From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qk1-f178.google.com (mail-qk1-f178.google.com [209.85.222.178]) by mx.groups.io with SMTP id smtpd.web11.2278.1662486191733097155 for ; Tue, 06 Sep 2022 10:43:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Tbq6NyS+; spf=pass (domain: gmail.com, ip: 209.85.222.178, mailfrom: benjamin.doron00@gmail.com) Received: by mail-qk1-f178.google.com with SMTP id b2so8700691qkh.12 for ; Tue, 06 Sep 2022 10:43:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date; bh=DbFmnTf81qL5TAm5+zzvTOtGAd97f5ocbobVRZ21jy8=; b=Tbq6NyS+aF2a9q0byGijFxvJLi9QTkHnkUz+9FUWnFgfGMyXaZugxO3yx5HE4anZnd MVofTNxagbnQmDxkIkoS8b+DjeWwC6F8GiVYSujI2nMzFM5/W7KPr5CiyMUuDEIeT8MV cKoQM5wkcgX7mFnpFAokaNtiJ18758woXf/7l2IyyZRLBPjhyWrRWB3in/kswTpPt1Dk ftJVuSnzxQ8fMG1xoijVUVYdk71T7G41A12tJs0tcvhiMQYGPtP+WomtjYZwFJ8iLxck 18P02PhXIzv292VlgTpmde59DkWGcF0Ak8BvoAyuXt3Ua+oNoHmAw7O0XcIp72FeUbf9 lIvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date; bh=DbFmnTf81qL5TAm5+zzvTOtGAd97f5ocbobVRZ21jy8=; b=RFPJ0dWXdq+zXolsyCsz6HPZgg2hMgsAIcr/LNVs0dXa3tV3kfGdxRT/E4mtM5ebNM s5gjZqFU/pWMOc46NDMvYRjBvctK7XCWcZ2GzRk/xRUxSLIYb7/lQfejboji7xw+OcA8 BhF/HDkZwn2xhO13hs0v0B4FobGnoD4XXZhNqnFM7nFyLrEQEDnOjA8HWgBnMDQXM4Qz ztM1kBAiEmBL1v2SOHa0fNXfB/01Oe9s0oI+Zcs2OW4YEJzCRAzIOqhSvR4beJLnUfdm NVOyl4rjhzVO9DKIxrfKlaHBZ+43EHHxf5Je8LNpNmILlxRY7E4KBVZlxJMksggGENBp UGGQ== X-Gm-Message-State: ACgBeo3ATEQurBUaYnsPrXAzlAKlGdehTXHYpt3Bqjvv2e9ODqtxOsJ3 FOzus4hU2DNrru1o7VajrfRxIjAMRlt3wQ== X-Google-Smtp-Source: AA6agR6+XTTEZf0weClsMsX7dd4+Pj6nGCgwMYdPpsQkBzL512vdPIoHruVXlrmHfJgqxJZCfqSYkg== X-Received: by 2002:a05:620a:101a:b0:6bb:e7de:791f with SMTP id z26-20020a05620a101a00b006bbe7de791fmr37707864qkj.463.1662486190552; Tue, 06 Sep 2022 10:43:10 -0700 (PDT) Return-Path: Received: from aturtleortwo-benjamindomain.. ([2607:f2c0:e98c:e:b132:3785:fa38:a51]) by smtp.gmail.com with ESMTPSA id bi3-20020a05620a318300b006b61b2cb1d2sm11221482qkb.46.2022.09.06.10.43.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Sep 2022 10:43:10 -0700 (PDT) From: "Benjamin Doron" To: devel@edk2.groups.io Cc: Sai Chaganty , Isaac Oram , Nate DeSimone , Chasel Chiu Subject: [edk2-devel][edk2-platforms][PATCH v1 2/7] KabylakeOpenBoardPkg/AspireVn7Dash572G: Enhance the build-logic Date: Tue, 6 Sep 2022 13:42:53 -0400 Message-Id: X-Mailer: git-send-email 2.37.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Update the AspireVn7Dash572G DSC files with assorted enhancements since the initial porting work. Some planned features, such as Secure Boot and measuring the default FSP UPDs to a TPM (which does have security relevance), are now fully working. Enable the working advanced features in use on this board. Cc: Sai Chaganty Cc: Isaac Oram Cc: Nate DeSimone Cc: Chasel Chiu Signed-off-by: Benjamin Doron --- .../AspireVn7Dash572G/OpenBoardPkg.dsc | 63 +++++++++++-------- .../AspireVn7Dash572G/OpenBoardPkgPcd.dsc | 59 ++++++++++------- 2 files changed, 74 insertions(+), 48 deletions(-) diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/OpenBoar= dPkg.dsc b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/OpenBoardP= kg.dsc index f4552ee83d6b..75c537f1253f 100644 --- a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/OpenBoardPkg.dsc +++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/OpenBoardPkg.dsc @@ -22,15 +22,6 @@ #=0D DEFINE BIOS_SIZE_OPTION =3D SIZE_60=0D =0D - #=0D - # Debug logging=0D - #=0D - DEFINE USE_HDMI_DEBUG_PORT =3D FALSE=0D - DEFINE USE_PEI_SPI_LOGGING =3D FALSE=0D - DEFINE USE_MEMORY_LOGGING =3D FALSE=0D - DEFINE RELEASE_LOGGING =3D ($(USE_HDMI_DEBUG_PORT) || $(USE_PEI_SPI= _LOGGING) || $(USE_MEMORY_LOGGING))=0D - DEFINE TESTING =3D TRUE=0D -=0D PLATFORM_NAME =3D $(PLATFORM_PACKAGE)=0D PLATFORM_GUID =3D AEEEF17C-36B6-4B68-949A-= 1E54CB33492F=0D PLATFORM_VERSION =3D 0.1=0D @@ -40,9 +31,17 @@ BUILD_TARGETS =3D DEBUG|RELEASE=0D SKUID_IDENTIFIER =3D ALL=0D FLASH_DEFINITION =3D $(PROJECT)/OpenBoardPkg.= fdf=0D -=0D FIX_LOAD_TOP_MEMORY_ADDRESS =3D 0x0=0D =0D + #=0D + # Debug logging=0D + #=0D + DEFINE USE_HDMI_DEBUG_PORT =3D FALSE=0D + DEFINE USE_PEI_SPI_LOGGING =3D FALSE=0D + DEFINE USE_MEMORY_LOGGING =3D FALSE=0D + DEFINE RELEASE_LOGGING =3D ($(USE_HDMI_DEBUG_PORT) || $(USE_PEI_SPI= _LOGGING) || $(USE_MEMORY_LOGGING))=0D + DEFINE TESTING =3D FALSE=0D +=0D #=0D # Include PCD configuration for this board.=0D #=0D @@ -143,7 +142,7 @@ #######################################=0D FspWrapperApiLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/BaseFs= pWrapperApiLib.inf=0D FspWrapperApiTestLib|IntelFsp2WrapperPkg/Library/PeiFspWrapperApiTestLib= /PeiFspWrapperApiTestLib.inf=0D - # This board will set debugging library instances; FIXME: UART2 not used= =0D + # Board DSC will select debug library instances; NOTE: UART2 not used=0D SerialPortLib|MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNull= .inf=0D =0D #######################################=0D @@ -198,12 +197,11 @@ #######################################=0D PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatfor= mHookLibNull.inf=0D =0D -# NB: MinPlatform sets a NULL DebugLib and only overrides it for DEBUG bui= lds=0D -# TODO: Now that all debug logging is routed through RSC, correct the defi= nes=0D [LibraryClasses.IA32.SEC]=0D #######################################=0D # Edk2 Packages=0D #######################################=0D +# NOTE: No way that RSC avoids PeiServices in SEC? Even if valid on re-ent= ry...=0D DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf=0D =0D !if $(USE_HDMI_DEBUG_PORT) =3D=3D TRUE=0D @@ -231,7 +229,8 @@ # Edk2 Packages=0D #######################################=0D # SPI logging requires local patch: InitializeMemoryServices() before Proc= essLibraryConstructorList()=0D -# In-memory logging may require too many services for early core debug out= put=0D +# Strongly suspect DebugLibSerialPort constructor presents PeiDxeSerialPor= tLibMem dependency on services as a bug=0D +# - While RSC calls Initialize after dependencies and constructors are sat= isfied=0D !if $(RELEASE_LOGGING) =3D=3D TRUE=0D DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebug= LibReportStatusCode.inf=0D !endif=0D @@ -257,7 +256,7 @@ FspWrapperPlatformLib|$(PLATFORM_PACKAGE)/FspWrapper/Library/PeiFspWrapp= erPlatformLib/PeiFspWrapperPlatformLib.inf=0D MultiBoardInitSupportLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/MultiB= oardInitSupportLib/PeiMultiBoardInitSupportLib.inf=0D TestPointLib|$(PLATFORM_PACKAGE)/Test/Library/TestPointLib/PeiTestPointL= ib.inf=0D -!if ($(TARGET) =3D=3D DEBUG || $(TESTING) =3D=3D TRUE)=0D +!if ($(TARGET) =3D=3D DEBUG || $(RELEASE_LOGGING) =3D=3D TRUE)=0D TestPointCheckLib|$(PLATFORM_PACKAGE)/Test/Library/TestPointCheckLib/Pei= TestPointCheckLib.inf=0D !endif=0D SetCacheMtrrLib|$(PLATFORM_PACKAGE)/Library/SetCacheMtrrLib/SetCacheMtrr= LibNull.inf=0D @@ -287,7 +286,8 @@ #######################################=0D # Edk2 Packages=0D #######################################=0D -# In-memory logging may require too many services for early core debug out= put=0D +# Strongly suspect DebugLibSerialPort constructor presents PeiDxeSerialPor= tLibMem dependency on services as a bug=0D +# - While RSC calls Initialize after dependencies and constructors are sat= isfied=0D !if ($(USE_MEMORY_LOGGING) =3D=3D TRUE || $(USE_HDMI_DEBUG_PORT) =3D=3D TR= UE)=0D DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebug= LibReportStatusCode.inf=0D !endif=0D @@ -315,7 +315,7 @@ MultiBoardInitSupportLib|$(PLATFORM_PACKAGE)/PlatformInit/Library/MultiB= oardInitSupportLib/DxeMultiBoardInitSupportLib.inf=0D TestPointLib|$(PLATFORM_PACKAGE)/Test/Library/TestPointLib/DxeTestPointL= ib.inf=0D =0D -!if ($(TARGET) =3D=3D DEBUG || $(TESTING) =3D=3D TRUE)=0D +!if ($(TARGET) =3D=3D DEBUG || $(RELEASE_LOGGING) =3D=3D TRUE)=0D TestPointCheckLib|$(PLATFORM_PACKAGE)/Test/Library/TestPointCheckLib/Dxe= TestPointCheckLib.inf=0D !endif=0D #######################################=0D @@ -346,7 +346,8 @@ #######################################=0D # Edk2 Packages=0D #######################################=0D -# In-memory logging may require too many services for early core debug out= put=0D +# Strongly suspect DebugLibSerialPort constructor presents PeiDxeSerialPor= tLibMem dependency on services as a bug=0D +# - While RSC calls Initialize after dependencies and constructors are sat= isfied=0D !if ($(USE_MEMORY_LOGGING) =3D=3D TRUE || $(USE_HDMI_DEBUG_PORT) =3D=3D TR= UE)=0D DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebug= LibReportStatusCode.inf=0D !endif=0D @@ -370,7 +371,7 @@ BoardAcpiEnableLib|$(PLATFORM_PACKAGE)/Acpi/Library/MultiBoardAcpiSuppor= tLib/SmmMultiBoardAcpiSupportLib.inf=0D MultiBoardAcpiSupportLib|$(PLATFORM_PACKAGE)/Acpi/Library/MultiBoardAcpi= SupportLib/SmmMultiBoardAcpiSupportLib.inf=0D TestPointLib|$(PLATFORM_PACKAGE)/Test/Library/TestPointLib/SmmTestPointL= ib.inf=0D -!if ($(TARGET) =3D=3D DEBUG || $(TESTING) =3D=3D TRUE)=0D +!if ($(TARGET) =3D=3D DEBUG || $(RELEASE_LOGGING) =3D=3D TRUE)=0D TestPointCheckLib|$(PLATFORM_PACKAGE)/Test/Library/TestPointCheckLib/Smm= TestPointCheckLib.inf=0D !endif=0D =0D @@ -408,12 +409,12 @@ MdeModulePkg/Universal/StatusCodeHandler/Pei/StatusCodeHandlerPei.inf {= =0D =0D DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf=0D + # Reverse-ranked priority list=0D +!if $(USE_MEMORY_LOGGING) =3D=3D TRUE=0D + SerialPortLib|MdeModulePkg/Library/PeiDxeSerialPortLibMem/PeiSerialP= ortLibMem.inf=0D +!endif=0D !if $(USE_PEI_SPI_LOGGING) =3D=3D TRUE=0D SerialPortLib|$(PLATFORM_BOARD_PACKAGE)/Library/PeiSerialPortLibSpiF= lash/PeiSerialPortLibSpiFlash.inf=0D -!else=0D -!if $(USE_MEMORY_LOGGING) =3D=3D TRUE=0D - SerialPortLib|MdeModulePkg/Library/PeiDxeSerialPortLibMem/PeiSerialP= ortLibMem.inf=0D -!endif=0D !endif=0D !if $(USE_HDMI_DEBUG_PORT) =3D=3D TRUE=0D SerialPortLib|$(PLATFORM_BOARD_PACKAGE)/Library/I2cHdmiDebugSerialPo= rtLib/PeiI2cHdmiDebugSerialPortLib.inf=0D @@ -431,10 +432,14 @@ IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf {=0D =0D SiliconPolicyInitLib|$(PLATFORM_SI_PACKAGE)/Library/PeiSiliconPolicy= InitLibDependency/PeiPreMemSiliconPolicyInitLibDependency.inf=0D + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf= =0D + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf=0D }=0D IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf {=0D =0D SiliconPolicyInitLib|$(PLATFORM_SI_PACKAGE)/Library/PeiSiliconPolicy= InitLibDependency/PeiPostMemSiliconPolicyInitLibDependency.inf=0D + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf= =0D + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf=0D }=0D !else=0D #=0D @@ -444,6 +449,8 @@ IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf {=0D =0D SiliconPolicyInitLib|MinPlatformPkg/PlatformInit/Library/SiliconPoli= cyInitLibNull/SiliconPolicyInitLibNull.inf=0D + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf= =0D + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf=0D }=0D #=0D # In FSP Dispatch mode the policy will be installed after FSP-S dispatch= ed (only PrePolicy silicon-init executed).=0D @@ -452,6 +459,8 @@ IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf {=0D =0D SiliconPolicyInitLib|MinPlatformPkg/PlatformInit/Library/SiliconPoli= cyInitLibNull/SiliconPolicyInitLibNull.inf=0D + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf= =0D + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf=0D }=0D !endif=0D =0D @@ -555,6 +564,7 @@ MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRun= timeDxe.inf {=0D =0D DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf=0D + # Reverse-ranked priority list=0D !if $(USE_MEMORY_LOGGING) =3D=3D TRUE=0D SerialPortLib|MdeModulePkg/Library/PeiDxeSerialPortLibMem/DxeSerialP= ortLibMem.inf=0D !endif=0D @@ -563,12 +573,12 @@ !endif=0D =0D gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|($(USE_MEMORY_= LOGGING) || $(USE_HDMI_DEBUG_PORT))=0D - gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|512=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1024=0D }=0D - # TODO: Still requires a little more thought=0D MdeModulePkg/Universal/StatusCodeHandler/Smm/StatusCodeHandlerSmm.inf {= =0D =0D DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf=0D + # Reverse-ranked priority list=0D !if $(USE_MEMORY_LOGGING) =3D=3D TRUE=0D SerialPortLib|MdeModulePkg/Library/PeiDxeSerialPortLibMem/SmmSerialP= ortLibMem.inf=0D !endif=0D @@ -577,8 +587,9 @@ !endif=0D =0D gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseSerial|($(USE_MEMORY_= LOGGING) || $(USE_HDMI_DEBUG_PORT))=0D - gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|512=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeMemorySize|1024=0D }=0D +# TODO: Add NvmExpressDxe if supporting Newgate and RayleighSLS=0D MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf=0D MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf=0D MdeModulePkg/Bus/Pci/PciHostBridgeDxe/PciHostBridgeDxe.inf=0D diff --git a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/OpenBoar= dPkgPcd.dsc b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/OpenBoa= rdPkgPcd.dsc index 490c3ee6bf76..3991c6f17c44 100644 --- a/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/OpenBoardPkgPcd= .dsc +++ b/Platform/Intel/KabylakeOpenBoardPkg/AspireVn7Dash572G/OpenBoardPkgPcd= .dsc @@ -13,9 +13,10 @@ #=0D ##########################################################################= ######=0D =0D -# TODO: Harden and tune platform by PCDs=0D -# TODO: Consider removing PCDs declared by build report to be unused (but = confirm first)=0D -# - Also, consider more "fixed" and more "dynamic"/"patchable"=0D +# TODO:=0D +# - Harden and tune platform by PCDs=0D +# - Consider removing PCDs declared by build report to be unused (but conf= irm first)=0D +# - Also, consider more "fixed" and more "dynamic"/"patchable"=0D =0D [PcdsFixedAtBuild.common]=0D ######################################=0D @@ -118,13 +119,14 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdPs2MouseExtendedVerification|FALSE # = TODO/TEST=0D gEfiMdeModulePkgTokenSpaceGuid.PcdHiiOsRuntimeSupport|FALSE=0D gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmEnableBspElection|FALSE=0D + # TODO: Hook-up memory, SMM and SMI handler profiling=0D gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmProfileEnable|FALSE=0D =0D # TODO: Prune this list to relevant features only=0D !if gMinPlatformPkgTokenSpaceGuid.PcdBootStage >=3D 6=0D - # FIXME: SMM path also PatchAndLoadAcpiTable()=0D - gAcpiDebugFeaturePkgTokenSpaceGuid.PcdAcpiDebugFeatureEnable = |FALSE=0D - # PcdIpmiFeatureEnable will not be enabled (no BMC)=0D + gAcpiDebugFeaturePkgTokenSpaceGuid.PcdAcpiDebugFeatureEnable = |TRUE=0D + gAcpiDebugFeaturePkgTokenSpaceGuid.PcdUseSmmVersion = |FALSE=0D +# NOTE: PcdIpmiFeatureEnable will not be enabled (no BMC)=0D # TODO: Can be build-time (user) choice=0D gNetworkFeaturePkgTokenSpaceGuid.PcdNetworkFeatureEnable = |FALSE=0D gS3FeaturePkgTokenSpaceGuid.PcdS3FeatureEnable = |TRUE=0D @@ -132,12 +134,9 @@ gSmbiosFeaturePkgTokenSpaceGuid.PcdSmbiosFeatureEnable = |TRUE=0D # Requires actual hook-up=0D gUsb3DebugFeaturePkgTokenSpaceGuid.PcdUsb3DebugFeatureEnable = |FALSE=0D - # FIXME: (Similar) DXE module is duplicate?=0D - gUserAuthFeaturePkgTokenSpaceGuid.PcdUserAuthenticationFeatureEnable = |FALSE=0D - # FIXME: Must BootLogoEnableLogo() to turn platform logo into boot logo= =0D - # - BGRT must be BMP, but this duplicates FSP logo. Can GetSectionFromAn= yFv()?=0D - gLogoFeaturePkgTokenSpaceGuid.PcdLogoFeatureEnable = |FALSE=0D - gLogoFeaturePkgTokenSpaceGuid.PcdJpgEnable = |FALSE=0D + # FIXME: Version2 not working - doesn't challenge for password=0D + gUserAuthFeaturePkgTokenSpaceGuid.PcdUserAuthenticationFeatureEnable = |TRUE=0D + gLogoFeaturePkgTokenSpaceGuid.PcdLogoFeatureEnable = |TRUE=0D !endif=0D =0D ######################################=0D @@ -209,7 +208,7 @@ # Board Configuration=0D ######################################=0D gKabylakeOpenBoardPkgTokenSpaceGuid.PcdMultiBoardSupport|FALSE=0D - gKabylakeOpenBoardPkgTokenSpaceGuid.PcdTbtEnable|FALSE # TODO: Enable i= f supporting Newgate=0D + gKabylakeOpenBoardPkgTokenSpaceGuid.PcdTbtEnable|FALSE # TODO: Enable i= f supporting Newgate and RayleighSLS=0D =0D [PcdsFixedAtBuild.common]=0D ######################################=0D @@ -245,16 +244,29 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdBrowserSubtitleTextColor|0x0=0D gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE=0D gEfiMdeModulePkgTokenSpaceGuid.PcdFastPS2Detection|TRUE # TODO/TEST=0D +!if FALSE # FIXME: Causes DxeTestPointCheck ASSERT=0D + # Guard DXE phase in non-stop mode, preferred over UAF detection (mutual= ly exclusive)=0D + # NOTE: SMM phase requires disabling PcdCpuSmmRestrictedMemoryAccess, so= only enable to test=0D + # TODO/TEST: Also test with guarded pool-head and with UAF detection fea= ture=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask|0x43=0D +#!else=0D + # Guard DXE phase preferred over UAF detection (mutually exclusive)=0D + # TODO: Consider performance impact on release builds=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask|0x03=0D +!endif=0D + # Protects loader, BS and RT code and data. TODO: Should not protect cod= e and also ACPI memory?=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType|0x7E=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x7E=0D gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize|0x00000800=0D gEfiMdeModulePkgTokenSpaceGuid.PcdLoadModuleAtFixAddressEnable|$(TOP_MEM= ORY_ADDRESS)=0D gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize|0x400=0D gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x8000=0D -!if $(TESTING) =3D=3D TRUE=0D - # Test with non-stop mode, so not disabling for loader.=0D - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask|0x43= =0D +!if $(RELEASE_LOGGING) =3D=3D TRUE=0D + # Using non-stop mode, so not disabling for loader. NOTE/TEST: Reconside= r use with SMM, which causes SMM profiling to be enabled=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask|0x41= =0D !else=0D - # FIXME: Can be broken for CSM. At this time, be permissive for loader.= =0D - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask|0x83= =0D + # FIXME: At this time, be permissive for loader=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask|0x81= =0D !endif=0D gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe|TRUE=0D gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE=0D @@ -269,10 +281,10 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSerialUseHardwareFlowControl|FALSE=0D !endif=0D =0D - # UPDs are updated at runtime, don't bother measuring=0D + # Measure default UPDs, code to update UPDs is measured as well=0D # BUGBUG: FSP-S measurement returns DEVICE_ERROR from PtpCrbTpmCommand()= - Step 0.=0D # - Similarly, Tcg2Dxe.c:Tpm2GetCapabilityManufactureID() - first comman= d - fails?=0D - gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x00000006=0D + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x80000006=0D =0D gPcAtChipsetPkgTokenSpaceGuid.PcdAcpiIoBarEnableMask|0x80=0D gPcAtChipsetPkgTokenSpaceGuid.PcdAcpiIoPciBarRegisterOffset|0x40=0D @@ -435,6 +447,9 @@ # @ValidRange 0x80000001 | 0 - 4=0D gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType|3=0D =0D + # Hypothetically, remove all but the trusted console input, but there's = no callback=0D + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|TRUE=0D +=0D [PcdsFixedAtBuild.IA32]=0D ######################################=0D # Edk2 Configuration=0D @@ -522,7 +537,7 @@ gKabylakeOpenBoardPkgTokenSpaceGuid.PcdLowPowerS0Idle|1=0D gKabylakeOpenBoardPkgTokenSpaceGuid.PcdPciExpNative|1=0D =0D - # Thunderbolt Configuration (FIXME: Remove if not supporting Newgate)=0D + # Thunderbolt Configuration (FIXME: Remove if not supporting Newgate and= RayleighSLS)=0D gKabylakeOpenBoardPkgTokenSpaceGuid.PcdDTbtAcDcSwitch|0x0=0D gKabylakeOpenBoardPkgTokenSpaceGuid.PcdDTbtAcpiGpeSignature|0=0D gKabylakeOpenBoardPkgTokenSpaceGuid.PcdDTbtAcpiGpeSignaturePorting|0=0D @@ -567,5 +582,5 @@ !endif=0D !if gMinPlatformPkgTokenSpaceGuid.PcdTpm2Enable =3D=3D TRUE=0D gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS=0D - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS=0D + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|4|NV,BS=0D !endif=0D --=20 2.37.2