* [edk2-devel] [PATCH 0/2] OvmfPkg: Implement minimal HSTI driver @ 2024-03-14 10:24 Konstantin Kostiuk 2024-03-14 10:24 ` [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver Konstantin Kostiuk 2024-03-14 10:24 ` [edk2-devel] [PATCH 2/2] OvmfPkg: Add VirtHstiDxe to OVMF firmware build Konstantin Kostiuk 0 siblings, 2 replies; 7+ messages in thread From: Konstantin Kostiuk @ 2024-03-14 10:24 UTC (permalink / raw) To: devel; +Cc: Yan Vugenfirer, Ard Biesheuvel, Jiewen Yao, Gerd Hoffmann Resolve: https://issues.redhat.com/browse/RHEL-28751 HSTI (Hardware Security Test Interface) table is a requiremnt for ont test [1] from Microsoft Server Virtualization Validation Program. HSTI is a UEFI driver that provides a way to query the platform for the presence of security features. Current implementation does not have any security checks. [1] https://learn.microsoft.com/en-us/windows-hardware/test/hlk/testref/13292c6c-a807-4916-80ac-fea6de9af552 Konstantin Kostiuk (2): OvmfPkg: Add VirtHstiDxe driver OvmfPkg: Add VirtHstiDxe to OVMF firmware build OvmfPkg/OvmfPkgIa32.dsc | 2 + OvmfPkg/OvmfPkgIa32.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 2 + OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.dsc | 2 + OvmfPkg/OvmfPkgX64.fdf | 1 + OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 +++++++++++++++++++++++++++++ OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 ++++++++++++++++++++++++ 8 files changed, 148 insertions(+) create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116857): https://edk2.groups.io/g/devel/message/116857 Mute This Topic: https://groups.io/mt/105014742/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
* [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver 2024-03-14 10:24 [edk2-devel] [PATCH 0/2] OvmfPkg: Implement minimal HSTI driver Konstantin Kostiuk @ 2024-03-14 10:24 ` Konstantin Kostiuk 2024-03-14 10:27 ` Yao, Jiewen 2024-03-14 10:24 ` [edk2-devel] [PATCH 2/2] OvmfPkg: Add VirtHstiDxe to OVMF firmware build Konstantin Kostiuk 1 sibling, 1 reply; 7+ messages in thread From: Konstantin Kostiuk @ 2024-03-14 10:24 UTC (permalink / raw) To: devel; +Cc: Yan Vugenfirer, Ard Biesheuvel, Jiewen Yao, Gerd Hoffmann The driver provides empty HSTI table. Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com> --- OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 +++++++++++++++++++++++++++++ OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 ++++++++++++++++++++++++ 2 files changed, 139 insertions(+) create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c new file mode 100644 index 0000000000..b9ed189f33 --- /dev/null +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c @@ -0,0 +1,75 @@ +/** @file + This file contains DXE driver for publishing empty HSTI table + +Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2024, Red Hat. Inc + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiLib.h> +#include <IndustryStandard/Hsti.h> +#include <Library/HstiLib.h> + +#define HSTI_PLATFORM_NAME L"Intel(R) 9-Series v1" +#define HSTI_SECURITY_FEATURE_SIZE 1 + +ADAPTER_INFO_PLATFORM_SECURITY mHstiBase = { + PLATFORM_SECURITY_VERSION_VNEXTCS, + PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE, + { HSTI_PLATFORM_NAME }, + HSTI_SECURITY_FEATURE_SIZE, +}; + +/** + The driver's entry point. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. +**/ +EFI_STATUS +EFIAPI +VirtHstiDxeEntrypoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // Allocate memory for HSTI struct + // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays + // UINT8 SecurityFeaturesRequired[]; + // UINT8 SecurityFeaturesImplemented[]; + // UINT8 SecurityFeaturesVerified[]; + // sizeof (CHAR16) is for the NULL terminator of ErrorString + // CHAR16 ErrorString[] + UINTN HstiSize = sizeof (ADAPTER_INFO_PLATFORM_SECURITY) + + 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE + + sizeof (CHAR16); + VOID *HstiStruct = AllocateZeroPool (HstiSize); + + if (HstiStruct == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (HstiStruct, &mHstiBase, sizeof (ADAPTER_INFO_PLATFORM_SECURITY)); + + Status = HstiLibSetTable (HstiStruct, HstiSize); + if (EFI_ERROR (Status)) { + if (Status != EFI_ALREADY_STARTED) { + ASSERT_EFI_ERROR (Status); + } + } + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf new file mode 100644 index 0000000000..270aa60026 --- /dev/null +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf @@ -0,0 +1,64 @@ +## @file +# Component description file for Virt Hsti Driver +# +# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation.<BR> +# Copyright (c) 2024, Red Hat. Inc +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = VirtHstiDxe + FILE_GUID = 60740CF3-D428-4500-80E6-04A5798241ED + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = VirtHstiDxeEntrypoint + +################################################################################ +# +# Sources Section - list of files that are required for the build to succeed. +# +################################################################################ + +[Sources] + VirtHstiDxe.c + +################################################################################ +# +# Package Dependency Section - list of Package files that are required for +# this module. +# +################################################################################ + +[Packages] + MdePkg/MdePkg.dec + +################################################################################ +# +# Library Class Section - list of Library Classes that are required for +# this module. +# +################################################################################ + +[LibraryClasses] + UefiDriverEntryPoint + UefiLib + BaseLib + BaseMemoryLib + MemoryAllocationLib + DebugLib + HstiLib + UefiBootServicesTableLib + +################################################################################ +# +# Protocol C Name Section - list of Protocol and Protocol Notify C Names +# that this module uses or produces. +# +################################################################################ + +[Depex] + TRUE -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116858): https://edk2.groups.io/g/devel/message/116858 Mute This Topic: https://groups.io/mt/105014743/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver 2024-03-14 10:24 ` [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver Konstantin Kostiuk @ 2024-03-14 10:27 ` Yao, Jiewen 2024-03-14 11:43 ` Konstantin Kostiuk 0 siblings, 1 reply; 7+ messages in thread From: Yao, Jiewen @ 2024-03-14 10:27 UTC (permalink / raw) To: Konstantin Kostiuk, devel@edk2.groups.io Cc: Yan Vugenfirer, Ard Biesheuvel, Gerd Hoffmann Question: What is the value to provide an *empty* HSTI table? IMHO, If the goal is to perform some security check, I think we need provide a *real* HSTI table. Thank you Yao, Jiewen > -----Original Message----- > From: Konstantin Kostiuk <kkostiuk@redhat.com> > Sent: Thursday, March 14, 2024 6:25 PM > To: devel@edk2.groups.io > Cc: Yan Vugenfirer <yvugenfi@redhat.com>; Ard Biesheuvel > <ardb+tianocore@kernel.org>; Yao, Jiewen <jiewen.yao@intel.com>; Gerd > Hoffmann <kraxel@redhat.com> > Subject: [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver > > The driver provides empty HSTI table. > > Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com> > --- > OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 +++++++++++++++++++++++++++++ > OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 ++++++++++++++++++++++++ > 2 files changed, 139 insertions(+) > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > new file mode 100644 > index 0000000000..b9ed189f33 > --- /dev/null > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > @@ -0,0 +1,75 @@ > +/** @file > > + This file contains DXE driver for publishing empty HSTI table > > + > > +Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> > > +Copyright (c) 2024, Red Hat. Inc > > + > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include <PiDxe.h> > > +#include <Library/BaseLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/MemoryAllocationLib.h> > > +#include <Library/UefiBootServicesTableLib.h> > > +#include <Library/UefiLib.h> > > +#include <IndustryStandard/Hsti.h> > > +#include <Library/HstiLib.h> > > + > > +#define HSTI_PLATFORM_NAME L"Intel(R) 9-Series v1" > > +#define HSTI_SECURITY_FEATURE_SIZE 1 > > + > > +ADAPTER_INFO_PLATFORM_SECURITY mHstiBase = { > > + PLATFORM_SECURITY_VERSION_VNEXTCS, > > + PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE, > > + { HSTI_PLATFORM_NAME }, > > + HSTI_SECURITY_FEATURE_SIZE, > > +}; > > + > > +/** > > + The driver's entry point. > > + > > + @param[in] ImageHandle The firmware allocated handle for the EFI image. > > + @param[in] SystemTable A pointer to the EFI System Table. > > + > > + @retval EFI_SUCCESS The entry point is executed successfully. > > + @retval other Some error occurs when executing this entry point. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +VirtHstiDxeEntrypoint ( > > + IN EFI_HANDLE ImageHandle, > > + IN EFI_SYSTEM_TABLE *SystemTable > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + // Allocate memory for HSTI struct > > + // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays > > + // UINT8 SecurityFeaturesRequired[]; > > + // UINT8 SecurityFeaturesImplemented[]; > > + // UINT8 SecurityFeaturesVerified[]; > > + // sizeof (CHAR16) is for the NULL terminator of ErrorString > > + // CHAR16 ErrorString[] > > + UINTN HstiSize = sizeof (ADAPTER_INFO_PLATFORM_SECURITY) + > > + 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE + > > + sizeof (CHAR16); > > + VOID *HstiStruct = AllocateZeroPool (HstiSize); > > + > > + if (HstiStruct == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + CopyMem (HstiStruct, &mHstiBase, sizeof > (ADAPTER_INFO_PLATFORM_SECURITY)); > > + > > + Status = HstiLibSetTable (HstiStruct, HstiSize); > > + if (EFI_ERROR (Status)) { > > + if (Status != EFI_ALREADY_STARTED) { > > + ASSERT_EFI_ERROR (Status); > > + } > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > new file mode 100644 > index 0000000000..270aa60026 > --- /dev/null > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > @@ -0,0 +1,64 @@ > +## @file > > +# Component description file for Virt Hsti Driver > > +# > > +# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> > > +# Copyright (c) Microsoft Corporation.<BR> > > +# Copyright (c) 2024, Red Hat. Inc > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > +# > > +## > > + > > +[Defines] > > + INF_VERSION = 0x00010005 > > + BASE_NAME = VirtHstiDxe > > + FILE_GUID = 60740CF3-D428-4500-80E6-04A5798241ED > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + ENTRY_POINT = VirtHstiDxeEntrypoint > > + > > +################################################################ > ################ > > +# > > +# Sources Section - list of files that are required for the build to succeed. > > +# > > +################################################################ > ################ > > + > > +[Sources] > > + VirtHstiDxe.c > > + > > +################################################################ > ################ > > +# > > +# Package Dependency Section - list of Package files that are required for > > +# this module. > > +# > > +################################################################ > ################ > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + > > +################################################################ > ################ > > +# > > +# Library Class Section - list of Library Classes that are required for > > +# this module. > > +# > > +################################################################ > ################ > > + > > +[LibraryClasses] > > + UefiDriverEntryPoint > > + UefiLib > > + BaseLib > > + BaseMemoryLib > > + MemoryAllocationLib > > + DebugLib > > + HstiLib > > + UefiBootServicesTableLib > > + > > +################################################################ > ################ > > +# > > +# Protocol C Name Section - list of Protocol and Protocol Notify C Names > > +# that this module uses or produces. > > +# > > +################################################################ > ################ > > + > > +[Depex] > > + TRUE > > -- > 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116737): https://edk2.groups.io/g/devel/message/116737 Mute This Topic: https://groups.io/mt/104923813/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver 2024-03-14 10:27 ` Yao, Jiewen @ 2024-03-14 11:43 ` Konstantin Kostiuk 2024-03-14 12:05 ` Yao, Jiewen 0 siblings, 1 reply; 7+ messages in thread From: Konstantin Kostiuk @ 2024-03-14 11:43 UTC (permalink / raw) To: Yao, Jiewen Cc: devel@edk2.groups.io, Yan Vugenfirer, Ard Biesheuvel, Gerd Hoffmann [-- Attachment #1: Type: text/plain, Size: 8019 bytes --] On Thu, Mar 14, 2024 at 12:28 PM Yao, Jiewen <jiewen.yao@intel.com> wrote: > Question: What is the value to provide an *empty* HSTI table? > > IMHO, If the goal is to perform some security check, I think we need > provide a *real* HSTI table. > HSTI is very vendor-specific and depends on features that a vendor supports. Looking at the HSTI spec a lot of the bits don't make sense for virtual machines. Some feature depends on hardware configuration and this check is a dummy in a virtual environment. So, the main goal is to pass Microsoft SVVP with OVMF+QEMU. Best Regards, Konstantin Kostiuk. > > Thank you > Yao, Jiewen > > > -----Original Message----- > > From: Konstantin Kostiuk <kkostiuk@redhat.com> > > Sent: Thursday, March 14, 2024 6:25 PM > > To: devel@edk2.groups.io > > Cc: Yan Vugenfirer <yvugenfi@redhat.com>; Ard Biesheuvel > > <ardb+tianocore@kernel.org>; Yao, Jiewen <jiewen.yao@intel.com>; Gerd > > Hoffmann <kraxel@redhat.com> > > Subject: [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver > > > > The driver provides empty HSTI table. > > > > Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com> > > --- > > OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 +++++++++++++++++++++++++++++ > > OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 ++++++++++++++++++++++++ > > 2 files changed, 139 insertions(+) > > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > new file mode 100644 > > index 0000000000..b9ed189f33 > > --- /dev/null > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > > @@ -0,0 +1,75 @@ > > +/** @file > > > > + This file contains DXE driver for publishing empty HSTI table > > > > + > > > > +Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> > > > > +Copyright (c) 2024, Red Hat. Inc > > > > + > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > +#include <PiDxe.h> > > > > +#include <Library/BaseLib.h> > > > > +#include <Library/DebugLib.h> > > > > +#include <Library/BaseMemoryLib.h> > > > > +#include <Library/MemoryAllocationLib.h> > > > > +#include <Library/UefiBootServicesTableLib.h> > > > > +#include <Library/UefiLib.h> > > > > +#include <IndustryStandard/Hsti.h> > > > > +#include <Library/HstiLib.h> > > > > + > > > > +#define HSTI_PLATFORM_NAME L"Intel(R) 9-Series v1" > > > > +#define HSTI_SECURITY_FEATURE_SIZE 1 > > > > + > > > > +ADAPTER_INFO_PLATFORM_SECURITY mHstiBase = { > > > > + PLATFORM_SECURITY_VERSION_VNEXTCS, > > > > + PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE, > > > > + { HSTI_PLATFORM_NAME }, > > > > + HSTI_SECURITY_FEATURE_SIZE, > > > > +}; > > > > + > > > > +/** > > > > + The driver's entry point. > > > > + > > > > + @param[in] ImageHandle The firmware allocated handle for the EFI > image. > > > > + @param[in] SystemTable A pointer to the EFI System Table. > > > > + > > > > + @retval EFI_SUCCESS The entry point is executed successfully. > > > > + @retval other Some error occurs when executing this entry > point. > > > > +**/ > > > > +EFI_STATUS > > > > +EFIAPI > > > > +VirtHstiDxeEntrypoint ( > > > > + IN EFI_HANDLE ImageHandle, > > > > + IN EFI_SYSTEM_TABLE *SystemTable > > > > + ) > > > > +{ > > > > + EFI_STATUS Status; > > > > + > > > > + // Allocate memory for HSTI struct > > > > + // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays > > > > + // UINT8 SecurityFeaturesRequired[]; > > > > + // UINT8 SecurityFeaturesImplemented[]; > > > > + // UINT8 SecurityFeaturesVerified[]; > > > > + // sizeof (CHAR16) is for the NULL terminator of ErrorString > > > > + // CHAR16 ErrorString[] > > > > + UINTN HstiSize = sizeof (ADAPTER_INFO_PLATFORM_SECURITY) + > > > > + 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE + > > > > + sizeof (CHAR16); > > > > + VOID *HstiStruct = AllocateZeroPool (HstiSize); > > > > + > > > > + if (HstiStruct == NULL) { > > > > + return EFI_OUT_OF_RESOURCES; > > > > + } > > > > + > > > > + CopyMem (HstiStruct, &mHstiBase, sizeof > > (ADAPTER_INFO_PLATFORM_SECURITY)); > > > > + > > > > + Status = HstiLibSetTable (HstiStruct, HstiSize); > > > > + if (EFI_ERROR (Status)) { > > > > + if (Status != EFI_ALREADY_STARTED) { > > > > + ASSERT_EFI_ERROR (Status); > > > > + } > > > > + } > > > > + > > > > + return EFI_SUCCESS; > > > > +} > > > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > new file mode 100644 > > index 0000000000..270aa60026 > > --- /dev/null > > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > @@ -0,0 +1,64 @@ > > +## @file > > > > +# Component description file for Virt Hsti Driver > > > > +# > > > > +# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> > > > > +# Copyright (c) Microsoft Corporation.<BR> > > > > +# Copyright (c) 2024, Red Hat. Inc > > > > +# > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +# > > > > +## > > > > + > > > > +[Defines] > > > > + INF_VERSION = 0x00010005 > > > > + BASE_NAME = VirtHstiDxe > > > > + FILE_GUID = 60740CF3-D428-4500-80E6-04A5798241ED > > > > + MODULE_TYPE = DXE_DRIVER > > > > + VERSION_STRING = 1.0 > > > > + ENTRY_POINT = VirtHstiDxeEntrypoint > > > > + > > > > +################################################################ > > ################ > > > > +# > > > > +# Sources Section - list of files that are required for the build to > succeed. > > > > +# > > > > +################################################################ > > ################ > > > > + > > > > +[Sources] > > > > + VirtHstiDxe.c > > > > + > > > > +################################################################ > > ################ > > > > +# > > > > +# Package Dependency Section - list of Package files that are required > for > > > > +# this module. > > > > +# > > > > +################################################################ > > ################ > > > > + > > > > +[Packages] > > > > + MdePkg/MdePkg.dec > > > > + > > > > +################################################################ > > ################ > > > > +# > > > > +# Library Class Section - list of Library Classes that are required for > > > > +# this module. > > > > +# > > > > +################################################################ > > ################ > > > > + > > > > +[LibraryClasses] > > > > + UefiDriverEntryPoint > > > > + UefiLib > > > > + BaseLib > > > > + BaseMemoryLib > > > > + MemoryAllocationLib > > > > + DebugLib > > > > + HstiLib > > > > + UefiBootServicesTableLib > > > > + > > > > +################################################################ > > ################ > > > > +# > > > > +# Protocol C Name Section - list of Protocol and Protocol Notify C Names > > > > +# that this module uses or produces. > > > > +# > > > > +################################################################ > > ################ > > > > + > > > > +[Depex] > > > > + TRUE > > > > -- > > 2.44.0 > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116860): https://edk2.groups.io/g/devel/message/116860 Mute This Topic: https://groups.io/mt/104923813/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- [-- Attachment #2: Type: text/html, Size: 11588 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver 2024-03-14 11:43 ` Konstantin Kostiuk @ 2024-03-14 12:05 ` Yao, Jiewen 2024-03-15 11:29 ` Gerd Hoffmann 0 siblings, 1 reply; 7+ messages in thread From: Yao, Jiewen @ 2024-03-14 12:05 UTC (permalink / raw) To: Konstantin Kostiuk Cc: devel@edk2.groups.io, Yan Vugenfirer, Ard Biesheuvel, Gerd Hoffmann [-- Attachment #1: Type: text/plain, Size: 9110 bytes --] I agree that not all bits make sense to virtual machine. However, I do see some bits should be there if we really want to add HSTI to report security propery. Please take a look at the HSTI spec - https://learn.microsoft.com/en-us/windows-hardware/test/hlk/testref/hardware-security-testability-specification For example: Do you use RSA 2048 and SHA256 only (or higher but not lower than this) Compatibility Support Modules (CSM) Firmware Code must be present in protected storage Secure firmware update process Do you have backdoors to override SecureBoot Protection from internal and external DMA Another question: I notice you report platform as “Intel(R) 9-Series v1”. Is that right configuration for current OVMF? I think there is some configuration detection, such as https://github.com/tianocore/edk2/blob/master/OvmfPkg/PlatformPei/Platform.c. All in all, I don’t think it is a right way to provide an *empty* one just to pass the SVVP. That totally looses the value to having HSTI in the SVVP program. I recommend we provide a real HSTI based on the OVMF threat model (without and with configuration computing) and current real implementation. Thank you Yao, Jiewen From: Konstantin Kostiuk <kkostiuk@redhat.com> Sent: Thursday, March 14, 2024 7:43 PM To: Yao, Jiewen <jiewen.yao@intel.com> Cc: devel@edk2.groups.io; Yan Vugenfirer <yvugenfi@redhat.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>; Gerd Hoffmann <kraxel@redhat.com> Subject: Re: [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver On Thu, Mar 14, 2024 at 12:28 PM Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> wrote: Question: What is the value to provide an *empty* HSTI table? IMHO, If the goal is to perform some security check, I think we need provide a *real* HSTI table. HSTI is very vendor-specific and depends on features that a vendor supports. Looking at the HSTI spec a lot of the bits don't make sense for virtual machines. Some feature depends on hardware configuration and this check is a dummy in a virtual environment. So, the main goal is to pass Microsoft SVVP with OVMF+QEMU. Best Regards, Konstantin Kostiuk. Thank you Yao, Jiewen > -----Original Message----- > From: Konstantin Kostiuk <kkostiuk@redhat.com<mailto:kkostiuk@redhat.com>> > Sent: Thursday, March 14, 2024 6:25 PM > To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> > Cc: Yan Vugenfirer <yvugenfi@redhat.com<mailto:yvugenfi@redhat.com>>; Ard Biesheuvel > <ardb+tianocore@kernel.org<mailto:ardb%2Btianocore@kernel.org>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Gerd > Hoffmann <kraxel@redhat.com<mailto:kraxel@redhat.com>> > Subject: [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver > > The driver provides empty HSTI table. > > Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com<mailto:kkostiuk@redhat.com>> > --- > OvmfPkg/VirtHstiDxe/VirtHstiDxe.c | 75 +++++++++++++++++++++++++++++ > OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf | 64 ++++++++++++++++++++++++ > 2 files changed, 139 insertions(+) > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > create mode 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > new file mode 100644 > index 0000000000..b9ed189f33 > --- /dev/null > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.c > @@ -0,0 +1,75 @@ > +/** @file > > + This file contains DXE driver for publishing empty HSTI table > > + > > +Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> > > +Copyright (c) 2024, Red Hat. Inc > > + > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include <PiDxe.h> > > +#include <Library/BaseLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/MemoryAllocationLib.h> > > +#include <Library/UefiBootServicesTableLib.h> > > +#include <Library/UefiLib.h> > > +#include <IndustryStandard/Hsti.h> > > +#include <Library/HstiLib.h> > > + > > +#define HSTI_PLATFORM_NAME L"Intel(R) 9-Series v1" > > +#define HSTI_SECURITY_FEATURE_SIZE 1 > > + > > +ADAPTER_INFO_PLATFORM_SECURITY mHstiBase = { > > + PLATFORM_SECURITY_VERSION_VNEXTCS, > > + PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE, > > + { HSTI_PLATFORM_NAME }, > > + HSTI_SECURITY_FEATURE_SIZE, > > +}; > > + > > +/** > > + The driver's entry point. > > + > > + @param[in] ImageHandle The firmware allocated handle for the EFI image. > > + @param[in] SystemTable A pointer to the EFI System Table. > > + > > + @retval EFI_SUCCESS The entry point is executed successfully. > > + @retval other Some error occurs when executing this entry point. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +VirtHstiDxeEntrypoint ( > > + IN EFI_HANDLE ImageHandle, > > + IN EFI_SYSTEM_TABLE *SystemTable > > + ) > > +{ > > + EFI_STATUS Status; > > + > > + // Allocate memory for HSTI struct > > + // 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE is for the 3 arrays > > + // UINT8 SecurityFeaturesRequired[]; > > + // UINT8 SecurityFeaturesImplemented[]; > > + // UINT8 SecurityFeaturesVerified[]; > > + // sizeof (CHAR16) is for the NULL terminator of ErrorString > > + // CHAR16 ErrorString[] > > + UINTN HstiSize = sizeof (ADAPTER_INFO_PLATFORM_SECURITY) + > > + 3 * sizeof (UINT8) * HSTI_SECURITY_FEATURE_SIZE + > > + sizeof (CHAR16); > > + VOID *HstiStruct = AllocateZeroPool (HstiSize); > > + > > + if (HstiStruct == NULL) { > > + return EFI_OUT_OF_RESOURCES; > > + } > > + > > + CopyMem (HstiStruct, &mHstiBase, sizeof > (ADAPTER_INFO_PLATFORM_SECURITY)); > > + > > + Status = HstiLibSetTable (HstiStruct, HstiSize); > > + if (EFI_ERROR (Status)) { > > + if (Status != EFI_ALREADY_STARTED) { > > + ASSERT_EFI_ERROR (Status); > > + } > > + } > > + > > + return EFI_SUCCESS; > > +} > > diff --git a/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > new file mode 100644 > index 0000000000..270aa60026 > --- /dev/null > +++ b/OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf > @@ -0,0 +1,64 @@ > +## @file > > +# Component description file for Virt Hsti Driver > > +# > > +# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> > > +# Copyright (c) Microsoft Corporation.<BR> > > +# Copyright (c) 2024, Red Hat. Inc > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > +# > > +## > > + > > +[Defines] > > + INF_VERSION = 0x00010005 > > + BASE_NAME = VirtHstiDxe > > + FILE_GUID = 60740CF3-D428-4500-80E6-04A5798241ED > > + MODULE_TYPE = DXE_DRIVER > > + VERSION_STRING = 1.0 > > + ENTRY_POINT = VirtHstiDxeEntrypoint > > + > > +################################################################ > ################ > > +# > > +# Sources Section - list of files that are required for the build to succeed. > > +# > > +################################################################ > ################ > > + > > +[Sources] > > + VirtHstiDxe.c > > + > > +################################################################ > ################ > > +# > > +# Package Dependency Section - list of Package files that are required for > > +# this module. > > +# > > +################################################################ > ################ > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + > > +################################################################ > ################ > > +# > > +# Library Class Section - list of Library Classes that are required for > > +# this module. > > +# > > +################################################################ > ################ > > + > > +[LibraryClasses] > > + UefiDriverEntryPoint > > + UefiLib > > + BaseLib > > + BaseMemoryLib > > + MemoryAllocationLib > > + DebugLib > > + HstiLib > > + UefiBootServicesTableLib > > + > > +################################################################ > ################ > > +# > > +# Protocol C Name Section - list of Protocol and Protocol Notify C Names > > +# that this module uses or produces. > > +# > > +################################################################ > ################ > > + > > +[Depex] > > + TRUE > > -- > 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116750): https://edk2.groups.io/g/devel/message/116750 Mute This Topic: https://groups.io/mt/104923813/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- [-- Attachment #2: Type: text/html, Size: 17792 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver 2024-03-14 12:05 ` Yao, Jiewen @ 2024-03-15 11:29 ` Gerd Hoffmann 0 siblings, 0 replies; 7+ messages in thread From: Gerd Hoffmann @ 2024-03-15 11:29 UTC (permalink / raw) To: devel, jiewen.yao; +Cc: Konstantin Kostiuk, Yan Vugenfirer, Ard Biesheuvel On Thu, Mar 14, 2024 at 12:05:28PM +0000, Yao, Jiewen wrote: > I agree that not all bits make sense to virtual machine. > However, I do see some bits should be there if we really want to add HSTI to report security propery. Setting the bits which are obviously correct makes sense indeed. > Please take a look at the HSTI spec - https://learn.microsoft.com/en-us/windows-hardware/test/hlk/testref/hardware-security-testability-specification > For example: > Do you use RSA 2048 and SHA256 only (or higher but not lower than this) Hmm. That single line (and the spec doesn't have more) is not very helpful. Consider this corner case: The virtual TPM supported by qemu has banks for sha1, sha256, sha384 and sha512. The default configuration created by libvirt enables only the sha256 bank. But it's possible to go into the firmware setup and turn on the sha1 bank too. How should the HSTI driver handle that? > Compatibility Support Modules (CSM) That one is easy, CSM support is gone, we can set it. > Firmware Code must be present in protected storage Typically this is the case (ROM or read-only flash), although qemu does not enforce that the code flash is actually read-only, it can be configured in writable mode. Hmm. > Secure firmware update process IMHO doesn't apply to virtual machines. Firmware updates are usually handled by updating the images on the host machine, that is very different from a physical machine. All the questions about key handling do not make any sense. > Do you have backdoors to override SecureBoot No (you can only turn it off altogether). I think we can set this (in secure boot enabled builds). Use "FeaturePcdGet (PcdSecureBootSupported)" to figure whenever a given build supports secure boot or not. > Protection from internal and external DMA I don't think qemu supports DMA access to NV (aka flash) storage. Is that good enough to set that bit? > Another question: I notice you report platform as “Intel(R) 9-Series v1”. > Is that right configuration for current OVMF? Probably refers to q35 (aka INTEL_Q35_MCH_DEVICE_ID). > I think there is some configuration detection, such as https://github.com/tianocore/edk2/blob/master/OvmfPkg/PlatformPei/Platform.c. Looking at PlatformInfoHob->HostBridgeDevId and setting the name accordingly makes sense indeed. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116813): https://edk2.groups.io/g/devel/message/116813 Mute This Topic: https://groups.io/mt/104923813/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply [flat|nested] 7+ messages in thread
* [edk2-devel] [PATCH 2/2] OvmfPkg: Add VirtHstiDxe to OVMF firmware build 2024-03-14 10:24 [edk2-devel] [PATCH 0/2] OvmfPkg: Implement minimal HSTI driver Konstantin Kostiuk 2024-03-14 10:24 ` [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver Konstantin Kostiuk @ 2024-03-14 10:24 ` Konstantin Kostiuk 1 sibling, 0 replies; 7+ messages in thread From: Konstantin Kostiuk @ 2024-03-14 10:24 UTC (permalink / raw) To: devel; +Cc: Yan Vugenfirer, Ard Biesheuvel, Jiewen Yao, Gerd Hoffmann Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com> --- OvmfPkg/OvmfPkgIa32.dsc | 2 ++ OvmfPkg/OvmfPkgIa32.fdf | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgIa32X64.fdf | 1 + OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.fdf | 1 + 6 files changed, 9 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 28379961a7..371c0b63fe 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -188,6 +188,7 @@ PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf + HstiLib|MdePkg/Library/DxeHstiLib/DxeHstiLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -830,6 +831,7 @@ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf # # ISA Support diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index 501b4de469..3fdf4c807f 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -325,6 +325,7 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf +INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf !if $(SMM_REQUIRE) == TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 5e9eee628a..46fb925025 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -193,6 +193,7 @@ PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf + HstiLib|MdePkg/Library/DxeHstiLib/DxeHstiLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf !endif @@ -844,6 +845,7 @@ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf # # ISA Support diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index 74cfb58f06..8f01f9b06a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -332,6 +332,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf +INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf !if $(SMM_REQUIRE) == TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index bf4c7906c4..cbdc07fc4d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -205,6 +205,7 @@ PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf + HstiLib|MdePkg/Library/DxeHstiLib/DxeHstiLib.inf !if $(SMM_REQUIRE) == FALSE LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf @@ -912,6 +913,7 @@ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf # # ISA Support diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index f47ab1727e..206739a029 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -359,6 +359,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf +INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf !if $(SMM_REQUIRE) == TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf -- 2.44.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116859): https://edk2.groups.io/g/devel/message/116859 Mute This Topic: https://groups.io/mt/105014745/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=- ^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-03-18 23:17 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-03-14 10:24 [edk2-devel] [PATCH 0/2] OvmfPkg: Implement minimal HSTI driver Konstantin Kostiuk 2024-03-14 10:24 ` [edk2-devel] [PATCH 1/2] OvmfPkg: Add VirtHstiDxe driver Konstantin Kostiuk 2024-03-14 10:27 ` Yao, Jiewen 2024-03-14 11:43 ` Konstantin Kostiuk 2024-03-14 12:05 ` Yao, Jiewen 2024-03-15 11:29 ` Gerd Hoffmann 2024-03-14 10:24 ` [edk2-devel] [PATCH 2/2] OvmfPkg: Add VirtHstiDxe to OVMF firmware build Konstantin Kostiuk
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox