Open philipandag opened 3 months ago
The code to configure DMA protection is not wired up on soc/intel/meteorlake
Most likely just need to apply https://review.coreboot.org/c/coreboot/+/68450 but for meteorlake and that should be enough
I am applying the patch here: https://github.com/Dasharo/coreboot/pull/553. We need the Intel FSP to compile and test it on the target platform though.
After applying the patch cbmem -l
shows
[ERROR] VT-d PMR HOB not found, not enabling DMA protection
The test passes on V560TNE with v0.9.1-rc4.
Not working on V540TND with v0.9.1-rc5
ubuntu@3mdeb:~$ grep -i "vt-d" cbmem-dma-enabled.log
[DEBUG] VT-d @ 0xfc801000, version 7.0
[ERROR] VT-d PMR HOB not found, not enabling DMA protection
Issue still present in v0.9.1-rc6. cbmem-dma-enabled.txt
Issue still present in v0.9.1-rc7.
cbmem-dma-enabled.txt
@SebastianCzapla The option was supposed to be hidden, how are you testing if it's not visible?
You are right, it is not visible in the security options. I misread other option for it, my bad.
Component
Dasharo firmware
Device
NovaCustom V54 14th Gen
Dasharo version
v0.9.1-rc1
Dasharo Tools Suite version
No response
Test case ID
EDP001.001
Brief summary
Early DMA protection check using cbmem fail
How reproducible
100% in two retries
How to reproduce
Do the EDP001.001 test manually
sudo ./cbmem -1
Expected behavior
output should contain: [DEBUG] VT-d @ 0xfed91000, version 5.0 [INFO ] Setting DMA protection [0x0 - 0x46c00000] [INFO ] Setting DMA protection [0x100000000 - 0x00000008afc00000] [INFO ] Successfully enabled VT-d PMR DMA protection
Actual behavior
Screenshots
No response
Additional context
No response
Solutions you've tried
No response