for ehl-crb-b platform, update sos rootfs from "dev/sda3"
to "/dev/nvme0n1p3" in hybrid.xml file.
Tracked-On: #6530
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
For SMBIOS and TPM, enable SECURITY_VM_FIXUP and add GUEST_FLAG_SECURITY_VM
flag in TGL hybrid_rt.xml. Then disable SECURITY_VM_FIXUP in TGL hybrid.xml
because it’s previously enabled in hybrid.xml instead of hybrid_rt.xml by
mistake.
Tracked-On: #6320
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
The bdf of gpu is not 00:02.0 for the new platform icx-rvp,
it is 05:00.0 now, so we remove the hardcode 00:02.0;
And change to get the gpu bdf from board.xml.
Tracked-On: #6357
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
This patch renames the GUEST_FLAG_TPM2_FIXUP to
GUEST_FLAG_SECURITY_VM.
v2 -> v3:
The "FIXUP" suffix is removed.
Tracked-On: #6320
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
1. set the content of the bootargs tag to empty for KERNEL_ELF type
in hybrid xml files.
2. update generic_board.xml with the latest nuc11tnbi5.xml to fix
compile fail issue.
Tracked-On: #6461
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
remove the log "<board>.xml has been generated successfully!" in
board_parser.py, because it only mean that the board xml file have
been created sucessfully here, not the all data have been appended
successfully and pretty formatted.
Tracked-On: #6315
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
1. as a workaround, comment the code to check MBA_DELAY tag when
creating a new scenario xml setting because of this tag are retrived
from scenario xml files in generic_board folder where it is removed
now.
2. update the template launch xml file names according the recent
update for launch xml files in generic folder.
Tracked-On: #6315
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
MAXIMUM_PA_WIDTH will be calculated from board information.
Tracked-On: #6357
Signed-off-by: Liang Yi <yi.liang@intel.com>
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is used to specify the maximum number of EFI memmap entries.
On some platforms, like Tiger Lake, the number of EFI memmap entries
becomes 268 when the BIOS settings are changed.
The current value of MAX_EFI_MMAP_ENTRIES (256) defined in hypervisor
is not big enough to cover such cases.
As the number of EFI memmap entries depends on the platforms and the
BIOS settings, this patch introduces a new entry MAX_EFI_MMAP_ENTRIES
in configurations so that it can be adjusted for different cases.
Tracked-On: #6442
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Update lpc slot to origin value 1 from 31 in the script too,
because GOP driver has assumption to config space layout of
the device on 00:1f.0.
Tracked-On: #6340
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
1. rename “cli.py” to “board_inspector.py”,
and update the script name in README file.
2. rename “app.py” to “acrn_configurator.py”.
Tracked-On: #6417
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
In the default config file for hybrid scenario, zephyr image was
configured as KERNEL_RAWIMAGE. Now we change them to KERNEL_ELF
for all the platforms. And also kernel mods are changed from
Zephyr_RawImage to Zephyr_ElfImage
Tracked-On: #6323
Signed-off-by: Zhou, Wu <wu.zhou@intel.com>
Reviewed-by: Victor Sun <victor.sun@intel.com>
Rename KERNEL_ZEPHYR to KERNEL_RAWIMAGE. Added new type "KERNEL_ELF".
Add CONFIG_GUEST_KERNEL_RAWIMAGE, CONFIG_GUEST_KERNEL_ELF and/or
CONFIG_GUEST_KERNEL_BZIMAGE to config.h if it's configured.
Tracked-On: #6323
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Victor Sun <victor.sun@intel.com>
remove some tags check for scenario xml files in generic_board folder when
importing a new type of board in UI, and minor fix for the warning of config
editor.
Tracked-On: #6315
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
The term PSRAM is now obsoleted and should be replaced with SSRAM, as has been
done by commit 9facbb43b3 ("config-tool: rename PSRAM to SSRAM"). However,
there are two places in the configuration toolset that still uses PSRAM. This
patch updates these missed occurrences accordingly.
Tracked-On: #6012
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
On some boards it is seen that the log area of the physical TPM2 is
programmed to be 0. If TPM2 is passed through to a pre-launched VM in such
cases, a piece of memory starting from GPA 0 will be unmapped from the
Service VM, leading to Service VM crash due to early BIOS corruption
checks.
This patch temporarily disables TPM2 passthrough on such platforms. A
thorough fix should be proposed later to gracefully handle such cases.
Tracked-On: #6288
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Using xml.etree.ElementTree to parse the untrusted data is known to
raise security issue. Replaced it using defusedxml.
Tracked-On: #6342
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
The subprocess module is needed for calling package from python script.
Add #nosec for subprocess module importing.
Tracked-On: #6342
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
update the board xml and related scenario xml files because the
PR 6352 update the board inspector code to get more board info.
Tracked-On: #6298
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Extract the log area address from TPM2 acpi table and add node
log_area_start_address to board.xml. This emelment is used by host_pa of
mmiodevs.
Tracked-On: #6320
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
There could be multiple ways in the scenario configuration to specify that
no INTx allocation is explicitly allocation to a prelaunched VM:
* Do not have a `pt_intx` node at all.
* Have a `pt_intx` node with no text.
* Have a `pt_intx` node with a text that has nothing but whitespaces,
tabs and newlines.
The current implementation only supports the first way, and will cause
build-time failures when a scenario configuration uses the latter two. The
following changes are introduced by this patch to fix such errors.
* The INTx static allocator queries the text() of `pt_intx` nodes
directly to gracefully handle `pt_intx` nodes with no text.
* The XSLT of pt_intx.c clears all kinds of white spaces from the text of
`pt_intx` nodes before calculating the set of allocated INTx mappings.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch refines the configuration data description so that it is
consistent with the current implementation of the configuration tools.
Tracked-On: #6377
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Add SECURITY_VM_FIXUP config for Security VM whether it needs to do fixup
for TPM2 and SMBIOS
Tracked-On: #6320
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Fei Li <fei1.li@intel.com>
Create virtual acpi table of tpm2 based on the raw data if the TPM2
device is presented and the passthrough tpm2 is enabled.
Refine the arguments of bin_gen.py. The --board and --scenario take the
path to the XMLs as the argument. The allocation.xml is needed for
bin_gen.py to generate tpm2 acpi table.
Refine the condition of tpm2_acpi_gen. The tpm2 device "MSFT0101" can be
present in device id or compatible_id(CID). Check both attributes and
child node of tpm2 device.
Tracked-On: #6320
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
If passthrough TPM2 is enabled and the log area is present, allocates
the log_area_start_address with the size log_area_minimum_length(256K).
Tracked-On: #6320
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Create python script tpm2 which parse the tpm2 acpi table datas. Add
this parsed data to the <device id="MSFT0101" description="TPM 2.0 Device"> of board.xml.
Tracked-On: #6320
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Relocate ACPI address to 0x7fe00000 and ACPI NVS to 0x7ff00000 correspondingly.
In this case, we could include TPM event log region [0x7ffb0000, 0x80000000)
into ACPI NVS.
Tracked-On: #6320
Signed-off-by: Fei Li <fei1.li@intel.com>
ACRN used to prepare the vTPM2 ACPI Table for pre-launched VM at the build stage
using config tools. This is OK if the TPM2 ACPI Table never changes. However,
TPM2 ACPI Table may be changed in some conditions: change BIOS configuration or
update BIOS.
This patch do TPM2 fixup to update the vTPM2 ACPI Table and TPM2 MMIO resource
configuration according to the physical TPM2 ACPI Table.
Tracked-On: #6366
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Signed-off-by: Fei Li <fei1.li@intel.com>
1. add a name field to indicate what the MMIO Device is.
2. add two more MMIO resource to the acrn_mmiodev data structure.
Tracked-On: #6366
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Signed-off-by: Fei Li <fei1.li@intel.com>
Update launch xml to use image to launch hard rt vm since
we changed the platforms from two disk to only one NVME disk.
Tracked-On: #6315
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Update lpc slot to origin value 1 from 31 because GOP driver has assumption
to config space layout of the device on 00:1f.0.
Tracked-On: #6340
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
If the MAX_MSIX_TABLE_NUM is specified in scenario.xml. Return the
largest number from count of MSI, table_size of MSIX or
MAX_MSIX_TABLE_NUM of scenario.xml.
Tracked-On: #6235
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
The ACPI specification allows both assigning to buffers and indexing to a
certain byte of a buffer using the Index operator. This patch adds the
implementation of these two operations in the interpreter.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The PackageElementList builder takes variadic arguments, each of which is
an element of the package to be created, not a single argument being the
list of the elements. This patch fix the call to PackageElementList in
build_value() where the wrong type of argument was passed.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is typical in AML resource descriptors to have 0-length region
descriptors which are typically templates of resources that are not
assigned on the current platform. For such regions, the `base + length - 1`
formula does not calculate the max of the region properly.
This patch updates the resource descriptor parsers to use max = min when
the length of the region is 0.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
When parsing an AML object representing a host bridge, the current board
inspector may encounter the following issues:
1. The host DSDT may contain multiple host bridge instances, with some of
them not being present. In this case the _BBN of these instances may
evaluate to the same value that coincide with the bus assigned to an
existing host bridge, leading to multiple PCI bus nodes with the same
bus number and thus confusion in later information extraction phases.
2. Methods of a host bridge may refer to the PCI configuration space of
itself (which is typically Device 0, Function 0 under that
bus). However, such objects may not have an _ADR object as the bus
number is encoded by the _BBN object instead.
This patch fixes the issues above.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch enables the interpretation of the following AML objects.
* OnesOp. A OnesOp object always evaluates to a 64-bit integer with all bits
set to 1. It is assumed that the host DSDT is always revision 2 or above,
which is typically the case on modern platforms.
* DefMatch. A DefMatch object evaluates to the index of the first
element (starting from a given index) in a package that matches the given
two predicates. If a match is not found, the constant Ones is returned.
* DefSizeOf. A DefSizeOf object evaluates to the byte length of a buffer, the
length of a string (without the terminating NUL character) or the number of
elements in a package.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
In commit e5ba06cbe8 ("board_inspector: a workaround to an incorrect
interpretation") a workaround is introduced to check the data type of
predicate operands. That commit assumes that both operands must be exactly
integers, which is not usually the case as operation fields or strings can
also be used in predicates.
This patch applies the following conversions on both operands when
evaluating a predicate:
1. Try converting both operands to integers
2. If either conversion in step 1 fails, try regarding both operands as
strings.
3. If either operand is not a string, return the default
result (i.e. False).
Fixes: e5ba06cbe8 ("board_inspector: a workaround to an incorrect interpretation")
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The method `enter_scope` of class `Context` is a reduced implementation of
`change_scope` which assumes that the given name is simply a NameSeg. This
method is currently only used when a new named scope is opened by a
DefDevice object for historical reasons.
As the other named-scope-opening objects all use `change_scope` which can
handle arbitrary NameString, this patch unifies the code by removing
`enter_scope` and replacing the only occurrence with `change_scope`. This
also resolves the parsing of AML templates in board XMLs where device names
can be more than a simple NameSeg.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
According to the specification, the _MAX of memory address space resource
descriptors may not necessarily be _MIN + _LEN - 1. Typically the resource
locates at the low end of the region specified by _MIN and _MAX. This patch
makes the ACPI extractor always calculating the end of a memory region
using _MIN and _LEN instead.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The current design of AML parsing, objects are first defined in the
namespace and later dropped if they are in a False branch. This leads to
incorrect interpretation of the AML code where:
1. A name T is defined in the root scope as an integer.
2. A method M in an inner scope S references T.
3. The name T is defined as a device, power resource or other named
objects in scope S under conditions where M will not be called.
As a workaround, check if both the left and right hand sides are integers
first. If either is not the case,
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The current vACPI image layout reserves 512 bytes for vDSDT. Given the fact
that the size of vDSDT of a pre-launched VM grows when more devices are
assigned to the VM, this size limit can be easily exceeded. As an example,
a single pass-through TSN NIC requires 291 bytes in vDSDT to define device
objects representing its PCS (Physical Coding Sublayer), which means the
current reserved space for vDSDT does not allow two TSN NICs to be assigned
to the same VM.
This patch enlarges the reserved space for vDSDT to 2432 bytes by moving
the MCFG and MADT spaces. 768 bytes are still reserved for MADT which
is sufficient to encode the LAPIC information for more than 64 vCPUs.
This patch is added in v2 of the series.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
