From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8BCC5AC1B2E for ; Wed, 30 Aug 2023 23:19:25 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=RhORwBsnOHGTEorwuBNDKfiewagAdqGqb27JuTZbybo=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693437564; v=1; b=ulUp3MM4NudZlhzsM9JIeH3tIcZV21CffGYvm9gchIulAigxmUUL87P9YtGFT44G/CXK5je0 wjZ27dFlP4L1ARH9gib5Bpu1WDovtpRyrnGst8WpcBnmIEB7nxNH6wKYxVrimJmRe+7UG01LnaF GcYkgfRg/0AvVcAInV2/2YdY= X-Received: by 127.0.0.2 with SMTP id WMByYY7687511x8nJX2pKpU7; Wed, 30 Aug 2023 16:19:24 -0700 X-Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.4963.1693437559186418376 for ; Wed, 30 Aug 2023 16:19:19 -0700 X-Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-68a56401b9aso164541b3a.1 for ; Wed, 30 Aug 2023 16:19:19 -0700 (PDT) X-Gm-Message-State: 4CyuXd81cw11XKgnj7p26oQAx7686176AA= X-Google-Smtp-Source: AGHT+IFv1k8Bd1IHROgvpLB4KKpEvYg2gsxl0NdYTCOvZAOrSbhUGkbK2axRuvDX3rr9EMVFFQ3a9g== X-Received: by 2002:a05:6a00:21d6:b0:68b:da4b:4620 with SMTP id t22-20020a056a0021d600b0068bda4b4620mr4139697pfj.31.1693437558329; Wed, 30 Aug 2023 16:19:18 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id x16-20020a62fb10000000b0064398fe3451sm102550pfm.217.2023.08.30.16.19.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Aug 2023 16:19:17 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Rebecca Cran , Peter Grehan , =?UTF-8?q?Corvin=20K=C3=B6hne?= Subject: [edk2-devel] [PATCH v3 21/26] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg Date: Wed, 30 Aug 2023 16:18:29 -0700 Message-ID: <20230830231851.779-22-taylor.d.beebe@gmail.com> In-Reply-To: <20230830231851.779-1-taylor.d.beebe@gmail.com> References: <20230830231851.779-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ulUp3MM4; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Now that the EDK2 tree uses GetMemoryProtectionsLib to query the platform memory protection settings, OvmfPkg can be updated to use QemuCfg to set the entire memory protection profile instead of just SetNxForStack. For example, the following will set the DXE memory protection to the RELEASE preset. -fw_cfg name=opt/org.tianocore/DxeMemoryProtectionProfile,string=release The following will set the MM memory protection to the RELEASE preset. -fw_cfg name=opt/org.tianocore/MmMemoryProtectionProfile,string=release For users of Stuart, DXE_MEMORY_PROTECTION_PROFILE=release and MM_MEMORY_PROTECTION_PROFILE=release are equivalent to the above examples. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Rebecca Cran Cc: Peter Grehan Cc: Corvin Köhne --- .../PeilessStartupLib/PeilessStartup.c | 60 +++++++++++++-- .../PeilessStartupLib/X64/VirtualMemory.c | 13 +--- OvmfPkg/Library/PlatformInitLib/Platform.c | 15 ---- .../QemuFwCfgSimpleParser.c | 11 +++ OvmfPkg/PlatformPei/IntelTdx.c | 2 - OvmfPkg/PlatformPei/Platform.c | 74 +++++++++++++------ OvmfPkg/TdxDxe/TdxDxe.c | 7 +- OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf | 1 - OvmfPkg/Include/Library/PlatformInitLib.h | 13 ---- .../Library/QemuFwCfgSimpleParserLib.h | 8 ++ .../PeilessStartupLib/PeilessStartupLib.inf | 1 - OvmfPkg/PlatformCI/PlatformBuildLib.py | 8 ++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 - OvmfPkg/TdxDxe/TdxDxe.inf | 1 - 14 files changed, 135 insertions(+), 80 deletions(-) diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c index cf645aad3246..8626b00da964 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c @@ -28,6 +28,12 @@ #define GET_GPAW_INIT_STATE(INFO) ((UINT8) ((INFO) & 0x3f)) +#define DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \ + "opt/org.tianocore/DxeMemoryProtectionProfile" + +#define MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \ + "opt/org.tianocore/MmMemoryProtectionProfile" + EFI_MEMORY_TYPE_INFORMATION mDefaultMemoryTypeInformation[] = { { EfiACPIMemoryNVS, 0x004 }, { EfiACPIReclaimMemory, 0x008 }, @@ -48,6 +54,10 @@ InitializePlatform ( VOID *VariableStore; DXE_MEMORY_PROTECTION_SETTINGS DxeSettings; MM_MEMORY_PROTECTION_SETTINGS MmSettings; + CHAR8 String[100]; + UINTN StringSize; + EFI_STATUS Status; + UINTN Index; DEBUG ((DEBUG_INFO, "InitializePlatform in Pei-less boot\n")); PlatformDebugDumpCmos (); @@ -109,18 +119,54 @@ InitializePlatform ( PlatformMemMapInitialization (PlatformInfoHob); - DxeSettings = DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsPcd].Settings; - MmSettings = MmMemoryProtectionProfiles[MmMemoryProtectionSettingsPcd].Settings; - DxeSettings.StackExecutionProtectionEnabled = PcdGetBool (PcdSetNxForStack); - QemuFwCfgParseBool ("opt/ovmf/PcdSetNxForStack", &DxeSettings.StackExecutionProtectionEnabled); + StringSize = sizeof (String); + Status = QemuFwCfgParseString (DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String); + if (!EFI_ERROR (Status)) { + Index = 0; + do { + if (AsciiStriCmp (DxeMemoryProtectionProfiles[Index].Name, String) == 0) { + DEBUG ((DEBUG_INFO, "Setting DXE Memory Protection Profile: %a\n", String)); + DxeSettings = DxeMemoryProtectionProfiles[Index].Settings; + break; + } + } while (++Index < DxeMemoryProtectionSettingsMax); - SetDxeMemoryProtectionSettings (&DxeSettings, DxeMemoryProtectionSettingsPcd); - SetMmMemoryProtectionSettings (&MmSettings, MmMemoryProtectionSettingsPcd); + if (Index >= DxeMemoryProtectionSettingsMax) { + DEBUG ((DEBUG_ERROR, "Invalid DXE memory protection profile: %a\n", String)); + ASSERT (Index < DxeMemoryProtectionSettingsMax); + } + } else { + DxeSettings = DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsRelease].Settings; + } + + Status = QemuFwCfgParseString (MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String); + if (!EFI_ERROR (Status)) { + Index = 0; + do { + if (AsciiStriCmp (MmMemoryProtectionProfiles[Index].Name, String) == 0) { + DEBUG ((DEBUG_INFO, "Setting MM Memory Protection Profile: %a\n", String)); + MmSettings = MmMemoryProtectionProfiles[Index].Settings; + break; + } + } while (++Index < MmMemoryProtectionSettingsMax); + + if (Index >= MmMemoryProtectionSettingsMax) { + DEBUG ((DEBUG_ERROR, "Invalid MM memory protection profile: %a\n", String)); + ASSERT (Index < MmMemoryProtectionSettingsMax); + } + } else { + MmSettings = MmMemoryProtectionProfiles[MmMemoryProtectionSettingsOff].Settings; + } + + // Always disable NullPointerDetection in EndOfDxe phase for shim compatability + DxeSettings.NullPointerDetection.DisableEndOfDxe = TRUE; + + SetDxeMemoryProtectionSettings (&DxeSettings, DxeMemoryProtectionSettingsRelease); + SetMmMemoryProtectionSettings (&MmSettings, MmMemoryProtectionSettingsOff); if (TdIsEnabled ()) { PlatformInfoHob->PcdConfidentialComputingGuestAttr = CCAttrIntelTdx; PlatformInfoHob->PcdTdxSharedBitMask = TdSharedPageMask (); - PlatformInfoHob->PcdSetNxForStack = TRUE; } PlatformMiscInitialization (PlatformInfoHob); diff --git a/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c b/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c index 41521e3d3d71..7ae9b5743810 100644 --- a/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c +++ b/OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c @@ -53,18 +53,7 @@ IsSetNxForStack ( VOID ) { - EFI_HOB_GUID_TYPE *GuidHob; - EFI_HOB_PLATFORM_INFO *PlatformInfo; - - GuidHob = GetFirstGuidHob (&gUefiOvmfPkgPlatformInfoGuid); - if (GuidHob == NULL) { - ASSERT (FALSE); - return FALSE; - } - - PlatformInfo = (EFI_HOB_PLATFORM_INFO *)GET_GUID_HOB_DATA (GuidHob); - - return PlatformInfo->PcdSetNxForStack; + return mMps.Dxe.StackExecutionProtectionEnabled; } /** diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c index f48bf16ae300..bc9becc4016e 100644 --- a/OvmfPkg/Library/PlatformInitLib/Platform.c +++ b/OvmfPkg/Library/PlatformInitLib/Platform.c @@ -249,21 +249,6 @@ PlatformMemMapInitialization ( PlatformInfoHob->PcdPciIoSize = PciIoSize; } -/** - * Fetch "opt/ovmf/PcdSetNxForStack" from QEMU - * - * @param Setting The pointer to the setting of "/opt/ovmf/PcdSetNxForStack". - * @return EFI_SUCCESS Successfully fetch the settings. - */ -EFI_STATUS -EFIAPI -PlatformNoexecDxeInitialization ( - IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob - ) -{ - return QemuFwCfgParseBool ("opt/ovmf/PcdSetNxForStack", &PlatformInfoHob->PcdSetNxForStack); -} - VOID PciExBarInitialization ( VOID diff --git a/OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParser.c b/OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParser.c index c9e0091b82d1..63c8711a9f2e 100644 --- a/OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParser.c +++ b/OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParser.c @@ -426,3 +426,14 @@ QemuFwCfgParseUintn ( *Value = (UINTN)Uint64; return RETURN_SUCCESS; } + +RETURN_STATUS +EFIAPI +QemuFwCfgParseString ( + IN CONST CHAR8 *FileName, + IN OUT UINTN *BufferSize, + OUT CHAR8 *Buffer + ) +{ + return QemuFwCfgGetAsString (FileName, BufferSize, Buffer); +} diff --git a/OvmfPkg/PlatformPei/IntelTdx.c b/OvmfPkg/PlatformPei/IntelTdx.c index 3d625cabd844..1cb6729e56e6 100644 --- a/OvmfPkg/PlatformPei/IntelTdx.c +++ b/OvmfPkg/PlatformPei/IntelTdx.c @@ -48,7 +48,5 @@ IntelTdxInitialize ( PcdStatus = PcdSet64S (PcdTdxSharedBitMask, TdSharedPageMask ()); ASSERT_RETURN_ERROR (PcdStatus); - PcdStatus = PcdSetBoolS (PcdSetNxForStack, TRUE); - ASSERT_RETURN_ERROR (PcdStatus); #endif } diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index bcd8d3a1be14..4d391974cbf8 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -50,6 +50,12 @@ EFI_PEI_PPI_DESCRIPTOR mPpiBootMode[] = { } }; +#define DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \ + "opt/org.tianocore/DxeMemoryProtectionProfile" + +#define MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \ + "opt/org.tianocore/MmMemoryProtectionProfile" + VOID MemMapInitialization ( IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob @@ -74,21 +80,6 @@ MemMapInitialization ( ASSERT_RETURN_ERROR (PcdStatus); } -STATIC -VOID -NoexecDxeInitialization ( - IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob - ) -{ - RETURN_STATUS Status; - - Status = PlatformNoexecDxeInitialization (PlatformInfoHob); - if (!RETURN_ERROR (Status)) { - Status = PcdSetBoolS (PcdSetNxForStack, PlatformInfoHob->PcdSetNxForStack); - ASSERT_RETURN_ERROR (Status); - } -} - static const UINT8 EmptyFdt[] = { 0xd0, 0x0d, 0xfe, 0xed, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00, 0x48, @@ -309,6 +300,9 @@ InitializePlatform ( EFI_STATUS Status; DXE_MEMORY_PROTECTION_SETTINGS DxeSettings; MM_MEMORY_PROTECTION_SETTINGS MmSettings; + CHAR8 String[100]; + UINTN StringSize; + UINTN Index; DEBUG ((DEBUG_INFO, "Platform PEIM Loaded\n")); PlatformInfoHob = BuildPlatformInfoHob (); @@ -345,13 +339,50 @@ InitializePlatform ( PublishPeiMemory (PlatformInfoHob); - DxeSettings = DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsPcd].Settings; - MmSettings = MmMemoryProtectionProfiles[MmMemoryProtectionSettingsPcd].Settings; - DxeSettings.StackExecutionProtectionEnabled = PcdGetBool (PcdSetNxForStack); - QemuFwCfgParseBool ("opt/ovmf/PcdSetNxForStack", &DxeSettings.StackExecutionProtectionEnabled); + StringSize = sizeof (String); + Status = QemuFwCfgParseString (DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String); + if (!EFI_ERROR (Status)) { + Index = 0; + do { + if (AsciiStriCmp (DxeMemoryProtectionProfiles[Index].Name, String) == 0) { + DEBUG ((DEBUG_INFO, "Setting DXE Memory Protection Profile: %a\n", String)); + DxeSettings = DxeMemoryProtectionProfiles[Index].Settings; + break; + } + } while (++Index < DxeMemoryProtectionSettingsMax); - SetDxeMemoryProtectionSettings (&DxeSettings, DxeMemoryProtectionSettingsPcd); - SetMmMemoryProtectionSettings (&MmSettings, MmMemoryProtectionSettingsPcd); + if (Index >= DxeMemoryProtectionSettingsMax) { + DEBUG ((DEBUG_ERROR, "Invalid DXE memory protection profile: %a\n", String)); + ASSERT (Index < DxeMemoryProtectionSettingsMax); + } + } else { + DxeSettings = DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsRelease].Settings; + } + + Status = QemuFwCfgParseString (MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String); + if (!EFI_ERROR (Status)) { + Index = 0; + do { + if (AsciiStriCmp (MmMemoryProtectionProfiles[Index].Name, String) == 0) { + DEBUG ((DEBUG_INFO, "Setting MM Memory Protection Profile: %a\n", String)); + MmSettings = MmMemoryProtectionProfiles[Index].Settings; + break; + } + } while (++Index < MmMemoryProtectionSettingsMax); + + if (Index >= MmMemoryProtectionSettingsMax) { + DEBUG ((DEBUG_ERROR, "Invalid MM memory protection profile: %a\n", String)); + ASSERT (Index < MmMemoryProtectionSettingsMax); + } + } else { + MmSettings = MmMemoryProtectionProfiles[MmMemoryProtectionSettingsOff].Settings; + } + + // Always disable NullPointerDetection in EndOfDxe phase for shim compatability + DxeSettings.NullPointerDetection.DisableEndOfDxe = TRUE; + + SetDxeMemoryProtectionSettings (&DxeSettings, DxeMemoryProtectionSettingsRelease); + SetMmMemoryProtectionSettings (&MmSettings, MmMemoryProtectionSettingsOff); PlatformQemuUc32BaseInitialization (PlatformInfoHob); @@ -365,7 +396,6 @@ InitializePlatform ( PeiFvInitialization (PlatformInfoHob); MemTypeInfoInitialization (PlatformInfoHob); MemMapInitialization (PlatformInfoHob); - NoexecDxeInitialization (PlatformInfoHob); } InstallClearCacheCallback (); diff --git a/OvmfPkg/TdxDxe/TdxDxe.c b/OvmfPkg/TdxDxe/TdxDxe.c index 30732f421bb6..5e497ba66227 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.c +++ b/OvmfPkg/TdxDxe/TdxDxe.c @@ -131,15 +131,12 @@ SetPcdSettings ( PcdStatus = PcdSet64S (PcdConfidentialComputingGuestAttr, PlatformInfoHob->PcdConfidentialComputingGuestAttr); ASSERT_RETURN_ERROR (PcdStatus); - PcdStatus = PcdSetBoolS (PcdSetNxForStack, PlatformInfoHob->PcdSetNxForStack); - ASSERT_RETURN_ERROR (PcdStatus); DEBUG (( DEBUG_INFO, - "HostBridgeDevId=0x%x, CCAttr=0x%x, SetNxForStack=%x\n", + "HostBridgeDevId=0x%x, CCAttr=0x%x\n", PlatformInfoHob->HostBridgeDevId, - PlatformInfoHob->PcdConfidentialComputingGuestAttr, - PlatformInfoHob->PcdSetNxForStack + PlatformInfoHob->PcdConfidentialComputingGuestAttr )); PcdStatus = PcdSet32S (PcdCpuBootLogicalProcessorNumber, PlatformInfoHob->PcdCpuBootLogicalProcessorNumber); diff --git a/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf b/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf index 07570d4e30ca..07f032941404 100644 --- a/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf @@ -89,7 +89,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h b/OvmfPkg/Include/Library/PlatformInitLib.h index 57b18b94d9b8..b2468f206321 100644 --- a/OvmfPkg/Include/Library/PlatformInitLib.h +++ b/OvmfPkg/Include/Library/PlatformInitLib.h @@ -32,7 +32,6 @@ typedef struct { UINT32 Uc32Base; UINT32 Uc32Size; - BOOLEAN PcdSetNxForStack; UINT64 PcdTdxSharedBitMask; UINT64 PcdPciMmio64Base; @@ -182,18 +181,6 @@ PlatformMemMapInitialization ( IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob ); -/** - * Fetch "opt/ovmf/PcdSetNxForStack" from QEMU - * - * @param Setting The pointer to the setting of "/opt/ovmf/PcdSetNxForStack". - * @return EFI_SUCCESS Successfully fetch the settings. - */ -EFI_STATUS -EFIAPI -PlatformNoexecDxeInitialization ( - IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob - ); - VOID EFIAPI PlatformMiscInitialization ( diff --git a/OvmfPkg/Include/Library/QemuFwCfgSimpleParserLib.h b/OvmfPkg/Include/Library/QemuFwCfgSimpleParserLib.h index bcbf3bc4fc96..ea9fcf7b402e 100644 --- a/OvmfPkg/Include/Library/QemuFwCfgSimpleParserLib.h +++ b/OvmfPkg/Include/Library/QemuFwCfgSimpleParserLib.h @@ -125,4 +125,12 @@ QemuFwCfgParseUintn ( OUT UINTN *Value ); +RETURN_STATUS +EFIAPI +QemuFwCfgParseString ( + IN CONST CHAR8 *FileName, + IN OUT UINTN *BufferSize, + OUT CHAR8 *Buffer + ); + #endif // QEMU_FW_CFG_SIMPLE_PARSER_LIB_H_ diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf index 47bd42d23d11..f433a6681bbd 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf @@ -79,7 +79,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplBuildPageTables ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## CONSUMES gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py b/OvmfPkg/PlatformCI/PlatformBuildLib.py index 1ada935d3cb4..bd6de6fd26a4 100644 --- a/OvmfPkg/PlatformCI/PlatformBuildLib.py +++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py @@ -182,6 +182,8 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager): VirtualDrive = os.path.join(self.env.GetValue("BUILD_OUTPUT_BASE"), "VirtualDrive") os.makedirs(VirtualDrive, exist_ok=True) OutputPath_FV = os.path.join(self.env.GetValue("BUILD_OUTPUT_BASE"), "FV") + DxeMemoryProtection = self.env.GetValue("DXE_MEMORY_PROTECTION_PROFILE", "") + MmMemoryProtection = self.env.GetValue("MM_MEMORY_PROTECTION_PROFILE", "") if (self.env.GetValue("QEMU_SKIP") and self.env.GetValue("QEMU_SKIP").upper() == "TRUE"): @@ -198,6 +200,12 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager): args += " -smp 4" args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" # Mount disk with startup.nsh + if (DxeMemoryProtection.lower() != ""): + args += " -fw_cfg name=opt/org.tianocore/DxeMemoryProtectionProfile,string=" + DxeMemoryProtection.lower() + + if (MmMemoryProtection.lower() != ""): + args += " -fw_cfg name=opt/org.tianocore/MmMemoryProtectionProfile,string=" + MmMemoryProtection.lower() + if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"): args += " -display none" # no graphics diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index 6b8442d12b2c..c4179931a583 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -103,7 +103,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf index 9793562884c7..42317228c1aa 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.inf +++ b/OvmfPkg/TdxDxe/TdxDxe.inf @@ -68,6 +68,5 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize -- 2.42.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108175): https://edk2.groups.io/g/devel/message/108175 Mute This Topic: https://groups.io/mt/101064096/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-