Compare commits
10 Commits
2c36bf7de4
...
634804e1ab
Author | SHA1 | Date |
---|---|---|
David Abdurachmanov | 634804e1ab | |
Gerd Hoffmann | 9a94e6f906 | |
Gerd Hoffmann | 9cf97d0705 | |
Gerd Hoffmann | 6614f291c6 | |
Gerd Hoffmann | 0279a8196d | |
Gerd Hoffmann | 222487dd93 | |
Gerd Hoffmann | 34231a5eb6 | |
Gerd Hoffmann | a8b54e7c53 | |
Gerd Hoffmann | fae250a1be | |
Gerd Hoffmann | 8fd9ce42f3 |
|
@ -0,0 +1,235 @@
|
|||
From bf2f6173802c709a84c36d43f414c815ad6aa2f6 Mon Sep 17 00:00:00 2001
|
||||
From: Ard Biesheuvel <ardb@kernel.org>
|
||||
Date: Thu, 20 Jul 2023 15:45:57 +0200
|
||||
Subject: [PATCH 17/20] OvmfPkg/IoMmuDxe: don't rely on TPLs to manage
|
||||
concurrency
|
||||
|
||||
Instead of relying on raising the TPL to protect the critical sections
|
||||
that manipulate the global bitmask that keeps track of bounce buffer
|
||||
allocations, use compare-and-exchange to manage the global variable, and
|
||||
tweak the logic to line up with that.
|
||||
|
||||
Given that IoMmuDxe implements a singleton protocol that is shared
|
||||
between multiple drivers, and considering the elaborate and confusing
|
||||
requirements in the UEFP spec regarding TPL levels at which protocol
|
||||
methods may be invoked, not relying on TPL levels at all is a more
|
||||
robust approach in this case.
|
||||
|
||||
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2211060
|
||||
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Acked-by: Pedro Falcato <pedro.falcato@gmail.com>
|
||||
(cherry picked from commit dfb941d32a2f38c9177729e39c6a6515abbbad48)
|
||||
---
|
||||
OvmfPkg/IoMmuDxe/IoMmuDxe.inf | 1 +
|
||||
OvmfPkg/IoMmuDxe/IoMmuBuffer.c | 100 +++++++++++++++++++--------------
|
||||
2 files changed, 60 insertions(+), 41 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf
|
||||
index 17fca5285692..d08f7e59e2b6 100644
|
||||
--- a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf
|
||||
+++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf
|
||||
@@ -35,6 +35,7 @@ [LibraryClasses]
|
||||
MemEncryptSevLib
|
||||
MemEncryptTdxLib
|
||||
MemoryAllocationLib
|
||||
+ SynchronizationLib
|
||||
UefiBootServicesTableLib
|
||||
UefiDriverEntryPoint
|
||||
|
||||
diff --git a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
|
||||
index 103003cae376..f8dcd5b7ec92 100644
|
||||
--- a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
|
||||
+++ b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
|
||||
@@ -12,6 +12,7 @@
|
||||
#include <Library/MemEncryptSevLib.h>
|
||||
#include <Library/MemEncryptTdxLib.h>
|
||||
#include <Library/PcdLib.h>
|
||||
+#include <Library/SynchronizationLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
#include "IoMmuInternal.h"
|
||||
|
||||
@@ -268,16 +269,17 @@ InternalAllocateBuffer (
|
||||
IN EFI_ALLOCATE_TYPE Type,
|
||||
IN EFI_MEMORY_TYPE MemoryType,
|
||||
IN UINTN Pages,
|
||||
- IN OUT UINT32 *ReservedMemBitmap,
|
||||
+ OUT UINT32 *ReservedMemBit,
|
||||
IN OUT EFI_PHYSICAL_ADDRESS *PhysicalAddress
|
||||
)
|
||||
{
|
||||
UINT32 MemBitmap;
|
||||
+ UINT32 ReservedMemBitmap;
|
||||
UINT8 Index;
|
||||
IOMMU_RESERVED_MEM_RANGE *MemRange;
|
||||
UINTN PagesOfLastMemRange;
|
||||
|
||||
- *ReservedMemBitmap = 0;
|
||||
+ *ReservedMemBit = 0;
|
||||
|
||||
if (Pages == 0) {
|
||||
ASSERT (FALSE);
|
||||
@@ -309,23 +311,31 @@ InternalAllocateBuffer (
|
||||
|
||||
MemRange = &mReservedMemRanges[Index];
|
||||
|
||||
- if ((mReservedMemBitmap & MemRange->BitmapMask) == MemRange->BitmapMask) {
|
||||
- // The reserved memory is exausted. Turn to legacy allocate.
|
||||
- goto LegacyAllocateBuffer;
|
||||
- }
|
||||
+ do {
|
||||
+ ReservedMemBitmap = mReservedMemBitmap;
|
||||
|
||||
- MemBitmap = (mReservedMemBitmap & MemRange->BitmapMask) >> MemRange->Shift;
|
||||
+ if ((ReservedMemBitmap & MemRange->BitmapMask) == MemRange->BitmapMask) {
|
||||
+ // The reserved memory is exhausted. Turn to legacy allocate.
|
||||
+ goto LegacyAllocateBuffer;
|
||||
+ }
|
||||
+
|
||||
+ MemBitmap = (ReservedMemBitmap & MemRange->BitmapMask) >> MemRange->Shift;
|
||||
|
||||
- for (Index = 0; Index < MemRange->Slots; Index++) {
|
||||
- if ((MemBitmap & (UINT8)(1<<Index)) == 0) {
|
||||
- break;
|
||||
+ for (Index = 0; Index < MemRange->Slots; Index++) {
|
||||
+ if ((MemBitmap & (UINT8)(1<<Index)) == 0) {
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
- }
|
||||
|
||||
- ASSERT (Index != MemRange->Slots);
|
||||
+ ASSERT (Index != MemRange->Slots);
|
||||
|
||||
- *PhysicalAddress = MemRange->StartAddressOfMemRange + Index * SIZE_OF_MEM_RANGE (MemRange) + MemRange->HeaderSize;
|
||||
- *ReservedMemBitmap = (UINT32)(1 << (Index + MemRange->Shift));
|
||||
+ *PhysicalAddress = MemRange->StartAddressOfMemRange + Index * SIZE_OF_MEM_RANGE (MemRange) + MemRange->HeaderSize;
|
||||
+ *ReservedMemBit = (UINT32)(1 << (Index + MemRange->Shift));
|
||||
+ } while (ReservedMemBitmap != InterlockedCompareExchange32 (
|
||||
+ &mReservedMemBitmap,
|
||||
+ ReservedMemBitmap,
|
||||
+ ReservedMemBitmap | *ReservedMemBit
|
||||
+ ));
|
||||
|
||||
DEBUG ((
|
||||
DEBUG_VERBOSE,
|
||||
@@ -334,16 +344,16 @@ InternalAllocateBuffer (
|
||||
MemRange->DataSize,
|
||||
*PhysicalAddress,
|
||||
Pages,
|
||||
- *ReservedMemBitmap,
|
||||
- mReservedMemBitmap,
|
||||
- mReservedMemBitmap | *ReservedMemBitmap
|
||||
+ *ReservedMemBit,
|
||||
+ ReservedMemBitmap,
|
||||
+ ReservedMemBitmap | *ReservedMemBit
|
||||
));
|
||||
|
||||
return EFI_SUCCESS;
|
||||
|
||||
LegacyAllocateBuffer:
|
||||
|
||||
- *ReservedMemBitmap = 0;
|
||||
+ *ReservedMemBit = 0;
|
||||
return gBS->AllocatePages (Type, MemoryType, Pages, PhysicalAddress);
|
||||
}
|
||||
|
||||
@@ -366,27 +376,41 @@ IoMmuAllocateBounceBuffer (
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
- UINT32 ReservedMemBitmap;
|
||||
- EFI_TPL OldTpl;
|
||||
-
|
||||
- OldTpl = gBS->RaiseTPL (TPL_NOTIFY);
|
||||
- ReservedMemBitmap = 0;
|
||||
- Status = InternalAllocateBuffer (
|
||||
- Type,
|
||||
- MemoryType,
|
||||
- MapInfo->NumberOfPages,
|
||||
- &ReservedMemBitmap,
|
||||
- &MapInfo->PlainTextAddress
|
||||
- );
|
||||
- MapInfo->ReservedMemBitmap = ReservedMemBitmap;
|
||||
- mReservedMemBitmap |= ReservedMemBitmap;
|
||||
- gBS->RestoreTPL (OldTpl);
|
||||
|
||||
+ Status = InternalAllocateBuffer (
|
||||
+ Type,
|
||||
+ MemoryType,
|
||||
+ MapInfo->NumberOfPages,
|
||||
+ &MapInfo->ReservedMemBitmap,
|
||||
+ &MapInfo->PlainTextAddress
|
||||
+ );
|
||||
ASSERT (Status == EFI_SUCCESS);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * Clear a bit in the reserved memory bitmap in a thread safe manner
|
||||
+ *
|
||||
+ * @param ReservedMemBit The bit to clear
|
||||
+ */
|
||||
+STATIC
|
||||
+VOID
|
||||
+ClearReservedMemBit (
|
||||
+ IN UINT32 ReservedMemBit
|
||||
+ )
|
||||
+{
|
||||
+ UINT32 ReservedMemBitmap;
|
||||
+
|
||||
+ do {
|
||||
+ ReservedMemBitmap = mReservedMemBitmap;
|
||||
+ } while (ReservedMemBitmap != InterlockedCompareExchange32 (
|
||||
+ &mReservedMemBitmap,
|
||||
+ ReservedMemBitmap,
|
||||
+ ReservedMemBitmap & ~ReservedMemBit
|
||||
+ ));
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* Free the bounce buffer allocated in IoMmuAllocateBounceBuffer.
|
||||
*
|
||||
@@ -398,8 +422,6 @@ IoMmuFreeBounceBuffer (
|
||||
IN OUT MAP_INFO *MapInfo
|
||||
)
|
||||
{
|
||||
- EFI_TPL OldTpl;
|
||||
-
|
||||
if (MapInfo->ReservedMemBitmap == 0) {
|
||||
gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages);
|
||||
} else {
|
||||
@@ -412,11 +434,9 @@ IoMmuFreeBounceBuffer (
|
||||
mReservedMemBitmap,
|
||||
mReservedMemBitmap & ((UINT32)(~MapInfo->ReservedMemBitmap))
|
||||
));
|
||||
- OldTpl = gBS->RaiseTPL (TPL_NOTIFY);
|
||||
+ ClearReservedMemBit (MapInfo->ReservedMemBitmap);
|
||||
MapInfo->PlainTextAddress = 0;
|
||||
- mReservedMemBitmap &= (UINT32)(~MapInfo->ReservedMemBitmap);
|
||||
MapInfo->ReservedMemBitmap = 0;
|
||||
- gBS->RestoreTPL (OldTpl);
|
||||
}
|
||||
|
||||
return EFI_SUCCESS;
|
||||
@@ -452,8 +472,6 @@ IoMmuAllocateCommonBuffer (
|
||||
);
|
||||
ASSERT (Status == EFI_SUCCESS);
|
||||
|
||||
- mReservedMemBitmap |= *ReservedMemBitmap;
|
||||
-
|
||||
if (*ReservedMemBitmap != 0) {
|
||||
*PhysicalAddress -= SIZE_4KB;
|
||||
}
|
||||
@@ -494,7 +512,7 @@ IoMmuFreeCommonBuffer (
|
||||
mReservedMemBitmap & ((UINT32)(~CommonBufferHeader->ReservedMemBitmap))
|
||||
));
|
||||
|
||||
- mReservedMemBitmap &= (UINT32)(~CommonBufferHeader->ReservedMemBitmap);
|
||||
+ ClearReservedMemBit (CommonBufferHeader->ReservedMemBitmap);
|
||||
return EFI_SUCCESS;
|
||||
|
||||
LegacyFreeCommonBuffer:
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,84 @@
|
|||
From 2dd5afb5f43f645041b91c8fa6f797121a384061 Mon Sep 17 00:00:00 2001
|
||||
From: YuanhaoXie <yuanhao.xie@intel.com>
|
||||
Date: Tue, 22 Aug 2023 09:52:14 +0800
|
||||
Subject: [PATCH 18/20] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi
|
||||
|
||||
Disable PcdFirstTimeWakeUpAPsBySipi for IntelTdx, Microvm, and Xen to
|
||||
preserve the original execution of INIT-SIPI-SIPI.
|
||||
|
||||
Cc: Eric Dong <eric.dong@intel.com>
|
||||
Cc: Ray Ni <ray.ni@intel.com>
|
||||
Cc: Rahul Kumar <rahul1.kumar@intel.com>
|
||||
Cc: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
|
||||
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
|
||||
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
(cherry picked from commit 020cc9e2e7053bb62247b0babbbe80cb855592e5)
|
||||
---
|
||||
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 8 ++++++++
|
||||
OvmfPkg/Microvm/MicrovmX64.dsc | 8 ++++++++
|
||||
OvmfPkg/OvmfXen.dsc | 8 ++++++++
|
||||
3 files changed, 24 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||
index bfcd486976cf..cfd5e8516ea4 100644
|
||||
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||
@@ -463,6 +463,14 @@ [PcdsFixedAtBuild]
|
||||
# Point to the MdeModulePkg/Application/UiApp/UiApp.inf
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
|
||||
|
||||
+ #
|
||||
+ # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
|
||||
+ # SIPI instead of the INIT-SIPI-SIPI sequence during APs
|
||||
+ # initialization. Deactivate this parameter to preserve
|
||||
+ # the original execution of INIT-SIPI-SIPI.
|
||||
+ #
|
||||
+ gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
|
||||
+
|
||||
################################################################################
|
||||
#
|
||||
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
|
||||
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||
index 023b7b0fe959..3cb2b6ddc490 100644
|
||||
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||
@@ -566,6 +566,14 @@ [PcdsFixedAtBuild]
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdSerialPciDeviceInfo|{0xFF}
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x3f8
|
||||
|
||||
+ #
|
||||
+ # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
|
||||
+ # SIPI instead of the INIT-SIPI-SIPI sequence during APs
|
||||
+ # initialization. Deactivate this parameter to preserve
|
||||
+ # the original execution of INIT-SIPI-SIPI.
|
||||
+ #
|
||||
+ gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
|
||||
+
|
||||
################################################################################
|
||||
#
|
||||
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
|
||||
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
|
||||
index 210578c1d74d..dcb99d1f0bce 100644
|
||||
--- a/OvmfPkg/OvmfXen.dsc
|
||||
+++ b/OvmfPkg/OvmfXen.dsc
|
||||
@@ -458,6 +458,14 @@ [PcdsFixedAtBuild]
|
||||
# We populate DXE IPL tables with 1G pages preferably on Xen
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
|
||||
|
||||
+ #
|
||||
+ # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
|
||||
+ # SIPI instead of the INIT-SIPI-SIPI sequence during APs
|
||||
+ # initialization. Deactivate this parameter to preserve
|
||||
+ # the original execution of INIT-SIPI-SIPI.
|
||||
+ #
|
||||
+ gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
|
||||
+
|
||||
################################################################################
|
||||
#
|
||||
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
From cb435f3097b28e7470a7653def7d5ab06855f6ee Mon Sep 17 00:00:00 2001
|
||||
From: Michael Roth <michael.roth@amd.com>
|
||||
Date: Wed, 16 Aug 2023 15:11:46 -0500
|
||||
Subject: [PATCH 19/20] OvmfPkg/AmdSev: Disable PcdFirstTimeWakeUpAPsBySipi
|
||||
|
||||
PcdFirstTimeWakeUpAPsBySipi was recently introduced to indicate when the
|
||||
full INIT-SIPI-SIPI sequence can be skipped for AP bringup. It is true
|
||||
by default, but needs to be disabled for QEMU/OVMF where early INIT is
|
||||
not simulated. Commit 1d76560146 ("OvmfPkg: Disable
|
||||
PcdFirstTimeWakeUpAPsBySipi.") added changes to disable it by default
|
||||
for OvmfPkg, but a similar change was not made for the AmdSev package.
|
||||
This breaks booting of SEV and SNP guests.
|
||||
|
||||
Fix this defaulting PcdFirstTimeWakeUpAPsBySipi to false for AmdSev
|
||||
package, as was previously done for OvmfPkg variants.
|
||||
|
||||
Fixes: eaffa1d7ff ("UefiCpuPkg:Wake up APs after power-up or RESET through SIPI.")
|
||||
Signed-off-by: Michael Roth <michael.roth@amd.com>
|
||||
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
(cherry picked from commit 8b66f9df1bb0fd5ebb743944d41cb33178cf2fdd)
|
||||
---
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 865d150a2871..7f808126675f 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -468,6 +468,14 @@ [PcdsFixedAtBuild]
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand|TRUE
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|TRUE
|
||||
|
||||
+ #
|
||||
+ # INIT is now triggered before BIOS by ucode/hardware. In the OVMF
|
||||
+ # environment, QEMU lacks a simulation for the INIT process.
|
||||
+ # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to
|
||||
+ # broadcast INIT-SIPI-SIPI for the first time.
|
||||
+ #
|
||||
+ gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
|
||||
+
|
||||
################################################################################
|
||||
#
|
||||
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,72 @@
|
|||
From 6580637b33ef9b55b6dcfa8517e5933fb87b02d1 Mon Sep 17 00:00:00 2001
|
||||
From: "Roth, Michael via groups.io" <Michael.Roth=amd.com@groups.io>
|
||||
Date: Wed, 16 Aug 2023 15:11:45 -0500
|
||||
Subject: [PATCH 20/20] OvmfPkg/AmdSev: fix BdsPlatform.c assertion failure
|
||||
during boot
|
||||
|
||||
Booting an SEV guest with AmdSev OVMF package currently triggers the
|
||||
following assertion with QEMU:
|
||||
|
||||
InstallQemuFwCfgTables: installed 7 tables
|
||||
PcRtc: Write 0x20 to CMOS location 0x32
|
||||
[Variable]END_OF_DXE is signaled
|
||||
Initialize variable error flag (FF)
|
||||
|
||||
ASSERT_EFI_ERROR (Status = Not Found)
|
||||
ASSERT [BdsDxe] /home/VT_BUILD/ovmf/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c(1711): !(((INTN)(RETURN_STATUS)(Status)) < 0)
|
||||
|
||||
This seems to be due to commit 81dc0d8b4c, which switched to using
|
||||
PlatformBootManagerLib instead of PlatformBootManagerLibGrub. That pulls
|
||||
in a dependency on gEfiS3SaveStateProtocolGuid provider being available
|
||||
(which is asserted for in
|
||||
BdsPlatform.c:PlatformBootManagerBeforeConsole()/SaveS3BootScript()),
|
||||
but the libraries that provide it aren't currently included in the
|
||||
build. Add them similarly to what's done for OvmfPkg.
|
||||
|
||||
Fixes: 81dc0d8b4c ("OvmfPkg/AmdSev: stop using PlatformBootManagerLibGrub")
|
||||
Signed-off-by: Michael Roth <michael.roth@amd.com>
|
||||
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
|
||||
(cherry picked from commit f008890ae55929f7f17e7d2f8aff929255007d33)
|
||||
---
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++
|
||||
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
|
||||
2 files changed, 5 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 7f808126675f..49f6be3a079c 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -200,6 +200,7 @@ [LibraryClasses]
|
||||
|
||||
SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
|
||||
OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
|
||||
+ S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
|
||||
|
||||
!include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
|
||||
|
||||
@@ -727,6 +728,8 @@ [Components]
|
||||
#
|
||||
MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
|
||||
OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
|
||||
+ MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
|
||||
+ MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
|
||||
MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
|
||||
|
||||
#
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
index 463bd3e9ef15..b2ab0c777320 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
@@ -270,6 +270,8 @@ [FV.DXEFV]
|
||||
|
||||
INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
|
||||
INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
|
||||
+INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
|
||||
+INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
|
||||
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
|
||||
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
{
|
||||
"description": "UEFI firmware for RISC-V virtual machines",
|
||||
"interface-types": [
|
||||
"uefi"
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"mode" : "split",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2",
|
||||
"format": "qcow2"
|
||||
},
|
||||
"nvram-template": {
|
||||
"filename": "/usr/share/edk2/riscv/RISCV_VIRT_VARS.qcow2",
|
||||
"format": "qcow2"
|
||||
}
|
||||
},
|
||||
"targets": [
|
||||
{
|
||||
"architecture": "riscv64",
|
||||
"machines": [
|
||||
"virt-*"
|
||||
]
|
||||
}
|
||||
],
|
||||
"features": [
|
||||
|
||||
],
|
||||
"tags": [
|
||||
|
||||
]
|
||||
}
|
|
@ -0,0 +1,35 @@
|
|||
|
||||
experimental edk2 builds
|
||||
------------------------
|
||||
|
||||
OVMF.stateless.fd
|
||||
OVMF.stateless.secboot.fd
|
||||
OVMF.stateless.secboot.pcr
|
||||
|
||||
Stateless (== no persistent uefi variables) ovmf build. Has secure
|
||||
boot support, the 'secboot' variant has secure boot enabled. Does
|
||||
not require SMM support.
|
||||
|
||||
OVMF_CODE.4m.secboot.strictnx.fd
|
||||
|
||||
OVMF build with strict NX configuration (using r-x for code, rw- for
|
||||
data). Known to not work with some grub and linux kernel versions
|
||||
because they use the wrong memory type for allocations and run into
|
||||
NX faults. Useful for bootloader development and CI.
|
||||
|
||||
QEMU_EFI.strictnx.fd
|
||||
QEMU_EFI-strictnx-pflash.raw
|
||||
|
||||
ArmVirt build with strict NX configuration (see above for details).
|
||||
|
||||
QEMU_EFI.secboot.testonly.fd
|
||||
QEMU_EFI-secboot-testonly-pflash.raw
|
||||
vars-template-secboot-testonly-pflash.raw
|
||||
|
||||
ArmVirt build with secure boot support.
|
||||
|
||||
Exposes the secure boot APIs, so they can be used for development /
|
||||
testing / CI.
|
||||
|
||||
The EFI variable store is NOT protected, therefore the build is NOT
|
||||
suitable for production use.
|
|
@ -37,6 +37,9 @@ DEBUG_PRINT_ERROR_LEVEL = 0x8040004F
|
|||
[opts.armvirt.silent]
|
||||
DEBUG_PRINT_ERROR_LEVEL = 0x80000000
|
||||
|
||||
[opts.armvirt.sb.testonly]
|
||||
SECURE_BOOT_ENABLE = TRUE
|
||||
|
||||
[opts.armvirt.kernel]
|
||||
TPM2_ENABLE = FALSE
|
||||
TPM2_CONFIG_ENABLE = FALSE
|
||||
|
@ -285,3 +288,17 @@ dest = Fedora/experimental
|
|||
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.strictnx.fd
|
||||
cpy3 = FV/QEMU_EFI.fd QEMU_EFI-strictnx-pflash.raw
|
||||
pad3 = QEMU_EFI-strictnx-pflash.raw 64m
|
||||
|
||||
[build.armvirt.aa64.secboot.testonly]
|
||||
desc = ArmVirt build for qemu, 64-bit (arm v8), secure boot
|
||||
conf = ArmVirtPkg/ArmVirtQemu.dsc
|
||||
arch = AARCH64
|
||||
opts = ovmf.common
|
||||
armvirt.verbose
|
||||
armvirt.sb.testonly
|
||||
pcds = nx.strict
|
||||
plat = ArmVirtQemu-AARCH64
|
||||
dest = Fedora/experimental
|
||||
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.secboot.testonly.fd
|
||||
cpy3 = FV/QEMU_EFI.fd QEMU_EFI-secboot-testonly-pflash.raw
|
||||
pad3 = QEMU_EFI-secboot-testonly-pflash.raw 64m
|
||||
|
|
|
@ -337,7 +337,8 @@ def main():
|
|||
parser.add_argument('-j', '--jobs', dest = 'jobs', type = str,
|
||||
help = 'allow up to JOBS parallel build jobs',
|
||||
metavar = 'JOBS')
|
||||
parser.add_argument('-m', '--match', dest = 'match', type = str,
|
||||
parser.add_argument('-m', '--match', dest = 'match',
|
||||
type = str, action = 'append',
|
||||
help = 'only run builds matching INCLUDE (substring)',
|
||||
metavar = 'INCLUDE')
|
||||
parser.add_argument('-x', '--exclude', dest = 'exclude',
|
||||
|
@ -408,9 +409,14 @@ def main():
|
|||
for build in cfg.sections():
|
||||
if not build.startswith('build.'):
|
||||
continue
|
||||
if options.match and options.match not in build:
|
||||
print(f'# skipping "{build}" (not matching "{options.match}")')
|
||||
continue
|
||||
if options.match:
|
||||
matching = False
|
||||
for item in options.match:
|
||||
if item in build:
|
||||
matching = True
|
||||
if not matching:
|
||||
print(f'# skipping "{build}" (not matching "{"|".join(options.match)}")')
|
||||
continue
|
||||
if options.exclude:
|
||||
exclude = False
|
||||
for item in options.exclude:
|
||||
|
|
64
edk2.spec
64
edk2.spec
|
@ -6,7 +6,7 @@
|
|||
# in theory should build everywhere without much trouble, but
|
||||
# in practice the edk2 build system barfs on archs it doesn't know
|
||||
# (such as ppc), so lets limit things to the known-good ones.
|
||||
ExclusiveArch: x86_64 aarch64
|
||||
ExclusiveArch: x86_64 aarch64 riscv64
|
||||
|
||||
# edk2-stable202308
|
||||
%define GITDATE 20230825
|
||||
|
@ -43,9 +43,9 @@ ExclusiveArch: x86_64 aarch64
|
|||
|
||||
Name: edk2
|
||||
Version: %{GITDATE}
|
||||
Release: %autorelease
|
||||
Release: %autorelease -e 0.riscv64
|
||||
Summary: UEFI firmware for 64-bit virtual machines
|
||||
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
||||
License: BSD-2-Clause-Patent and Apache-2.0 and MIT
|
||||
URL: http://www.tianocore.org
|
||||
|
||||
# The source tarball is created using following commands:
|
||||
|
@ -58,6 +58,7 @@ Source2: openssl-rhel-%{OPENSSL_COMMIT}.tar.xz
|
|||
Source3: softfloat-%{softfloat_version}.tar.xz
|
||||
Source4: edk2-platforms-%{PLATFORMS_COMMIT}.tar.xz
|
||||
Source5: jansson-2.13.1.tar.bz2
|
||||
Source6: README.experimental
|
||||
|
||||
# json description files
|
||||
Source10: 50-edk2-aarch64-qcow2.json
|
||||
|
@ -81,6 +82,8 @@ Source46: 51-edk2-ovmf-2m-raw-x64-nosb.json
|
|||
Source47: 60-edk2-ovmf-x64-amdsev.json
|
||||
Source48: 60-edk2-ovmf-x64-inteltdx.json
|
||||
|
||||
Source50: 50-edk2-riscv-qcow2.json
|
||||
|
||||
# https://gitlab.com/kraxel/edk2-build-config
|
||||
Source80: edk2-build.py
|
||||
Source81: edk2-build.fedora
|
||||
|
@ -106,6 +109,10 @@ Patch0013: 0013-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
|
|||
Patch0014: 0014-ArmPkg-Add-Pcd-to-disable-EFI_MEMORY_ATTRIBUTE_PROTO.patch
|
||||
Patch0015: 0015-CryptoPkg-CrtLib-add-stat.h.patch
|
||||
Patch0016: 0016-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
|
||||
Patch0017: 0017-OvmfPkg-IoMmuDxe-don-t-rely-on-TPLs-to-manage-concur.patch
|
||||
Patch0018: 0018-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
|
||||
Patch0019: 0019-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
|
||||
Patch0020: 0020-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch
|
||||
|
||||
|
||||
# python3-devel and libuuid-devel are required for building tools.
|
||||
|
@ -117,6 +124,13 @@ BuildRequires: /usr/bin/iasl
|
|||
BuildRequires: binutils gcc git gcc-c++ make
|
||||
BuildRequires: qemu-img
|
||||
|
||||
# openssl configure
|
||||
BuildRequires: perl(FindBin)
|
||||
BuildRequires: perl(IPC::Cmd)
|
||||
BuildRequires: perl(File::Compare)
|
||||
BuildRequires: perl(File::Copy)
|
||||
BuildRequires: perl(JSON)
|
||||
|
||||
%if %{build_ovmf}
|
||||
# Only OVMF includes 80x86 assembly files (*.nasm*).
|
||||
BuildRequires: nasm
|
||||
|
@ -152,7 +166,7 @@ Obsoletes: OVMF < 20180508-100.gitee3198e672e2.el7
|
|||
# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
|
||||
# library.
|
||||
Provides: bundled(openssl) = %{OPENSSL_VER}
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
License: BSD-2-Clause-Patent and Apache-2.0
|
||||
|
||||
# URL taken from the Maintainers.txt file.
|
||||
URL: http://www.tianocore.org/ovmf/
|
||||
|
@ -174,7 +188,7 @@ Conflicts: libvirt-daemon-driver-qemu < 9.2.0
|
|||
|
||||
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
|
||||
Provides: bundled(openssl) = %{OPENSSL_VER}
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
License: BSD-2-Clause-Patent and Apache-2.0
|
||||
|
||||
# URL taken from the Maintainers.txt file.
|
||||
URL: https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg
|
||||
|
@ -211,7 +225,7 @@ environment for the UEFI and PI specifications. This package contains sample
|
|||
%if %{defined fedora}
|
||||
%package ovmf-ia32
|
||||
Summary: Open Virtual Machine Firmware
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
License: BSD-2-Clause-Patent and Apache-2.0
|
||||
Provides: bundled(openssl)
|
||||
BuildArch: noarch
|
||||
%description ovmf-ia32
|
||||
|
@ -220,26 +234,27 @@ Open Virtual Machine Firmware (ia32)
|
|||
|
||||
%package ovmf-xen
|
||||
Summary: Open Virtual Machine Firmware, Xen build
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
License: BSD-2-Clause-Patent and Apache-2.0
|
||||
Provides: bundled(openssl)
|
||||
BuildArch: noarch
|
||||
%description ovmf-xen
|
||||
EFI Development Kit II
|
||||
Open Virtual Machine Firmware (Xen build)
|
||||
|
||||
%package ovmf-experimental
|
||||
%package experimental
|
||||
Summary: Open Virtual Machine Firmware, experimental builds
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
License: BSD-2-Clause-Patent and Apache-2.0
|
||||
Provides: bundled(openssl)
|
||||
Obsoletes: edk2-ovmf-experimental < 20230825
|
||||
BuildArch: noarch
|
||||
%description ovmf-experimental
|
||||
%description experimental
|
||||
EFI Development Kit II
|
||||
Open Virtual Machine Firmware (experimental builds)
|
||||
|
||||
%package arm
|
||||
Summary: ARM Virtual Machine Firmware
|
||||
BuildArch: noarch
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
License: BSD-2-Clause-Patent and Apache-2.0
|
||||
%description arm
|
||||
EFI Development Kit II
|
||||
ARMv7 UEFI Firmware
|
||||
|
@ -247,14 +262,14 @@ ARMv7 UEFI Firmware
|
|||
%package riscv64
|
||||
Summary: RISC-V Virtual Machine Firmware
|
||||
BuildArch: noarch
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
License: BSD-2-Clause-Patent and Apache-2.0
|
||||
%description riscv64
|
||||
EFI Development Kit II
|
||||
RISC-V UEFI Firmware
|
||||
|
||||
%package ext4
|
||||
Summary: Ext4 filesystem driver
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
License: BSD-2-Clause-Patent and Apache-2.0
|
||||
BuildArch: noarch
|
||||
%description ext4
|
||||
EFI Development Kit II
|
||||
|
@ -298,11 +313,13 @@ mkdir -p MdePkg/Library/MipiSysTLib/mipisyst/library/include
|
|||
chmod -Rf a+rX,u+w,g-w,o-w .
|
||||
|
||||
cp -a -- \
|
||||
%{SOURCE6} \
|
||||
%{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \
|
||||
%{SOURCE20} \
|
||||
%{SOURCE30} %{SOURCE31} %{SOURCE32} \
|
||||
%{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE43} %{SOURCE44} \
|
||||
%{SOURCE45} %{SOURCE46} %{SOURCE47} %{SOURCE48} \
|
||||
%{SOURCE50} \
|
||||
%{SOURCE80} %{SOURCE81} %{SOURCE82} %{SOURCE83} \
|
||||
%{SOURCE90} %{SOURCE91} \
|
||||
.
|
||||
|
@ -389,7 +406,8 @@ done
|
|||
virt-fw-vars --input Fedora/experimental/OVMF.stateless.fd \
|
||||
--output Fedora/experimental/OVMF.stateless.secboot.fd \
|
||||
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
|
||||
--enroll-redhat --secure-boot
|
||||
--enroll-redhat --secure-boot \
|
||||
--set-fallback-no-reboot
|
||||
|
||||
for image in \
|
||||
Fedora/ovmf/OVMF_CODE.secboot.fd \
|
||||
|
@ -416,6 +434,9 @@ done
|
|||
%else
|
||||
./edk2-build.py --config edk2-build.fedora --silent --release-date "$RELEASE_DATE" -m armvirt
|
||||
./edk2-build.py --config edk2-build.fedora.platforms --silent -m aa64
|
||||
virt-fw-vars --input Fedora/aarch64/vars-template-pflash.raw \
|
||||
--output Fedora/experimental/vars-template-secboot-testonly-pflash.raw \
|
||||
--enroll-redhat --secure-boot
|
||||
%endif
|
||||
for raw in */aarch64/*.raw; do
|
||||
qcow2="${raw%.raw}.qcow2"
|
||||
|
@ -436,7 +457,7 @@ done
|
|||
%install
|
||||
|
||||
cp -a OvmfPkg/License.txt License.OvmfPkg.txt
|
||||
cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl
|
||||
cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE.txt LICENSE.openssl
|
||||
mkdir -p %{buildroot}%{_datadir}/qemu/firmware
|
||||
|
||||
# install the tools
|
||||
|
@ -529,6 +550,15 @@ install -m 0644 \
|
|||
# endif build_aarch64
|
||||
%endif
|
||||
|
||||
%if %{build_riscv64}
|
||||
|
||||
install -m 0644 \
|
||||
50-edk2-riscv-qcow2.json \
|
||||
%{buildroot}%{_datadir}/qemu/firmware
|
||||
|
||||
# endif build_riscv64
|
||||
%endif
|
||||
|
||||
%if %{defined fedora}
|
||||
|
||||
# edk2-tools-python install
|
||||
|
@ -666,8 +696,9 @@ done
|
|||
%{_datadir}/qemu/firmware/40-edk2-ovmf-ia32-sb.json
|
||||
%{_datadir}/qemu/firmware/50-edk2-ovmf-ia32-nosb.json
|
||||
|
||||
%files ovmf-experimental
|
||||
%files experimental
|
||||
%common_files
|
||||
%doc README.experimental
|
||||
%dir %{_datadir}/%{name}/experimental
|
||||
%{_datadir}/%{name}/experimental/*.fd
|
||||
%{_datadir}/%{name}/experimental/*.raw
|
||||
|
@ -694,6 +725,7 @@ done
|
|||
%common_files
|
||||
%{_datadir}/%{name}/riscv/*.fd
|
||||
%{_datadir}/%{name}/riscv/*.qcow2
|
||||
%{_datadir}/qemu/firmware/50-edk2-riscv-qcow2.json
|
||||
|
||||
%files ext4
|
||||
%common_files
|
||||
|
|
Loading…
Reference in New Issue