From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 257B5941732 for ; Sun, 14 Jul 2024 12:25:10 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=2bBDqMD4CKF36vbDzjaCs+WNGnsjQNpQyjV1Ga0Oeek=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1720959910; v=1; b=Fy+0y24CSL3nlq8VDfa2aepV1tz+RQFs8O/5+eNBv70AB4zZzJbs8MMuI7XOewQTDHJ7uhTP SzMG6iMiWVOBw+vQsCX3vQcGujl8DsMbabIE9J67WkwNGXk4UkmCvAcjWHELrOrABJGwSYgTQM7 GZk0FOlT9JhyByvDpSpj21lZzOhUict/ZM2dOnFYbG7K4kxVEVtZaKXG7ZhHy8cnIw1ZoClf9cJ vKBcGQiImJxGgu5VIJqrn/p0XPU2Qt7hQ+pKVrxI21qhMyVZ3shfH0U6IK+9LSwjNg7d7GryvU1 O1xOvbAyiYeRJI8aN51kuDLlV68ryXGN5DiZudPLWRw3g== X-Received: by 127.0.0.2 with SMTP id t71MYY7687511xX4tTDX8nU9; Sun, 14 Jul 2024 05:25:09 -0700 X-Received: from m16.mail.163.com (m16.mail.163.com [117.135.210.3]) by mx.groups.io with SMTP id smtpd.web10.15292.1720959908236121153 for ; Sun, 14 Jul 2024 05:25:09 -0700 X-Received: from sh-hanliyang.Hygon.cn (unknown [118.242.3.34]) by gzga-smtp-mta-g3-5 (Coremail) with SMTP id _____wD3fy6Xw5Nmhb3wCw--.63654S3; Sun, 14 Jul 2024 20:24:58 +0800 (CST) From: wojiaohanliyang@163.com To: devel@edk2.groups.io Cc: erdemaktas@google.com, jejb@linux.ibm.com, jiewen.yao@intel.com, min.m.xu@intel.com, thomas.lendacky@amd.com, kraxel@redhat.com, hanliyang Subject: [edk2-devel] [PATCH 1/3] OvmfPkg/PlatformInitLib: Detect FlashNvVarStore before validate it Date: Sun, 14 Jul 2024 20:24:53 +0800 Message-Id: <20240714122455.136148-2-wojiaohanliyang@163.com> In-Reply-To: <20240714122455.136148-1-wojiaohanliyang@163.com> References: <20240714122455.136148-1-wojiaohanliyang@163.com> MIME-Version: 1.0 X-CM-TRANSID: _____wD3fy6Xw5Nmhb3wCw--.63654S3 X-Coremail-Antispam: 1Uf129KBjvJXoWxAr4rWr4xGF1fWFW7uF4xtFb_yoWrCw17pr WUJw4fArnrWFW0y3Z7Zas7Gw1rC3yIv3s8GayYqanrGa95Kr1qka1UJr1rAFs3Ar1rt3WD XF4jqws29FZxuaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRUGYXUUUUU= X-Originating-IP: [118.242.3.34] X-CM-SenderInfo: 5zrmxthrkd0zxl1d0wi6rwjhhfrp/xtbBZxocL2V4IGb4BwABsr Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sun, 14 Jul 2024 05:25:09 -0700 Resent-From: wojiaohanliyang@163.com Reply-To: devel@edk2.groups.io,wojiaohanliyang@163.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: axmY4SpGbztdLDZvK3OxvN0Mx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Fy+0y24C; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=163.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io From: hanliyang BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4807 The commit 4f173db8b45b ("OvmfPkg/PlatformInitLib: Add functions for EmuVariableNvStore") rename the function from TdxValidateCfv to PlatformValidateNvVarStore. PlatformValidateNvVarStore is placed in the PlatformInitLib and is used in the case that OVMF is launched with -bios parameter and to validate the integrity of FlashNvVarStore. But if we launch a VM without FlashNvVarStore, the PlatformValidateNvVarStore will fail to validate the integrity and will trigger ASSERT (FALSE) in PlatformInitEmuVariableNvStore. In order to prevent calls to PlatformValidateNvVarStore in the case lack of FlashNvVarStore, we should detect FlashNvVarStore before calls to PlatformValidateNvVarStore. If fail to detect FlashNvVarStore, we should return don't initialize the EmuVariableNvStore, otherwise calls to PlatformValidateNvVarStore and initialize the EmuVariableNvStore when succeed to validate the integrity of NvVarStore. Fixes: 4f173db8b45b ("OvmfPkg/PlatformInitLib: Add functions for EmuVariableNvStore") Signed-off-by: hanliyang --- OvmfPkg/Library/PlatformInitLib/Platform.c | 47 +++++++++++++++++++ .../PlatformInitLib/PlatformInitLib.inf | 1 + 2 files changed, 48 insertions(+) diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c index f48bf16ae3..0a720a4c2c 100644 --- a/OvmfPkg/Library/PlatformInitLib/Platform.c +++ b/OvmfPkg/Library/PlatformInitLib/Platform.c @@ -895,6 +895,16 @@ PlatformReserveEmuVariableNvStore ( return VariableStore; } +#define WRITE_BYTE_CMD 0x10 +#define BLOCK_ERASE_CMD 0x20 +#define CLEAR_STATUS_CMD 0x50 +#define READ_STATUS_CMD 0x70 +#define READ_DEVID_CMD 0x90 +#define BLOCK_ERASE_CONFIRM_CMD 0xd0 +#define READ_ARRAY_CMD 0xff + +#define CLEARED_ARRAY_STATUS 0x00 + /** When OVMF is lauched with -bios parameter, UEFI variables will be partially emulated, and non-volatile variables may lose their contents @@ -928,6 +938,43 @@ PlatformInitEmuVariableNvStore ( Size = (UINT32)PcdGet32 (PcdFlashNvStorageVariableSize); ASSERT (Size < EmuVariableNvStoreSize); + // + // If launch a VM without OvmfFlashNvStorage device, then we'll fail + // to check the integrity of NvVarStore and trigger ASSERT (FALSE). + // So, we should detect the OvmfFlashNvStorage before calls to + // PlatformValidateNvVarStore(). If fail to detect OvmfFlashNvStorage, + // we should return and don't initialize the EmuVariableNvStore, + // otherwise calls to PlatformValidateNvVarStore() and initialize the + // EmuVariableNvStore when succeed to check the integrity of + // NvVarStore. + // + // This method to detect the OvmfFlashNvStorage here references + // OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c. + // + volatile UINT8 *Ptr; + + UINTN BlockSize; + UINTN Offset; + UINT8 ProbeUint8; + + BlockSize = PcdGet32 (PcdOvmfFirmwareBlockSize); + + for (Offset = 0; Offset < BlockSize; Offset++) { + Ptr = Base + Offset; + ProbeUint8 = *Ptr; + if ((ProbeUint8 != CLEAR_STATUS_CMD) && + (ProbeUint8 != READ_STATUS_CMD) && + (ProbeUint8 != CLEARED_ARRAY_STATUS)) + { + break; + } + } + + if (Offset >= BlockSize) { + DEBUG ((DEBUG_INFO, "OvmfFlashNvStorage: Failed to find probe location\n")); + return EFI_INVALID_PARAMETER; + } + if (!PlatformValidateNvVarStore (Base, PcdGet32 (PcdCfvRawDataSize))) { ASSERT (FALSE); return EFI_INVALID_PARAMETER; diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf index 21e6efa5e0..b7d5e63dcd 100644 --- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf @@ -104,6 +104,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareBlockSize [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119927): https://edk2.groups.io/g/devel/message/119927 Mute This Topic: https://groups.io/mt/107212942/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-