On 01/07/19 20:37, Ard Biesheuvel wrote:
> On Mon, 7 Jan 2019 at 20:21, Achin Gupta <[email protected]> wrote:
>> Could you please explain the need for End of DXE signalling and
>> the traditional SMM IPL. It is not obvious to me :o(
>>
>
> The point is that there are PI specified events that we are currently
> not signalling in standalone MM, so in that sense, we are not
> implementing the PI spec fully.
>
> Note that EndOfDxe is security sensitive - it is used as a trigger to
> lock down and/or secure stuff, and if it never get signalled,
> standalone MM drivers may falsely assume that the context is more
> secure than it is.
Yes, see PI 1.6, Vol2 ("DXE"), 5.1.2.1 "End of DXE Event".
(I won't quote the spec here, as I could quote the entire section; all
of it is relevant here.)
In my interpretation anyway, the MM infrastructure basically "trusts"
DXE until End-of-DXE is signaled. See also:
- 5.6 "DXE MM Ready to Lock Protocol",
- 4.6 "MM Ready to Lock Protocol",
in Vol4.
The kind of "early distrust" that Achin describes up-thread may be
well-founded, and it might obviate the above event groups. I'm not sure.
The concept is novel to me (after having struggled for months in ~2015
to wrap my brain around traditional SMM in the first place), so I'm
having trouble at reasoning about standalone MM.
Thanks,
Laszlo
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
