From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) by mx.groups.io with SMTP id smtpd.web12.3886.1613540328385169167 for ; Tue, 16 Feb 2021 21:38:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@linaro.org header.s=google header.b=emW6W4of; spf=pass (domain: linaro.org, ip: 209.85.208.169, mailfrom: masahisa.kojima@linaro.org) Received: by mail-lj1-f169.google.com with SMTP id k22so14007603ljg.3 for ; Tue, 16 Feb 2021 21:38:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aPOUd8hjp2R1lfM+6Vk90MH08GdYuP5M1eeaa+x+oWs=; b=emW6W4ofl/5C2LNLoI4K1le5a2nBgLOFBzVKo7VzLFenzTy2IwUW4o4X7rQ/7Gg5ZA voojPPhNDm6xPzDhRPfDZw+hz93AF08FnO2Nur5CpdSCRPPT4R5Ppz7c1SjIReEkw6U1 DsA766z2bWeJQ2J+HxKqXiHdO11uE+7YTn9O5UjPMz43lqqIEAkMNJNcUa1Q/5WG9UxS mHXvqFN/NaREOcMKta7WrNRTm+c75F7zss0ctwtitttHZyHzNa68jSfJjoQd65U+14qQ yFXcx6saOO59C+tPXiddlBrx7EABGY/xxRjhk3Ev3sCUf4SEyY2Z8K1u6ru5e/G2LdUm xEJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aPOUd8hjp2R1lfM+6Vk90MH08GdYuP5M1eeaa+x+oWs=; b=D84Hr7LD+u32NKuwZ/aZ6hWrSod46ryNzZFxBZ17mRTKZ03jNeuswLIGnepkFiQpWH 36idYomJ7i5sx8R/H87txU38jzzEQs89KSuneKQB0furLOxPa4UDPkSwVWkCuw0nPo2Q fHYe2Z9otl78WtKp3EVL9o/rl9Hxo0M01lIbR7uqYbJ+BcaEjZuNPUYigL65I5gDUFVU 9jAj+llhWVkltpMqSioMwk36oCJnxQRcE2T4fHb/lsCOn0nAG2eX/AtcJzBz3JQxSuNB 0HjpEYvHqrJvaX1UK7b8M/ejaCgkpFRR4dJjkgn42OECgoFYRtw2bt8Z3Y3/fzlG8kZ9 megg== X-Gm-Message-State: AOAM5317UqAfPXywPRjtYpSqeMjAZaDohYACDluzayQhNv+7DlVEC1zG ly7Czbds+oPpPCDo12wD3JYcqCkvhlUL/0GLnpaTqQ== X-Google-Smtp-Source: ABdhPJxXZW7Re1A+sxjc8XdgQyXK4WjyZwUgZtAigWlHB/eTvFMkjGYFBjzCK4hAGa/u8B9LDSQBriCFdlEWX9HHW7A= X-Received: by 2002:a2e:3101:: with SMTP id x1mr692286ljx.412.1613540326287; Tue, 16 Feb 2021 21:38:46 -0800 (PST) MIME-Version: 1.0 References: <20201221125357.17744-1-masahisa.kojima@linaro.org> <20201221125357.17744-3-masahisa.kojima@linaro.org> In-Reply-To: From: "Masahisa Kojima" Date: Wed, 17 Feb 2021 14:38:34 +0900 Message-ID: Subject: Re: [PATCH edk2-platforms 2/4] SbsaQemu: add MM based UEFI secure boot support To: Graeme Gregory Cc: edk2-devel-groups-io , Ard Biesheuvel , Leif Lindholm , Radoslaw Biernacki , Tanmay Jagdale , Shashi Mallela Content-Type: text/plain; charset="UTF-8" On Wed, 17 Feb 2021 at 01:15, Graeme Gregory wrote: > > On 16/02/2021 11:35, Masahisa Kojima wrote: > > Hi Ard, > > > > I am encountering strange behavior when I apply this patch > > "SbsaQemu: add MM based UEFI secure boot support". > > When I start linux kernel, booting secondary cores failed. > > # I don't store any secure boot keys, so UEFI Secure Boot itself > > is disabled. > > > > --- linux kernel log --- > > [ 0.124805] Remapping and enabling EFI services. > > [ 0.132850] smp: Bringing up secondary CPUs ... > > [ 1.294478] CPU1: failed to come online > > [ 1.295647] CPU1: failed in unknown state : 0x0 > > [ 2.426489] CPU2: failed to come online > > [ 2.427112] CPU2: failed in unknown state : 0x0 > > [ 3.567428] CPU3: failed to come online > > [ 3.567912] CPU3: failed in unknown state : 0x0 > > [ 3.569010] smp: Brought up 1 node, 1 CPU > > [ 3.569555] SMP: Total of 1 processors activated. > > [ 3.570395] CPU features: detected: GIC system register CPU interface > > [ 3.571183] CPU features: detected: 32-bit EL0 Support > > [ 3.587378] CPU: All CPU(s) started at EL2 > > --- > > In my check, arch/arm64/kernel/smp.c::secondary_start_kernel() is never > > called, so wait_for_completion_timeout() is timed out. > > https://github.com/torvalds/linux/blob/v5.11/arch/arm64/kernel/smp.c#L138 > > > > > > If I set "SECURE_BOOT_ENABLE=FALSE" in edk2 build(non-secure side) > > and load the same STANDALONE_MM.fd(Secure Payload) and tf-a binary, > > secondary cores boot successfully. > > Major difference between success and failure cases is the > > existence of UEFI secure variable accesses through Standalone MM framework. > > If edk2 accesses UEFI secure variable through Standalone MM, secondary cores > > boot fails. I don't come up with any possible reason. > > # As a reference, there is no issue on Developerbox. > > > > Do you have any idea about this error? > > > > I don't suppose that we have managed to have conflicting changes and the > memory I used for the expanded PSCI state table for upto 512 cores in > arm-tf is also the memory you are using for secure MM? Hi Graeme, Thank you for your comment. I think PSCI state table for 512 cores you are pointing is located at 0x20000000 - 0x20001FFF(8KiB). # 8byte function pointer and (8bytes * 512 cores) state table I realized this area, current StandaloneMM uses the following region. 0x0100_0000 - 0x010f_ffff(1MiB) Secure Flash : store UEFI variables 0x2000_2000 - 0x2030_1fff(3MiB) SRAM : Secure Payload Code(BL32) 0x2030_2000 - 0x22b0_2000(40MiB) SRAM : BL32 Heap(8MiB) and Stack(32MiB[64KiB * 512cores]) 0x3dcd_1000 - 0x3fcD_0fff(32MiB) SRAM : EL3->S-EL0 shared memory 0x3fcf_e000 - 0x3fcf_efff(4KiB) SRAM : spm shim exception vectors 0x100_3fe0_0000 - 0x100_3fff_ffff(2MiB) NS DRAM : shared buffer for non-secure world I run QEMU with "-smp 4", PSCI calls seems to be successfully completed in tf-a. pwr_domain_on() called from linux kernel three times with mpidr 1, 2 and 3. Thanks, Masahisa > > Graeme > > > Thanks, > > Masahisa > > > > On Mon, 21 Dec 2020 at 21:52, Masahisa Kojima > > wrote: > >> > >> This implements support for UEFI secure boot on SbsaQemu using > >> the standalone MM framework. This moves all of the software handling > >> of the UEFI authenticated variable store into the standalone MM > >> context residing in a secure partition. > >> > >> Secure variable storage is located at 0x01000000 in secure NOR Flash. > >> > >> Non-secure shared memory between UEFI and standalone MM > >> is allocated at the top of DRAM. > >> DRAM size of SbsaQemu varies depends on the QEMU parameter, > >> the non-secure shared memory base address is passed from > >> trusted-firmware through the device tree "/reserved-memory" node. > >> > >> Signed-off-by: Masahisa Kojima > >> --- > >> Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 44 ++++++++--- > >> Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc | 40 ++++++++++ > >> Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 82 ++++++++++++++++++-- > >> Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf | 7 +- > >> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf | 2 + > >> Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c | 37 ++++++++- > >> 6 files changed, 192 insertions(+), 20 deletions(-) > >> > >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc > >> index f6af3f9111ee..83e7cd21e0c6 100644 > >> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc > >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc > >> @@ -27,6 +27,8 @@ [Defines] > >> > >> DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F > >> > >> + DEFINE SECURE_BOOT_ENABLE = FALSE > >> + > >> # > >> # Network definition > >> # > >> @@ -148,12 +150,10 @@ [LibraryClasses.common] > >> # Secure Boot dependencies > >> # > >> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf > >> - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > >> > >> # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree > >> PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf > >> > >> - VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > >> VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > >> VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf > >> > >> @@ -167,6 +167,7 @@ [LibraryClasses.common] > >> ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf > >> > >> TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf > >> + > >> NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf > >> > >> CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf > >> @@ -296,6 +297,8 @@ [PcdsFeatureFlag.common] > >> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutGopSupport|TRUE > >> gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE > >> > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE > >> + > >> [PcdsFixedAtBuild.common] > >> gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength|1000000 > >> gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength|1000000 > >> @@ -511,6 +514,10 @@ [PcdsDynamicDefault.common] > >> gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosVersion|0x0300 > >> gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 > >> > >> + gArmTokenSpaceGuid.PcdMmBufferBase|0x10000000000 > >> + gArmTokenSpaceGuid.PcdMmBufferSize|0x00200000 > >> + > >> + > >> ################################################################################ > >> # > >> # Components Section - list of all EDK II Modules needed by this Platform > >> @@ -564,7 +571,6 @@ [Components.common] > >> ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf > >> ArmPkg/Drivers/CpuPei/CpuPei.inf > >> > >> - > >> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf { > >> > >> NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf > >> @@ -588,24 +594,40 @@ [Components.common] > >> # > >> ArmPkg/Drivers/CpuDxe/CpuDxe.inf > >> MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf > >> - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { > >> - > >> - NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf > >> - # don't use unaligned CopyMem () on the UEFI varstore NOR flash region > >> - BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf > >> - } > >> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { > >> > >> +!if $(SECURE_BOOT_ENABLE) == TRUE > >> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf > >> +!endif > >> } > >> - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf > >> MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > >> - MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > >> MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf > >> MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf > >> EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf > >> EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf > >> > >> + # > >> + # Variable services > >> + # > >> +!if $(SECURE_BOOT_ENABLE) == FALSE > >> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > >> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { > >> + > >> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf > >> + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf > >> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > >> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region > >> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf > >> + } > >> +!else > >> + ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf { > >> + > >> + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf > >> + } > >> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf > >> + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf > >> +!endif > >> + > >> MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf > >> MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf > >> MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf > >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc > >> index 87f5ee351eaa..9e438bc5b6b6 100644 > >> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc > >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.dsc > >> @@ -77,6 +77,19 @@ [LibraryClasses.common.MM_STANDALONE] > >> HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf > >> MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf > >> MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf > >> + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > >> + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf > >> + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > >> + NorFlashPlatformLib|Silicon/Qemu/SbsaQemu/Library/SbsaQemuNorFlashLib/SbsaQemuNorFlashLib.inf > >> + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > >> + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf > >> + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf > >> + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf > >> + TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf > >> + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf > >> + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > >> + SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf > >> + ArmGenericTimerCounterLib|ArmPkg/Library/ArmGenericTimerPhyCounterLib/ArmGenericTimerPhyCounterLib.inf > >> > >> ################################################################################ > >> # > >> @@ -94,6 +107,20 @@ [PcdsFixedAtBuild] > >> > >> gEfiMdePkgTokenSpaceGuid.PcdMaximumGuidedExtractHandler|0x2 > >> > >> + gArmTokenSpaceGuid.PcdFdBaseAddress|0x01000000 > >> + gArmTokenSpaceGuid.PcdFdSize|0x000C0000 > >> + > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 > >> + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 > >> + > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0x01000000 > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x00040000 > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0x01040000 > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x00040000 > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0x01080000 > >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x00040000 > >> + > >> ################################################################################################### > >> # > >> # Components Section - list of the modules and components that will be processed by compilation > >> @@ -118,6 +145,19 @@ [Components.common] > >> # > >> StandaloneMmPkg/Core/StandaloneMmCore.inf > >> StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf > >> + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf > >> + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf > >> + > >> + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf { > >> + > >> + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf > >> + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf > >> + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf > >> + # don't use unaligned CopyMem () on the UEFI varstore NOR flash region > >> + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf > >> + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf > >> + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf > >> + } > >> > >> ################################################################################################### > >> # > >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf > >> index 47ada7df9f2c..2373594f1fbc 100644 > >> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf > >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf > >> @@ -21,10 +21,10 @@ > >> > >> [FD.SBSA_FLASH0] > >> BaseAddress = 0x00000000 > >> -Size = 0x00400000 > >> +Size = 0x01100000 > >> ErasePolarity = 1 > >> BlockSize = 0x00001000 > >> -NumBlocks = 0x400 > >> +NumBlocks = 0x1100 > >> > >> ################################################################################ > >> # > >> @@ -50,6 +50,66 @@ [FD.SBSA_FLASH0] > >> 0x00008000|0x00300000 > >> FILE = Platform/Qemu/Sbsa/fip.bin > >> > >> +!if $(SECURE_BOOT_ENABLE) > >> +## Place for Secure Variables. > >> +# Must be aligned to Flash Block size 0x40000 > >> +0x01000000|0x00040000 > >> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize > >> +#NV_VARIABLE_STORE > >> +DATA = { > >> + ## This is the EFI_FIRMWARE_VOLUME_HEADER > >> + # ZeroVector [] > >> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > >> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > >> + # FileSystemGuid: gEfiSystemNvDataFvGuid = > >> + # { 0xFFF12B8D, 0x7696, 0x4C8B, > >> + # { 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50 }} > >> + 0x8D, 0x2B, 0xF1, 0xFF, 0x96, 0x76, 0x8B, 0x4C, > >> + 0xA9, 0x85, 0x27, 0x47, 0x07, 0x5B, 0x4F, 0x50, > >> + # FvLength: 0xC0000 > >> + 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, > >> + # Signature "_FVH" # Attributes > >> + 0x5f, 0x46, 0x56, 0x48, 0xff, 0xfe, 0x04, 0x00, > >> + # HeaderLength # CheckSum # ExtHeaderOffset #Reserved #Revision > >> + 0x48, 0x00, 0x28, 0x09, 0x00, 0x00, 0x00, 0x02, > >> + # Blockmap[0]: 0x3 Blocks * 0x40000 Bytes / Block > >> + 0x3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, > >> + # Blockmap[1]: End > >> + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, > >> + ## This is the VARIABLE_STORE_HEADER > >> + # It is compatible with SECURE_BOOT_ENABLE == FALSE as well. > >> + # Signature: gEfiAuthenticatedVariableGuid = > >> + # { 0xaaf32c78, 0x947b, 0x439a, > >> + # { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }} > >> + 0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43, > >> + 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92, > >> + # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - > >> + # 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3ffb8 > >> + # This can speed up the Variable Dispatch a bit. > >> + 0xB8, 0xFF, 0x03, 0x00, > >> + # FORMATTED: 0x5A #HEALTHY: 0xFE #Reserved: UINT16 #Reserved1: UINT32 > >> + 0x5A, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 > >> +} > >> + > >> +0x01040000|0x00040000 > >> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize > >> +#NV_FTW_WORKING > >> +DATA = { > >> + # EFI_FAULT_TOLERANT_WORKING_BLOCK_HEADER->Signature = gEdkiiWorkingBlockSignatureGuid = > >> + # { 0x9e58292b, 0x7c68, 0x497d, { 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95 }} > >> + 0x2b, 0x29, 0x58, 0x9e, 0x68, 0x7c, 0x7d, 0x49, > >> + 0xa0, 0xce, 0x65, 0x0, 0xfd, 0x9f, 0x1b, 0x95, > >> + # Crc:UINT32 #WorkingBlockValid:1, WorkingBlockInvalid:1, Reserved > >> + 0x5b, 0xe7, 0xc6, 0x86, 0xFE, 0xFF, 0xFF, 0xFF, > >> + # WriteQueueSize: UINT64 > >> + 0xE0, 0xFF, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00 > >> +} > >> + > >> +0x01080000|0x00040000 > >> +gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize > >> +#NV_FTW_SPARE > >> +!endif > >> + > >> ################################################################################ > >> # > >> # FD Section for FLASH1 > >> @@ -169,15 +229,25 @@ [FV.FvMain] > >> INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf > >> INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf > >> INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > >> - INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > >> - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > >> - INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf > >> INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf > >> INF MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf > >> INF EmbeddedPkg/RealTimeClockRuntimeDxe/RealTimeClockRuntimeDxe.inf > >> INF EmbeddedPkg/MetronomeDxe/MetronomeDxe.inf > >> INF MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf > >> > >> + # > >> + # Variable services > >> + # > >> +!if $(SECURE_BOOT_ENABLE) == FALSE > >> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf > >> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > >> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > >> +!else > >> + INF ArmPkg/Drivers/MmCommunicationDxe/MmCommunication.inf > >> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf > >> + INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf > >> +!endif > >> + > >> # > >> # Multiple Console IO support > >> # > >> @@ -189,7 +259,6 @@ [FV.FvMain] > >> > >> INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf > >> INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf > >> - INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf > >> INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf > >> > >> # > >> @@ -287,6 +356,7 @@ [FV.FVMAIN_COMPACT] > >> INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf > >> INF ArmPkg/Drivers/CpuPei/CpuPei.inf > >> INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf > >> + > >> INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > >> > >> # IDE/AHCI Support > >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf > >> index a1acefcfb0a7..0fd2e9964c7e 100644 > >> --- a/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf > >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemuStandaloneMm.fdf > >> @@ -19,8 +19,8 @@ > >> ################################################################################ > >> > >> [FD.STANDALONE_MM] > >> -BaseAddress = 0x20001000|gArmTokenSpaceGuid.PcdFdBaseAddress > >> -Size = 0x00e00000|gArmTokenSpaceGuid.PcdFdSize # The size in bytes of the device (14MiB). > >> +BaseAddress = 0x20001000 > >> +Size = 0x00e00000 > >> ErasePolarity = 1 > >> > >> BlockSize = 0x00001000 > >> @@ -49,6 +49,9 @@ [FV.FVMAIN_COMPACT] > >> READ_LOCK_STATUS = TRUE > >> > >> INF StandaloneMmPkg/Core/StandaloneMmCore.inf > >> + INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf > >> + INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf > >> + INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf > >> INF StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/StandaloneMmCpu.inf > >> > >> ################################################################################ > >> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf > >> index c067a80cc715..1d7f12202ecc 100644 > >> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf > >> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuLib.inf > >> @@ -40,6 +40,8 @@ [Pcd] > >> gArmTokenSpaceGuid.PcdSystemMemoryBase > >> gArmTokenSpaceGuid.PcdSystemMemorySize > >> gArmVirtSbsaQemuPlatformTokenSpaceGuid.PcdDeviceTreeBaseAddress > >> + gArmTokenSpaceGuid.PcdMmBufferBase > >> + gArmTokenSpaceGuid.PcdMmBufferSize > >> > >> [FixedPcd] > >> gArmTokenSpaceGuid.PcdFdBaseAddress > >> diff --git a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c > >> index 8c2eb0b6a028..fa164ff455f5 100644 > >> --- a/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c > >> +++ b/Silicon/Qemu/SbsaQemu/Library/SbsaQemuLib/SbsaQemuMem.c > >> @@ -25,15 +25,20 @@ SbsaQemuLibConstructor ( > >> { > >> VOID *DeviceTreeBase; > >> INT32 Node, Prev; > >> - UINT64 NewBase, CurBase; > >> + UINT64 NewBase, CurBase, NsBufBase; > >> UINT64 NewSize, CurSize; > >> + UINT32 NsBufSize; > >> CONST CHAR8 *Type; > >> INT32 Len; > >> CONST UINT64 *RegProp; > >> RETURN_STATUS PcdStatus; > >> + INT32 ParentOffset; > >> + INT32 Offset; > >> > >> NewBase = 0; > >> NewSize = 0; > >> + NsBufBase = 0; > >> + NsBufSize = 0; > >> > >> DeviceTreeBase = (VOID *)(UINTN)PcdGet64 (PcdDeviceTreeBaseAddress); > >> ASSERT (DeviceTreeBase != NULL); > >> @@ -73,9 +78,39 @@ SbsaQemuLibConstructor ( > >> } > >> } > >> > >> + // StandaloneMM non-secure shared buffer is allocated at the top of > >> + // the system memory by trusted-firmware using "/reserved-memory" node. > >> + ParentOffset = fdt_path_offset(DeviceTreeBase, "/reserved-memory"); > >> + if (ParentOffset < 0) { > >> + DEBUG ((DEBUG_ERROR, "%a: reserved-memory node not found\n", > >> + __FUNCTION__)); > >> + } > >> + Offset = fdt_subnode_offset(DeviceTreeBase, ParentOffset, "ns-buf-spm-mm"); > >> + if (Offset < 0) { > >> + DEBUG ((DEBUG_ERROR, "%a: ns-buf-spm-mm node not found\n", > >> + __FUNCTION__)); > >> + } > >> + // Get the 'reg' property of this node. 8 byte quantities for base address > >> + // and 4 byte quantities for size. > >> + RegProp = fdt_getprop (DeviceTreeBase, Offset, "reg", &Len); > >> + if (RegProp != 0 && Len == (sizeof (UINT64) + sizeof(UINT32))) { > >> + NsBufBase = fdt64_to_cpu (ReadUnaligned64 (RegProp)); > >> + NsBufSize = fdt32_to_cpu (ReadUnaligned32 ((UINT32 *)(RegProp + 1))); > >> + > >> + DEBUG ((DEBUG_INFO, "%a: ns buf @ 0x%lx - 0x%lx\n", > >> + __FUNCTION__, NsBufBase, NsBufBase + NsBufSize - 1)); > >> + } else { > >> + DEBUG ((DEBUG_ERROR, "%a: Failed to parse FDT reserved-memory node Len %d\n", > >> + __FUNCTION__, Len)); > >> + } > >> + > >> + NewSize -= NsBufSize; > >> + > >> // Make sure the start of DRAM matches our expectation > >> ASSERT (FixedPcdGet64 (PcdSystemMemoryBase) == NewBase); > >> PcdStatus = PcdSet64S (PcdSystemMemorySize, NewSize); > >> + PcdStatus = PcdSet64S (PcdMmBufferBase, NsBufBase); > >> + PcdStatus = PcdSet64S (PcdMmBufferSize, (UINT64)NsBufSize); > >> ASSERT_RETURN_ERROR (PcdStatus); > >> > >> return RETURN_SUCCESS; > >> -- > >> 2.17.1 > >> >