For 2) this is very unfortunate. I think the root cause is for those of us who work on x86 hardware day to day we get programed that SEC/PEI is IA32 and DXE is X64, and this can lead to some unfortunate coding outcomes.
I'm guessing this code probably got ported from the DXE CPU driver or some other place that had no XIP assumptions. One option vs. patching is putting the relocations in the .data section. The only issue with that could be the need to align sections on page boundaries and that may take up too much space in XIP code. Perhaps we could only require the .data section relocations for XCODE, and map them to .text for the other toolchain?
Thanks,
Andrew Fish
On 10/11/19 01:17, Lendacky, Thomas wrote:On 10/3/19 10:12 AM, Tom Lendacky wrote:
On 10/3/19 5:32 AM, Laszlo Ersek wrote:
On 10/03/19 12:12, Laszlo Ersek wrote:
UINT32 ApEntryPoint;
EFI_GUID SevEsFooterGuid;
UINT16 Size;
It's probably better to reverse the order of "Size" and
"SevEsFooterGuid", like this:
UINT32 ApEntryPoint;
UINT16 Size;
EFI_GUID SevEsFooterGuid;
because then even the "Size" field can be changed (or resized), as a
function of the footer GUID.
Cool, I'll look into doing this and see how it works out.
Just an update on this idea. This has worked out well, but has a couple of
caveats. Removing the Qemu change to make the flash mapped read-only in
the nested page tables, caused the following:
1. QemuFlashDetected() will attempt to detect how the flash memory device
behaves. Because it is marked as read-only by the hypervisor, writing
to the area results in a #NPF for the write-fault. With SEV-ES,
emulation of the instruction can't be performed (can't read guest
memory and not provided the faulting instruction bytes), so the vCPU is
just restarted. This results in an infinite #NPF occurring.
The solution here was to check for SEV-ES being enabled and just return
false from QemuFlashDetected(). Any downfalls to doing that?
Short-circuiting QemuFlashDetected() on SEV-ES seems appropriate.However, I don't understand why you return FALSE in that case. Youshould return TRUE. If QemuFlashDetected() returns FALSE, then the UEFIvariable store will not be backed by the real pflash chip, it will beemulated with an \NvVars file on the EFI system partition. Thatemulation should really not be used nowadays.So IMO the right approach here is:- declare that SEV-ES only targets the "two pflash chips" setup- return TRUE from QemuFlashDetected() when SEV-ES is on.
2. Commit 2db0ccc2d7fe ("UefiCpuPkg: Update CpuExceptionHandlerLib pass
XCODE5 tool chain") causes a similar situation to #1. It attempts to do
some address fixups and write to the flash device.
That's... stunning.Commit 2db0ccc2d7fe changes the file UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasmsuch that it does in-place binary patching.This source file is referenced from: UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.infas well. Note "SecPei".That makes the commit buggy, to my eyes, regardless of SEV-ES. Because:The binary patching appears to occur in the SEC phase as well, i.e. at atime when the exception handler is located in flash. That's incorrect onphysical hardware too.Upon re-reading <https://bugzilla.tianocore.org/show_bug.cgi?id=849>,this commit worked around an XCODE toolchain bug.Unfortunately, the workaround is not suitable for the SEC phase. (Alsonot suitable for the PEI phase, for such PEIMs that still execute fromflash.)Please open a new bug for UefiCpuPkg in the TianoCore Bugzilla,reference BZ#849 in the See Also field, and please also make the new bugblock BZ#2198.(I'll comment on this issue in a different thread too; I'll CC you on it.) Reverting that commit fixes the issue. I don't think that will be an
acceptable solution, though, so need to think about what to do here.
After those two changes, the above method works well.
I'm happy to hear!Thanks,Laszlo