From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f47.google.com (mail-lf1-f47.google.com [209.85.167.47]) by mx.groups.io with SMTP id smtpd.web11.3420.1614753361302331907 for ; Tue, 02 Mar 2021 22:36:01 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=LrqwssAI; spf=pass (domain: linaro.org, ip: 209.85.167.47, mailfrom: masahisa.kojima@linaro.org) Received: by mail-lf1-f47.google.com with SMTP id e7so35381968lft.2 for ; Tue, 02 Mar 2021 22:36:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=p8JtGf4EJsMQURC47O6wFgVhHemfcmskrzD9VtduouA=; b=LrqwssAIfJ/foA4TFaECf+1UZ+1o9thXvtxqPiTSs1BxA56ZAjiH8cMJT3dglp82Ob +sjpnWKf5LaHKjPlYoYJkZ04/gwJVuGLF9h/z9sZeWXGo0p2U7BXsX3rNnHdTQQsqZbG mbTQP0BEE4EauI/JLK5HMAbUEhUkQ6bOq7Rb+tZQgt/o3zhT2GtIUDstFR4w9K71Wl6M dfMSYaLRwB9TwYOjP3Yl2qPReTZymD4mwSlOZmq6nDwkHfn0JDk7vmAuONsHB3nMLxS0 Z4EaF9bAQ5sZZZTEedM9JlC3ewYQO39KHcpmaLslB2Pt28eJni0AwOZ7/6Y3HWYSMrfP qZXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=p8JtGf4EJsMQURC47O6wFgVhHemfcmskrzD9VtduouA=; b=EhRZG29am9syvnzCEGIo0uuo7QkTrdNSWkBX2nZaxxRzgrPy1gtrC86q4aSxT/FQug c6OdJjZ1gwY/NCjJgL591XYYzp9+2xfja5goPEzErHuKL1GANUxQrukTwu9LUWb07LXz zJ61FejoZLxCcdbBTWIjmL4MTnKZhw51EWqfirD+pg5kSWVMYugvXKmyFRo21DWAGBxa vDBbdbq3PODF5unv/HQ1slcKiYf6JaShnR/jfFB3/bptHfOBEbLFt1AyE8ZGsHBImgVL J+r4tSwRjQo+IUEGSFiF4r4zrcN8t2n3T3pAiz0U6NzpdbQm8XOiOIn9iysF4twL7yKi K85w== X-Gm-Message-State: AOAM530KXF0aH6l7V/ejOLJUQD4424maMgEJdBp5MtfJAfWuMNz+9RLq 2s9VOn51Ix7HuQpTSxboUSRjZN0fjXGO5HaltNuDYw== X-Google-Smtp-Source: ABdhPJxHH9kQsRdW5jrepUJTo7gdbNNj0fzRV+OH9OVhLD0o/mA7XuCLjBGOsxwr5L1T+DknOO9uHK/e40M5P1kpYFU= X-Received: by 2002:ac2:5ded:: with SMTP id z13mr9893753lfq.367.1614753359030; Tue, 02 Mar 2021 22:35:59 -0800 (PST) MIME-Version: 1.0 References: <20210301051952.29091-1-masahisa.kojima@linaro.org> <20210301051952.29091-3-masahisa.kojima@linaro.org> <20210301172216.GU1664@vanye> In-Reply-To: <20210301172216.GU1664@vanye> From: "Masahisa Kojima" Date: Wed, 3 Mar 2021 15:35:47 +0900 Message-ID: Subject: Re: [PATCH edk2-platforms v2 2/4] SbsaQemu: add MM based UEFI secure boot support To: Leif Lindholm Cc: edk2-devel-groups-io , Ard Biesheuvel , Graeme Gregory , Radoslaw Biernacki , Shashi Mallela Content-Type: text/plain; charset="UTF-8" On Tue, 2 Mar 2021 at 02:22, Leif Lindholm wrote: > > On Mon, Mar 01, 2021 at 14:19:50 +0900, Masahisa Kojima wrote: > > This implements support for UEFI secure boot on SbsaQemu using > > the standalone MM framework. This moves all of the software handling > > of the UEFI authenticated variable store into the standalone MM > > context residing in a secure partition. > > > > Secure variable storage is located at 0x01000000 in secure NOR Flash. > > > > Non-secure shared memory between UEFI and standalone MM > > is allocated at the top of DRAM. > > DRAM size of SbsaQemu varies depends on the QEMU parameter, > > the non-secure shared memory base address is passed from > > trusted-firmware through the device tree "/reserved-memory" node. > > > > Signed-off-by: Masahisa Kojima > > --- > > Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 43 +++++++--- > > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 39 +++++++++ > > Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 +++++++++++++++++-- > > .../Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +- > > .../Library/SbsaQemuLib/SbsaQemuLib.inf | 2 + > > .../Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++- > > 6 files changed, 190 insertions(+), 20 deletions(-) > > > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc > > index c1f8a4696560..a75116ee70fc 100644 > > --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc > > @@ -28,6 +28,8 @@ [Defines] > > > > DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F > > > > + DEFINE SECURE_BOOT_ENABLE = FALSE > > + > > # > > # Network definition > > # > > @@ -152,12 +154,10 @@ [LibraryClasses.common] > > # Secure Boot dependencies > > # > > TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > > - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > > > > # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree > > PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf > > > > - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > > VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf > > > > @@ -171,6 +171,7 @@ [LibraryClasses.common] > > ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf > > > > TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf > > + > > This blank line is added for no apparent reason. > > > NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf > > > > CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf > > @@ -300,6 +301,8 @@ [PcdsFeatureFlag.common] > > gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE > > gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE > > > > + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE > > + > > [PcdsFixedAtBuild.common] > > gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000 > > gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000 > > @@ -551,6 +554,9 @@ [PcdsDynamicDefault.common] > > gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisAssetTag|L"AT0000" > > gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdChassisSKU|L"SK0000" > > > > + gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000 > > + gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000 > > + > > ################################################################################ > > # > > # Components Section - list of all EDK II Modules needed by this Platform > > @@ -604,7 +610,6 @@ [Components.common] > > ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf > > ArmPkg/Drivers/CpuPei/CpuPei.inf > > > > - > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf { > > > > NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf > > @@ -628,24 +633,40 @@ [Components.common] > > # > > ArmPkg/Drivers/CpuDxe/CpuDxe.inf > > MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf > > - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { > > - > > - NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf > > - # don't use unaligned CopyMem () on the UEFI varstore NOR flash region > > - BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf > > - } > > MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > > > > +!if $(SECURE_BOOT_ENABLE) == TRUE > > NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > > +!endif > > } > > - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf > > MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > > - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > > MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf > > MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf > > EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf > > EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf > > > > + # > > + # Variable services > > + # > > +!if $(SECURE_BOOT_ENABLE) == FALSE > > + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > > + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { > > + > > + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf > > + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf > > + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region > > + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf > > Would this diff be neater if this if statement moved up to the > original location of the > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { > stanza? > > > + } > > +!else > > + ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf { > > + > > + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf > > + } > > + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf > > + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf > > +!endif > > + > > MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf > > MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf > > MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc > > index 87f5ee351eaa..b80379acd1ad 100644 > > --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc > > @@ -77,6 +77,18 @@ [LibraryClasses.common.MM_STANDALONE] > > HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf > > MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf > > MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf > > + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > > + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > > + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > > + NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf > > + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > > + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf > > + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf > > + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf > > + TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf > > + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf > > + ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf > > > > ################################################################################ > > # > > @@ -94,6 +106,20 @@ [PcdsFixedAtBuild] > > > > gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2 > > > > + gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000 > > + gArmTokenSpaceGuid.PcdFdSize|0x000C0000 > > + > > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 > > + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE > > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 > > + > > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000 > > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000 > > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000 > > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000 > > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000 > > + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000 > > + > > ################################################################################################### > > # > > # Components Section - list of the modules and components that will be processed by compilation > > @@ -118,6 +144,19 @@ [Components.common] > > # > > StandaloneMmPkg/Core/StandaloneMmCore.inf > > StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf > > + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf > > + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf > > + > > + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf { > > + > > + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf > > + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf > > + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf > > + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region > > + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf > > + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > > + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf > > + } > > > > ################################################################################################### > > # > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf > > index b61ae1891233..a46a47063ccc 100644 > > --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf > > @@ -21,10 +21,10 @@ > > > > [FD.SBSA_FLASH0] > > BaseAddress = 0x00000000 > > -Size = 0x00400000 > > +Size = 0x01100000 > > ErasePolarity = 1 > > BlockSize = 0x00001000 > > -NumBlocks = 0x400 > > +NumBlocks = 0x1100 > > > > ################################################################################ > > # > > @@ -50,6 +50,66 @@ [FD.SBSA_FLASH0] > > 0x00008000|0x00300000 > > FILE = Platform/Qemu/Sbsa/fip.bin > > > > +!if $(SECURE_BOOT_ENABLE) > > +## Place for Secure Variables. > > +# Must be aligned to Flash Block size 0x40000 > > +0x01000000|0x00040000 > > +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize > > +#NV_VARIABLE_STORE > > +DATA = { > > + ## This is the EFI_FIRMWARE_VOLUME_HEADER > > + # ZeroVector [] > > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > > + # FileSystemGuid: gEfiSystemNvDataFvGuid = > > + # { 0xFFF12B8D, 0x7696, 0x4C8B, > > + # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }} > > + 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C, > > + 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50, > > + # FvLength: 0xC0000 > > + 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, > > + # Signature "_FVH" # Attributes > > + 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00, > > + # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision > > + 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02, > > + # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block > > + 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, > > + # Blockmap[1]: End > > + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > > + ## This is the VARIABLE_STORE_HEADER > > + # It is compatible with SECURE_BOOT_ENABLE == FALSE as well. > > + # Signature: gEfiAuthenticatedVariableGuid = > > + # { 0xaaf32c78, 0x947b, 0x439a, > > + # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }} > > + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, > > + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, > > + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - > > + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8 > > + # This can speed up the Variable Dispatch a bit. > > + 0xB8, 0xFF, 0x03, 0x00, > > + # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32 > > + 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 > > +} > > + > > +0x01040000|0x00040000 > > +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize > > +#NV_FTW_WORKING > > +DATA = { > > + # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid = > > + # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }} > > + 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49, > > + 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95, > > + # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved > > + 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF, > > + # WriteQueueSize: UINT64 > > + 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00 > > +} > > + > > +0x01080000|0x00040000 > > +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize > > +#NV_FTW_SPARE > > +!endif > > + > > ################################################################################ > > # > > # FD Section for FLASH1 > > @@ -169,15 +229,25 @@ [FV.FvMain] > > INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf > > INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf > > INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > > - INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > > - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > > - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf > > INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf > > INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf > > INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf > > INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf > > INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf > > > > + # > > + # Variable services > > + # > > +!if $(SECURE_BOOT_ENABLE) == FALSE > > + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf > > + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > > + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > > +!else > > + INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf > > + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf > > + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf > > +!endif > > + > > # > > # Multiple Console IO support > > # > > @@ -189,7 +259,6 @@ [FV.FvMain] > > > > INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf > > INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf > > - INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf > > INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf > > > > # > > @@ -294,6 +363,7 @@ [FV.FVMAIN_COMPACT] > > INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf > > INF ArmPkg/Drivers/CpuPei/CpuPei.inf > > INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf > > + > > Another spuriously added blank line. > > > INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > > > > # IDE/AHCI Support > > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf > > index a1acefcfb0a7..dbe1555c68f2 100644 > > --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf > > +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf > > @@ -19,8 +19,8 @@ > > ################################################################################ > > > > [FD.STANDALONE_MM] > > -BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress > > -Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB). > > +BaseAddress = 0x20002000 > > +Size = 0x00e00000 > > ErasePolarity = 1 > > > > BlockSize = 0x00001000 > > @@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT] > > READ_LOCK_STATUS = TRUE > > > > INF StandaloneMmPkg/Core/StandaloneMmCore.inf > > + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf > > + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf > > + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf > > INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf > > > > ################################################################################ > > diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf > > index c067a80cc715..1d7f12202ecc 100644 > > --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf > > +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf > > @@ -40,6 +40,8 @@ [Pcd] > > gArmTokenSpaceGuid.PcdSystemMemoryBase > > gArmTokenSpaceGuid.PcdSystemMemorySize > > gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress > > + gArmTokenSpaceGuid.PcdMmBufferBase > > + gArmTokenSpaceGuid.PcdMmBufferSize > > > > [FixedPcd] > > gArmTokenSpaceGuid.PcdFdBaseAddress > > diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c > > index 8c2eb0b6a028..fa164ff455f5 100644 > > --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c > > +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c > > @@ -25,15 +25,20 @@ SbsaQemuLibConstructor ( > > { > > VOID *DeviceTreeBase; > > INT32 Node, Prev; > > - UINT64 NewBase, CurBase; > > + UINT64 NewBase, CurBase, NsBufBase; > > UINT64 NewSize, CurSize; > > + UINT32 NsBufSize; > > CONST CHAR8 *Type; > > INT32 Len; > > CONST UINT64 *RegProp; > > RETURN_STATUS PcdStatus; > > + INT32 ParentOffset; > > + INT32 Offset; > > > > NewBase = 0; > > NewSize = 0; > > + NsBufBase = 0; > > + NsBufSize = 0; > > > > DeviceTreeBase = (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress); > > ASSERT (DeviceTreeBase != NULL); > > @@ -73,9 +78,39 @@ SbsaQemuLibConstructor ( > > } > > } > > > > + // StandaloneMM non-secure shared buffer is allocated at the top of > > + // the system memory by trusted-firmware using "/reserved-memory" node. > > + ParentOffset = fdt_path_offset(DeviceTreeBase, "/reserved-memory"); > > + if (ParentOffset < 0) { > > + DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n", > > + __FUNCTION__)); > > + } > > + Offset = fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-mm"); > > + if (Offset < 0) { > > + DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n", > > + __FUNCTION__)); > > + } > > + // Get the 'reg' property of this node. 8 byte quantities for base address > > + // and 4 byte quantities for size. > > + RegProp = fdt_getprop (DeviceTreeBase, Offset, "reg", &Len); > > + if (RegProp != 0 && Len == (sizeof (UINT64) + sizeof(UINT32))) { > > + NsBufBase = fdt64_to_cpu (ReadUnaligned64 (RegProp)); > > + NsBufSize = fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1))); > > + > > + DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n", > > + __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1)); > > + } else { > > + DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len %d\n", > > + __FUNCTION__, Len)); > > + } > > Could the above device-tree parsing be moved to a helper function in > Silicon/Qemu/SbsaQemu/Library/FdtHelperLib/ ? > > (Yes, I should also move the memory node parsing there, but it wasn't > quite worth creating the library just for that before.) I created both "memory" and "/reserved-memory" parsing helper function. Could you check the next version of patch? Thanks, Masahisa > > Best Regards, > > Leif > > > + > > + NewSize -= NsBufSize; > > + > > // Make sure the start of DRAM matches our expectation > > ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase); > > PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize); > > + PcdStatus = PcdSet64S (PcdMmBufferBase, NsBufBase); > > + PcdStatus = PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize); > > ASSERT_RETURN_ERROR (PcdStatus); > > > > return RETURN_SUCCESS; > > -- > > 2.17.1 > >