* Re: [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI
[not found] ` <20200831063804.8208-2-w.sheng@intel.com>
@ 2020-09-01 14:30 ` Ni, Ray
2020-09-04 7:46 ` Chaganty, Rangasai V
1 sibling, 0 replies; 6+ messages in thread
From: Ni, Ray @ 2020-09-01 14:30 UTC (permalink / raw)
To: Sheng, W, devel@edk2.groups.io; +Cc: Chaganty, Rangasai V
Reviewed-by: Ray Ni <ray.ni@intel.com>
> -----Original Message-----
> From: Sheng, W <w.sheng@intel.com>
> Sent: Monday, August 31, 2020 2:38 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
> Subject: [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI
>
> Null root entry table address is a fixed silicon reserved address,
> which is used to block the DMA transfer.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
>
> Change-Id: I3aa2b2e7a11e0327857c6ed9bc92cd209d3ade9d
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
> Signed-off-by: Sheng Wei <w.sheng@intel.com>
> ---
> .../Include/Ppi/VtdNullRootEntryTable.h | 28 ++++++++++++++++++++++
> Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 1 +
> 2 files changed, 29 insertions(+)
> create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
>
> diff --git a/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
> b/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
> new file mode 100644
> index 00000000..d79b5fd9
> --- /dev/null
> +++ b/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
> @@ -0,0 +1,28 @@
> +/** @file
> + The definition for VTD Null Root Entry Table PPI.
> +
> + This is a lightweight VTd null root entry table report in PEI phase.
> +
> + Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef __VTD_NULL_ROOT_ENTRY_TABLE_PPI_H__
> +#define __VTD_NULL_ROOT_ENTRY_TABLE_PPI_H__
> +
> +#define EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI_GUID \
> + { \
> + 0x3de0593f, 0x6e3e, 0x4542, { 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff } \
> + }
> +
> +//
> +// Null root entry table address is a fixed silicon reserved address,
> +// which is used to block the DMA transfer.
> +//
> +typedef UINT64 EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI;
> +
> +extern EFI_GUID gEdkiiVTdNullRootEntryTableGuid;
> +
> +#endif
> +
> diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
> index e4a7fec3..284820af 100644
> --- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
> +++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
> @@ -68,6 +68,7 @@
>
> [Ppis]
> gEdkiiVTdInfoPpiGuid = { 0x8a59fcb3, 0xf191, 0x400c, { 0x97, 0x67, 0x67, 0xaf, 0x2b, 0x25, 0x68, 0x4a } }
> + gEdkiiVTdNullRootEntryTableGuid = { 0x3de0593f, 0x6e3e, 0x4542, { 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff } }
>
> [Protocols]
> gEdkiiPlatformVTdPolicyProtocolGuid = { 0x3d17e448, 0x466, 0x4e20, { 0x99, 0x9f, 0xb2, 0xe1, 0x34, 0x88, 0xee, 0x22 }}
> --
> 2.16.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
[not found] ` <20200831063804.8208-3-w.sheng@intel.com>
@ 2020-09-01 14:31 ` Ni, Ray
2020-09-04 7:47 ` Chaganty, Rangasai V
1 sibling, 0 replies; 6+ messages in thread
From: Ni, Ray @ 2020-09-01 14:31 UTC (permalink / raw)
To: Sheng, W, devel@edk2.groups.io; +Cc: Chaganty, Rangasai V
Reviewed-by: Ray Ni <ray.ni@intel.com>
> -----Original Message-----
> From: Sheng, W <w.sheng@intel.com>
> Sent: Monday, August 31, 2020 2:38 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
> Subject: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
>
> PMR enabling set by pre-boot DMA protection is cleared by RC
> when boot guard is enabled. Pre-boot DMA protection should only
> reset VT-d BAR when it is 0 and reset PMR region when it is
> not programmed to protect all memory address.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
>
> Change-Id: Ic5370f474a43a94903871782ace5cce186b4ddc0
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
> Signed-off-by: Sheng Wei <w.sheng@intel.com>
> ---
> .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c | 14 +++++++
> .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h | 15 +++++++
> .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf | 1 +
> .../Feature/VTd/IntelVTdPmrPei/VtdReg.c | 47 ++++++++++++++++++++++
> 4 files changed, 77 insertions(+)
>
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> index ea944aa4..31a14f28 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
> @@ -745,7 +745,21 @@ VTdInfoNotify (
> // Protect all system memory
> //
> InitVTdInfo ();
> +
> + Hob = GetFirstGuidHob (&mVTdInfoGuid);
> + VTdInfo = GET_GUID_HOB_DATA(Hob);
> +
> + //
> + // NOTE: We need check if PMR is enabled or not.
> + //
> + EnabledEngineMask = GetDmaProtectionEnabledEngineMask (VTdInfo, VTdInfo->EngineMask);
> + if (EnabledEngineMask != 0) {
> + Status = PreMemoryEnableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
> + }
> InitVTdPmrForAll ();
> + if (((EnabledEngineMask != 0) && (!EFI_ERROR (Status)))) {
> + DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
> + }
>
> //
> // Install PPI.
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> index 58e6afad..ffed2c5b 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
> @@ -97,6 +97,21 @@ GetHighMemoryAlignment (
> IN UINT64 EngineMask
> );
>
> +/**
> + Enable VTd translation table protection in pre-memory phase.
> +
> + @param VTdInfo The VTd engine context information.
> + @param EngineMask The mask of the VTd engine to be accessed.
> +
> + @retval EFI_SUCCESS DMAR translation protection is enabled.
> + @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
> +**/
> +EFI_STATUS
> +PreMemoryEnableVTdTranslationProtection (
> + IN VTD_INFO *VTdInfo,
> + IN UINT64 EngineMask
> + );
> +
> /**
> Enable VTd translation table protection.
>
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> index 3eb2b510..1e613ddd 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
> @@ -48,6 +48,7 @@
> gEdkiiVTdInfoPpiGuid ## CONSUMES
> gEfiPeiMemoryDiscoveredPpiGuid ## CONSUMES
> gEfiEndOfPeiSignalPpiGuid ## CONSUMES
> + gEdkiiVTdNullRootEntryTableGuid ## PRODUCES
>
> [Pcd]
> gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask ## CONSUMES
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> index c9669426..2e252fe5 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
> @@ -13,8 +13,10 @@
> #include <Library/DebugLib.h>
> #include <Library/MemoryAllocationLib.h>
> #include <Library/CacheMaintenanceLib.h>
> +#include <Library/PeiServicesLib.h>
> #include <IndustryStandard/Vtd.h>
> #include <Ppi/VtdInfo.h>
> +#include <Ppi/VtdNullRootEntryTable.h>
>
> #include "IntelVTdPmrPei.h"
>
> @@ -246,6 +248,51 @@ DisableDmar (
> return EFI_SUCCESS;
> }
>
> +/**
> + Enable VTd translation table protection in pre-memory phase.
> +
> + @param VTdInfo The VTd engine context information.
> + @param EngineMask The mask of the VTd engine to be accessed.
> +
> + @retval EFI_SUCCESS DMAR translation protection is enabled.
> + @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
> +**/
> +EFI_STATUS
> +PreMemoryEnableVTdTranslationProtection (
> + IN VTD_INFO *VTdInfo,
> + IN UINT64 EngineMask
> + )
> +{
> + EFI_STATUS Status;
> + UINTN Index;
> + EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI *RootEntryTable;
> +
> + DEBUG ((DEBUG_INFO, "PreMemoryEnableVTdTranslationProtection - 0x%lx\n", EngineMask));
> +
> + Status = PeiServicesLocatePpi (
> + &gEdkiiVTdNullRootEntryTableGuid,
> + 0,
> + NULL,
> + (VOID **)&RootEntryTable
> + );
> +
> + if (EFI_ERROR(Status)) {
> + DEBUG((DEBUG_ERROR, "Locate NullRootEntryTable Ppi : %r\n", Status));
> + return EFI_UNSUPPORTED;
> + }
> +
> + DEBUG ((DEBUG_INFO, "NullRootEntryTable - 0x%lx\n", *RootEntryTable));
> +
> + for (Index = 0; Index < VTdInfo->VTdEngineCount; Index++) {
> + if ((EngineMask & LShiftU64(1, Index)) == 0) {
> + continue;
> + }
> + EnableDmar ((UINTN)VTdInfo->VTdEngineAddress[Index], (UINTN)*RootEntryTable);
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> /**
> Enable VTd translation table protection.
>
> --
> 2.16.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table
[not found] ` <20200831063804.8208-4-w.sheng@intel.com>
@ 2020-09-02 1:43 ` Ni, Ray
2020-09-04 7:47 ` Chaganty, Rangasai V
1 sibling, 0 replies; 6+ messages in thread
From: Ni, Ray @ 2020-09-02 1:43 UTC (permalink / raw)
To: Sheng, W, devel@edk2.groups.io; +Cc: Chaganty, Rangasai V
Reviewed-by: Ray Ni <ray.ni@intel.com>
> -----Original Message-----
> From: Sheng, W <w.sheng@intel.com>
> Sent: Monday, August 31, 2020 2:38 PM
> To: devel@edk2.groups.io
> Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
> Subject: [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table
>
> BIOS uses TE with a null root entry table to block VT-d engine access
> to block any DMA traffic in pre-memory phase.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
>
> Change-Id: I6c086c1f26e60f781de79cc37677cc5717c5edec
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
> Signed-off-by: Sheng Wei <w.sheng@intel.com>
> ---
> .../PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c | 16 ++++++++++++++++
> .../PlatformVTdInfoSamplePei.inf | 3 ++-
> 2 files changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
> index 6f6c14f7..616a96ce 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
> @@ -9,6 +9,7 @@
> #include <PiPei.h>
>
> #include <Ppi/VtdInfo.h>
> +#include <Ppi/VtdNullRootEntryTable.h>
>
> #include <Library/PeiServicesLib.h>
> #include <Library/DebugLib.h>
> @@ -164,6 +165,15 @@ EFI_PEI_PPI_DESCRIPTOR mPlatformVTdNoIgdInfoSampleDesc = {
> &mPlatformVTdNoIgdSample
> };
>
> +// BIOS uses TE with a null root entry table to block VT-d engine access to block any DMA traffic in pre-memory phase.
> +EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI mNullRootEntryTable = 0xFED20000;
> +
> +EFI_PEI_PPI_DESCRIPTOR mPlatformNullRootEntryTableDesc = {
> + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
> + &gEdkiiVTdNullRootEntryTableGuid,
> + &mNullRootEntryTable
> +};
> +
> /**
> Initialize VTd register.
> Initialize the VTd hardware unit which has INCLUDE_PCI_ALL set
> @@ -344,6 +354,12 @@ PlatformVTdInfoSampleInitialize (
> if (!EFI_ERROR(Status)) {
> SiliconInitialized = TRUE;
> }
> +
> + Status = PeiServicesInstallPpi (&mPlatformNullRootEntryTableDesc);
> + if (EFI_ERROR (Status)) {
> + ASSERT_EFI_ERROR (Status);
> + }
> +
> DEBUG ((DEBUG_INFO, "SiliconInitialized - %x\n", SiliconInitialized));
> if (!SiliconInitialized) {
> Status = PeiServicesNotifyPpi (&mSiliconInitializedNotifyList);
> diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
> b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
> index dacfdf5e..b35853b6 100644
> --- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
> +++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
> @@ -38,7 +38,8 @@
> IoLib
>
> [Ppis]
> - gEdkiiVTdInfoPpiGuid ## PRODUCES
> + gEdkiiVTdInfoPpiGuid ## PRODUCES
> + gEdkiiVTdNullRootEntryTableGuid ## PRODUCES
>
> [Depex]
> gEfiPeiMasterBootModePpiGuid
> --
> 2.16.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI
[not found] ` <20200831063804.8208-2-w.sheng@intel.com>
2020-09-01 14:30 ` [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI Ni, Ray
@ 2020-09-04 7:46 ` Chaganty, Rangasai V
1 sibling, 0 replies; 6+ messages in thread
From: Chaganty, Rangasai V @ 2020-09-04 7:46 UTC (permalink / raw)
To: Sheng, W, devel@edk2.groups.io; +Cc: Ni, Ray
Reviewed-by: Sai Chaganty <rangasai.v.chaganty@intel.com>
-----Original Message-----
From: Sheng, W <w.sheng@intel.com>
Sent: Sunday, August 30, 2020 11:38 PM
To: devel@edk2.groups.io
Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
Subject: [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI
Null root entry table address is a fixed silicon reserved address, which is used to block the DMA transfer.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
Change-Id: I3aa2b2e7a11e0327857c6ed9bc92cd209d3ade9d
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Signed-off-by: Sheng Wei <w.sheng@intel.com>
---
.../Include/Ppi/VtdNullRootEntryTable.h | 28 ++++++++++++++++++++++
Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec | 1 +
2 files changed, 29 insertions(+)
create mode 100644 Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
diff --git a/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h b/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
new file mode 100644
index 00000000..d79b5fd9
--- /dev/null
+++ b/Silicon/Intel/IntelSiliconPkg/Include/Ppi/VtdNullRootEntryTable.h
@@ -0,0 +1,28 @@
+/** @file
+ The definition for VTD Null Root Entry Table PPI.
+
+ This is a lightweight VTd null root entry table report in PEI phase.
+
+ Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __VTD_NULL_ROOT_ENTRY_TABLE_PPI_H__
+#define __VTD_NULL_ROOT_ENTRY_TABLE_PPI_H__
+
+#define EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI_GUID \
+ { \
+ 0x3de0593f, 0x6e3e, 0x4542, { 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff } \
+ }
+
+//
+// Null root entry table address is a fixed silicon reserved address,
+// which is used to block the DMA transfer.
+//
+typedef UINT64 EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI;
+
+extern EFI_GUID gEdkiiVTdNullRootEntryTableGuid;
+
+#endif
+
diff --git a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
index e4a7fec3..284820af 100644
--- a/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
+++ b/Silicon/Intel/IntelSiliconPkg/IntelSiliconPkg.dec
@@ -68,6 +68,7 @@
[Ppis]
gEdkiiVTdInfoPpiGuid = { 0x8a59fcb3, 0xf191, 0x400c, { 0x97, 0x67, 0x67, 0xaf, 0x2b, 0x25, 0x68, 0x4a } }
+ gEdkiiVTdNullRootEntryTableGuid = { 0x3de0593f, 0x6e3e, 0x4542, {
+ 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff } }
[Protocols]
gEdkiiPlatformVTdPolicyProtocolGuid = { 0x3d17e448, 0x466, 0x4e20, { 0x99, 0x9f, 0xb2, 0xe1, 0x34, 0x88, 0xee, 0x22 }}
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
[not found] ` <20200831063804.8208-3-w.sheng@intel.com>
2020-09-01 14:31 ` [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct Ni, Ray
@ 2020-09-04 7:47 ` Chaganty, Rangasai V
1 sibling, 0 replies; 6+ messages in thread
From: Chaganty, Rangasai V @ 2020-09-04 7:47 UTC (permalink / raw)
To: Sheng, W, devel@edk2.groups.io; +Cc: Ni, Ray
Reviewed-by: Sai Chaganty <rangasai.v.chaganty@intel.com>
-----Original Message-----
From: Sheng, W <w.sheng@intel.com>
Sent: Sunday, August 30, 2020 11:38 PM
To: devel@edk2.groups.io
Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
Subject: [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct
PMR enabling set by pre-boot DMA protection is cleared by RC when boot guard is enabled. Pre-boot DMA protection should only reset VT-d BAR when it is 0 and reset PMR region when it is not programmed to protect all memory address.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
Change-Id: Ic5370f474a43a94903871782ace5cce186b4ddc0
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Signed-off-by: Sheng Wei <w.sheng@intel.com>
---
.../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c | 14 +++++++
.../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h | 15 +++++++
.../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf | 1 +
.../Feature/VTd/IntelVTdPmrPei/VtdReg.c | 47 ++++++++++++++++++++++
4 files changed, 77 insertions(+)
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
index ea944aa4..31a14f28 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdP
+++ mrPei.c
@@ -745,7 +745,21 @@ VTdInfoNotify (
// Protect all system memory
//
InitVTdInfo ();
+
+ Hob = GetFirstGuidHob (&mVTdInfoGuid);
+ VTdInfo = GET_GUID_HOB_DATA(Hob);
+
+ //
+ // NOTE: We need check if PMR is enabled or not.
+ //
+ EnabledEngineMask = GetDmaProtectionEnabledEngineMask (VTdInfo, VTdInfo->EngineMask);
+ if (EnabledEngineMask != 0) {
+ Status = PreMemoryEnableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
+ }
InitVTdPmrForAll ();
+ if (((EnabledEngineMask != 0) && (!EFI_ERROR (Status)))) {
+ DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
+ }
//
// Install PPI.
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
index 58e6afad..ffed2c5b 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdP
+++ mrPei.h
@@ -97,6 +97,21 @@ GetHighMemoryAlignment (
IN UINT64 EngineMask
);
+/**
+ Enable VTd translation table protection in pre-memory phase.
+
+ @param VTdInfo The VTd engine context information.
+ @param EngineMask The mask of the VTd engine to be accessed.
+
+ @retval EFI_SUCCESS DMAR translation protection is enabled.
+ @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+ IN VTD_INFO *VTdInfo,
+ IN UINT64 EngineMask
+ );
+
/**
Enable VTd translation table protection.
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
index 3eb2b510..1e613ddd 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.inf
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdP
+++ mrPei.inf
@@ -48,6 +48,7 @@
gEdkiiVTdInfoPpiGuid ## CONSUMES
gEfiPeiMemoryDiscoveredPpiGuid ## CONSUMES
gEfiEndOfPeiSignalPpiGuid ## CONSUMES
+ gEdkiiVTdNullRootEntryTableGuid ## PRODUCES
[Pcd]
gIntelSiliconPkgTokenSpaceGuid.PcdVTdPolicyPropertyMask ## CONSUMES
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
index c9669426..2e252fe5 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
@@ -13,8 +13,10 @@
#include <Library/DebugLib.h>
#include <Library/MemoryAllocationLib.h> #include <Library/CacheMaintenanceLib.h>
+#include <Library/PeiServicesLib.h>
#include <IndustryStandard/Vtd.h>
#include <Ppi/VtdInfo.h>
+#include <Ppi/VtdNullRootEntryTable.h>
#include "IntelVTdPmrPei.h"
@@ -246,6 +248,51 @@ DisableDmar (
return EFI_SUCCESS;
}
+/**
+ Enable VTd translation table protection in pre-memory phase.
+
+ @param VTdInfo The VTd engine context information.
+ @param EngineMask The mask of the VTd engine to be accessed.
+
+ @retval EFI_SUCCESS DMAR translation protection is enabled.
+ @retval EFI_UNSUPPORTED Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+ IN VTD_INFO *VTdInfo,
+ IN UINT64 EngineMask
+ )
+{
+ EFI_STATUS Status;
+ UINTN Index;
+ EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI *RootEntryTable;
+
+ DEBUG ((DEBUG_INFO, "PreMemoryEnableVTdTranslationProtection -
+ 0x%lx\n", EngineMask));
+
+ Status = PeiServicesLocatePpi (
+ &gEdkiiVTdNullRootEntryTableGuid,
+ 0,
+ NULL,
+ (VOID **)&RootEntryTable
+ );
+
+ if (EFI_ERROR(Status)) {
+ DEBUG((DEBUG_ERROR, "Locate NullRootEntryTable Ppi : %r\n", Status));
+ return EFI_UNSUPPORTED;
+ }
+
+ DEBUG ((DEBUG_INFO, "NullRootEntryTable - 0x%lx\n",
+ *RootEntryTable));
+
+ for (Index = 0; Index < VTdInfo->VTdEngineCount; Index++) {
+ if ((EngineMask & LShiftU64(1, Index)) == 0) {
+ continue;
+ }
+ EnableDmar ((UINTN)VTdInfo->VTdEngineAddress[Index],
+ (UINTN)*RootEntryTable); }
+
+ return EFI_SUCCESS;
+}
+
/**
Enable VTd translation table protection.
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table
[not found] ` <20200831063804.8208-4-w.sheng@intel.com>
2020-09-02 1:43 ` [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table Ni, Ray
@ 2020-09-04 7:47 ` Chaganty, Rangasai V
1 sibling, 0 replies; 6+ messages in thread
From: Chaganty, Rangasai V @ 2020-09-04 7:47 UTC (permalink / raw)
To: Sheng, W, devel@edk2.groups.io; +Cc: Ni, Ray
Reviewed-by: Sai Chaganty <rangasai.v.chaganty@intel.com>
-----Original Message-----
From: Sheng, W <w.sheng@intel.com>
Sent: Sunday, August 30, 2020 11:38 PM
To: devel@edk2.groups.io
Cc: Ni, Ray <ray.ni@intel.com>; Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
Subject: [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table
BIOS uses TE with a null root entry table to block VT-d engine access to block any DMA traffic in pre-memory phase.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867
Change-Id: I6c086c1f26e60f781de79cc37677cc5717c5edec
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Signed-off-by: Sheng Wei <w.sheng@intel.com>
---
.../PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c | 16 ++++++++++++++++
.../PlatformVTdInfoSamplePei.inf | 3 ++-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
index 6f6c14f7..616a96ce 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei
+++ /PlatformVTdInfoSamplePei.c
@@ -9,6 +9,7 @@
#include <PiPei.h>
#include <Ppi/VtdInfo.h>
+#include <Ppi/VtdNullRootEntryTable.h>
#include <Library/PeiServicesLib.h>
#include <Library/DebugLib.h>
@@ -164,6 +165,15 @@ EFI_PEI_PPI_DESCRIPTOR mPlatformVTdNoIgdInfoSampleDesc = {
&mPlatformVTdNoIgdSample
};
+// BIOS uses TE with a null root entry table to block VT-d engine access to block any DMA traffic in pre-memory phase.
+EDKII_VTD_NULL_ROOT_ENTRY_TABLE_PPI mNullRootEntryTable = 0xFED20000;
+
+EFI_PEI_PPI_DESCRIPTOR mPlatformNullRootEntryTableDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEdkiiVTdNullRootEntryTableGuid,
+ &mNullRootEntryTable
+};
+
/**
Initialize VTd register.
Initialize the VTd hardware unit which has INCLUDE_PCI_ALL set @@ -344,6 +354,12 @@ PlatformVTdInfoSampleInitialize (
if (!EFI_ERROR(Status)) {
SiliconInitialized = TRUE;
}
+
+ Status = PeiServicesInstallPpi (&mPlatformNullRootEntryTableDesc);
+ if (EFI_ERROR (Status)) {
+ ASSERT_EFI_ERROR (Status);
+ }
+
DEBUG ((DEBUG_INFO, "SiliconInitialized - %x\n", SiliconInitialized));
if (!SiliconInitialized) {
Status = PeiServicesNotifyPpi (&mSiliconInitializedNotifyList); diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
index dacfdf5e..b35853b6 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei/PlatformVTdInfoSamplePei.inf
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/PlatformVTdInfoSamplePei
+++ /PlatformVTdInfoSamplePei.inf
@@ -38,7 +38,8 @@
IoLib
[Ppis]
- gEdkiiVTdInfoPpiGuid ## PRODUCES
+ gEdkiiVTdInfoPpiGuid ## PRODUCES
+ gEdkiiVTdNullRootEntryTableGuid ## PRODUCES
[Depex]
gEfiPeiMasterBootModePpiGuid
--
2.16.2.windows.1
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-09-04 7:47 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20200831063804.8208-1-w.sheng@intel.com>
[not found] ` <20200831063804.8208-3-w.sheng@intel.com>
2020-09-01 14:31 ` [PATCH v3 2/3] IntelSiliconPkg/IntelVTdPmrPei: Fix PMR enabling setting confilct Ni, Ray
2020-09-04 7:47 ` Chaganty, Rangasai V
[not found] ` <20200831063804.8208-4-w.sheng@intel.com>
2020-09-02 1:43 ` [PATCH v3 3/3] IntelSiliconPkg/PlatformVTdInfoSamplePei: Install Null Root Entry Table Ni, Ray
2020-09-04 7:47 ` Chaganty, Rangasai V
[not found] ` <20200831063804.8208-2-w.sheng@intel.com>
2020-09-01 14:30 ` [PATCH v3 1/3] IntelSiliconPkg/VtdInfo: Add Null Root Entry Table PPI Ni, Ray
2020-09-04 7:46 ` Chaganty, Rangasai V
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox