| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
edk2 is dropping support for the ARM32 architecture. This
commit removes ARM32 code from OvmfPkg. This drops irrelevant
VALID_ARCHITECTURES comments from infs that are not arch
specific.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
REF: https://github.com/tianocore/edk2/issues/11483
Introduce a new build flag NETWORK_ISCSI_DEFAULT_ENABLE to control
whether iSCSI support is enabled by default without setting fwcfg. This
allows developers to decide at build time if the IScsiDxe driver should be
included and enabled by default.
If NETWORK_ISCSI_DEFAULT_ENABLE is set to FALSE, IScsiDxe will still be
built when NETWORK_ISCSI_ENABLE is TRUE, but the default PCD value
(gUefiOvmfPkgTokenSpaceGuid.PcdEntryPointOverrideDefaultValue) will be
set to "no". This ensures iSCSI remains disabled at runtime unless enabled
explicitly by fwcfg.
This change provides more flexibility for both build-time and runtime
configuration of iSCSI support.
Signed-off-by: Richard Lyu <richard.lyu@suse.com>
|
|
This commit removes OVMF IA32 from edk2 per RFC
https://edk2.groups.io/g/devel/topic/rfc_remove_ovmf_ia32_and/114152215.
OVMF IA32 is a 32 bit only platform that no longer represents the vast
majority of physical platforms. The RFC details more reasoning in
much more depth.
OVMF IA32 will be kept in a branch off the edk2-stable202508 tag for
any long term consumers; it will receive build break updates only
(e.g. if an upstream submodule changes location).
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
|
|
CPUID bit Fn8000001F_EBX[31] defines the COHERNECY_SFW_NO CPUID bit that,
when set, indicates that the software mitigation for this vulnerability is
not needed.
Add support to check for this CPUID bit and avoid the mitigation if set.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
|
In preparation for adding another indicator flag, change the ReceivedVc
field into a flags field. Since the code is used by both assembler and
C files, use bitmasks for field definitions. The VC flag is bit 0.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
|
|
A zero "FeatureControlValue" currently means "no feature control, or
feature control with zero value". Distinguish both cases by explicitly
recording the presence of the "etc/msr_feature_control" fw_cfg file. This
will be helpful later in this series, when we won't want to touch fw_cfg
again, but still know if "etc/msr_feature_control" was read OK.
Signed-off-by: Laszlo Ersek <laszlo.ersek@posteo.net>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
This patch refactors low level NOR flash functions into a dedicated library
to enable reuse, particularly for supporting the firmware upgrade feature.
Signed-off-by: Tuan Phan <tphan@ventanamicro.com>
|
|
Base on ACPI 6.6 Multiprocessor Wakeup Structure, TDVF needs to provide
a physical address of the ResetVector to OS. And it should allow the
Multiprocessor Wakeup Mailbox to be reset in order to be used once again
with a given AP.
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
|
|
Base on ACPI 6.6 MultiProcessor Wakeup Mailbox Structure,
the new "Test" command is added.
Also the "Sleep" command is not used in TDX Mailbox, it should be removed.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
|
|
Add the GDT table to swicth paging mode when the OS jumps
to the ResetVector in Mailbox.
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
Reviewed-by: Min Xu <min.m.xu@intel.com>
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
|
|
Add the Memory Debug Logging feature MemDebugLogLib library
which provides the key MemDebugLogWrite() function.
Several versions (i.e. SEC, PEIM, DXE, runtime) of
the function are included to provide the proper
method to write the debug messages to the memory
debug log buffer.
The library also provides the core functions to maintain
the circular memory debug log buffer.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Aaron Young <aaron.young@oracle.com>
|
|
Add header file for the qemu uefi variable service device.
This defines the registers of the device and the device
tree name.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
The Full variant enables support for EC, which in turn is needed for TLS
1.3. It also increases the size, so turn this on for 4M builds only.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Reduce dsc file duplication and simplify updates by moving openssl + tls
configuration to an include file. No functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
In edk2-stable202502, the increase in code space caused an increase in
size, leading to build failures for OVMF under the 2MB size limit due
to insufficient space, because FVMAIN_COMPACT had insufficient space.
This patch adjusts the memory layout by reducing SEVFV size by 0x10000,
as its usage is below 50%, and reallocates the freed 0x10000 space to
FVMAIN_COMPACT. This ensures sufficient space to accommodate all code
within the FD_SIZE_2MB.
Signed-off-by: Richard Lyu <richard.lyu@suse.com>
|
|
Move QemuFwCfgSupported and QemuFwCfgDmaSupported to the struct
since they will be used as global variables in the DXE phase
along with QEMU_FW_CFG_CACHE_WORK_AREA.
Additionally, change its name to QEMU_FW_CFG_WORK_AREA.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
|
|
Since TDVF needs to cache and measure FwCfg, it is required to
add an API to support cache with optional measurement and add some
internal interfaces to support cache in QemuFwCfgLib.
The new API is listed below:
QemuFwCfgInitCache()
The new Internal interfaces are listed below:
InternalQemuFwCfgCacheReadBytes()
InternalQemuFwCfgCacheSelectItem()
InternalQemuFwCfgCacheGetWorkArea()
InternalQemuFwCfgCacheResetWorkArea()
InternalQemuFwCfgItemCached()
InternalQemuFwCfgCacheReading()
InternalQemuFwCfgInitCache()
InternalQemuFwCfgCheckOvmfWorkArea()
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
|
|
Add QEMU_FW_CFG_CACHE_WORK_AREA in EFI_HOB_PLATFORM_INFO
to support reading from cache in QemuFwCfgLib.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
|
|
Switch over to Tpm2InstanceLibDTpmSvsm as the Tpm2 implementation to
support vTPMs provided by an SVSM.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
|
Prior to this change, OVMF considers opt/ovmf/X-PciMmio64Mb the
minimum aperture size, allowing us to force the window to be larger
but not smaller than what PlatformDynamicMmioWindow calculates.
Adjust OVMF so that a smaller value for the aperture is honored.
Context:
Due to an inefficiency in the way older host kernels manage
pfnmaps for guest VM memory ranges [0], guests with large-BAR
GPUs passed-through have a very long (multiple minutes) initialization
time when the MMIO window advertised by OVMF is sufficiently sized for
the passed-through BARs (i.e., the correct OVMF behavior). However, on
older distro series such as Ubuntu Jammy, users have benefited from fast
guest boot times when OVMF advertised an MMIO window that was too small
to accommodate the full BAR, since this resulted in the long PCI initialization
process being skipped (and retried later, if pci=realloc pci=nocrs were set).
While the root cause is being fully addressed in the upstream kernel [1],
the solution relies on huge pfnmap support, which is a substantial series
with many ABI changes that is unlikely to land in many LTS and legacy distro kernels,
including those of Ubuntu Noble. As a result, the only kernel improvement
supported on those kernels is this patch [2], which reduces the extra boot
time by about half. Unfortunately, that boot time is still an average of
1-3 minutes longer per-VM-boot than what can be achieved when the host is
running a version of OVMF without PlatformDynamicMmioWindow (PDMW) support
(introduced in [3])
Since there is no way to force the use of the classic MMIO window size[4]
in any version of OVMF after [3], and since we have a use case for such
functionality on legacy distro kernels that would yield significant,
recurring compute time savings across all impacted VMs, this change to
this knob's behavior seems appropriate.
[0]: https://lore.kernel.org/all/CAHTA-uYp07FgM6T1OZQKqAdSA5JrZo0ReNEyZgQZub4mDRrV5w@mail.gmail.com/
[1]: https://lore.kernel.org/all/20250205231728.2527186-1-alex.williamson@redhat.com/
[2]: https://lore.kernel.org/all/20250111210652.402845-1-alex.williamson@redhat.com/
[3]: ecb778d
[4]: https://edk2.groups.io/g/devel/topic/109651206?p=Created,,,20,1,0,0
Signed-off-by: Mitchell Augustin <mitchell.augustin@canonical.com>
|
|
Many function present in PlatformBootManagerLib and
PlatformBootManagerLibLight have the same implementation. The idea of
this new Library is to collect them to enable code reuse.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
|
|
Import the latest version of blkif.h header from Xen.
Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>
|
|
Setting PcdSetupConOut* to zero turns on autodetection mode
for rows and cols, so the firmware setup application will use
the use complete available screen space.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Set both PcdVideo*Resolution and PcdSetupVideo*Resolution PCDs.
This avoids pointless video mode changes when entering and leaving
the firmware setup application.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
This way we have the display configuration in a single place and
need to change one file only to update all build variants.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
While fixing https://github.com/tianocore/edk2/pull/6092 (the
fact that some OvmfPkg and ArmVirtPkg platforms included residual
NetworkPkg components even when compiled with -D NETWORK_ENABLE=0),
it was noted that OvmfPkg/Include/*/Shell*.inc files which apply
the required fix logic are available and already used in some
OvmfPkg platforms.
This commit applies these files consistently within OvmfPkg.
This has the side effect that some platforms now include one or
more of HttpDynamicCommand, VariablePolicyDynamicCommand and
LinuxInitrdDynamicShellCommand when they previously did not.
This fixes unintentional drift between platforms, and provides
additional shell commands which may be useful in some cases.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
|
|
Since the tdx measurement APIs are implemented by
TdxMeasurementLib, the duplicate code are removed.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
|
|
This commit adds:
- missing virtio subsystem ID for input device
- PrepareVirtioKeyboardDevicePath() handler to boot manager library
Signed-off-by: Paweł Poławski <ppolawsk@redhat.com>
|
|
Because PeiTpmMeasurementLib supports both TCG measurement and CC
measurement, it shall be controled by TPM2_ENABLE and
CC_MEASUREMENT_EANBLE.
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
|
|
Add below APIs to support the implementation for CC measurement.
- TdxHelperMapPcrToMrIndex
- TdxHelperHashAndExtendToRtmr
- TdxHelperBuildTdxMeasurementGuidHob
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
|
|
While IScsiDxe certainly is a useful feature it is rarely used, and it
slows down firmware boot quite a bit. So disable it by default and only
load it in case this is explicitly requested via fw_cfg.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Use UefiDriverEntryPointFwCfgOverrideLib for UsbMassStorageDxe so
the driver can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/UsbStorageSupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Use UefiDriverEntryPointFwCfgOverrideLib for IScsiDxe so the driver
can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/ISCSISupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Use UefiDriverEntryPointFwCfgOverrideLib for VirtioNetDxe so the driver
can be enabled/disabled via fw_cfg option.
usage: qemu -fw_cfg name=opt/org.tianocore/VirtioNetSupport,string={yes,no}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Allows to update USB driver configuration without
touching all *.dsc files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Allows to update VirtioNet driver configuration without
touching all *.dsc files.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
The second step is to add an option to the OvmfPkg module to disable
PXE booting using the NETWORK_PXE_BOOT_ENABLE flag. The patch is divided
into 3 parts. At the current stage the flag is not functional.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
|
|
Add a new function to allow to make an hypercall to shutdown the
machine.
This import "sched.h" public header from Xen Project's repo. Some
changes have been made to be closer to EDK2's coding style.
Add the entire OvmfPkg/Include/IndustryStandard/Xen/ directory to
LicenseCheck ignore. All the existing header files, as well as the new
sched.h, are MIT licensed.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
|
|
XenHypercallLib now makes direct hypercalls, so HyperPages is
unnecessary and can be removed.
Change the XenPvhDetected() ASSERT to use the Xen version. That has
never been 0, AFAIK.
Signed-off-by: Jason Andryuk <jason.andryuk@amd.com>
|
|
The SEV-ES DebugVirtualization feature enables type B swapping of
debug registers on #VMEXIT and makes #DB and DR7 intercepts
unnecessary and unwanted.
When DebugVirtualization is enabled, this stops booting if
interaction from the HV.
Add new API to PEI, SEC, DXE.
This does not change the existing behaviour yet.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---
Changes:
v5:
* "rb" from Tom
v4:
* s/DebugSwap/DebugVirtualization/
|
|
A malicious host may be able to undermine the fw_cfg
interface such that loading a blob fails.
In this case rather than continuing to the next boot
option, the blob verifier should halt.
For non-confidential guests, the error should be non-fatal.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
|
|
Added a new library for LoongArch, it use for initialization the CPU
MMU, it consumed the CpuMmuLib.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Co-authored-by: Baoqi Zhang <zhangbaoqi@loongson.cn>
Co-authored-by: Dongyan Qian <qiandongyan@loongson.cn>
Co-authored-by: Xianglai Li <lixianglai@loongson.cn>
Co-authored-by: Bibo Mao <maobibo@loongson.cn>
|
|
Add OvmfRng include snippets with the random number generator
configuration for OVMF. Include RngDxe, build with BaseRngLib,
so the rdrand instruction is used (if available).
Also move VirtioRng to the include snippets.
Use the new include snippets for OVMF builds.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
Add dsc + fdf include files to add the MorLock drivers to the build.
Add the include files to OVMF build configurations.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
In preparation for running under an SVSM at VMPL1 or higher (higher
numerically, lower privilege), re-organize the way a page state change
is performed in order to free up the GHCB for use by the SVSM support.
Currently, the page state change logic directly uses the GHCB shared
buffer to build the page state change structures. However, this will be
in conflict with the use of the GHCB should an SVSM call be required.
Instead, use a separate buffer (an area in the workarea during SEC and
an allocated page during PEI/DXE) to hold the page state change request
and only update the GHCB shared buffer as needed.
Since the information is copied to, and operated on, in the GHCB shared
buffer this has the added benefit of not requiring to save the start and
end entries for use when validating the memory during the page state
change sequence.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
