000000|0x00040000
> > +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
> > +#NV_VARIABLE_STORE
> > +DATA = {
> > + ## This is the EFI_FIRMWARE_VOLUME_HEADER
> > + # ZeroVector []
> > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> > + # FileSystemGuid: gEfiSystemNvDataFvGuid =
> > + # { 0xFFF12B8D, 0x7696, 0x4C8B,
> > + # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }}
> > + 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C,
> > + 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50,
> > + # FvLength: 0xC0000
> > + 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00,
> > + # Signature "_FVH" # Attributes
> > + 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00,
> > + # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision
> > + 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02,
> > + # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block
> > + 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
> > + # Blockmap[1]: End
> > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> > + ## This is the VARIABLE_STORE_HEADER
> > + # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
> > + # Signature: gEfiAuthenticatedVariableGuid =
> > + # { 0xaaf32c78, 0x947b, 0x439a,
> > + # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
> > + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
> > + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
> > + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
> > + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8
> > + # This can speed up the Variable Dispatch a bit.
> > + 0xB8, 0xFF, 0x03, 0x00,
> > + # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32
> > + 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
> > +}
> > +
> > +0x01040000|0x00040000
> > +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize
> > +#NV_FTW_WORKING
> > +DATA = {
> > + # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid =
> > + # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }}
> > + 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49,
> > + 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95,
> > + # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved
> > + 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF,
> > + # WriteQueueSize: UINT64
> > + 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00
> > +}
> > +
> > +0x01080000|0x00040000
> > +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
> > +#NV_FTW_SPARE
> > +!endif
> > +
> > ################################################################################
> > #
> > # FD Section for FLASH1
> > @@ -169,15 +229,25 @@ [FV.FvMain]
> > INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
> > INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> > INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
> > - INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> > - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> > - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> > INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
> > INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
> > INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf
> > INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf
> > INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
> >
> > + #
> > + # Variable services
> > + #
> > +!if $(SECURE_BOOT_ENABLE) == FALSE
> > + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
> > + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
> > + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> > +!else
> > + INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf
> > + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> > + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
> > +!endif
> > +
> > #
> > # Multiple Console IO support
> > #
> > @@ -189,7 +259,6 @@ [FV.FvMain]
> >
> > INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
> > INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
> > - INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
> > INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
> >
> > #
> > @@ -294,6 +363,7 @@ [FV.FVMAIN_COMPACT]
> > INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
> > INF ArmPkg/Drivers/CpuPei/CpuPei.inf
> > INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
> > +
>
> Another spuriously added blank line.
>
> > INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
> >
> > # IDE/AHCI Support
> > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > index a1acefcfb0a7..dbe1555c68f2 100644
> > --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf
> > @@ -19,8 +19,8 @@
> > ################################################################################
> >
> > [FD.STANDALONE_MM]
> > -BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress
> > -Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB).
> > +BaseAddress = 0x20002000
> > +Size = 0x00e00000
> > ErasePolarity = 1
> >
> > BlockSize = 0x00001000
> > @@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT]
> > READ_LOCK_STATUS = TRUE
> >
> > INF StandaloneMmPkg/Core/StandaloneMmCore.inf
> > + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
> > + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
> > + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> > INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf
> >
> > ################################################################################
> > diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> > index c067a80cc715..1d7f12202ecc 100644
> > --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> > +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf
> > @@ -40,6 +40,8 @@ [Pcd]
> > gArmTokenSpaceGuid.PcdSystemMemoryBase
> > gArmTokenSpaceGuid.PcdSystemMemorySize
> > gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress
> > + gArmTokenSpaceGuid.PcdMmBufferBase
> > + gArmTokenSpaceGuid.PcdMmBufferSize
> >
> > [FixedPcd]
> > gArmTokenSpaceGuid.PcdFdBaseAddress
> > diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> > index 8c2eb0b6a028..fa164ff455f5 100644
> > --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> > +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c
> > @@ -25,15 +25,20 @@ SbsaQemuLibConstructor (
> > {
> > VOID *DeviceTreeBase;
> > INT32 Node, Prev;
> > - UINT64 NewBase, CurBase;
> > + UINT64 NewBase, CurBase, NsBufBase;
> > UINT64 NewSize, CurSize;
> > + UINT32 NsBufSize;
> > CONST CHAR8 *Type;
> > INT32 Len;
> > CONST UINT64 *RegProp;
> > RETURN_STATUS PcdStatus;
> > + INT32 ParentOffset;
> > + INT32 Offset;
> >
> > NewBase = 0;
> > NewSize = 0;
> > + NsBufBase = 0;
> > + NsBufSize = 0;
> >
> > DeviceTreeBase = (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress);
> > ASSERT (DeviceTreeBase != NULL);
> > @@ -73,9 +78,39 @@ SbsaQemuLibConstructor (
> > }
> > }
> >
> > + // StandaloneMM non-secure shared buffer is allocated at the top of
> > + // the system memory by trusted-firmware using "/reserved-memory" node.
> > + ParentOffset = fdt_path_offset(DeviceTreeBase, "/reserved-memory");
> > + if (ParentOffset < 0) {
> > + DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n",
> > + __FUNCTION__));
> > + }
> > + Offset = fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-mm");
> > + if (Offset < 0) {
> > + DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n",
> > + __FUNCTION__));
> > + }
> > + // Get the 'reg' property of this node. 8 byte quantities for base address
> > + // and 4 byte quantities for size.
> > + RegProp = fdt_getprop (DeviceTreeBase, Offset, "reg", &Len);
> > + if (RegProp != 0 && Len == (sizeof (UINT64) + sizeof(UINT32))) {
> > + NsBufBase = fdt64_to_cpu (ReadUnaligned64 (RegProp));
> > + NsBufSize = fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1)));
> > +
> > + DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n",
> > + __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1));
> > + } else {
> > + DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len %d\n",
> > + __FUNCTION__, Len));
> > + }
>
> Could the above device-tree parsing be moved to a helper function in
> Silicon/Qemu/SbsaQemu/Library/FdtHelperLib/ ?
>
> (Yes, I should also move the memory node parsing there, but it wasn't
> quite worth creating the library just for that before.)
I created both "memory" and "/reserved-memory" parsing helper function.
Could you check the next version of patch?
Thanks,
Masahisa
>
> Best Regards,
>
> Leif
>
> > +
> > + NewSize -= NsBufSize;
> > +
> > // Make sure the start of DRAM matches our expectation
> > ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase);
> > PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize);
> > + PcdStatus = PcdSet64S (PcdMmBufferBase, NsBufBase);
> > + PcdStatus = PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize);
> > ASSERT_RETURN_ERROR (PcdStatus);
> >
> > return RETURN_SUCCESS;
> > --
> > 2.17.1
> >
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2021-03-03 6:36 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-01 5:19 [PATCH edk2-platforms v2 0/4] add MM based UEFI secure boot on SbsaQemu Masahisa Kojima
2021-03-01 5:19 ` [PATCH edk2-platforms v2 1/4] SbsaQemu: Build infrastructure for StandaloneMm image Masahisa Kojima
2021-03-01 17:05 ` Leif Lindholm
2021-03-02 12:45 ` Masahisa Kojima
2021-03-02 14:13 ` Leif Lindholm
2021-03-03 0:27 ` Masahisa Kojima
2021-03-01 5:19 ` [PATCH edk2-platforms v2 2/4] SbsaQemu: add MM based UEFI secure boot support Masahisa Kojima
2021-03-01 17:22 ` Leif Lindholm
2021-03-03 6:35 ` Masahisa Kojima
2021-03-01 5:19 ` [PATCH edk2-platforms v2 3/4] SbsaQemu: add standalone MM build instruction Masahisa Kojima
2021-03-01 17:23 ` Leif Lindholm
2021-03-01 5:19 ` [PATCH edk2-platforms v2 4/4] SbsaQemu: fix typo Masahisa Kojima
2021-03-01 17:24 ` Leif Lindholm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox