From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web09.26612.1656212770864849318 for ; Sat, 25 Jun 2022 20:06:18 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=JNWXNA+T; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1656212778; x=1687748778; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6dvUaoKkxd/Zv8pEyfwRUdSCjwc6Kq80eFssiUzVZ4w=; b=JNWXNA+TyJaeTP+A0ysxGa6dVIpsG6QE1esSkWM+WadNAJAmxLrEou1Z OaffmNSRuBLQk1rDSlOKAyg7sDqIHQJSl1hcWhJB9EQx10vJda+ICfmYT aarRf9VPn93ozxlqIbsA9mGCBJFulCdZiwwVcriJoAuFk0lobmqMQoHDM L+i4Yc/unhEjqtGRcnnExfX9ORCNmIQ45s7mbXcJrcmG2+EKv33NTRqIO T/F/SK62f6cis4ZZEPZXIQOn9K1QTiXRlClorrnmCrfhiKBOba8RnTDpl V++eymSrlRQsAtdN60GHgMkbTTktB7UCI5pqWSj0nplrWkx5LVrEUGRqD Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10389"; a="367554851" X-IronPort-AV: E=Sophos;i="5.92,223,1650956400"; d="scan'208";a="367554851" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2022 20:06:17 -0700 X-IronPort-AV: E=Sophos;i="5.92,223,1650956400"; d="scan'208";a="645862110" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.30.236]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Jun 2022 20:06:16 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [PATCH V2 4/8] OvmfPkg/PlatformInitLib: Add functions for EmuVariableNvStore Date: Sun, 26 Jun 2022 11:05:53 +0800 Message-Id: X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Min M Xu There are 2 functions added for EmuVariableNvStore: - PlatformReserveEmuVariableNvStore - PlatformInitEmuVariableNvStore PlatformReserveEmuVariableNvStore allocate storage for NV variables early on so it will be at a consistent address. PlatformInitEmuVariableNvStore copies the content in PcdOvmfFlashNvStorageVariableBase to the storage allocated by PlatformReserveEmuVariableNvStore. This is used in the case that OVMF is launched with -bios parameter. Because in that situation UEFI variables will be partially emulated, and non-volatile variables may lose their contents after a reboot. This makes the secure boot feature not working. Cc: Erdem Aktas Cc: James Bottomley [jejb] Cc: Jiewen Yao [jyao1] Cc: Tom Lendacky [tlendacky] Cc: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/Include/Library/PlatformInitLib.h | 34 ++++++++ OvmfPkg/Library/PlatformInitLib/Platform.c | 77 +++++++++++++++++++ .../PlatformInitLib/PlatformInitLib.inf | 2 + 3 files changed, 113 insertions(+) diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h b/OvmfPkg/Include/Library/PlatformInitLib.h index a3acfb1fb196..3a84a56be3c1 100644 --- a/OvmfPkg/Include/Library/PlatformInitLib.h +++ b/OvmfPkg/Include/Library/PlatformInitLib.h @@ -251,4 +251,38 @@ TdxValidateCfv ( IN UINT32 TdxCfvSize ); +/** + Allocate storage for NV variables early on so it will be + at a consistent address. Since VM memory is preserved + across reboots, this allows the NV variable storage to survive + a VM reboot. + + * + * @retval VOID* The pointer to the storage for NV Variables + */ +VOID * +EFIAPI +PlatformReserveEmuVariableNvStore ( + VOID + ); + +/** + When OVMF is lauched with -bios parameter, UEFI variables will be + partially emulated, and non-volatile variables may lose their contents + after a reboot. This makes the secure boot feature not working. + + This function is used to initialize the EmuVariableNvStore + with the conent in PcdOvmfFlashNvStorageVariableBase. + + @param[in] EmuVariableNvStore - A pointer to EmuVariableNvStore + + @retval EFI_SUCCESS - Successfully init the EmuVariableNvStore + @retval Others - As the error code indicates + */ +EFI_STATUS +EFIAPI +PlatformInitEmuVariableNvStore ( + IN VOID *EmuVariableNvStore + ); + #endif // PLATFORM_INIT_LIB_H_ diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c index c3d34e43af5a..194768379f2b 100644 --- a/OvmfPkg/Library/PlatformInitLib/Platform.c +++ b/OvmfPkg/Library/PlatformInitLib/Platform.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -576,3 +577,79 @@ PlatformMaxCpuCountInitialization ( PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber = MaxCpuCount; PlatformInfoHob->PcdCpuBootLogicalProcessorNumber = BootCpuCount; } + +/** + Allocate storage for NV variables early on so it will be + at a consistent address. Since VM memory is preserved + across reboots, this allows the NV variable storage to survive + a VM reboot. + + * + * @retval VOID* The pointer to the storage for NV Variables + */ +VOID * +EFIAPI +PlatformReserveEmuVariableNvStore ( + VOID + ) +{ + VOID *VariableStore; + UINT32 VarStoreSize; + + VarStoreSize = 2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize); + // + // Allocate storage for NV variables early on so it will be + // at a consistent address. Since VM memory is preserved + // across reboots, this allows the NV variable storage to survive + // a VM reboot. + // + VariableStore = + AllocateRuntimePages ( + EFI_SIZE_TO_PAGES (VarStoreSize) + ); + DEBUG (( + DEBUG_INFO, + "Reserved variable store memory: 0x%p; size: %dkb\n", + VariableStore, + VarStoreSize / 1024 + )); + + return VariableStore; +} + +/** + When OVMF is lauched with -bios parameter, UEFI variables will be + partially emulated, and non-volatile variables may lose their contents + after a reboot. This makes the secure boot feature not working. + + This function is used to initialize the EmuVariableNvStore + with the conent in PcdOvmfFlashNvStorageVariableBase. + + @param[in] EmuVariableNvStore - A pointer to EmuVariableNvStore + + @retval EFI_SUCCESS - Successfully init the EmuVariableNvStore + @retval Others - As the error code indicates + */ +EFI_STATUS +EFIAPI +PlatformInitEmuVariableNvStore ( + IN VOID *EmuVariableNvStore + ) +{ + UINT8 *Base; + UINT32 Size; + UINT32 EmuVariableNvStoreSize; + + EmuVariableNvStoreSize = 2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize); + if ((EmuVariableNvStore == NULL) || (EmuVariableNvStoreSize == 0)) { + return EFI_INVALID_PARAMETER; + } + + Base = (UINT8 *)(UINTN)PcdGet32 (PcdOvmfFlashNvStorageVariableBase); + Size = (UINT32)PcdGet32 (PcdFlashNvStorageVariableSize); + ASSERT (Size < EmuVariableNvStoreSize); + + CopyMem (EmuVariableNvStore, Base, Size); + + return EFI_SUCCESS; +} diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf index d2fa2d998df8..fec1f8f24314 100644 --- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf @@ -47,6 +47,7 @@ HobLib QemuFwCfgLib QemuFwCfgSimpleParserLib + MemoryAllocationLib MtrrLib PcdLib PciLib @@ -96,6 +97,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashNvStorageVariableBase [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode -- 2.29.2.windows.2