public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* Re: [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI
       [not found] ` <20200831063804.8208-2-w.sheng@intel.com>
@ 2020-09-01 14:30   ` Ni, Ray
  2020-09-04  7:46   ` Chaganty, Rangasai V
  1 sibling, 0 replies; 6+ messages in thread
From: Ni, Ray @ 2020-09-01 14:30 UTC (permalink / raw)
  To: Sheng, W, devel@edk2.groups.io; +Cc: Chaganty, Rangasai V

Reviewed-by: Ray Ni <ray.ni@intel.com>

> -----Original Message-----
> From: Sheng, W <w.sheng@intel.com>
> Sent: Monday, August 31, 2020 2:38 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
> Subject: [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI
> 
> Null root entry table address is a fixed silicon reserved address,
> which is used to block the DMA transfer.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
> 
> Change-Id: I3aa2b2e7a11e0327857c6ed9bc92cd209d3ade9d
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
> Signed-off-by: Sheng Wei <w.sheng@intel.com>
> ---
>  .../Include/Ppi/VtdNullRootEntryTable.h            | 28 ++++++++++++++++++++++
>  Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec  |  1 +
>  2 files changed, 29 insertions(+)
>  create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
> 
> diff --git a/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
> b/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
> new file mode 100644
> index 00000000..d79b5fd9
> --- /dev/null
> +++ b/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
> @@ -0,0 +1,28 @@
> +/** @file
> +  The definition for VTD Null Root Entry Table PPI.
> +
> +  This is a lightweight VTd null root entry table report in PEI phase.
> +
> +  Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef __VTD_NULL_ROOT_ENTRY_TABLE_PPI_H__
> +#define __VTD_NULL_ROOT_ENTRY_TABLE_PPI_H__
> +
> +#define EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI_GUID \
> +    { \
> +      0x3de0593f, 0x6e3e, 0x4542, { 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff } \
> +    }
> +
> +//
> +// Null root entry table address is a fixed silicon reserved address,
> +//   which is used to block the DMA transfer.
> +//
> +typedef UINT64  EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI;
> +
> +extern EFI_GUID gEdkiiVTdNullRootEntryTableGuid;
> +
> +#endif
> +
> diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
> index e4a7fec3..284820af 100644
> --- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
> +++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
> @@ -68,6 +68,7 @@
> 
>  [Ppis]
>    gEdkiiVTdInfoPpiGuid = { 0x8a59fcb3, 0xf191, 0x400c, { 0x97, 0x67, 0x67, 0xaf, 0x2b, 0x25, 0x68, 0x4a } }
> +  gEdkiiVTdNullRootEntryTableGuid = { 0x3de0593f, 0x6e3e, 0x4542, { 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff } }
> 
>  [Protocols]
>    gEdkiiPlatformVTdPolicyProtocolGuid = { 0x3d17e448, 0x466, 0x4e20, { 0x99, 0x9f, 0xb2, 0xe1, 0x34, 0x88, 0xee, 0x22 }}
> --
> 2.16.2.windows.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
       [not found] ` <20200831063804.8208-3-w.sheng@intel.com>
@ 2020-09-01 14:31   ` Ni, Ray
  2020-09-04  7:47   ` Chaganty, Rangasai V
  1 sibling, 0 replies; 6+ messages in thread
From: Ni, Ray @ 2020-09-01 14:31 UTC (permalink / raw)
  To: Sheng, W, devel@edk2.groups.io; +Cc: Chaganty, Rangasai V

Reviewed-by: Ray Ni <ray.ni@intel.com>

> -----Original Message-----
> From: Sheng, W <w.sheng@intel.com>
> Sent: Monday, August 31, 2020 2:38 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
> Subject: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
> 
> PMR enabling set by pre-boot DMA protection is cleared by RC
> when boot guard is enabled. Pre-boot DMA protection should only
> reset VT-d BAR when it is 0 and reset PMR region when it is
> not programmed to protect all memory address.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
> 
> Change-Id: Ic5370f474a43a94903871782ace5cce186b4ddc0
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
> Signed-off-by: Sheng Wei <w.sheng@intel.com>
> ---
>  .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c    | 14 +++++++
>  .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h    | 15 +++++++
>  .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf  |  1 +
>  .../Feature/VTd/IntelVTdPmrPei/VtdReg.c            | 47 ++++++++++++++++++++++
>  4 files changed, 77 insertions(+)
> 
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> index ea944aa4..31a14f28 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> @@ -745,7 +745,21 @@ VTdInfoNotify (
>      // Protect all system memory
>      //
>      InitVTdInfo ();
> +
> +    Hob = GetFirstGuidHob (&mVTdInfoGuid);
> +    VTdInfo = GET_GUID_HOB_DATA(Hob);
> +
> +    //
> +    // NOTE: We need check if PMR is enabled or not.
> +    //
> +    EnabledEngineMask = GetDmaProtectionEnabledEngineMask (VTdInfo, VTdInfo->EngineMask);
> +    if (EnabledEngineMask != 0) {
> +      Status = PreMemoryEnableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
> +    }
>      InitVTdPmrForAll ();
> +    if (((EnabledEngineMask != 0) && (!EFI_ERROR (Status)))) {
> +      DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
> +    }
> 
>      //
>      // Install PPI.
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> index 58e6afad..ffed2c5b 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> @@ -97,6 +97,21 @@ GetHighMemoryAlignment (
>    IN UINT64        EngineMask
>    );
> 
> +/**
> +  Enable VTd translation table protection in pre-memory phase.
> +
> +  @param VTdInfo            The VTd engine context information.
> +  @param EngineMask         The mask of the VTd engine to be accessed.
> +
> +  @retval EFI_SUCCESS       DMAR translation protection is enabled.
> +  @retval EFI_UNSUPPORTED   Null Root Entry Table is not supported.
> +**/
> +EFI_STATUS
> +PreMemoryEnableVTdTranslationProtection (
> +  IN VTD_INFO      *VTdInfo,
> +  IN UINT64        EngineMask
> +  );
> +
>  /**
>    Enable VTd translation table protection.
> 
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> index 3eb2b510..1e613ddd 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> @@ -48,6 +48,7 @@
>    gEdkiiVTdInfoPpiGuid                ## CONSUMES
>    gEfiPeiMemoryDiscoveredPpiGuid      ## CONSUMES
>    gEfiEndOfPeiSignalPpiGuid           ## CONSUMES
> +  gEdkiiVTdNullRootEntryTableGuid     ## PRODUCES
> 
>  [Pcd]
>    gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask   ## CONSUMES
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> index c9669426..2e252fe5 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> @@ -13,8 +13,10 @@
>  #include <Library/DebugLib.h>
>  #include <Library/MemoryAllocationLib.h>
>  #include <Library/CacheMaintenanceLib.h>
> +#include <Library/PeiServicesLib.h>
>  #include <IndustryStandard/Vtd.h>
>  #include <Ppi/VtdInfo.h>
> +#include <Ppi/VtdNullRootEntryTable.h>
> 
>  #include "IntelVTdPmrPei.h"
> 
> @@ -246,6 +248,51 @@ DisableDmar (
>    return EFI_SUCCESS;
>  }
> 
> +/**
> +  Enable VTd translation table protection in pre-memory phase.
> +
> +  @param VTdInfo            The VTd engine context information.
> +  @param EngineMask         The mask of the VTd engine to be accessed.
> +
> +  @retval EFI_SUCCESS       DMAR translation protection is enabled.
> +  @retval EFI_UNSUPPORTED   Null Root Entry Table is not supported.
> +**/
> +EFI_STATUS
> +PreMemoryEnableVTdTranslationProtection (
> +  IN VTD_INFO      *VTdInfo,
> +  IN UINT64        EngineMask
> +  )
> +{
> +  EFI_STATUS                            Status;
> +  UINTN                                 Index;
> +  EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI   *RootEntryTable;
> +
> +  DEBUG ((DEBUG_INFO, "PreMemoryEnableVTdTranslationProtection - 0x%lx\n", EngineMask));
> +
> +  Status = PeiServicesLocatePpi (
> +                 &gEdkiiVTdNullRootEntryTableGuid,
> +                 0,
> +                 NULL,
> +                 (VOID **)&RootEntryTable
> +                 );
> +
> +  if (EFI_ERROR(Status)) {
> +    DEBUG((DEBUG_ERROR, "Locate NullRootEntryTable Ppi : %r\n", Status));
> +    return EFI_UNSUPPORTED;
> +  }
> +
> +  DEBUG ((DEBUG_INFO, "NullRootEntryTable - 0x%lx\n", *RootEntryTable));
> +
> +  for (Index = 0; Index < VTdInfo->VTdEngineCount; Index++) {
> +    if ((EngineMask & LShiftU64(1, Index)) == 0) {
> +      continue;
> +    }
> +    EnableDmar ((UINTN)VTdInfo->VTdEngineAddress[Index], (UINTN)*RootEntryTable);
> +  }
> +
> +  return EFI_SUCCESS;
> +}
> +
>  /**
>    Enable VTd translation table protection.
> 
> --
> 2.16.2.windows.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table
       [not found] ` <20200831063804.8208-4-w.sheng@intel.com>
@ 2020-09-02  1:43   ` Ni, Ray
  2020-09-04  7:47   ` Chaganty, Rangasai V
  1 sibling, 0 replies; 6+ messages in thread
From: Ni, Ray @ 2020-09-02  1:43 UTC (permalink / raw)
  To: Sheng, W, devel@edk2.groups.io; +Cc: Chaganty, Rangasai V

Reviewed-by: Ray Ni <ray.ni@intel.com>

> -----Original Message-----
> From: Sheng, W <w.sheng@intel.com>
> Sent: Monday, August 31, 2020 2:38 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
> Subject: [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table
> 
> BIOS uses TE with a null root entry table to block VT-d engine access
> to block any DMA traffic in pre-memory phase.
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
> 
> Change-Id: I6c086c1f26e60f781de79cc37677cc5717c5edec
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
> Signed-off-by: Sheng Wei <w.sheng@intel.com>
> ---
>  .../PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c  | 16 ++++++++++++++++
>  .../PlatformVTdInfoSamplePei.inf                         |  3 ++-
>  2 files changed, 18 insertions(+), 1 deletion(-)
> 
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
> index 6f6c14f7..616a96ce 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
> @@ -9,6 +9,7 @@
>  #include <PiPei.h>
> 
>  #include <Ppi/VtdInfo.h>
> +#include <Ppi/VtdNullRootEntryTable.h>
> 
>  #include <Library/PeiServicesLib.h>
>  #include <Library/DebugLib.h>
> @@ -164,6 +165,15 @@ EFI_PEI_PPI_DESCRIPTOR mPlatformVTdNoIgdInfoSampleDesc = {
>    &mPlatformVTdNoIgdSample
>  };
> 
> +// BIOS uses TE with a null root entry table to block VT-d engine access to block any DMA traffic in pre-memory phase.
> +EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI mNullRootEntryTable = 0xFED20000;
> +
> +EFI_PEI_PPI_DESCRIPTOR mPlatformNullRootEntryTableDesc = {
> +  (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
> +  &gEdkiiVTdNullRootEntryTableGuid,
> +  &mNullRootEntryTable
> +};
> +
>  /**
>    Initialize VTd register.
>    Initialize the VTd hardware unit which has INCLUDE_PCI_ALL set
> @@ -344,6 +354,12 @@ PlatformVTdInfoSampleInitialize (
>    if (!EFI_ERROR(Status)) {
>      SiliconInitialized = TRUE;
>    }
> +
> +  Status = PeiServicesInstallPpi (&mPlatformNullRootEntryTableDesc);
> +  if (EFI_ERROR (Status)) {
> +    ASSERT_EFI_ERROR (Status);
> +  }
> +
>    DEBUG ((DEBUG_INFO, "SiliconInitialized - %x\n", SiliconInitialized));
>    if (!SiliconInitialized) {
>      Status = PeiServicesNotifyPpi (&mSiliconInitializedNotifyList);
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
> index dacfdf5e..b35853b6 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
> @@ -38,7 +38,8 @@
>    IoLib
> 
>  [Ppis]
> -  gEdkiiVTdInfoPpiGuid         ## PRODUCES
> +  gEdkiiVTdInfoPpiGuid              ## PRODUCES
> +  gEdkiiVTdNullRootEntryTableGuid   ## PRODUCES
> 
>  [Depex]
>    gEfiPeiMasterBootModePpiGuid
> --
> 2.16.2.windows.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI
       [not found] ` <20200831063804.8208-2-w.sheng@intel.com>
  2020-09-01 14:30   ` [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI Ni, Ray
@ 2020-09-04  7:46   ` Chaganty, Rangasai V
  1 sibling, 0 replies; 6+ messages in thread
From: Chaganty, Rangasai V @ 2020-09-04  7:46 UTC (permalink / raw)
  To: Sheng, W, devel@edk2.groups.io; +Cc: Ni, Ray

Reviewed-by: Sai Chaganty <rangasai.v.chaganty@intel.com>

-----Original Message-----
From: Sheng, W <w.sheng@intel.com> 
Sent: Sunday, August 30, 2020 11:38 PM
To: devel@edk2.groups.io
Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
Subject: [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI

Null root entry table address is a fixed silicon reserved address, which is used to block the DMA transfer.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867

Change-Id: I3aa2b2e7a11e0327857c6ed9bc92cd209d3ade9d
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Signed-off-by: Sheng Wei <w.sheng@intel.com>
---
 .../Include/Ppi/VtdNullRootEntryTable.h            | 28 ++++++++++++++++++++++
 Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec  |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h

diff --git a/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h b/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
new file mode 100644
index 00000000..d79b5fd9
--- /dev/null
+++ b/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
@@ -0,0 +1,28 @@
+/** @file
+  The definition for VTD Null Root Entry Table PPI.
+
+  This is a lightweight VTd null root entry table report in PEI phase.
+
+  Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __VTD_NULL_ROOT_ENTRY_TABLE_PPI_H__
+#define __VTD_NULL_ROOT_ENTRY_TABLE_PPI_H__
+
+#define EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI_GUID \
+    { \
+      0x3de0593f, 0x6e3e, 0x4542, { 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff } \
+    }
+
+//
+// Null root entry table address is a fixed silicon reserved address,
+//   which is used to block the DMA transfer.
+//
+typedef UINT64  EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI;
+
+extern EFI_GUID gEdkiiVTdNullRootEntryTableGuid;
+
+#endif
+
diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
index e4a7fec3..284820af 100644
--- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
+++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
@@ -68,6 +68,7 @@
 
 [Ppis]
   gEdkiiVTdInfoPpiGuid = { 0x8a59fcb3, 0xf191, 0x400c, { 0x97, 0x67, 0x67, 0xaf, 0x2b, 0x25, 0x68, 0x4a } }
+  gEdkiiVTdNullRootEntryTableGuid = { 0x3de0593f, 0x6e3e, 0x4542, { 
+ 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff } }
 
 [Protocols]
   gEdkiiPlatformVTdPolicyProtocolGuid = { 0x3d17e448, 0x466, 0x4e20, { 0x99, 0x9f, 0xb2, 0xe1, 0x34, 0x88, 0xee, 0x22 }}
--
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
       [not found] ` <20200831063804.8208-3-w.sheng@intel.com>
  2020-09-01 14:31   ` [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct Ni, Ray
@ 2020-09-04  7:47   ` Chaganty, Rangasai V
  1 sibling, 0 replies; 6+ messages in thread
From: Chaganty, Rangasai V @ 2020-09-04  7:47 UTC (permalink / raw)
  To: Sheng, W, devel@edk2.groups.io; +Cc: Ni, Ray

Reviewed-by: Sai Chaganty <rangasai.v.chaganty@intel.com>

-----Original Message-----
From: Sheng, W <w.sheng@intel.com> 
Sent: Sunday, August 30, 2020 11:38 PM
To: devel@edk2.groups.io
Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
Subject: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct

PMR enabling set by pre-boot DMA protection is cleared by RC when boot guard is enabled. Pre-boot DMA protection should only reset VT-d BAR when it is 0 and reset PMR region when it is not programmed to protect all memory address.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867

Change-Id: Ic5370f474a43a94903871782ace5cce186b4ddc0
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Signed-off-by: Sheng Wei <w.sheng@intel.com>
---
 .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c    | 14 +++++++
 .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h    | 15 +++++++
 .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf  |  1 +
 .../Feature/VTd/IntelVTdPmrPei/VtdReg.c            | 47 ++++++++++++++++++++++
 4 files changed, 77 insertions(+)

diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
index ea944aa4..31a14f28 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdP
+++ mrPei.c
@@ -745,7 +745,21 @@ VTdInfoNotify (
     // Protect all system memory
     //
     InitVTdInfo ();
+
+    Hob = GetFirstGuidHob (&mVTdInfoGuid);
+    VTdInfo = GET_GUID_HOB_DATA(Hob);
+
+    //
+    // NOTE: We need check if PMR is enabled or not.
+    //
+    EnabledEngineMask = GetDmaProtectionEnabledEngineMask (VTdInfo, VTdInfo->EngineMask);
+    if (EnabledEngineMask != 0) {
+      Status = PreMemoryEnableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
+    }
     InitVTdPmrForAll ();
+    if (((EnabledEngineMask != 0) && (!EFI_ERROR (Status)))) {
+      DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
+    }
 
     //
     // Install PPI.
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
index 58e6afad..ffed2c5b 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdP
+++ mrPei.h
@@ -97,6 +97,21 @@ GetHighMemoryAlignment (
   IN UINT64        EngineMask
   );
 
+/**
+  Enable VTd translation table protection in pre-memory phase.
+
+  @param VTdInfo            The VTd engine context information.
+  @param EngineMask         The mask of the VTd engine to be accessed.
+
+  @retval EFI_SUCCESS       DMAR translation protection is enabled.
+  @retval EFI_UNSUPPORTED   Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+  IN VTD_INFO      *VTdInfo,
+  IN UINT64        EngineMask
+  );
+
 /**
   Enable VTd translation table protection.
 
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
index 3eb2b510..1e613ddd 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdP
+++ mrPei.inf
@@ -48,6 +48,7 @@
   gEdkiiVTdInfoPpiGuid                ## CONSUMES
   gEfiPeiMemoryDiscoveredPpiGuid      ## CONSUMES
   gEfiEndOfPeiSignalPpiGuid           ## CONSUMES
+  gEdkiiVTdNullRootEntryTableGuid     ## PRODUCES
 
 [Pcd]
   gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask   ## CONSUMES
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
index c9669426..2e252fe5 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
@@ -13,8 +13,10 @@
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>  #include <Library/CacheMaintenanceLib.h>
+#include <Library/PeiServicesLib.h>
 #include <IndustryStandard/Vtd.h>
 #include <Ppi/VtdInfo.h>
+#include <Ppi/VtdNullRootEntryTable.h>
 
 #include "IntelVTdPmrPei.h"
 
@@ -246,6 +248,51 @@ DisableDmar (
   return EFI_SUCCESS;
 }
 
+/**
+  Enable VTd translation table protection in pre-memory phase.
+
+  @param VTdInfo            The VTd engine context information.
+  @param EngineMask         The mask of the VTd engine to be accessed.
+
+  @retval EFI_SUCCESS       DMAR translation protection is enabled.
+  @retval EFI_UNSUPPORTED   Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+  IN VTD_INFO      *VTdInfo,
+  IN UINT64        EngineMask
+  )
+{
+  EFI_STATUS                            Status;
+  UINTN                                 Index;
+  EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI   *RootEntryTable;
+
+  DEBUG ((DEBUG_INFO, "PreMemoryEnableVTdTranslationProtection - 
+ 0x%lx\n", EngineMask));
+
+  Status = PeiServicesLocatePpi (
+                 &gEdkiiVTdNullRootEntryTableGuid,
+                 0,
+                 NULL,
+                 (VOID **)&RootEntryTable
+                 );
+
+  if (EFI_ERROR(Status)) {
+    DEBUG((DEBUG_ERROR, "Locate NullRootEntryTable Ppi : %r\n", Status));
+    return EFI_UNSUPPORTED;
+  }
+
+  DEBUG ((DEBUG_INFO, "NullRootEntryTable - 0x%lx\n", 
+ *RootEntryTable));
+
+  for (Index = 0; Index < VTdInfo->VTdEngineCount; Index++) {
+    if ((EngineMask & LShiftU64(1, Index)) == 0) {
+      continue;
+    }
+    EnableDmar ((UINTN)VTdInfo->VTdEngineAddress[Index], 
+ (UINTN)*RootEntryTable);  }
+
+  return EFI_SUCCESS;
+}
+
 /**
   Enable VTd translation table protection.
 
--
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table
       [not found] ` <20200831063804.8208-4-w.sheng@intel.com>
  2020-09-02  1:43   ` [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table Ni, Ray
@ 2020-09-04  7:47   ` Chaganty, Rangasai V
  1 sibling, 0 replies; 6+ messages in thread
From: Chaganty, Rangasai V @ 2020-09-04  7:47 UTC (permalink / raw)
  To: Sheng, W, devel@edk2.groups.io; +Cc: Ni, Ray

Reviewed-by: Sai Chaganty <rangasai.v.chaganty@intel.com>

-----Original Message-----
From: Sheng, W <w.sheng@intel.com> 
Sent: Sunday, August 30, 2020 11:38 PM
To: devel@edk2.groups.io
Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
Subject: [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table

BIOS uses TE with a null root entry table to block VT-d engine access to block any DMA traffic in pre-memory phase.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867

Change-Id: I6c086c1f26e60f781de79cc37677cc5717c5edec
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Signed-off-by: Sheng Wei <w.sheng@intel.com>
---
 .../PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c  | 16 ++++++++++++++++
 .../PlatformVTdInfoSamplePei.inf                         |  3 ++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
index 6f6c14f7..616a96ce 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei
+++ /PlatformVTdInfoSamplePei.c
@@ -9,6 +9,7 @@
 #include <PiPei.h>
 
 #include <Ppi/VtdInfo.h>
+#include <Ppi/VtdNullRootEntryTable.h>
 
 #include <Library/PeiServicesLib.h>
 #include <Library/DebugLib.h>
@@ -164,6 +165,15 @@ EFI_PEI_PPI_DESCRIPTOR mPlatformVTdNoIgdInfoSampleDesc = {
   &mPlatformVTdNoIgdSample
 };
 
+// BIOS uses TE with a null root entry table to block VT-d engine access to block any DMA traffic in pre-memory phase.
+EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI mNullRootEntryTable = 0xFED20000;
+
+EFI_PEI_PPI_DESCRIPTOR mPlatformNullRootEntryTableDesc = {
+  (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+  &gEdkiiVTdNullRootEntryTableGuid,
+  &mNullRootEntryTable
+};
+
 /**
   Initialize VTd register.
   Initialize the VTd hardware unit which has INCLUDE_PCI_ALL set @@ -344,6 +354,12 @@ PlatformVTdInfoSampleInitialize (
   if (!EFI_ERROR(Status)) {
     SiliconInitialized = TRUE;
   }
+
+  Status = PeiServicesInstallPpi (&mPlatformNullRootEntryTableDesc);
+  if (EFI_ERROR (Status)) {
+    ASSERT_EFI_ERROR (Status);
+  }
+
   DEBUG ((DEBUG_INFO, "SiliconInitialized - %x\n", SiliconInitialized));
   if (!SiliconInitialized) {
     Status = PeiServicesNotifyPpi (&mSiliconInitializedNotifyList); diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
index dacfdf5e..b35853b6 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei
+++ /PlatformVTdInfoSamplePei.inf
@@ -38,7 +38,8 @@
   IoLib
 
 [Ppis]
-  gEdkiiVTdInfoPpiGuid         ## PRODUCES
+  gEdkiiVTdInfoPpiGuid              ## PRODUCES
+  gEdkiiVTdNullRootEntryTableGuid   ## PRODUCES
 
 [Depex]
   gEfiPeiMasterBootModePpiGuid
--
2.16.2.windows.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-09-04  7:47 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20200831063804.8208-1-w.sheng@intel.com>
     [not found] ` <20200831063804.8208-3-w.sheng@intel.com>
2020-09-01 14:31   ` [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct Ni, Ray
2020-09-04  7:47   ` Chaganty, Rangasai V
     [not found] ` <20200831063804.8208-4-w.sheng@intel.com>
2020-09-02  1:43   ` [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table Ni, Ray
2020-09-04  7:47   ` Chaganty, Rangasai V
     [not found] ` <20200831063804.8208-2-w.sheng@intel.com>
2020-09-01 14:30   ` [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI Ni, Ray
2020-09-04  7:46   ` Chaganty, Rangasai V

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox