QemuQ35.c

Go to the documentation of this file.

 
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Library/HstiLib.h>
#include <Library/PcdLib.h>
#include <Library/PciLib.h>
 
#include <IndustryStandard/Hsti.h>
#include <IndustryStandard/Q35MchIch9.h>
 
#include "VirtHstiDxe.h"
 
STATIC VIRT_ADAPTER_INFO_PLATFORM_SECURITY  mHstiQ35 = {
  PLATFORM_SECURITY_VERSION_VNEXTCS,
  PLATFORM_SECURITY_ROLE_PLATFORM_REFERENCE,
  { L"OVMF (Qemu Q35)" },
  VIRT_HSTI_SECURITY_FEATURE_SIZE,
};
 
VIRT_ADAPTER_INFO_PLATFORM_SECURITY *
VirtHstiQemuQ35Init (
  VOID
  )
{
  if (FeaturePcdGet (PcdSmmSmramRequire)) {
    VirtHstiSetSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
    VirtHstiSetSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH);
  }
 
  return &mHstiQ35;
}
 
VOID
VirtHstiQemuQ35Verify (
  VOID
  )
{
  if (VirtHstiIsSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK)) {
    CHAR16  *ErrorMsg = NULL;
    UINT8   SmramVal;
    UINT8   EsmramcVal;
 
    SmramVal   = PciRead8 (DRAMC_REGISTER_Q35 (MCH_SMRAM));
    EsmramcVal = PciRead8 (DRAMC_REGISTER_Q35 (MCH_ESMRAMC));
 
    if (!(EsmramcVal & MCH_ESMRAMC_T_EN)) {
      ErrorMsg = L"q35 smram access is open";
    } else if (!(SmramVal & MCH_SMRAM_D_LCK)) {
      ErrorMsg = L"q35 smram config is not locked";
    }
 
    VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK);
  }
 
  if (VirtHstiIsSupported (&mHstiQ35, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH)) {
    CHAR16  *ErrorMsg = NULL;
 
    switch (VirtHstiQemuFirmwareFlashCheck (PcdGet32 (PcdOvmfFlashNvStorageVariableBase))) {
      case QEMU_FIRMWARE_FLASH_WRITABLE:
        ErrorMsg = L"qemu vars pflash is not secure";
        break;
    }
 
    VirtHstiTestResult (ErrorMsg, 0, VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH);
  }
}