From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mx.groups.io with SMTP id smtpd.web12.9335.1652187068864256248 for ; Tue, 10 May 2022 05:51:13 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=ZCFmi614; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: sebastien.boeuf@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652187073; x=1683723073; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=MoFkBCj7GD1Tk7rQjYejWIapKW5VAsxkcjMLBzcwUkY=; b=ZCFmi614LAq1zZQHAdLSKZ6FI2MOeMf9FmcAqM+PVQitTtfK0RWUCoQu /GKjb6O7jgc2vZ+UdXaFHZ0sg2cuPlLIDQ0b0puC7mTPkwMb25G2ETw/C MreKnnmsJzLNO1ByIIoi7HlBEK31Zcwnow3/XiY4JEWBekTI570mwYn/J QibwYcgHKCPrAjI3BMaL8KljTQcX3JYd4yHkV+EKn0bVE4hTqI+XRM+Hy UbF4M83kbPXrvxEUszGcVhI8ZKBzZXO8fF7xMORSMKucKli8qJ/R1cL3z I3g50I4RUlLvbJLbiUel58inZJy0J+2GADPpf5YlmjwatwwiSbVIIubfg g==; X-IronPort-AV: E=McAfee;i="6400,9594,10342"; a="269499096" X-IronPort-AV: E=Sophos;i="5.91,214,1647327600"; d="scan'208";a="269499096" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 05:51:12 -0700 X-IronPort-AV: E=Sophos;i="5.91,214,1647327600"; d="scan'208";a="593493431" Received: from amrutaya-mobl1.gar.corp.intel.com (HELO sboeuf-mobl.intel.com) ([10.251.220.13]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2022 05:51:11 -0700 From: "Boeuf, Sebastien" To: devel@edk2.groups.io Cc: jiewen.yao@intel.com, jordan.l.justen@intel.com, kraxel@redhat.com, sebastien.boeuf@intel.com Subject: [PATCH 1/4] OvmfPkg: CloudHv: Fix FW_BASE_ADDRESS Date: Tue, 10 May 2022 14:50:43 +0200 Message-Id: <6568b41858f6d8259286dd4b5400d9ddcf80a9ea.1652186234.git.sebastien.boeuf@intel.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: Sebastien Boeuf The FW_BASE_ADDRESS value provided by OvmfPkgDefines.fdf.inc is incorrect for the CloudHv target. We know the generated firmware contains a PVH ELF header, meaning it will be loaded according to the address provided through this header. And since we know this address isn't going to change as it's part of CloudHvElfHeader.fdf.inc, we can hardcode it through a new include file CloudHvDefines.fdf.inc, which replaces the generic one OvmfPkgDefines.fdf.inc. With this change, we prevent the firmware from accessing MMIO addresses from the address range 0xffc00000-0xffffffff since we know the firmware hasn't been loaded on this address range. Signed-off-by: Sebastien Boeuf --- OvmfPkg/CloudHv/CloudHvDefines.fdf.inc | 65 ++++++++++++++++++++++++++ OvmfPkg/CloudHv/CloudHvX64.fdf | 2 +- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 OvmfPkg/CloudHv/CloudHvDefines.fdf.inc diff --git a/OvmfPkg/CloudHv/CloudHvDefines.fdf.inc b/OvmfPkg/CloudHv/Cloud= HvDefines.fdf.inc new file mode 100644 index 0000000000..2198cbcd87 --- /dev/null +++ b/OvmfPkg/CloudHv/CloudHvDefines.fdf.inc @@ -0,0 +1,65 @@ +## @file +# FDF include file that defines the main macros and sets the dependent PC= Ds. +# +# Copyright (C) 2014, Red Hat, Inc. +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +DEFINE BLOCK_SIZE =3D 0x1000 +DEFINE VARS_OFFSET =3D 0 + +DEFINE VARS_SIZE =3D 0x84000 +DEFINE VARS_BLOCKS =3D 0x84 +DEFINE VARS_LIVE_SIZE =3D 0x40000 +DEFINE VARS_SPARE_SIZE =3D 0x42000 + +DEFINE FW_BASE_ADDRESS =3D 0x004FFFD0 +DEFINE FW_SIZE =3D 0x00400000 +DEFINE FW_BLOCKS =3D 0x400 +DEFINE CODE_BASE_ADDRESS =3D 0x00583FD0 +DEFINE CODE_SIZE =3D 0x0037C000 +DEFINE CODE_BLOCKS =3D 0x37C +DEFINE FVMAIN_SIZE =3D 0x00348000 +DEFINE SECFV_OFFSET =3D 0x003CC000 +DEFINE SECFV_SIZE =3D 0x34000 + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress =3D $(FW_BASE_ADDR= ESS) +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareFdSize =3D $(FW_SIZE) +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFirmwareBlockSize =3D $(BLOCK_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase =3D $(FW_= BASE_ADDRESS) +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize =3D $(VAR= S_LIVE_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogBase =3D gUefi= OvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase + gEfiMdeModulePkgT= okenSpaceGuid.PcdFlashNvStorageVariableSize +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogSize =3D $(BLO= CK_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageEventLogBase + gUefiOvmfPkgTok= enSpaceGuid.PcdOvmfFlashNvStorageEventLogSize +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize =3D $(B= LOCK_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase =3D gUefi= OvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase + gEfiMdeModulePk= gTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize =3D $(VAR= S_SPARE_SIZE) + +# The OVMF WorkArea contains a fixed size header followed by the actual da= ta. +# The size of header is accessed through a fixed PCD in the reset vector c= ode. +# The value need to be kept in sync with the any changes to the Confidenti= al +# Computing Work Area header defined in the Include/WorkArea.h +SET gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader = =3D 4 + +SET gUefiOvmfPkgTokenSpaceGuid.PcdCfvBase =3D $(FW_BASE_ADDRESS) +SET gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataOffset =3D $(VARS_OFFSET) +SET gUefiOvmfPkgTokenSpaceGuid.PcdCfvRawDataSize =3D $(VARS_SIZE) + +SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvBase =3D $(CODE_BASE_ADDRES= S) +SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataOffset =3D $(VARS_SIZE) +SET gUefiOvmfPkgTokenSpaceGuid.PcdBfvRawDataSize =3D $(CODE_SIZE) + +!if $(SMM_REQUIRE) =3D=3D TRUE +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwWorkingBase +SET gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase =3D gUe= fiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageFtwSpareBase +!endif + +DEFINE MEMFD_BASE_ADDRESS =3D 0x800000 diff --git a/OvmfPkg/CloudHv/CloudHvX64.fdf b/OvmfPkg/CloudHv/CloudHvX64.fdf index de64a3a709..a41a553693 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.fdf +++ b/OvmfPkg/CloudHv/CloudHvX64.fdf @@ -11,7 +11,7 @@ ##########################################################################= ###### = [Defines] -!include OvmfPkg/OvmfPkgDefines.fdf.inc +!include CloudHvDefines.fdf.inc = # # This will allow the flash device image to be recognize as an ELF, with f= irst -- = 2.32.0 --------------------------------------------------------------------- Intel Corporation SAS (French simplified joint stock company) Registered headquarters: "Les Montalets"- 2, rue de Paris, = 92196 Meudon Cedex, France Registration Number: 302 456 199 R.C.S. NANTERRE Capital: 5 208 026.16 Euros This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.