From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.14185.1683718394581543676 for ; Wed, 10 May 2023 04:33:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=k5GKvK9H; spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0AF7E62F5A for ; Wed, 10 May 2023 11:33:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8B70DC433A1 for ; Wed, 10 May 2023 11:33:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1683718392; bh=4fZ2/dczvKRBJJFxNsqztkkh82IXQzw5Ma7tgiuxPZw=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=k5GKvK9HKiMel6I7x/cyAujoDOl/xpQPlUt+96nh/fiQwqSUpJwnjVZbf6NcqbkMK gKNhYQZTbvHOTRWR+DDS2aduWkyXtcnJW9CwbrlvDxihyunzbAG4E94p8plOc1KU+Y /PDD58AgYeQyIzwxq0YCNsWT5if3HmKH5KLGSWNlIcGlObXdoqFQ1lkI49AmwI9M4X in3P0HWHF1OVle5kDNaaYo1sNNgkYANg6oEkdfF+ZWgocJI8yx0gtenyvMgC0xHB9p nkDN5q7Z6vHEWq+DWB5fpYk/9KILDkAqRc4WFiXGH2uXsuBdrKNpjwc2dkMWYmDrqG ntvRi7tNphTTA== Received: by mail-lj1-f173.google.com with SMTP id 38308e7fff4ca-2ac79d4858dso77012171fa.2 for ; Wed, 10 May 2023 04:33:12 -0700 (PDT) X-Gm-Message-State: AC+VfDxZvQky5A1EWRVFKYFh4g6SS0rX1S6oLnj8QSuwpSeDUSkAyMYp ngF/F9VjufKQh5RF6g9CynlfY+8T21X+lK4a0D4= X-Google-Smtp-Source: ACHHUZ4dqxO7xrFXw2UnUttQr+h8uRLUmUWs3DXEJKr8XqlZw1+CHMLuSqo+yhA/K9RnUC4+xC0+AFOBr2XFJ+VKpMA= X-Received: by 2002:a2e:928c:0:b0:2ad:99dd:de07 with SMTP id d12-20020a2e928c000000b002ad99ddde07mr1733460ljh.16.1683718390480; Wed, 10 May 2023 04:33:10 -0700 (PDT) MIME-Version: 1.0 References: <20230425160428.27980-1-sami.mujawar@arm.com> <20230425160428.27980-2-sami.mujawar@arm.com> In-Reply-To: <20230425160428.27980-2-sami.mujawar@arm.com> From: "Ard Biesheuvel" Date: Wed, 10 May 2023 13:32:59 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [RFC PATCH v1 01/30] ArmVirtPkg: kvmtool: Add Emulated Runtime variable support To: devel@edk2.groups.io, sami.mujawar@arm.com Cc: ardb+tianocore@kernel.org, quic_llindhol@quicinc.com, kraxel@redhat.com, Pierre.Gondois@arm.com, Suzuki.Poulose@arm.com, jean-philippe@linaro.org, Matteo.Carlini@arm.com, Akanksha.Jain2@arm.com, Ben.Adderson@arm.com, nd@arm.com Content-Type: text/plain; charset="UTF-8" On Tue, 25 Apr 2023 at 18:04, Sami Mujawar wrote: > > Although Kvmtool supports a CFI flash interface, it is currently > implemented using file backed support on the Host. This scenario > requires the VMM to be within the trust boundary. > > In Confidential Compute Architecture the VMM is outside the trust > boundary. For such architectures Emulated Runtime variable storage > is desirable. > > Therefore, make Emulated Runtime variable storage as the default > option and add a build flag ENABLE_CFI_FLASH to configure the > firmware build to use the CFI Flash as the Variable storage. > > Signed-off-by: Sami Mujawar > --- > ArmVirtPkg/ArmVirtKvmTool.dsc | 22 +++++++++++++++++++- > ArmVirtPkg/ArmVirtKvmTool.fdf | 4 +++- > 2 files changed, 24 insertions(+), 2 deletions(-) > > diff --git a/ArmVirtPkg/ArmVirtKvmTool.dsc b/ArmVirtPkg/ArmVirtKvmTool.dsc > index d0afe1b49e250c554313c2077b89650d6f6d67cb..d2228a95726b24fe5c2edfbc84b1f5c23a85feba 100644 > --- a/ArmVirtPkg/ArmVirtKvmTool.dsc > +++ b/ArmVirtPkg/ArmVirtKvmTool.dsc > @@ -1,7 +1,7 @@ > # @file > # Workspace file for KVMTool virtual platform. > # > -# Copyright (c) 2018 - 2022, ARM Limited. All rights reserved. > +# Copyright (c) 2018 - 2023, ARM Limited. All rights reserved. > # > # SPDX-License-Identifier: BSD-2-Clause-Patent > # Please add a DEFINE for this variable at the start here. And can we make it default to TRUE? > @@ -50,7 +50,9 @@ [LibraryClasses.common] > ArmVirtMemInfoLib|ArmVirtPkg/Library/KvmtoolVirtMemInfoLib/KvmtoolVirtMemInfoLib.inf > > TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf > +!ifdef ENABLE_CFI_FLASH > VirtNorFlashPlatformLib|ArmVirtPkg/Library/NorFlashKvmtoolLib/NorFlashKvmtoolLib.inf > +!endif > > CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf > > @@ -156,6 +158,13 @@ [PcdsFixedAtBuild.common] > # > gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 > > +!ifndef ENABLE_CFI_FLASH Not sure what the difference is, but we tend to use !if $(ENABLE_CFI_FLASH) == TRUE (and use a local DEFINE - see above) > + # Emulate Runtime Variable storage > + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable|TRUE > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000 > + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800 > +!endif > + > [PcdsPatchableInModule.common] > # > # This will be overridden in the code > @@ -211,6 +220,7 @@ [PcdsDynamicDefault.common] > gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|640 > gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|480 > > +!ifdef ENABLE_CFI_FLASH > # Setup Flash storage variables > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase|0 > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize|0x40000 > @@ -218,6 +228,10 @@ [PcdsDynamicDefault.common] > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingSize|0x40000 > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 > gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize|0x40000 > +!else > + # Emulate Runtime Variable storage > + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 > +!endif > > ## RTC Register address in MMIO space. > gPcAtChipsetPkgTokenSpaceGuid.PcdRtcIndexRegister64|0x0 > @@ -263,7 +277,9 @@ [Components.common] > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { > > NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf > +!ifdef ENABLE_CFI_FLASH > NULL|EmbeddedPkg/Library/NvVarStoreFormattedLib/NvVarStoreFormattedLib.inf > +!endif > BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf > } > > @@ -271,7 +287,9 @@ [Components.common] > MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf { > > +!ifdef ENABLE_CFI_FLASH > NULL|ArmVirtPkg/Library/NorFlashKvmtoolLib/NorFlashKvmtoolLib.inf > +!endif > } > > MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf > @@ -296,11 +314,13 @@ [Components.common] > NULL|ArmVirtPkg/Library/ArmVirtTimerFdtClientLib/ArmVirtTimerFdtClientLib.inf > } > > +!ifdef ENABLE_CFI_FLASH > OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf { > > # don't use unaligned CopyMem () on the UEFI varstore NOR flash region > BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf > } > +!endif > > MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf > > diff --git a/ArmVirtPkg/ArmVirtKvmTool.fdf b/ArmVirtPkg/ArmVirtKvmTool.fdf > index 82aff47673cb3085c91c1dd7431683c8353c16e6..8ccbccd71e134e0ea97d49380293687aca43e8b9 100644 > --- a/ArmVirtPkg/ArmVirtKvmTool.fdf > +++ b/ArmVirtPkg/ArmVirtKvmTool.fdf > @@ -1,5 +1,5 @@ > # > -# Copyright (c) 2018 - 2022, ARM Limited. All rights reserved. > +# Copyright (c) 2018 - 2023, ARM Limited. All rights reserved. > # > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -154,7 +154,9 @@ [FV.FvMain] > INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf > INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf > INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf > +!ifdef ENABLE_CFI_FLASH > INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf > +!endif > > # > # FAT filesystem + GPT/MBR partitioning + UDF filesystem > -- > 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)' > > > > > >