Changes since v3:
- Addressed all the comments from Liming Gao
- Added a AArch64 implementation of AsmLfence which is a wrapper for
MemoryFence. The changes in variable service driver in v3 of this
patchset that used MemoryFence instead of AsmLfence have been removed.
- Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe
library into MdePkg.
- Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and
added to in to MdePkg.
- Now with above changes, edk2 packages don't need to depend on
StandaloneMmPkg/StandaloneMmPkg.dec
- Addressed comments from Ting Ye
- Removed the hacks in the v3 version.
- Will relook into the “TimerWrapp.c” file and add a appropriate
implementation of this for MM Standalone mode code.
Changes since v2:
- Added 'Contributed-under' tag, removed Change-ID tag and
maintained a single signed-off-by for the all the patches.
Changes since v1:
- Addressed all the comments from Liming Gao
- Removed the use of #ifdef/#else/#endif and used a Pcd instead to
select between MM and non-MM paths.
- Removed all dependencies on edk2-platforms.
- Dropped the use of mMmst and used gSmst instead.
- Added a dummy implementation UefiRuntimeServiceTableLib for
MM_STANDALONE usage
- Replaced all uses of AsmLfence with MemoryFence from variable
service code.
- Add a new StandaloneMmRuntimeDxe library to for use by non-MM code.
This RFC patch series extends the existing secure variable service support for
use with Standalone MM. This is applicable to paltforms that use Standalone
Management Mode to protect access to non-volatile memory (NOR flash in case
of these patches) used to store the secure EFI variables.
The first patch pulls in additional libraries from the staging branch of
StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure variable
service implementation supports only the traditional MM mode and so the rest
of the patches extends the existing secure variable service support to be
useable with Standalone MM mode as well.
This patch series is being posted as an RFC to get feedback on the approach
taken
in these patches.
Jagadeesh Ujja (12):
StandaloneMmPkg: Pull in additonal libraries from staging branch
MdePkg: Add a PCD to enable secure storage of variables
MdePkg/Include: add StandaloneMmServicesTableLib header file
MdePkg/Library/BaseLib/AArch64: Add AsmLfence function
MdePkg/Library: Add StandaloneMmRuntimeDxe library
MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver
MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM
Standalone
MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver
MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this
library
ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver
SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this
library
CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this
library
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c
| 2 +-
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c
| 210 ++++-
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h
| 4 +-
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
| 3 +
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c
| 96 +--
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
| 76 ++
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
| 7 +-
CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
| 4 +
CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c
| 15 +-
MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
| 5 +-
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
| 1 +
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c
| 203 +++--
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
| 101 +++
MdeModulePkg/Universal/FaultTolerantWriteDxe/UpdateWorkingBlock.c
| 27 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
| 37 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
| 1 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
| 201 ++++-
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
| 31 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
| 3 +
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
| 132 ++++
MdePkg/Include/Library/BaseLib.h
| 10 +
MdePkg/Include/Library/StandaloneMmServicesTableLib.h
| 45 ++
MdePkg/Library/BaseLib/AArch64/AsmLfence.S
| 42 +
MdePkg/Library/BaseLib/AArch64/AsmLfence.asm
| 41 +
MdePkg/Library/BaseLib/BaseLib.inf
| 2 +
MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c
| 36 +
MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf
| 42 +
MdePkg/MdePkg.dec
| 5 +
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
| 5 +-
StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
| 2 +-
StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c
| 64 ++
StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c
| 655 ++++++++++++++++
StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
| 48 ++
StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.c
| 824 ++++++++++++++++++++
StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
| 45 ++
StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c
| 64 ++
StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
| 36 +
37 files changed, 2894 insertions(+), 231 deletions(-)
create mode 100644 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf
create mode 100644
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf
create mode 100644
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
create mode 100644 MdePkg/Include/Library/StandaloneMmServicesTableLib.h
create mode 100644 MdePkg/Library/BaseLib/AArch64/AsmLfence.S
create mode 100644 MdePkg/Library/BaseLib/AArch64/AsmLfence.asm
create mode 100644
MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c
create mode 100644
MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf
create mode 100644
StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c
create mode 100644
StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c
create mode 100644
StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
create mode 100644
StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.c
create mode 100644
StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
create mode 100644
StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c
create mode 100644
StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
--
2.7.4
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
