From e8fe2e83f10822e2b3fb4e41e444e792cd7c2420 Mon Sep 17 00:00:00 2001 From: Kun Qin Date: Wed, 23 Apr 2025 11:15:43 -0700 Subject: [PATCH] OvmfPkg: OvmfPkgX64: Platform changes for Standalone MM support This change adds a build flag in the platform DSC file to support standalone MM build on OVMF platform. The new standalone MM platform will not support S3 boot and thus no SMM lock box related components are included. Signed-off-by: Kun Qin --- OvmfPkg/OvmfPkgX64.dsc | 110 +++++++++++++++++++++++-- OvmfPkg/OvmfPkgX64.fdf | 32 +++++++ OvmfPkg/PlatformCI/PlatformBuildLib.py | 5 ++ 3 files changed, 138 insertions(+), 9 deletions(-) diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 0b7955c42d..cdb815c4b6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -32,6 +32,7 @@ DEFINE SECURE_BOOT_ENABLE = FALSE DEFINE SMM_REQUIRE = FALSE DEFINE QEMU_PV_VARS = FALSE + DEFINE STANDALONE_MM_ENABLE = FALSE DEFINE SOURCE_DEBUG_ENABLE = FALSE DEFINE CC_MEASUREMENT_ENABLE = TRUE @@ -125,8 +126,8 @@ CLANGPDB:*_*_*_DLINK_FLAGS = /ALIGN:4096 # Force PE/COFF sections to be aligned at 4KB boundaries to support page level -# protection of DXE_SMM_DRIVER/SMM_CORE modules -[BuildOptions.common.EDKII.DXE_SMM_DRIVER, BuildOptions.common.EDKII.SMM_CORE] +# protection of MM/MM_CORE modules +[BuildOptions.common.EDKII.DXE_SMM_DRIVER, BuildOptions.common.EDKII.SMM_CORE, BuildOptions.common.EDKII.MM_CORE_STANDALONE, BuildOptions.common.EDKII.MM_STANDALONE] GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000 XCODE:*_*_*_MTOC_FLAGS = -align 0x1000 @@ -203,7 +204,12 @@ QemuFwCfgSimpleParserLib|OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParserLib.inf VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf LoadLinuxLib|OvmfPkg/Library/LoadLinuxLib/LoadLinuxLib.inf +!if $(STANDALONE_MM_ENABLE) != TRUE MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +!else + # CC is not supported with standalone MM enabled + MemEncryptSevLib|OvmfPkg/Library/MemEncryptSevLibNull/MemEncryptSevLibNull.inf +!endif MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf @@ -215,6 +221,9 @@ CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf !else CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf +!if $(STANDALONE_MM_ENABLE) == TRUE + MmPlatformHobProducerLib|OvmfPkg/Library/MmPlatformHobProducerLibOvmf/MmPlatformHobProducerLibOvmf.inf +!endif !endif CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf @@ -295,7 +304,9 @@ MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf +!if $(STANDALONE_MM_ENABLE) != TRUE MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf +!endif CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/SecPeiTdxMeasurementLib.inf @@ -349,11 +360,16 @@ QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf PlatformInitLib|OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +!if $(STANDALONE_MM_ENABLE) != TRUE MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +!endif CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf TdxMeasurementLib|OvmfPkg/IntelTdx/TdxMeasurementLib/SecPeiTdxMeasurementLib.inf TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/PeiTdxHelperLib.inf +!if $(SMM_REQUIRE) == TRUE && $(STANDALONE_MM_ENABLE) == TRUE + MmUnblockMemoryLib|UefiCpuPkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLib.inf +!endif [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf @@ -501,6 +517,40 @@ !endif PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf +[LibraryClasses.common.MM_STANDALONE] +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf +!endif + StandaloneMmDriverEntryPoint|MdePkg/Library/DynamicStackCookieEntryPointLib/StandaloneMmDriverEntryPoint.inf + TimerLib|OvmfPkg/Library/AcpiTimerLib/DxeAcpiTimerLib.inf + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf + CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/StandaloneMmReportStatusCodeLib.inf + CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf + MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLibStandaloneMm.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf + +[LibraryClasses.common.MM_CORE_STANDALONE] +!ifdef $(DEBUG_ON_SERIAL_PORT) + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf +!else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf +!endif + ExtractGuidedSectionLib|StandaloneMmPkg/Library/StandaloneMmExtractGuidedSectionLib/StandaloneMmExtractGuidedSectionLib.inf + FvLib|StandaloneMmPkg/Library/FvLib/FvLib.inf + HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmCoreMemoryAllocationLib/StandaloneMmCoreMemoryAllocationLib.inf + MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/StandaloneMmReportStatusCodeLib.inf + StandaloneMmCoreEntryPoint|MdePkg/Library/DynamicStackCookieEntryPointLib/StandaloneMmCoreEntryPoint.inf + HobPrintLib|MdeModulePkg/Library/HobPrintLib/HobPrintLib.inf + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf + ################################################################################ # # Pcd Section - list of all EDK II PCD Entries defined by this Platform. @@ -517,6 +567,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire|TRUE gUefiCpuPkgTokenSpaceGuid.PcdCpuHotPlugSupport|TRUE gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache|FALSE + gUefiOvmfPkgTokenSpaceGuid.PcdStandaloneMmEnable|$(STANDALONE_MM_ENABLE) !endif !if $(QEMU_PV_VARS) == TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQemuVarsRequire|TRUE @@ -965,8 +1016,10 @@ # MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf +!if $(STANDALONE_MM_ENABLE) != TRUE MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +!endif MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf # @@ -1006,16 +1059,53 @@ # # SMM Initial Program Load (a DXE_RUNTIME_DRIVER) # +!if $(STANDALONE_MM_ENABLE) == TRUE + OvmfPkg/SmmControl2Dxe/MmControlPei.inf + StandaloneMmPkg/Drivers/StandaloneMmIplPei/StandaloneMmIplPei.inf + StandaloneMmPkg/Drivers/MmCommunicationDxe/MmCommunicationDxe.inf { + + NULL|StandaloneMmPkg/Library/VariableMmDependency/VariableMmDependency.inf + } +!else MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf +!endif # # SMM_CORE # +!if $(STANDALONE_MM_ENABLE) == TRUE + StandaloneMmPkg/Core/StandaloneMmCore.inf +!else MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf +!endif # # Privileged drivers (DXE_SMM_DRIVER modules) # +!if $(STANDALONE_MM_ENABLE) == TRUE + UefiCpuPkg/CpuIo2Smm/CpuIo2StandaloneMm.inf + UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuStandaloneMm.inf { + + SmmCpuPlatformHookLib|OvmfPkg/Library/SmmCpuPlatformHookLibQemu/SmmCpuPlatformHookLibQemu.inf + SmmCpuFeaturesLib|OvmfPkg/Library/SmmCpuFeaturesLib/StandaloneMmCpuFeaturesLib.inf + MmSaveStateLib|UefiCpuPkg/Library/MmSaveStateLib/AmdMmSaveStateLib.inf + SmmCpuSyncLib|UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf + } + + # + # Variable driver stack (SMM) + # + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesStandaloneMm.inf { + + CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf + } + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLibStandaloneMm.inf + } +!else OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf { @@ -1023,13 +1113,12 @@ LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf } UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf { - - SmmCpuPlatformHookLib|OvmfPkg/Library/SmmCpuPlatformHookLibQemu/SmmCpuPlatformHookLibQemu.inf - SmmCpuFeaturesLib|OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf - MmSaveStateLib|UefiCpuPkg/Library/MmSaveStateLib/AmdMmSaveStateLib.inf - SmmCpuSyncLib|UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf - } - MdeModulePkg/Universal/SmmCommunicationBufferDxe/SmmCommunicationBufferDxe.inf + + SmmCpuPlatformHookLib|OvmfPkg/Library/SmmCpuPlatformHookLibQemu/SmmCpuPlatformHookLibQemu.inf + SmmCpuFeaturesLib|OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf + MmSaveStateLib|UefiCpuPkg/Library/MmSaveStateLib/AmdMmSaveStateLib.inf + SmmCpuSyncLib|UefiCpuPkg/Library/SmmCpuSyncLib/SmmCpuSyncLib.inf + } # # Variable driver stack (SMM) @@ -1044,6 +1133,9 @@ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf } +!endif + MdeModulePkg/Universal/SmmCommunicationBufferDxe/SmmCommunicationBufferDxe.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf !else diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index c1a9977b72..046d74f9b7 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -330,8 +330,10 @@ INF OvmfPkg/SmbiosPlatformDxe/SmbiosPlatformDxe.inf INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf INF OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf +!if $(STANDALONE_MM_ENABLE) != TRUE INF MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +!endif INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf @@ -379,6 +381,14 @@ INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf !if $(SMM_REQUIRE) == TRUE INF OvmfPkg/SmmAccess/SmmAccess2Dxe.inf INF OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf +!if $(STANDALONE_MM_ENABLE) == TRUE +INF OvmfPkg/SmmControl2Dxe/MmControlPei.inf +INF StandaloneMmPkg/Drivers/StandaloneMmIplPei/StandaloneMmIplPei.inf +INF StandaloneMmPkg/Drivers/MmCommunicationDxe/MmCommunicationDxe.inf +INF StandaloneMmPkg/Core/StandaloneMmCore.inf +INF UefiCpuPkg/CpuIo2Smm/CpuIo2StandaloneMm.inf +INF UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuStandaloneMm.inf +!else INF OvmfPkg/CpuS3DataDxe/CpuS3DataDxe.inf INF MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf INF MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf @@ -386,14 +396,21 @@ INF OvmfPkg/CpuHotplugSmm/CpuHotplugSmm.inf INF UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf INF MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf INF UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf +!endif INF MdeModulePkg/Universal/SmmCommunicationBufferDxe/SmmCommunicationBufferDxe.inf # # Variable driver stack (SMM) # +!if $(STANDALONE_MM_ENABLE) == TRUE +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesStandaloneMm.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf +!else INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +!endif INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf !else @@ -573,3 +590,18 @@ FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 { UI STRING="$(MODULE_NAME)" Optional VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) } + +[Rule.Common.MM_CORE_STANDALONE] + FILE MM_CORE_STANDALONE = $(NAMED_GUID) { + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } + +[Rule.Common.MM_STANDALONE] + FILE MM_STANDALONE = $(NAMED_GUID) { + SMM_DEPEX SMM_DEPEX Optional $(INF_OUTPUT)/$(MODULE_NAME).depex + PE32 PE32 $(INF_OUTPUT)/$(MODULE_NAME).efi + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py b/OvmfPkg/PlatformCI/PlatformBuildLib.py index 4d7b787d13..19f92ac13f 100644 --- a/OvmfPkg/PlatformCI/PlatformBuildLib.py +++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py @@ -224,6 +224,11 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager): args += " -global driver=cfi.pflash01,property=secure,value=on" args += " -drive if=pflash,format=raw,unit=0,file=" + os.path.join(OutputPath_FV, "OVMF_CODE.fd") + ",readonly=on" args += " -drive if=pflash,format=raw,unit=1,file=" + os.path.join(OutputPath_FV, "OVMF_VARS.fd") + if (self.env.GetBuildValue("STANDALONE_MM_ENABLE") == "1"): + # We will not support S3 in standalone MM mode + args += " -global ICH9-LPC.disable_s3=1" + # Make MMRAM bigger as it will need to hold the FV where the MM core is at + args += " -global mch.extended-tseg-mbytes=32" else: args += " -pflash " + os.path.join(OutputPath_FV, "OVMF.fd") # path to firmware