| 1 | /** @file
|
|---|
| 2 |
|
|---|
| 3 | SPDX-License-Identifier: BSD-2-Clause-Patent
|
|---|
| 4 |
|
|---|
| 5 | **/
|
|---|
| 6 |
|
|---|
| 7 | #include <Library/BaseLib.h>
|
|---|
| 8 | #include <Library/DebugLib.h>
|
|---|
| 9 | #include <Library/HstiLib.h>
|
|---|
| 10 | #include <Library/PcdLib.h>
|
|---|
| 11 | #include <Library/PciLib.h>
|
|---|
| 12 |
|
|---|
| 13 | #include <IndustryStandard/Hsti.h>
|
|---|
| 14 | #include <IndustryStandard/Q35MchIch9.h>
|
|---|
| 15 |
|
|---|
| 16 | #include "VirtHstiDxe.h"
|
|---|
| 17 |
|
|---|
| 18 | STATIC VIRT_ADAPTER_INFO_PLATFORM_SECURITY mHstiQ35 = {
|
|---|
| 19 | PLATFORM_SECURITY_VERSION_VNEXTCS,
|
|---|
| 20 | PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
|
|---|
| 21 | { L"OVMF (Qemu Q35)" },
|
|---|
| 22 | VIRT_HSTI_SECURITY_FEATURE_SIZE,
|
|---|
| 23 | };
|
|---|
| 24 |
|
|---|
| 25 | VIRT_ADAPTER_INFO_PLATFORM_SECURITY *
|
|---|
| 26 | VirtHstiQemuQ35Init (
|
|---|
| 27 | VOID
|
|---|
| 28 | )
|
|---|
| 29 | {
|
|---|
| 30 | if (FeaturePcdGet (PcdSmmSmramRequire)) {
|
|---|
| 31 | VirtHstiSetSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
|
|---|
| 32 | VirtHstiSetSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH);
|
|---|
| 33 | }
|
|---|
| 34 |
|
|---|
| 35 | return &mHstiQ35;
|
|---|
| 36 | }
|
|---|
| 37 |
|
|---|
| 38 | VOID
|
|---|
| 39 | VirtHstiQemuQ35Verify (
|
|---|
| 40 | VOID
|
|---|
| 41 | )
|
|---|
| 42 | {
|
|---|
| 43 | if (VirtHstiIsSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK)) {
|
|---|
| 44 | CHAR16 *ErrorMsg = NULL;
|
|---|
| 45 | UINT8 SmramVal;
|
|---|
| 46 | UINT8 EsmramcVal;
|
|---|
| 47 |
|
|---|
| 48 | SmramVal = PciRead8 (DRAMC_REGISTER_Q35 (MCH_SMRAM));
|
|---|
| 49 | EsmramcVal = PciRead8 (DRAMC_REGISTER_Q35 (MCH_ESMRAMC));
|
|---|
| 50 |
|
|---|
| 51 | if (!(EsmramcVal & MCH_ESMRAMC_T_EN)) {
|
|---|
| 52 | ErrorMsg = L"q35 smram access is open";
|
|---|
| 53 | } else if (!(SmramVal & MCH_SMRAM_D_LCK)) {
|
|---|
| 54 | ErrorMsg = L"q35 smram config is not locked";
|
|---|
| 55 | }
|
|---|
| 56 |
|
|---|
| 57 | VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
|
|---|
| 58 | }
|
|---|
| 59 |
|
|---|
| 60 | if (VirtHstiIsSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH)) {
|
|---|
| 61 | CHAR16 *ErrorMsg = NULL;
|
|---|
| 62 |
|
|---|
| 63 | switch (VirtHstiQemuFirmwareFlashCheck (PcdGet32 (PcdOvmfFlashNvStorageVariableBase))) {
|
|---|
| 64 | case QEMU_FIRMWARE_FLASH_WRITABLE:
|
|---|
| 65 | ErrorMsg = L"qemu vars pflash is not secure";
|
|---|
| 66 | break;
|
|---|
| 67 | }
|
|---|
| 68 |
|
|---|
| 69 | VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH);
|
|---|
| 70 | }
|
|---|
| 71 | }
|
|---|
