Create virtual acpi table of tpm2 based on the raw data if the TPM2
device is presented and the passthrough tpm2 is enabled.
Refine the arguments of bin_gen.py. The --board and --scenario take the
path to the XMLs as the argument. The allocation.xml is needed for
bin_gen.py to generate tpm2 acpi table.
Refine the condition of tpm2_acpi_gen. The tpm2 device "MSFT0101" can be
present in device id or compatible_id(CID). Check both attributes and
child node of tpm2 device.
Tracked-On: #6320
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
If passthrough TPM2 is enabled and the log area is present, allocates
the log_area_start_address with the size log_area_minimum_length(256K).
Tracked-On: #6320
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Create python script tpm2 which parse the tpm2 acpi table datas. Add
this parsed data to the <device id="MSFT0101" description="TPM 2.0 Device"> of board.xml.
Tracked-On: #6320
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Relocate ACPI address to 0x7fe00000 and ACPI NVS to 0x7ff00000 correspondingly.
In this case, we could include TPM event log region [0x7ffb0000, 0x80000000)
into ACPI NVS.
Tracked-On: #6320
Signed-off-by: Fei Li <fei1.li@intel.com>
ACRN used to prepare the vTPM2 ACPI Table for pre-launched VM at the build stage
using config tools. This is OK if the TPM2 ACPI Table never changes. However,
TPM2 ACPI Table may be changed in some conditions: change BIOS configuration or
update BIOS.
This patch do TPM2 fixup to update the vTPM2 ACPI Table and TPM2 MMIO resource
configuration according to the physical TPM2 ACPI Table.
Tracked-On: #6366
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Signed-off-by: Fei Li <fei1.li@intel.com>
1. add a name field to indicate what the MMIO Device is.
2. add two more MMIO resource to the acrn_mmiodev data structure.
Tracked-On: #6366
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Signed-off-by: Fei Li <fei1.li@intel.com>
Update launch xml to use image to launch hard rt vm since
we changed the platforms from two disk to only one NVME disk.
Tracked-On: #6315
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Update lpc slot to origin value 1 from 31 because GOP driver has assumption
to config space layout of the device on 00:1f.0.
Tracked-On: #6340
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
ACRN could run without XSAVE Capability. So remove XSAVE dependence to support
more (hardware or virtual) platforms.
Tracked-On: #6287
Signed-off-by: Fei Li <fei1.li@intel.com>
Check whether condition is met before check whether time is out after iommu_read32.
This is because iommu_read32 would cause time out on some virtual platform in
spite of the current DMAR status meets the pre_condition.
Tracked-On: #6371
Signed-off-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
When a platform reboots or shuts down, the contents of RAM are not immediately
lost but begins to decay. During this period, there is a short timeframe during
which an attacker can turn the platform back on to boot into a program that
dumps the contents of memory (e.g., cold boot attacks). Encryption keys and
other secrets can be easily compromised through this method.
We already erasing the guest memory data when the guest is shut down normally.
However, if the guest is shut down abnormally, the contents of RAM may still
there. This patch mitigate this kind reset attack for a DM launched VM by
erasing the guest memory data by the guest has been created.
Tracked-On: #6061
Signed-off-by: Li Fei1 <fei1.li@intel.com>
If the MAX_MSIX_TABLE_NUM is specified in scenario.xml. Return the
largest number from count of MSI, table_size of MSIX or
MAX_MSIX_TABLE_NUM of scenario.xml.
Tracked-On: #6235
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Replace Kconfig related scheduler configuration with scenario XML
file configuration in tutorials because the Kconfig related files
have been removed in the other PR 6358.
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
The ACPI specification allows both assigning to buffers and indexing to a
certain byte of a buffer using the Index operator. This patch adds the
implementation of these two operations in the interpreter.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The PackageElementList builder takes variadic arguments, each of which is
an element of the package to be created, not a single argument being the
list of the elements. This patch fix the call to PackageElementList in
build_value() where the wrong type of argument was passed.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is typical in AML resource descriptors to have 0-length region
descriptors which are typically templates of resources that are not
assigned on the current platform. For such regions, the `base + length - 1`
formula does not calculate the max of the region properly.
This patch updates the resource descriptor parsers to use max = min when
the length of the region is 0.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
When parsing an AML object representing a host bridge, the current board
inspector may encounter the following issues:
1. The host DSDT may contain multiple host bridge instances, with some of
them not being present. In this case the _BBN of these instances may
evaluate to the same value that coincide with the bus assigned to an
existing host bridge, leading to multiple PCI bus nodes with the same
bus number and thus confusion in later information extraction phases.
2. Methods of a host bridge may refer to the PCI configuration space of
itself (which is typically Device 0, Function 0 under that
bus). However, such objects may not have an _ADR object as the bus
number is encoded by the _BBN object instead.
This patch fixes the issues above.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
If HV enable trigger #GP for uc-lock, and is about to emulate guest uc-lock
instructions, should trap guest #GP. Guest uc-lock instrucction trigger #GP,
cause vmexit for #GP, HV handle this vmexit and emulate uc-lock
instruction.
Tracked-On: #6299
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
This patch enables the interpretation of the following AML objects.
* OnesOp. A OnesOp object always evaluates to a 64-bit integer with all bits
set to 1. It is assumed that the host DSDT is always revision 2 or above,
which is typically the case on modern platforms.
* DefMatch. A DefMatch object evaluates to the index of the first
element (starting from a given index) in a package that matches the given
two predicates. If a match is not found, the constant Ones is returned.
* DefSizeOf. A DefSizeOf object evaluates to the byte length of a buffer, the
length of a string (without the terminating NUL character) or the number of
elements in a package.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
In commit e5ba06cbe8 ("board_inspector: a workaround to an incorrect
interpretation") a workaround is introduced to check the data type of
predicate operands. That commit assumes that both operands must be exactly
integers, which is not usually the case as operation fields or strings can
also be used in predicates.
This patch applies the following conversions on both operands when
evaluating a predicate:
1. Try converting both operands to integers
2. If either conversion in step 1 fails, try regarding both operands as
strings.
3. If either operand is not a string, return the default
result (i.e. False).
Fixes: e5ba06cbe8 ("board_inspector: a workaround to an incorrect interpretation")
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The method `enter_scope` of class `Context` is a reduced implementation of
`change_scope` which assumes that the given name is simply a NameSeg. This
method is currently only used when a new named scope is opened by a
DefDevice object for historical reasons.
As the other named-scope-opening objects all use `change_scope` which can
handle arbitrary NameString, this patch unifies the code by removing
`enter_scope` and replacing the only occurrence with `change_scope`. This
also resolves the parsing of AML templates in board XMLs where device names
can be more than a simple NameSeg.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
User could use make targz-pkg command to generate tar package in
build directory,which could help user simplify the process
of installing acrn hypervisor in target board. user need to copy the
tarball package to target board,and extract it to "/" directory.
Tracked-On: #6355
Signed-off-by: liu hang1 <hang1.liu@intel.com>
Reviewed-by: VanCutsem, Geoffroy <geoffroy.vancutsem@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
According to the specification, the _MAX of memory address space resource
descriptors may not necessarily be _MIN + _LEN - 1. Typically the resource
locates at the low end of the region specified by _MIN and _MAX. This patch
makes the ACPI extractor always calculating the end of a memory region
using _MIN and _LEN instead.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The current design of AML parsing, objects are first defined in the
namespace and later dropped if they are in a False branch. This leads to
incorrect interpretation of the AML code where:
1. A name T is defined in the root scope as an integer.
2. A method M in an inner scope S references T.
3. The name T is defined as a device, power resource or other named
objects in scope S under conditions where M will not be called.
As a workaround, check if both the left and right hand sides are integers
first. If either is not the case,
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The current vACPI image layout reserves 512 bytes for vDSDT. Given the fact
that the size of vDSDT of a pre-launched VM grows when more devices are
assigned to the VM, this size limit can be easily exceeded. As an example,
a single pass-through TSN NIC requires 291 bytes in vDSDT to define device
objects representing its PCS (Physical Coding Sublayer), which means the
current reserved space for vDSDT does not allow two TSN NICs to be assigned
to the same VM.
This patch enlarges the reserved space for vDSDT to 2432 bytes by moving
the MCFG and MADT spaces. 768 bytes are still reserved for MADT which
is sufficient to encode the LAPIC information for more than 64 vCPUs.
This patch is added in v2 of the series.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch generates vDSDT for pre-launched VMs based on the scenario
configuration and static allocation results. The vDSDT contains the
following objects.
* A device object representing the root PCI bus which has the same
location and name as the object in physical DSDT. This object contains
device identification objects such as _HID, _CID, _BBN and _UID, the
_CRS object encoding the bus numbers and PCI hole regions, and the _PRT
object encoding the routing from vPCI device pins to virtual interrupt
lines.
* For each pass-through device assigned to the VM, a device object is
created based on the AML template of that device in board XML (if
exists). The _ADR object is rewritten with the vBDF..
v1 -> v2:
* In order to replace the current static vDSDT, the AML templates in
board XMLs now include objects that are referenced by other devices as
well.
* When TPM is assigned, the corresponding device object in DSDT (if
exists) will be copied.
* Add the _S5 control method to vDSDT, as is done in the static DSDT
sources.
* The old vDSDT generation routine and the static DSDT sources it uses
are removed.
v2 -> v3:
* Only follow 'uses', 'is used by' or 'consumes resources by'
dependencies.
* Organize the device objects in vDSDT according to the scopes they are
in.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch allocates interrupt lines among VMs according to the PCI devices
assigned to them.
v1 -> v2:
* Remove the usage of VMx_PT_INTX_NUM macro in vm_configuration.c; use the
concrete numbers directly.
* The static allocator will also complain if any interrupt line is allocated to
a VM with LAPIC_PASSTHROUGH.
v2 -> v3:
* Fix a minor coding style issue.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is a common practice to parse PCI BDF in the static allocators. This
patch moves the BusDevFunc class (which is a named tuple encoding a BDF) to
lib.py and uses it for BDF parsing throughout the static allocators.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Customized environment variables are not inherited to child processes
created by the subprocess module. As a result the legacy board parser may
not be able to locate the prerequisite utilities if they can be found only
with the customized PATH.
This patch passes the PATH of cli.py to the legacy parser so that both
scripts use the same PATH to search for utilities.
This patch is added in v2 of the series.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
With a growing demand on host ACPI namespace for devices pass-through, it
is now important to parse the ACPI namespace when generating board
XMLs. This patch makes ACPI namespace parsing enabled by default by
replacing the `--advanced` option, which is designed to enable the parsing,
to `--basic` which disables it.
The option provides a reliable way to disable ACPI namespace parsing
completely in case the parsing blocks the generation of board XMLs, while
the ACPI namespace parser will gracefully stop without polluting the board
XML when it fails.
This patch is added in v2 of the patch series.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch updates the board inspector to collect the bits of physical and
linear addresses of the processors and generate this information to the
board XML for further uses at configuration phase.
Tracked-On: #6292
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is witnessed on some boards that the device status (as is reported by
the _STA object) returns 0 while the device object is still useful for
pass-through devices. The original implementation, however, assumes that
only a device is a non-zero status is useful as long as the _STA object
exists.
This patch makes this filtering disabled by default and adds a command-line
argument `--check-device-status` to enable this filtering. As disabled or
non-present devices can have empty resources, the sorting algorithm is
updated accordingly to gracefully handle such descriptors.
This patch is added in v3 of the series.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Occasionally buffer fields (which are typically integers) are converted to
hexadecimal strings for debugging purposes. This patch adds the conversion
to suppress interpretation errors of these debugging calls.
This patch is added in v3 of the series.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Servers typically have multiple peer host bridges that need to be scanned
separately. This patch extends the PCI information extractor to visit all
PCI host bridges by enumerating /sys/devices/pci* directories.
Tracked-On: #6292
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
While not allowed by ACPI specification, using a ConstObj (e.g. OneOp) as a
term in a TermList IS witnessed in the DSDT of some BIOS. This patch allows
ConstObj to act as a TermObj so that a TermList can contain a ConstObj as a
statement (which is essentially no-op).
This patch is added in v2 of the series.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is seen that the BAR in the PCI configuration space of a device can be
cleared when the device is put to D3. This patch resumes a device not in D0
before parsing its configuration space in order to collect accurate
information.
This patch is added in v2 of the series.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
AML allows devices defined in an ACPI namespace to have inter-dependency,
i.e. a method defined in one device can refer to objects in other
devices. While such inter-dependency is common in device manipulation
methods, device identification and configuration methods, such as _CRS, may
depend on other devices as well.
An example we have already met is a PCS (Physical Coding Sublayer) which
calculates resource descriptors by accessing the PCI configuration space of
the accompanying Ethernet controller. Without the ACPI object describing
the PCS, a driver of the Ethernet controller may refuse to initialize.
This patch adds a preliminary dependency analyzer to detect such
inter-device dependency. The analyzer walks through the reference chains of
an object, identifying whether the referenced objects are operation fields
of a device. Depending on the result of this analysis, the board XML is
refined as follows.
* When an object (probably a method) references such fields, the original
object definition in host DSDT/SSDTs will be copied in the AML template
so that they still work in VMs where the operation fields may be
virtualized. Such objects will be referred to as "copied objects"
hereinafter.
* The objects that are **directly** referenced by a copied object is
added in the AML template as well. Such objects still belong to devices
where they are originally defined in the host ACPI namespace. Their
definition, however, may be copied or replaced with constant values,
depending on the dependency analysis on these objects.
* Nodes with the "dependency" tag are added under "device" nodes in the
board XML, allowing the configuration tools to follow the device
dependency chain when generating vACPI tables. These nodes only
represent direct dependencies; indirect dependencies can be inferred by
following those direct ones.
The current implementation does not allow objects being added to AML
templates if they refer to any of the following.
* Global objects, i.e. objects not belonging to any device. Such objects
tend to encode system-wide information, such as the ACPI
NVS (Non-Volatile Storage) or its fields.
* Methods with parameters.
Objects with such references are thus being hidden from guest software,
just like how they are invisible in the current implementation.
This patch is added in v2 of the series.
v2 -> v3:
* Also collect dependencies due to providing or consuming resources.
* Refactor the dependency detection logic for clarity.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
GPIO and generic serial connection resources in ACPI resource descriptors
usually encode resource sources which are important in detecting
cross-device dependencies. This patch adds parsers for GPIO and generic
serial connection descriptors.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch adds AML template (in XML hexBinary format) for each device to
board XMLs. For now these templates contain the following objects if they
exists in the physical DSDT:
- Device identification objects: _ADR, _HID, _UID and _STR
- _CRS which encodes the current resources consumed by the device
- _STA which encodes the status of the device
An AML template is always a DefScope with a single DefDevice so that they
can be appended anywhere in the vDSDT.
v1 -> v2:
* Remove the temporary visitor that collects cross-device dependencies. Such
check will be replaced with another visitor introduced in the next patch.
v2 -> v3:
* The AML templates are now DefDevice objects with their names being the
full namepath. The vDSDT generator will take care of this and organize
the objects properly.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Object type codes are used to identify, as the name suggests, type of
objects. Typical object types in AML include integers, strings, methods,
devices, buffers, packages and operation regions. In DefExternal terms the
object type codes help specify the type of the external objects so that an
AML parser can parse the code without knowing the concrete definition of
these objects.
The per-device AML templates in board XMLs need DefExternal terms to
declare the objects in other devices, as these templates are meant to be
parsed and integrated separately. This patch adds a static method to object
declaration classes to make it easier to generate such DefExternal terms
for a given declaration.
A complete definition of object type codes can be found in section 19.6.96
of ACPI specification 6.4.
v1 -> v2:
* Remove the object_type of FieldDecl and OperationFieldDecl as 0x5 is
not a proper object type for buffer fields.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The current implementation of the ConditionallyUnregisterSymbolVisitor
exits upon visiting a DefMethod node without unregistering that method. As
a result, methods in False branches in DSDT/SSDTs are not removed from the
parsed namespace, which can lead to further confusions when these methods
are referenced (e.g. a _CRS method visited by the board inspector).
This patch fixes this by always visiting a DefMethod node but stops
traversing its children.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
/usr/share/pci.ids.gz is another typical path to the pci.ids file of the
lspci tool which is used in Yocto-based systems. This patch adds this path
as another candidate when searching for pci.ids. The builtin gzip module is
used to open this file.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Address space resource descriptors have an optional field to encode the
resource source, which is not commonly used when creating new resource
descriptors.
For modules which want to create a class to parse address space resource
descriptors without resource source, this patch sets the length of such
descriptors as the default value of the `_len` factory parameter so that
callers do not need to care about these lengths.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
With AML templates for devices in the board XML, the parser now needs to be able
to parse a stream as an arbitrary object. This patch adds the `parse_tree`
method to the acpiparser.aml.parser module for this purpose.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
In addition to the mandatory _HID (Hardware ID), the ACPI spec also defines
an optional _CID (Compatible ID) object for device identification.
This patch enhances the ACPI extractor by parsing the _CID objects of devices as
well.
Tracked-On: #6320
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is quite common to meet permissions errors when opening a specific
region of /dev/mem due to kernel configurations. This patch adds a bit more
logs on this for eaiser debugging.
Tracked-On: #6287
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Yang,Yu-chu