Google Git
Sign in
android / device / linaro / bootloader / edk2 / refs/heads/android10-d4-s1-release / . / OvmfPkg / README
blob: 304e69fbe5456d57ae1e0d4bf95800b3a91b3793 [file] [log] [blame] [edit]
=== OVMF OVERVIEW ===
The Open Virtual Machine Firmware (OVMF) project aims
to support firmware for Virtual Machines using the edk2
code base. More information can be found at:
http://www.tianocore.org/ovmf/
=== STATUS ===
Current capabilities:
* IA32 and X64 architectures
* QEMU (0.10.0 or later)
- Video, keyboard, IDE, CD-ROM, serial
- Runs UEFI shell
- Optional NIC support. Requires QEMU (0.12.2 or later)
* UEFI Linux boots
* UEFI Windows 8 boots
* UEFI Windows 7 & Windows 2008 Server boot (see important notes below!)
=== FUTURE PLANS ===
* Test/Stabilize UEFI Self-Certification Tests (SCT) results
=== BUILDING OVMF ===
Pre-requisites:
* Build environment capable of build the edk2 MdeModulePkg.
* A properly configured ASL compiler:
- Intel ASL compiler: Available from http://www.acpica.org
- Microsoft ASL compiler: Available from http://www.acpi.info
* NASM: http://www.nasm.us/
Update Conf/target.txt ACTIVE_PLATFORM for OVMF:
PEI arch DXE arch UEFI interfaces
* OvmfPkg/OvmfPkgIa32.dsc IA32 IA32 IA32
* OvmfPkg/OvmfPkgIa32X64.dsc IA32 X64 X64
* OvmfPkg/OvmfPkgX64.dsc X64 X64 X64
Update Conf/target.txt TARGET_ARCH based on the .dsc file:
TARGET_ARCH
* OvmfPkg/OvmfPkgIa32.dsc IA32
* OvmfPkg/OvmfPkgIa32X64.dsc IA32 X64
* OvmfPkg/OvmfPkgX64.dsc X64
Following the edk2 build process, you will find the OVMF binaries
under the $WORKSPACE/Build/*/*/FV directory. The actual path will
depend on how your build is configured. You can expect to find
these binary outputs:
* OVMF.FD
- Please note! This filename has changed. Older releases used OVMF.Fv.
* OvmfVideo.rom
- This file is not built separately any longer, starting with svn r13520.
More information on building OVMF can be found at:
https://github.com/tianocore/tianocore.github.io/wiki/How%20to%20build%20OVMF
=== RUNNING OVMF on QEMU ===
* QEMU 0.12.2 or later is required.
* Be sure to use qemu-system-x86_64, if you are using and X64 firmware.
(qemu-system-x86_64 works for the IA32 firmware as well, of course.)
* Use OVMF for QEMU firmware (3 options available)
- Option 1: QEMU 1.6 or newer; Use QEMU -pflash parameter
* QEMU/OVMF will use emulated flash, and fully support UEFI variables
* Run qemu with: -pflash path/to/OVMF.fd
* Note that this option is required for running SecureBoot-enabled builds
(-D SECURE_BOOT_ENABLE).
- Option 2: Use QEMU -bios parameter
* Note that UEFI variables will be partially emulated, and non-volatile
variables may lose their contents after a reboot
* Run qemu with: -bios path/to/OVMF.fd
- Option 3: Use QEMU -L parameter
* Note that UEFI variables will be partially emulated, and non-volatile
variables may lose their contents after a reboot
* Either copy, rename or symlink OVMF.fd => bios.bin
* Use the QEMU -L parameter to specify the directory where the bios.bin
file is located.
* The EFI shell is built into OVMF builds at this time, so it should
run automatically if a UEFI boot application is not found on the
removable media.
* On Linux, newer version of QEMU may enable KVM feature, and this might
cause OVMF to fail to boot. The QEMU '-no-kvm' may allow OVMF to boot.
* Capturing OVMF debug messages on qemu:
- The default OVMF build writes debug messages to IO port 0x402. The
following qemu command line options save them in the file called
debug.log: '-debugcon file:debug.log -global isa-debugcon.iobase=0x402'.
- It is possible to revert to the original behavior, when debug messages were
written to the emulated serial port (potentially intermixing OVMF debug
output with UEFI serial console output). For this the
'-D DEBUG_ON_SERIAL_PORT' option has to be passed to the build command (see
the next section), and in order to capture the serial output qemu needs to
be started with eg. '-serial file:serial.log'.
- Debug messages fall into several categories. Logged vs. suppressed
categories are controlled at OVMF build time by the
'gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel' bitmask (an UINT32
value) in the selected .dsc file. Individual bits of this bitmask are
defined in <MdePkg/Include/Library/DebugLib.h>. One non-default bit (with
some performance impact) that is frequently set for debugging is 0x00400000
(DEBUG_VERBOSE).
- The RELEASE build target ('-b RELEASE' build option, see below) disables
all debug messages. The default build target is DEBUG.
=== Build Scripts ===
On systems with the bash shell you can use OvmfPkg/build.sh to simplify
building and running OVMF.
So, for example, to build + run OVMF X64:
$ OvmfPkg/build.sh -a X64
$ OvmfPkg/build.sh -a X64 qemu
And to run a 64-bit UEFI bootable ISO image:
$ OvmfPkg/build.sh -a X64 qemu -cdrom /path/to/disk-image.iso
To build a 32-bit OVMF without debug messages using GCC 4.5:
$ OvmfPkg/build.sh -a IA32 -b RELEASE -t GCC45
=== SMM support ===
Requirements:
* SMM support requires QEMU 2.5.
* The minimum required QEMU machine type is "pc-q35-2.5".
* SMM with KVM requires Linux 4.4 (host).
OVMF is capable of utilizing SMM if the underlying QEMU or KVM hypervisor
emulates SMM. SMM is put to use in the S3 suspend and resume infrastructure,
and in the UEFI variable driver stack. The purpose is (virtual) hardware
separation between the runtime guest OS and the firmware (OVMF), with the
intent to make Secure Boot actually secure, by preventing the runtime guest OS
from tampering with the variable store and S3 areas.
For SMM support, OVMF must be built with the "-D SMM_REQUIRE" option. The
resultant firmware binary will check if QEMU actually provides SMM emulation;
if it doesn't, then OVMF will log an error and trigger an assertion failure
during boot (even in RELEASE builds). Both the naming of the flag (SMM_REQUIRE,
instead of SMM_ENABLE), and this behavior are consistent with the goal
described above: this is supposed to be a security feature, and fallbacks are
not allowed. Similarly, a pflash-backed variable store is a requirement.
QEMU should be started with the options listed below (in addition to any other
guest-specific flags). The command line should be gradually composed from the
hints below. '\' is used to extend the command line to multiple lines, and '^'
can be used on Windows.
* QEMU binary and options specific to 32-bit guests:
$ qemu-system-i386 -cpu coreduo,-nx \
or
$ qemu-system-x86_64 -cpu <MODEL>,-lm,-nx \
* QEMU binary for running 64-bit guests (no particular options):
$ qemu-system-x86_64 \
* Flags common to all SMM scenarios (only the Q35 machine type is supported):
-machine q35,smm=on,accel=(tcg|kvm) \
-m ... \
-smp ... \
-global driver=cfi.pflash01,property=secure,value=on \
-drive if=pflash,format=raw,unit=0,file=OVMF_CODE.fd,readonly=on \
-drive if=pflash,format=raw,unit=1,file=copy_of_OVMF_VARS.fd \
* In order to disable S3, add:
-global ICH9-LPC.disable_s3=1 \
=== Network Support ===
OVMF provides a UEFI network stack by default. Its lowest level driver is the
NIC driver, higher levels are generic. In order to make DHCP, PXE Boot, and eg.
socket test utilities from the StdLib edk2 package work, (1) qemu has to be
configured to emulate a NIC, (2) a matching UEFI NIC driver must be available
when OVMF boots.
(If a NIC is configured for the virtual machine, and -- dependent on boot order
-- PXE booting is attempted, but no DHCP server responds to OVMF's DHCP
DISCOVER message at startup, the boot process may take approx. 3 seconds
longer.)
* For each NIC emulated by qemu, a GPLv2 licensed UEFI driver is available from
the iPXE project. The qemu source distribution, starting with version 1.5,
contains prebuilt binaries of these drivers (and of course allows one to
rebuild them from source as well). This is the recommended set of drivers.
* Use the qemu -netdev and -device options, or the legacy -net option, to
enable NIC support: <http://wiki.qemu.org/Documentation/Networking>.
* For a qemu >= 1.5 binary running *without* any "-M machine" option where
"machine" would identify a < qemu-1.5 configuration (for example: "-M
pc-i440fx-1.4" or "-M pc-0.13"), the iPXE drivers are automatically available
to and configured for OVMF in the default qemu installation.
* For a qemu binary in [0.13, 1.5), or a qemu >= 1.5 binary with an "-M
machine" option where "machine" selects a < qemu-1.5 configuration:
- download a >= 1.5.0-rc1 source tarball from <http://wiki.qemu.org/Download>,
- extract the following iPXE driver files from the tarball and install them
in a location that is accessible to qemu processes (this may depend on your
SELinux configuration, for example):
qemu-VERSION/pc-bios/efi-e1000.rom
qemu-VERSION/pc-bios/efi-ne2k_pci.rom
qemu-VERSION/pc-bios/efi-pcnet.rom
qemu-VERSION/pc-bios/efi-rtl8139.rom
qemu-VERSION/pc-bios/efi-virtio.rom
- extend the NIC's -device option on the qemu command line with a matching
"romfile=" optarg:
-device e1000,...,romfile=/full/path/to/efi-e1000.rom
-device ne2k_pci,...,romfile=/full/path/to/efi-ne2k_pci.rom
-device pcnet,...,romfile=/full/path/to/efi-pcnet.rom
-device rtl8139,...,romfile=/full/path/to/efi-rtl8139.rom
-device virtio-net-pci,...,romfile=/full/path/to/efi-virtio.rom
* Independently of the iPXE NIC drivers, the default OVMF build provides a
basic virtio-net driver, located in OvmfPkg/VirtioNetDxe.
* Also independently of the iPXE NIC drivers, Intel's proprietary E1000 NIC
driver (PROEFI) can be embedded in the OVMF image at build time:
- Download UEFI drivers for the e1000 NIC
- http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=17515&lang=eng
- Install the drivers into a directory called Intel3.5 in your WORKSPACE.
- Include the driver in OVMF during the build:
- Add "-D E1000_ENABLE" to your build command,
- For example: "build -D E1000_ENABLE".
* When a matching iPXE driver is configured for a NIC as described above, it
takes priority over other drivers that could possibly drive the card too:
| e1000 ne2k_pci pcnet rtl8139 virtio-net-pci
-------------+------------------------------------------------
iPXE | x x x x x
VirtioNetDxe | x
Intel PROEFI | x
=== OVMF Flash Layout ===
Like all current IA32/X64 system designs, OVMF's firmware
device (rom/flash) appears in QEMU's physical address space
just below 4GB (0x100000000).
The layout of the firmware device in memory looks like:
+--------------------------------------- 4GB (0x100000000)
| VTF0 (16-bit reset code) and OVMF SEC
| (SECFV)
+--------------------------------------- varies based on flash size
|
| Compressed main firmware image
| (FVMAIN_COMPACT)
|
+--------------------------------------- base + 0x20000
| Fault-tolerant write (FTW)
| Spare blocks (64KB/0x10000)
+--------------------------------------- base + 0x10000
| FTW Work block (4KB/0x1000)
+--------------------------------------- base + 0x0f000
| Event log area (4KB/0x1000)
+--------------------------------------- base + 0x0e000
| Non-volatile variable storage
| area (56KB/0xe000)
+--------------------------------------- base address
OVMF supports building a 1MB or a 2MB flash image. The base address for
a 1MB image in QEMU physical memory is 0xfff00000. The base address for
a 2MB image is 0xffe00000.
The code in SECFV locates FVMAIN_COMPACT, and decompresses the
main firmware (MAINFV) into RAM memory at address 0x800000. The
remaining OVMF firmware then uses this decompressed firmware
volume image.
=== UNIXGCC Debug ===
If you build with the UNIXGCC toolchain, then debugging will be disabled
due to larger image sizes being produced by the UNIXGCC toolchain. The
first choice recommendation is to use GCC44 or newer instead.
If you must use UNIXGCC, then you can override the build options for
particular libraries and modules in the .dsc to re-enable debugging
selectively. For example:
[Components]
OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf {
<BuildOptions>
GCC:*_*_*_CC_FLAGS = -UMDEPKG_NDEBUG
}
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf {
<BuildOptions>
GCC:*_*_*_CC_FLAGS = -UMDEPKG_NDEBUG
}
=== UEFI Windows 7 & Windows 2008 Server ===
* One of the '-vga std' and '-vga qxl' QEMU options should be used.
* Only one video mode, 1024x768x32, is supported at OS runtime.
* The '-vga qxl' QEMU option is recommended. After booting the installed
guest OS, select the video card in Device Manager, and upgrade its driver
to the QXL XDDM one. Download location:
<http://www.spice-space.org/download.html>, Guest | Windows binaries.
This enables further resolutions at OS runtime, and provides S3
(suspend/resume) capability.