Skip to content

v9.0.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Sep 17:03
· 18 commits to refs/heads/main since this release
v9.0.0
69223cc

What's Changed

⚠️ Breaking Changes

  • Drop S3 and Lock Box Support [Rebase \& FF] @makubacki (#1042)
    Change Details
      ## Description

    Contains the following changes:

    QemuQ35Pkg: Drop S3 and Lock Box support

    1. Drop SmmLockBox from build and flash image

      This is a Traditional SMM module that cannot be dispached with
      the Standalone MM model currently supported in QemuQ35Pkg.

    2. Drop PEI and DXE S3 and Lock Box related modules from the
      QemuQ35Pkg build and flash image.

      gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable is FALSE which
      disables S3 support. Code is also currently not being written to
      support S3 boot script replay and S3 is not tested. Modern physical
      platforms rarely support S3 and S3 presents its own security
      related concerns and maintenance overhead.

      Since S3 is not needed, the lock box code which is currently only
      used to store the S3 boot script is not needed.

      As a consequence, the following S3, boot script, and lock box
      related PEI and DXE modules are removed from QemuQ35Pkg:

      • BootScriptExecutorDxe
      • CpuS3DataDxe
      • S3Resume2Pei
      • S3SaveStateDxe

    3. Drop S3 and lock box related library instances from QemuQ35Pkg
      build.

      The following library instances also do not need to be build given
      S3 is not supported and are removed from the QemuQ35Pkg build:

      • MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
      • MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf
      • MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf
      • MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf
      • MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxStandaloneMmLib.inf
      • QemuPkg/Library/LockBoxLib/LockBoxBaseLib.inf
      • QemuQ35Pkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf

    QemuQ35Pkg: Remove S3 and Lock Box related code

    Removes libraries and modules that support S3 and Lock Box since S3
    is not supported by QemuQ35Pkg.

    QemuQ35Pkg/Sec: Drop S3 and Lock Box support

    Always follow the non-S3 flow to decompress the main FV and load
    the PEI core from it during SEC startup.

    QemuQ35Pkg/PlatformPei: Drop S3 and Lock Box support

    Removes platform initialization logic for S3 and the lock box.

    Notably, the number of MMRAM regions is reduced from two to one since
    the first MMRAM range was previously a 4KB page used to hold S3
    resume structures.

    The amount of ACPI NVS reservation is reduced substantially since
    areas like the following do not need to be preserved for S3 resume:

    • CPU AP stack buffers
    • Temp RAM stack and heap
    • GUIDed section extraction handlers
    • Reset vector initial page tables

    The lock box storage buffer is also not allocated at all. Previously,
    it was allocated as boot services data (not ACPI NVS) since S3 was
    never enabled. In any case, that space is no longer allocated.

    Asserts are added in places through key control flow to alert a
    developer if S3 is detected as enabled when it should not be.

    QemuQ35Pkg/AcpiPlatformDxe: Drop S3 and Lock Box support

    Removes S3 boot script related code since S3 is no longer supported.

    QemuQ35Pkg/SmmControl2Dxe: Drop S3 and Lock Box support

    Removes S3 and boot script related code to focus the module on simply
    installing Trigger() and Clear() functionality for the SMM
    Control protocol.

    QemuQ35Pkg/SmmAccess: Drop S3 and Lock Box support

    Main change is to compensate for the single MMRAM range used now that
    the S3 resume area is removed from MMRAM. A single range is now used
    to cover all of TSEG.

    QemuQ35Pkg.fdf: Remove assignment of Lock Box PCDs

    Removes the following PCDs since the lock box is no longer supported.

    • gQemuPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase
    • gQemuPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize

    QemuSbsaPkg: Use LockBoxLib null instance

    The QemuPkg LockBoxLib is being removed. Used the null instance here
    for libraries (like PerformanceLib) that link against a LockBoxLib
    instance.

    QemuPkg: Remove LockBoxLib

    Not needed since S3 support is not used requiring the Lock Box.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Boot to EFI shell and perform cold and warm reset
    • Verify Standalone MM drivers are dispatched and execute successfully

    Integration Instructions

    • N/A - Affects platform firmware operation

🚀 Features & ✨ Enhancements

  • Drop S3 and Lock Box Support [Rebase \& FF] @makubacki (#1042)
    Change Details
      ## Description

    Contains the following changes:

    QemuQ35Pkg: Drop S3 and Lock Box support

    1. Drop SmmLockBox from build and flash image

      This is a Traditional SMM module that cannot be dispached with
      the Standalone MM model currently supported in QemuQ35Pkg.

    2. Drop PEI and DXE S3 and Lock Box related modules from the
      QemuQ35Pkg build and flash image.

      gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable is FALSE which
      disables S3 support. Code is also currently not being written to
      support S3 boot script replay and S3 is not tested. Modern physical
      platforms rarely support S3 and S3 presents its own security
      related concerns and maintenance overhead.

      Since S3 is not needed, the lock box code which is currently only
      used to store the S3 boot script is not needed.

      As a consequence, the following S3, boot script, and lock box
      related PEI and DXE modules are removed from QemuQ35Pkg:

      • BootScriptExecutorDxe
      • CpuS3DataDxe
      • S3Resume2Pei
      • S3SaveStateDxe

    3. Drop S3 and lock box related library instances from QemuQ35Pkg
      build.

      The following library instances also do not need to be build given
      S3 is not supported and are removed from the QemuQ35Pkg build:

      • MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
      • MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf
      • MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf
      • MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf
      • MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxStandaloneMmLib.inf
      • QemuPkg/Library/LockBoxLib/LockBoxBaseLib.inf
      • QemuQ35Pkg/Library/QemuFwCfgS3Lib/PeiQemuFwCfgS3LibFwCfg.inf

    QemuQ35Pkg: Remove S3 and Lock Box related code

    Removes libraries and modules that support S3 and Lock Box since S3
    is not supported by QemuQ35Pkg.

    QemuQ35Pkg/Sec: Drop S3 and Lock Box support

    Always follow the non-S3 flow to decompress the main FV and load
    the PEI core from it during SEC startup.

    QemuQ35Pkg/PlatformPei: Drop S3 and Lock Box support

    Removes platform initialization logic for S3 and the lock box.

    Notably, the number of MMRAM regions is reduced from two to one since
    the first MMRAM range was previously a 4KB page used to hold S3
    resume structures.

    The amount of ACPI NVS reservation is reduced substantially since
    areas like the following do not need to be preserved for S3 resume:

    • CPU AP stack buffers
    • Temp RAM stack and heap
    • GUIDed section extraction handlers
    • Reset vector initial page tables

    The lock box storage buffer is also not allocated at all. Previously,
    it was allocated as boot services data (not ACPI NVS) since S3 was
    never enabled. In any case, that space is no longer allocated.

    Asserts are added in places through key control flow to alert a
    developer if S3 is detected as enabled when it should not be.

    QemuQ35Pkg/AcpiPlatformDxe: Drop S3 and Lock Box support

    Removes S3 boot script related code since S3 is no longer supported.

    QemuQ35Pkg/SmmControl2Dxe: Drop S3 and Lock Box support

    Removes S3 and boot script related code to focus the module on simply
    installing Trigger() and Clear() functionality for the SMM
    Control protocol.

    QemuQ35Pkg/SmmAccess: Drop S3 and Lock Box support

    Main change is to compensate for the single MMRAM range used now that
    the S3 resume area is removed from MMRAM. A single range is now used
    to cover all of TSEG.

    QemuQ35Pkg.fdf: Remove assignment of Lock Box PCDs

    Removes the following PCDs since the lock box is no longer supported.

    • gQemuPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase
    • gQemuPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize

    QemuSbsaPkg: Use LockBoxLib null instance

    The QemuPkg LockBoxLib is being removed. Used the null instance here
    for libraries (like PerformanceLib) that link against a LockBoxLib
    instance.

    QemuPkg: Remove LockBoxLib

    Not needed since S3 support is not used requiring the Lock Box.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Boot to EFI shell and perform cold and warm reset
    • Verify Standalone MM drivers are dispatched and execute successfully

    Integration Instructions

    • N/A - Affects platform firmware operation

Full Changelog: v8.0.1...v9.0.0

Contributors

makubacki
Assets 9
Loading