README.md@ 105670

Last change on this file since 105670 was 105670, checked in by vboxsync, 7 months ago
Devices/EFI/FirmwareNew: Merge edk2-stable-202405 and make it build on aarch64, bugref:4643
Property svn:eol-style set to `native`
File size: 1.4 KB

Line
1
2	# virtual machine platform hsti driver
3
4	This driver supports three tests.
5
6	## VIRT_HSTI_BYTE0_SMM_SMRAM_LOCK
7
8	Verify the SMM memory is properly locked down.
9
10	Supported platforms:
11	* Qemu Q35 (SMM_REQUIRE=TRUE builds).
12
13	## VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH
14
15	Verify the variable store is not writable for normal (not SMM) code.
16
17	Supported platforms:
18	* Qemu Q35 (SMM_REQUIRE=TRUE builds).
19
20	## VIRT_HSTI_BYTE0_READONLY_CODE_FLASH
21
22	Verify the firmware code is not writable for the guest.
23
24	Supported platforms:
25	* Qemu Q35
26	* Qemu PC
27
28	# qemu flash configuration
29
30	With qemu being configured properly flash behavior should be this:
31
32	configuration \| OVMF_CODE.fd \| OVMF_VARS.fd
33	-------------------------------\|----------------\|---------------
34	SMM_REQUIRE=TRUE, SMM mode \| read-only \| writable
35	SMM_REQUIRE=TRUE, normal mode \| read-only (1) \| read-only (2)
36	SMM_REQUIRE=FALSE \| read-only (3) \| writable
37
38	VIRT_HSTI_BYTE0_READONLY_CODE_FLASH will verify (1) + (3).
39	VIRT_HSTI_BYTE0_SMM_SECURE_VARS_FLASH will verify (2).
40
41	## qemu command line for SMM_REQUIRE=TRUE builds
42	```
43	qemu-system-x86-64 -M q35,smm=on,pflash0=code,pflash1=vars \
44	-blockdev node-name=code,driver=file,filename=OVMF_CODE.fd,read-only=on \
45	-blockdev node-name=vars,driver=file,filename=OVMF_VARS.fd \
46	-global driver=cfi.pflash01,property=secure,value=on \
47	[ ... more options here ... ]
48	```

Note: See TracBrowser for help on using the repository browser.