From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web12.5419.1635830820020213027 for ; Mon, 01 Nov 2021 22:27:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=iNVzcFmN; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: longlong.yang@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10155"; a="211239680" X-IronPort-AV: E=Sophos;i="5.87,201,1631602800"; d="scan'208";a="211239680" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Nov 2021 22:26:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,201,1631602800"; d="scan'208";a="500353587" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by orsmga008.jf.intel.com with ESMTP; 01 Nov 2021 22:26:57 -0700 Received: from orsmsx604.amr.corp.intel.com (10.22.229.17) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 1 Nov 2021 22:26:57 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 1 Nov 2021 22:26:57 -0700 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.108) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 1 Nov 2021 22:26:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PMnqYAuwZQCnRjMpy1ceWRu0rwcqW120N2+y1xREmoaQep87UP78DNOXBqJ37Xghzw+I1vg5D+25NFnysViFEi2KHSOS92U8pYIewGGiDhSnT/R3ZJbCuRsw6nLMU+1pqH/L05dPpua4xaDENZm1KV0MIOYY2u9ASStNEt2RG/EaK0GRs0cseaexDJqfvjho9Q3B/lxLw2iGFhyw6vGswDz8Nm/nBKfIYKlwjjduuxrQ/6lIQuzH14AkqMqm6CRTviH1jvfBjugkN2m2C+fpa+ItVfMx6QohlBMXQP6Z32N0EmKsgqZjobywjCJW7QBY30zAJEGik5Jm5TuwyEJ2FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h8YKga+HcpdD6x0GfQZhFwIIh0wS0LWflUntQjbo09U=; b=iRJaIOu88DYyWPj8sQOmIgHbi7KcOFgHj/DZzdtfJ3riSLk4D+N1e9KImwWaAWkLmOOjiOt3PQESom9UVSdlfEm6/nf/qewpI66PR1CGhHQw1scCfQ9NiZFhYiz9w8TRsTU34zrCWq8qd7/4D41UjtsAVhI3pSI5HI5Z/amdb4zmvN8ZQZwB4V3QMgkihnMorrXWYl+iF8BBj0D6SwRnAmq8vhXy4TozLwsN6rnPUuP0ts6B3ek6a3yOvKhNQP689HfxK3/a2Ju/AyvrI9e+2nuZxvOUhgw+A7P+4bi7+VjxMIkV8qk7sdvu5uXyrKaIKF+GRmg3UEWhs5pOqc/FjA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h8YKga+HcpdD6x0GfQZhFwIIh0wS0LWflUntQjbo09U=; b=iNVzcFmN565tBXmsvjt94h8mwMig7xWtwoGEzzWLU6YO5as/cRw2VNxtnmgH2+ml6i+Z5piRAnA4FHjSfQcR7CtTf+CZPoc9bg2sGu6T5iBBrUslshL3UkPC2qXmO8JDG3xYP3DqWeXqzkSsSjXxeVdbmru8imWDhKMUM+q/CW8= Received: from DM4PR11MB5456.namprd11.prod.outlook.com (2603:10b6:5:39c::14) by DM6PR11MB3164.namprd11.prod.outlook.com (2603:10b6:5:58::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.15; Tue, 2 Nov 2021 05:26:56 +0000 Received: from DM4PR11MB5456.namprd11.prod.outlook.com ([fe80::c0b6:5d8d:f73d:d306]) by DM4PR11MB5456.namprd11.prod.outlook.com ([fe80::c0b6:5d8d:f73d:d306%4]) with mapi id 15.20.4649.019; Tue, 2 Nov 2021 05:26:56 +0000 From: "Yang, Longlong" To: "Ni, Ray" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Kumar, Rahul1" , "Yao, Jiewen" , "Xu, Min M" , "Zhang, Qi1" Subject: Re: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of microcode patches to TPM Thread-Topic: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of microcode patches to TPM Thread-Index: AQHXy8ywYK/cCYJiHEWTG9aahnUZ3Kvvf1LggAAYsZCAACKe8A== Date: Tue, 2 Nov 2021 05:26:56 +0000 Message-ID: References: <69d53dbbfe4bb2fdd27d5098850a9e91a43d63bb.1635405564.git.longlong.yang@intel.com> <16B397E9723CF0A5.13015@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.6.200.16 dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 620e9faa-fa77-464d-1771-08d99dc162d9 x-ms-traffictypediagnostic: DM6PR11MB3164: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1WvXakfc4fcc4Y4vxFXukuFLzN8QnLpNTck2TsOIbux391mZRge7KmJWH6117ijzO+Mfgj4t9ftQCBkVrcB1Y9J5h1wSN4ctlge2wOL0+jeuNiZlj6Hjcz3GoYqTmz5ypjVAfCBR/fgY91XBonJpg2uYfKiVkoWxwLD+whOw4Sls1xlGAzaFMpLrIhRtNVKiLY9uz+/vIPea5LjCEzKSh0FKFBYPo+IHze7RYKPu1a2J6xebH6XDZ+2SO+tIeppo24+ppVMeLpLlSXa/yo1E+rJML2FcO4RXfFL5pd9PZfgCNTN/DmbmldiuiS8LnRgJt62SqdnMaSvLKtEIDSalc0LPAxfSefiH8yyHGZA+gRBXVP3VGOW5CmNDqoZW7D60EW1KpoldGMUHMbJzlRFqSnomDK3f6qVPJ3kwyFlxS4nkkt4iPNWpNe8jBoSKF4GiWMVjxdT1YTk52X98FtiMWZivXQzozZDmfP0n80XnoEM/CWjwnBE/3ShxZ58IG0n3us/p/k3JmC+xVttu7AYIgfAmwmQSZ7kk+GfwJ3zd6iLivyRVsFK8w0PS7VI1EMuG80HCcClM6awft2GeV1fUYgtopX3Ns4SyoBdwIBL/w3myNqxsi2mKO3YR38d21debYoRBY3KiTeIJklOFdb0f3oZU9IqgFC7P6WqnL3URL1k09Z9ZhmJIj0MJICpeVJcbc71mhS44ZiRsC0x+K7Wl5Gal9AyLL+rPdONxthO347+Gn2c7tx/TzKYIJpLdPeS9IRkXTmMwuc0m+xqAbXX/xyc2BRvtViVifSP1rliQCUg= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR11MB5456.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(54906003)(8676002)(110136005)(508600001)(33656002)(7696005)(52536014)(5660300002)(86362001)(55016002)(4326008)(9686003)(8936002)(316002)(6506007)(53546011)(66476007)(66946007)(64756008)(66446008)(38070700005)(76116006)(966005)(122000001)(38100700002)(66556008)(186003)(71200400001)(107886003)(26005)(2906002)(82960400001)(83380400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?FgJnDSRRo3RtvMigAD8bP6qF7AwHUU3Hr0B4cE14nu7Ff7ZVC3/Tg+O2y1Th?= =?us-ascii?Q?2cznv9CFVPPMgg/3yQXON/3/o02XpQzvJcP+1TR7fwUwvmvpgU+9F5ft1jSj?= =?us-ascii?Q?5otubqV3ngw1ptTJawtFCzEABDF9gGsBoRDeW4iBc9zYT68WJcMDSo6K2deQ?= =?us-ascii?Q?lYI4LE9fl0Gqr2X7bzRrlIKV49Mu5pbpiQqRtwYrJWo+nOSW0+ag58Kp+MwQ?= =?us-ascii?Q?k4vPv5UMc7p92E5p0O034s/JItqwpmCMisz8W52JllAV8z/+RX8kSZWwhunx?= =?us-ascii?Q?t5f4uoVkeZqTsDG4BudBA+8IKAlVvdhX4RQVNJ14V3mg/8lapk5cnnGKJBqB?= =?us-ascii?Q?JJK8mwpf9UArWqggi1snCoHpjuu2MEQ0FYOqsrCOOeCJGM5Owl3TzYRWYQMx?= =?us-ascii?Q?Av2Ylnxk9XJd++J0nbvSn/JB5nud+41JRt61a3HNIhIv2vrMZ/KSCwgC0rw5?= =?us-ascii?Q?heCWdqUR5Qi7Gejov9u1QVSwM1nWqzNJ7Dnn9Y0y6aimymacK7+tuP4QR07d?= =?us-ascii?Q?d74dYK1tJJZ6e8fP2h13QED7Q7vl8qQIlC0uptIRnBPsjDxPB5vwBvKlb4ry?= =?us-ascii?Q?15b0Zj3RvDffliVEspBZb2vcJgYHaPTEQhF8FqA6iniWUYFtXDfVrH2VIpKD?= =?us-ascii?Q?78GbPvblnkvvKQYMeNqrz8HHLfNcVSTeFU473GAEFjYxVXfPAzG6cUw+nLju?= =?us-ascii?Q?GsfnyMErIbrsGUth6c4hLx9mzOV9YRICVJ3RKktFFKMOvrR7orfCQojIuouv?= =?us-ascii?Q?SipyGRM5UpkVslr6cvTw2iC/dAET78lACA9mi2WkXkzFRhmnZ1edMv5Ly3ay?= =?us-ascii?Q?7qrn4ByZVeFdqvqPrJsF1mKi9jbeueUT9vEs7Cl02VjEfgBsARjtGlUF/8wA?= =?us-ascii?Q?k825k+n0u5RqjS9hHYkVnHegoMGn2KZLVwKqMjM3yw+RdRim7IoOQKEBSVSv?= =?us-ascii?Q?tX66yvm7IfGq8SGytKQfWhvxKJClrGQRgVHRqiax2pZQEXSTEBSZ+JA5jM6J?= =?us-ascii?Q?0Sw0sSyzSSwaYr3xGxpknHfrzM/8Qa6ByHT/iiajcsLPnEirPqQ0SMkWt6IE?= =?us-ascii?Q?BPoe3BgU6oTgRmVB+fqAsZUOGylWBZBE/R7BV/5RBkUM3PNlMT89qRUfvdj9?= =?us-ascii?Q?ZaWyO44zig2VqtOfpA2/wTtRA9iM814Jh/tFpCYPqTB9Webg3ekcN+hIM26M?= =?us-ascii?Q?/JzZpfHruMqnT9za6JreVNPqcm1HU1wyu5lZ23fWrwjIJ6mUXNTVtctUT1gA?= =?us-ascii?Q?FJybVHj0r91BpGzC86dx6AXBvf8UlS3eqCzmwA7Vwmg4m2Csi1acRe+7eugr?= =?us-ascii?Q?Ttm9QWt1UDQFqA6jmuCjmf3eArcJcAhX3JFrh2ozwg3RviK3w4eHUEl0GBIU?= =?us-ascii?Q?d5wLbglaZNjUcPo8ejRQzlrPTDM8mjs4DtEgSPP+jkfLyg5CukPKjnhx6qUl?= =?us-ascii?Q?jG3umkgAZlUQigLGYf/Zl3Oai4nKgsYBDmFsaaXfrbZ1l5i1Aqk/5SsokhZs?= =?us-ascii?Q?R2T1fMNv042lUqDI/dVsFN6UAMMb2t7qwr8ELj+VPJcZxrQRTYRTLiQUUP1a?= =?us-ascii?Q?qE/zZeg0IEzq3mkvOxjzMeof0dA9iFohqzOpnirKMdfdMcilLznICOi8lYXG?= =?us-ascii?Q?Ng=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5456.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 620e9faa-fa77-464d-1771-08d99dc162d9 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Nov 2021 05:26:56.1134 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TqQXSsdqJgdcVmJVLuw2sslSBy04+5C8VRtJA47BWOBYx9kpZU4zwEmHIO10Df+mPJxU2wg74Yrgqwip7azWvw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3164 Return-Path: longlong.yang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Ray It is nice of you to review and give the brilliant comments, I will check a= nd refine them one by one. Thank you Ray! BRs Longlong -----Original Message----- From: Ni, Ray =20 Sent: Tuesday, November 2, 2021 11:30 AM To: devel@edk2.groups.io; Ni, Ray ; Yang, Longlong Cc: Dong, Eric ; Kumar, Rahul1 ; Yao, Jiewen ; Xu, Min M ; Zhan= g, Qi1 Subject: RE: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of mic= rocode patches to TPM Just offline discussed with Longlong, measuring the entire microcode buffer= might spend more time comparing to only measuring the applied microcode, w= hen the platform firmware includes lots of microcode. 10 comments embedded in code change in below. -----Original Message----- From: devel@edk2.groups.io On Behalf Of Ni, Ray Sent: Tuesday, November 2, 2021 9:55 AM To: Yang, Longlong ; devel@edk2.groups.io Cc: Dong, Eric ; Kumar, Rahul1 ; Yao, Jiewen ; Xu, Min M ; Zhan= g, Qi1 Subject: Re: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of mic= rocode patches to TPM Longlong, Your code creates a big buffer that holds microcode data for all threads. MicrocodeCpu[i] =3D MicrocodePatchHob->MicrocodePatchAddress + MicrocodePa= tchHob->ProcessorSpecificPatchOffset[i] BigBuffer =3D GetMicrocodeBuffer (MicrocodeOfCpu[0]) + GetMicrocodeBuffer = (MicrocodeOfCpu[1]) + ... HashValue =3D Hash (BigBuffer) I am not sure if we can do like below: BigBuffer =3D Micro= codePatchAddress> + ProcessorSpecificP= atchOffset[]> HashValue =3D Hash (BigBuffer) The second approach doesn't require sorting, one-by-one-copying. Thanks, Ray -----Original Message----- From: Yang, Longlong Sent: Thursday, October 28, 2021 3:21 PM To: devel@edk2.groups.io Cc: Yang, Longlong ; Dong, Eric ; Ni, Ray ; Kumar, Rahul1 ; Ya= o, Jiewen ; Xu, Min M ; Zhang, Qi= 1 Subject: [PATCH 1/1] UefiCpuPkg: Extend measurement of microcode patches to= TPM REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3683 TCG specification says BIOS should extend measurement of microcode to TPM. However, reference BIOS is not doing this. This patch consumes gEdkiiMicroc= odePatchHobGuid to checkout all applied microcode patches, then all applied= microcode patches are packed in order to form a single binary blob which i= s measured with event type EV_CPU_MICROCODE to PCR[1] in TPM. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Jiewen Yao Cc: Min M Xu Cc: Qi Zhang Signed-off-by: Longlong Yang --- .../MicrocodeMeasurementDxe.c | 254 ++++++++++++++++++ .../MicrocodeMeasurementDxe.inf | 58 ++++ .../MicrocodeMeasurementDxe.uni | 15 ++ .../MicrocodeMeasurementDxeExtra.uni | 12 + UefiCpuPkg/UefiCpuPkg.dsc | 2 + 5 files changed, 341 insertions(+) create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= Dxe.c create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= Dxe.inf create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= Dxe.uni create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= DxeExtra.uni diff --git a/UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurementDxe.c b= /UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurementDxe.c new file mode 100644 index 000000000000..1898a2bff023 --- /dev/null +++ b/UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurementDxe.c @@ -0,0 +1,254 @@ +/** @file + + + if (TRUE =3D=3D mMicrocodeMeasured) { 1. Remove "TRUE =3D=3D " please 2. Can you please duplicate the MicrocodePatchHob->ProcessorSpecificPatchOf= fset in a new array and sort the "PatchOffset" before calculating the total= microcode size? This avoids big memory consumption in many-core platforms. + + // + // Extract all microcode patches to a list from MicrocodePatchHob //=20 + MicrocodePatchesList =3D AllocatePool (MicrocodePatchHob->ProcessorCount + * sizeof (MICROCODE_PATCH_TYPE)); if (NULL =3D=3D MicrocodePatchesList) = { + DEBUG ((DEBUG_ERROR, "ERROR: AllocatePool to MicrocodePatchesList Fail= ed!\n")); + return; + } + for (Index =3D 0; Index < MicrocodePatchHob->ProcessorCount; Index++) { + if (MAX_UINT64 =3D=3D MicrocodePatchHob->ProcessorSpecificPatchOffset[= Index]) { + // + // If no microcode patch was found in a slot, set the address of the= microcode patch + // in that slot to MAX_UINTN, and the size to 0, thus indicates no p= atch in that slot. + // + MicrocodePatchesList[Index].Address =3D MAX_UINTN; + MicrocodePatchesList[Index].Size =3D 0; + + DEBUG ((DEBUG_INFO, "INFO: Processor#%d: detected no microcode patch= \n", Index)); + } else { + MicrocodePatchesList[Index].Address =3D (UINTN)(MicrocodePatchHo= b->MicrocodePatchAddress + MicrocodePatchHob->ProcessorSpecificPatchOffset[= Index]); + MicrocodePatchesList[Index].Size =3D ((CPU_MICROCODE_HEADER*)= ((UINTN)(MicrocodePatchHob->MicrocodePatchAddress + MicrocodePatchHob->Proc= essorSpecificPatchOffset[Index])))->TotalSize; 3. Can you please use GetMicrocodeLength() from MicrocodeLib? + PerformQuickSort ( + MicrocodePatchesList, + MicrocodePatchHob->ProcessorCount, + sizeof (MICROCODE_PATCH_TYPE), + MicrocodePatchesListSortFunction + ); 4. Can you please use QuickSort() in BaseLib? This avoids UefiCpuPkg depend= s on MdeModulePkg. + for (Index =3D 0; Index < MicrocodePatchHob->ProcessorCount; Index++) { + DEBUG ((DEBUG_INFO, "INFO: After sorting: Processor#%d: Microcode=20 + patch address: 0x%x, size: 0x%x\n", Index,=20 + MicrocodePatchesList[Index].Address, + MicrocodePatchesList[Index].Size)); + } 5. There are lots of debug messages in this module. Please review them and = think about what are necessary. Try to remove some unnecessary messages. + // + // LastPackedMicrocodeAddress is used to skip duplicate microcode patch. 6. You might need a "LastPatchOffset" to skip duplicate the PatchOffset aft= er sorting. + + if (0 =3D=3D MicrocodePatchesBlobSize) { + DEBUG ((DEBUG_INFO, "INFO: No microcode patch was ever applied!")); + FreePool (MicrocodePatchesList); + FreePool (MicrocodePatchesBlob); + return; + } 7. Please confirm with Jiewen or Qi whether no measurement is fine if there= is no microcode. + + Status =3D TpmMeasureAndLogData ( + PCRIndex, // PCRIndex + EventType, // EventType + &EventLog, // EventLog + EventLogSize, // LogLen + MicrocodePatchesBlob, // HashData + MicrocodePatchesBlobSize // HashDataLen + ); + if (!EFI_ERROR (Status)) { + mMicrocodeMeasured =3D TRUE; + gBS->CloseEvent (Event); 8. I think if you CloseEvent() there is no need to use mMicrocodeMeasured f= lag because the event won't be signaled again. + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 EBC ARM AARCH64 9. Can you just list "IA32" and "X64"? The microcode HOB doesn't apply to A= RM. EBC can be added to the supported list if we verified it works. VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf + SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf 10. No need the above SortLib.