[edk2-devel] [PATCH v3 5/5] OvmfPkg/VirtHstiDxe: add README.md

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Gerd Hoffmann" <kraxel@redhat.com>
To: devel@edk2.groups.io
Cc: Konstantin Kostiuk <kkostiuk@redhat.com>,
	Oliver Steffen <osteffen@redhat.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Jiewen Yao <Jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH v3 5/5] OvmfPkg/VirtHstiDxe: add README.md
Date: Mon, 22 Apr 2024 12:47:29 +0200	[thread overview]
Message-ID: <20240422104729.502112-6-kraxel@redhat.com> (raw)
In-Reply-To: <20240422104729.502112-1-kraxel@redhat.com>

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
---
 OvmfPkg/VirtHstiDxe/README.md | 48 +++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 OvmfPkg/VirtHstiDxe/README.md

diff --git a/OvmfPkg/VirtHstiDxe/README.md b/OvmfPkg/VirtHstiDxe/README.md
new file mode 100644
index 000000000000..c3975b854715
--- /dev/null
+++ b/OvmfPkg/VirtHstiDxe/README.md
@@ -0,0 +1,48 @@
+
+# virtual machine platform hsti driver
+
+This driver supports three tests.
+
+## VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK
+
+Verify the SMM memory is properly locked down.
+
+Supported platforms:
+ * Qemu Q35 (SMM_REQUIRE=TRUE builds).
+
+## VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH
+
+Verify the variable store is not writable for normal (not SMM) code.
+
+Supported platforms:
+ * Qemu Q35 (SMM_REQUIRE=TRUE builds).
+
+## VIRT_HSTI_BYTE0_READONLY_CODE_FLASH
+
+Verify the firmware code is not writable for the guest.
+
+Supported platforms:
+ * Qemu Q35
+ * Qemu PC
+
+# qemu flash configuration
+
+With qemu being configured properly flash behavior should be this:
+
+configuration                  |  OVMF_CODE.fd  |  OVMF_VARS.fd
+-------------------------------|----------------|---------------
+SMM_REQUIRE=TRUE, SMM mode     |  read-only     |  writable
+SMM_REQUIRE=TRUE, normal mode  |  read-only (1) |  read-only (2)
+SMM_REQUIRE=FALSE              |  read-only (3) |  writable
+
+VIRT_HSTI_BYTE0_READONLY_CODE_FLASH will verify (1) + (3).
+VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH will verify (2).
+
+## qemu command line for SMM_REQUIRE=TRUE builds
+```
+qemu-system-x86-64 -M q35,smm=on,pflash0=code,pflash1=vars \
+  -blockdev node-name=code,driver=file,filename=OVMF_CODE.fd,read-only=on \
+  -blockdev node-name=vars,driver=file,filename=OVMF_VARS.fd \
+  -global driver=cfi.pflash01,property=secure,value=on \
+  [ ... more options here ... ]
+```
-- 
2.44.0



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118086): https://edk2.groups.io/g/devel/message/118086
Mute This Topic: https://groups.io/mt/105667075/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next prev parent reply	other threads:[~2024-04-22 10:47 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-22 10:47 [edk2-devel] [PATCH v3 0/5] OvmfPkg: Add VirtHstiDxe driver Gerd Hoffmann
2024-04-22 10:47 ` [edk2-devel] [PATCH v3 1/5] " Gerd Hoffmann
2024-04-22 10:47 ` [edk2-devel] [PATCH v3 2/5] OvmfPkg: Add VirtHstiDxe to OVMF firmware build Gerd Hoffmann
2024-04-22 10:47 ` [edk2-devel] [PATCH v3 3/5] OvmfPkg/VirtHstiDxe: add varstore flash check Gerd Hoffmann
2024-04-22 10:47 ` [edk2-devel] [PATCH v3 4/5] OvmfPkg/VirtHstiDxe: add code " Gerd Hoffmann
2024-04-23 13:39   ` Aithal, Srikanth via groups.io
2024-04-23 13:44     ` Aithal, Srikanth via groups.io
2024-04-23 14:31       ` Gerd Hoffmann
2024-04-23 15:06         ` Aithal, Srikanth via groups.io
2024-04-22 10:47 ` Gerd Hoffmann [this message]
2024-04-22 12:37 ` [edk2-devel] [PATCH v3 0/5] OvmfPkg: Add VirtHstiDxe driver Ard Biesheuvel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c3975b85471 )
 OR (
bs:"[edk2-devel] [PATCH v3 5/5] OvmfPkg/VirtHstiDxe: add README.md" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240422104729.502112-6-kraxel@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox