From a1e3ed0ff762575a4e13072dd4cad4106efb30cc Mon Sep 17 00:00:00 2001 From: yangxiangkai Date: Tue, 30 Dec 2025 01:09:59 +0800 Subject: [PATCH] ArmVirtPkg: Enhance isolation for CCA Signed-off-by: yangxiangkai --- ...ArmVirtPkg-Enhance-isolation-for-CCA.patch | 50 +++++++++++++++++++ edk2.spec | 8 ++- 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 0133-ArmVirtPkg-Enhance-isolation-for-CCA.patch diff --git a/0133-ArmVirtPkg-Enhance-isolation-for-CCA.patch b/0133-ArmVirtPkg-Enhance-isolation-for-CCA.patch new file mode 100644 index 0000000..eea949a --- /dev/null +++ b/0133-ArmVirtPkg-Enhance-isolation-for-CCA.patch @@ -0,0 +1,50 @@ +From 52af114b31f6824f01f4ae8200f753778f8a3157 Mon Sep 17 00:00:00 2001 +From: yxk +Date: Mon, 29 Dec 2025 22:28:23 +0800 +Subject: [PATCH] ArmVirtPkg/ArmCcaLib: Fix cannot simulate and boot ARM + architecture VMs on x86 physical machines. + +Signed-off-by: yangxiangkai@huawei.com +--- + ArmPkg/Include/Chipset/AArch64.h | 1 + + ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/ArmPkg/Include/Chipset/AArch64.h b/ArmPkg/Include/Chipset/AArch64.h +index 690433f6..a6e7735c 100644 +--- a/ArmPkg/Include/Chipset/AArch64.h ++++ b/ArmPkg/Include/Chipset/AArch64.h +@@ -25,6 +25,7 @@ + #define AARCH64_CPTR_TFP (1 << 10) + + // ID_AA64PFR0 - AArch64 Processor Feature Register 0 definitions ++#define AARCH64_PFR0_EL3 (0xF << 12) + #define AARCH64_PFR0_FP (0xF << 16) + #define AARCH64_PFR0_GIC (0xF << 24) + +diff --git a/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c b/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c +index 561a4148..29533dc8 100644 +--- a/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c ++++ b/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + + /** + Check if running in a Realm. +@@ -38,6 +39,10 @@ IsRealm ( + UINT32 UefiImpl; + UINT32 RmmImpl; + ++ if ((ArmReadIdAA64Pfr0 () & AARCH64_PFR0_EL3) == 0) { ++ return FALSE; ++ } ++ + Status = RsiGetVersion ( + &UefiImpl, + &RmmImpl +-- +2.43.0 + diff --git a/edk2.spec b/edk2.spec index 79899e1..2cd4bd2 100644 --- a/edk2.spec +++ b/edk2.spec @@ -7,7 +7,7 @@ Name: edk2 Version: %{stable_date} -Release: 29 +Release: 30 Summary: EFI Development Kit II License: BSD-2-Clause-Patent and OpenSSL and MIT URL: https://github.com/tianocore/edk2 @@ -209,6 +209,9 @@ patch130:0130-MdeModulePkg-Add-support-for-EINJ-table-generation.patch patch131:0131-OvmfPkg-RiscVVirt-Enable-HEST-generation-support.patch patch132:0132-OvmfPkg-RiscVVirt-Enable-APEI-EINJ-table-generation.patch +# Enhance isolation for CCA. +patch133:0133-ArmVirtPkg-Enhance-isolation-for-CCA.patch + BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl %ifarch x86_64 @@ -520,6 +523,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys %endif %changelog +* Mon Dec 29 2025 yangxiangkai - 202308-30 +- ArmVirtPkg Enhance isolation for CCA + * Tue Dec 2 2025 liuqingtao - 202308-29 - Add AcpiErrorInjectionTableDxe and AcpiHardwareErrorTableDxe Support for OS RAS SSE validation -- Gitee