Skip to content

Support Standalone MM on OVMF #10961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Jun 19, 2025
Merged

Support Standalone MM on OVMF #10961

merged 17 commits into from
Jun 19, 2025

Conversation

kuqin12
Copy link
Contributor

@kuqin12 kuqin12 commented Apr 15, 2025
edited
Loading

Description

Standalone MM on x64 platforms is treated as a better model compared to traditional MM, offering cleaner isolation in resource accessibility and reducing attack surfaces. With the growing shift towards Standalone MM-based solutions over SMM on x64 platforms, there is an increasing demand for a public platform to showcase the functionality of the Standalone MM framework on x64 systems.

This change adds the support for booting OVMF with Standalone MM. It can be used as a validation mechanism to ensure that Standalone MM-related changes operate as expected during check-in.

The base of the new platform is OvmfX64 as the EDK2 solution for x86 based Standalone MM only supports x64.

  • Breaking change?
    • Breaking change - Does this PR cause a break in build or boot behavior?
    • Examples: Does it add a new library class or move a module to a different repo.
  • Impacts security?
    • Security - Does this PR have a direct security impact?
    • Examples: Crypto algorithm change or buffer overflow fix.
  • Includes tests?
    • Tests - Does this PR include any explicit test code?
    • Examples: Unit tests or integration tests.

How This Was Tested

This was tested with OVMF packge and booted to UEFI shell.

Integration Instructions

N/A

@kuqin12 kuqin12 force-pushed the stmm_ovmf branch 3 times, most recently from b5a6d9e to 54b4995 Compare April 15, 2025 21:14
@kuqin12 kuqin12 marked this pull request as ready for review April 15, 2025 22:17
@tianocore-assign-reviewers
Copy link

WARNING: Cannot add some reviewers: A user specified as a reviewer for this PR is not a collaborator of the repository. Please add them as a collaborator to the repository so they can be requested in the future.

Non-collaborators requested:

Attn Admins:

Admin Instructions:

  • Add the non-collaborators as collaborators to the appropriate team(s) listed in teams
  • If they are no longer needed as reviewers, remove them from Maintainers.txt

kraxel
kraxel reviewed Apr 16, 2025
View reviewed changes
kraxel
kraxel reviewed Apr 16, 2025
View reviewed changes
@ardbiesheuvel
Copy link
Member

Can you explain why this is a good idea?

@kuqin12
Copy link
Contributor Author

kuqin12 commented Apr 16, 2025

Can you explain why this is a good idea?

From an x64 platform standpoint, Standalone MM is regarded as a better model compared to traditional MM, offering cleaner isolation in resource accessibility and reducing attack surfaces. With the growing shift towards Standalone MM-based solutions over SMM on x64 platforms, there is an increasing demand for a public platform to showcase the functionality of the Standalone MM framework on x64 systems.

Additionally, this Standalone MM-based platform serves as a validation mechanism to ensure that Standalone MM-related changes operate as expected during check-in.

@kuqin12 kuqin12 force-pushed the stmm_ovmf branch 3 times, most recently from 055b330 to 7f4f7c1 Compare April 23, 2025 06:15
kraxel
kraxel reviewed Apr 23, 2025
View reviewed changes
@mergify Mergify
Copy link

mergify bot commented Apr 23, 2025

PR can not be merged due to conflict. Please rebase and resubmit

@kuqin12
Copy link
Contributor Author

kuqin12 commented Jun 16, 2025

@niruiyu @sweeaun Would you have further feedback on this PR? Thanks in advance!

@kuqin12
Copy link
Contributor Author

kuqin12 commented Jun 18, 2025

@niruiyu @sweeaun @jiaxinwu Could you please help review the changes around StandaloneMmPkg?

This PR has been around for a while. And StandaloneMmPkg change is the outlier that still needs review/approval. Any further feedback is appreciated. Otherwise, could you please help merging the change?

niruiyu
niruiyu reviewed Jun 19, 2025
View reviewed changes
niruiyu
niruiyu reviewed Jun 19, 2025
View reviewed changes
kuqin12 added 2 commits June 18, 2025 22:06
@kuqin12
StandaloneMmPkg: StandaloneMmIplPei: Prevent Freeing Zero Pages
a8d0d3f 
There could be scenarios where the HOB producer does not create any HOBs.
In such cases, the buffer intended to be freed will have zero pages.

This update addresses the issue that could cause assertions during
runtime by ensuring that buffers with zero pages are not freed.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
StandaloneMmPkg: StandaloneMmIplPei: Use MM access to open the regions
76d298b 
Current MM IPL in PEI phase does not open the MMRAM regions through MM
access PPI. This is causing some platforms like OVMF reading all `0xFF`s
when trying to relocate the Standalone MM core.

This change opens all the MMRAM regions provided by MM access PPI and
closes + locks the regions after initial MM foundation setup, when MM
Access PPI is available.

Platforms that require MM access PPI can inject depex through libraries.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
kuqin12 added 15 commits June 18, 2025 22:47
@kuqin12
OvmfPkg: MemDebugLogLibNull: Support Standalone MM core and drivers
072f229 
This change extends the supported types to Standalone MM and Standalone
MM Core module types to support potential MM usage.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: DxeAcpiTimerLib: Support Standalone MM core and drivers
21e92aa 
This change extends the library to support MM_CORE_STANDALONE and
MM_STANDALONE for usage in MM standalone environment.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: PlatformDebugLibIoPort: Support Standalone MM core and drivers
8a002e0 
This change extends the library to support MM_CORE_STANDALONE and
MM_STANDALONE for usage in MM standalone environment.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: PlatformSecureLib: Support Standalone MM core and drivers
b09cd1e 
This change extends the library to support MM_CORE_STANDALONE and
MM_STANDALONE for usage in MM standalone environment.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: SmmCpuFeaturesLib: Abstract out SMM specific implementations
fe42220 
This update refactors the existing SmmCpuFeaturesLib to eliminate direct
calls to SMM-specific functions.

In particular, the constructor has been relocated to traditional MM-
specific C files, utilizing a common entry point.

Furthermore, several implementation-specific functions have been
modularized into its respective C files.

These changes lay the groundwork for supporting a Standalone MM-based
solution in the future.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: StandaloneMmCpuFeaturesLib: Introduce SmmCpuFeaturesLib for …
6856684 
…Ovmf

This change adds the implementation of SmmCpuFeaturesLib for Ovmf to
operate with Standalone MM supported platforms.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: MmControlPei: Introduce MM control PPI to OVMF
0d022f5 
This change adds a PEIM that produces gEfiPeiMmControlPpiGuid to be used
in PEI phase, i.e. boot strap MM foundation.

This flow is largely in assemblence of MM control DXE driver and used the
`SmiFeatures.*` files from the DXE drivers as the common resources.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: SmmControl2Dxe: Avoid double initialization
49086ac 
This change adds a build time PCD to prevent the SmmControl2Dxe driver
from re-initialization the MM related registers.

This register is to be used when MmControlPei is already executed in PEI
phase and completed setting up the MM control registers.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: QemuFlashFvbServicesRuntimeDxe: Abstract out SMM/DXE functions
2dd6d14 
This update refactors QemuFlashFvbServicesRuntimeDxe to abstract out
direct calls to SMM and DXE specific functions.

Specifically, dynamic PCD usage and gBS references have been moved to SMM
specific files.

The constructor functionality has been relocated to a common
implementation and is invoked from their respective entry points.

These changes lay the groundwork for supporting a Standalone MM-based
solution in the future.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: QemuFlashFvbServices: Introduce Standalone MM instance
f08aa51 
This update introduces the implementation of QemuFlashFvbServices to
support operation with Standalone MM backed platforms.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: MemEncryptSevLib: Add Null instance
7c36df5 
This change introduces a Null instance of MemEncryptSevLib to enable
platforms that do not have confidential compute support.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: MmPlatformHobProducerLibOvmf: Ovmf specific HOB creators for…
00b05f9 
… Stmm

This change introduces a platform specific HOB producor library to meet
the expectation of Standalone MM core.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: OvmfPkgX64: Platform changes for Standalone MM support
1710dd6 
This change adds a build flag in the platform DSC file to support
standalone MM build on OVMF platform.

The new standalone MM platform will not support S3 boot and thus no SMM
lock box related components are included.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: PlatformCI: Ovmf x64 platform with Standalone MM
d49b663 
This change expands the CI pipeline build to a new platform type with
Standalone MM support to ensure the incoming change works with Standalone
MM environment on x64 platforms.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@kuqin12
OvmfPkg: README: Add documentation for Standalone MM on OVMF
bd8c6ac 
This update introduces a new section in the README file, detailing the
design considerations of the recently onboarded Standalone MM platform in
OVMF.

The section is intended for future reference and should be revised
accordingly if updates to the Standalone MM framework render these
limitations obsolete.

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
@niruiyu niruiyu added the push Auto push patch series in PR if all checks pass label Jun 19, 2025
@mergify mergify bot merged commit e4e2969 into tianocore:master Jun 19, 2025
130 checks passed
@lgao4 lgao4 added the type:feature-request A new feature proposal label Aug 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bexcran bexcran bexcran left review comments

@niruiyu niruiyu niruiyu approved these changes

@ardbiesheuvel ardbiesheuvel Awaiting requested review from ardbiesheuvel

@jiaxinwu jiaxinwu Awaiting requested review from jiaxinwu

@jongwu jongwu Awaiting requested review from jongwu

@jyao1 jyao1 Awaiting requested review from jyao1

@mdroth mdroth Awaiting requested review from mdroth

@mxu9 mxu9 Awaiting requested review from mxu9

@ruleof2 ruleof2 Awaiting requested review from ruleof2

@samimujawar samimujawar Awaiting requested review from samimujawar

@td36 td36 Awaiting requested review from td36

@tlendacky tlendacky Awaiting requested review from tlendacky

@tperard tperard Awaiting requested review from tperard

+2 more reviewers

@sweeaun sweeaun sweeaun left review comments

@kraxel kraxel kraxel approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
push Auto push patch series in PR if all checks pass type:feature-request A new feature proposal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@kuqin12 @ardbiesheuvel @kraxel @niruiyu @sweeaun @bexcran @lgao4