[edk2-devel] [PATCH v5 28/28] MdeModulePkg: Delete Memory Protection PCDs

Now that the transition to use SetMemoryProtectionsLib and GetMemoryProtectionsLib is complete, delete the memory protection PCDs to avoid confusing the interface. All memory protection settings will now be set and consumed via the libraries. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc:

[edk2-devel] [PATCH v5 24/28] ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib

Set the memory protections on Arm virtual platforms. Because the QemuFg parser is not currently available in ArmVirtPkg, use the GrubCompat profile by default. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Sami Mujawar Cc: Gerd Hoffmann ---

[edk2-devel] [PATCH v5 27/28] ArmVirtPkg: Delete Memory Protection PCDs

Now that the transition to use SetMemoryProtectionsLib and GetMemoryProtectionsLib is complete, delete the memory protection PCDs to avoid confusing the interface. All memory protection settings will now be set and consumed via the libraries. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc:

[edk2-devel] [PATCH v5 26/28] OvmfPkg: Delete Memory Protection PCDs

Now that the transition to use SetMemoryProtectionsLib and GetMemoryProtectionsLib is complete, delete the memory protection PCDs to avoid confusing the interface. All memory protection settings will now be set and consumed via the libraries. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc:

[edk2-devel] [PATCH v5 25/28] MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib

Now that the transition to use SetMemoryProtectionsLib and GetMemoryProtectionsLib is complete, delete the PCD profile to avoid confusing the interface. All memory protection settings will now be set and consumed via the libraries. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao ---

[edk2-devel] [PATCH v5 22/28] OvmfPkg: Add MemoryProtectionConfigLib

MemoryProtectionConfigLib enables parsing the fw_cfg for the memory protection profile. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann --- OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c | 118

[edk2-devel] [PATCH v5 23/28] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg

Now that the EDK2 tree uses GetMemoryProtectionsLib to query the platform memory protection settings, OvmfPkg can be updated to use QemuCfg to set the entire memory protection profile instead of just SetNxForStack. For example, the following will set the DXE memory protection to the RELEASE

[edk2-devel] [PATCH v5 21/28] OvmfPkg: Add QemuFwCfgParseString to QemuFwCfgSimpleParserLib

QemuFwCfgParseString allows reading strings from the fw_cfg file. This function is needed for parsing the memory protection profile name. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann ---

[edk2-devel] [PATCH v5 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib

Now that the EDK2 tree uses GetMemoryProtectionsLib to query the platform memory protection settings, we can add additional profiles to SetMemoryProtectionsLib to give plaforms more options for setting memory protections. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao ---

[edk2-devel] [PATCH v5 19/28] MdeModulePkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs

Replace references to the memory protection PCDs to instead check the platform protections via GetMemoryProtectionsLib. Because the protection profile is equivalent to the PCD settings, this updated does not cause a torn state. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc:

[edk2-devel] [PATCH v5 17/28] OvmfPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs

Replace references to the memory protection PCDs to instead check the platform protections via GetMemoryProtectionsLib. Because the protection profile is equivalent to the PCD settings, this updated does not cause a torn state. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Jiewen Yao Cc:

[edk2-devel] [PATCH v5 18/28] UefiCpuPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs

Replace references to the memory protection PCDs to instead check the platform protections via GetMemoryProtectionsLib. Because the protection profile is equivalent to the PCD settings, this updated does not cause a torn state. Signed-off-by: Taylor Beebe Cc: Eric Dong Cc: Ray Ni Cc: Rahul

[edk2-devel] [PATCH v5 15/28] ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs

Replace references to the memory protection PCDs to instead check the platform protections via GetMemoryProtectionsLib. Signed-off-by: Taylor Beebe Cc: Leif Lindholm Cc: Ard Biesheuvel Cc: Sami Mujawar --- ArmPkg/Drivers/CpuDxe/CpuDxe.c | 5 ++--- ArmPkg/ArmPkg.dsc| 1 +

[edk2-devel] [PATCH v5 14/28] MdeModulePkg: Update DXE Handoff to use SetMemoryProtectionsLib

Update the DXE handoff logic in MdeModulePkg to use SetMemoryProtectionsLib to fetch the platform memory protection settings and reference them when creating the page tables. Because the protection profile is equivalent to the PCD settings even when the platform does not explicitly set a profile,

[edk2-devel] [PATCH v5 16/28] EmulatorPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs

Replace references to the memory protection PCDs to instead check the platform protections via GetMemoryProtectionsLib. Because the protection profile is equivalent to the PCD settings, this updated does not cause a torn state. Signed-off-by: Taylor Beebe Cc: Andrew Fish Cc: Ray Ni ---

[edk2-devel] [PATCH v5 13/28] UefiPayloadPkg: Update DXE Handoff to use SetMemoryProtectionsLib

Update the DXE handoff logic in UefiPayloadPkg to use SetMemoryProtectionsLib to fetch the platform memory protection settings and reference them when creating the page tables. Because the protection profile is equivalent to the PCD settings even when the platform does not explicitly set a

[edk2-devel] [PATCH v5 07/28] MdeModulePkg: Check Print Level Before Dumping GCD Memory Map

When page/pool protections are active, the GCD sync process takes quite a bit longer than normal. This behavior is primarily due to a function which dumps the GCD memory map to the console. This dump function runs only on DEBUG builds but will iterate through the GCD memory map dozens of times

[edk2-devel] [PATCH v5 12/28] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib

This patch updates the DXE Handoff in PEI-less Startup to use SetMemoryProtectionsLib to get the platform memory protection settings and build the page tables based on the applied protections. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann

[edk2-devel] [PATCH v5 11/28] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib

Use SetMemoryProtectionsLib to set the memory protections for the platform in both normal and PEI-less boot. The protections set are equivalent to the PCD settings and the ability to set NxForStack via QemuCfg is preserved. Once the transition to use SetMemoryProtectionsLib and

[edk2-devel] [PATCH v5 10/28] OvmfPkg: Add Memory Protection Library Definitions to Platforms

Add library classes for SetMemoryProtectionsLib and GetMemoryProtectionsLib to OvmfPkg platfomrs. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Rebecca Cran Cc: Peter Grehan Cc: Corvin Köhne Cc: Jianyong Wu Cc: Anatol Belski Cc:

[edk2-devel] [PATCH v5 09/28] ArmVirtPkg: Add Memory Protection Library Definitions to Platforms

Add library classes for SetMemoryProtectionsLib and GetMemoryProtectionsLib to ArmVirtPkg. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Leif Lindholm Cc: Sami Mujawar Cc: Gerd Hoffmann Cc: Julien Grall --- ArmVirtPkg/ArmVirt.dsc.inc | 6 ++ 1 file changed, 6 insertions(+) diff

[edk2-devel] [PATCH v5 08/28] UefiCpuPkg: Always Set Stack Guard in MpPei Init

Memory protection is not set in PEI and ingested during and after DXE handoff. This paradigm means that the platform cannot reliably query the stack guard setting during MpInit. Because the execution path of PEI consistent and no third party code is executed, setting the stack guard in MpInit on

[edk2-devel] [PATCH v5 05/28] MdeModulePkg: Copy PEI PCD Database Into New Buffer

HOB memory should not be written to in DXE phase. This patch copies the PCD database from PEI into a new buffer so updates to dynamic PCDs don't write to HOB memory. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi --- MdeModulePkg/Universal/PCD/Dxe/Service.c | 6

[edk2-devel] [PATCH v5 04/28] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib

The SetMemoryProtectionsLib implementation has functionality for setting protections based on a preset profile or a custom DXE/MM profile passed in by the caller. The implementation also supports locking the protections (tracked via an extra boolean stored in the HOB entry) which prevents the

[edk2-devel] [PATCH v5 06/28] MdeModulePkg: Apply Protections to the HOB List

Because the platform memory protection settings will be stored in the HOB, the HOB list should be marked read-only and non-executable as soon as possible in boot. This patch page-aligns the allocated HOB list in DXE and marks it RO/NX during memory protection initialization. Signed-off-by:

[edk2-devel] [PATCH v5 03/28] MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib

The NULL instances for GetMemoryProtectionsLib and SetMemoryProtectionsLib just zero out the memory protections structure effectively disabling memory protections. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao ---

[edk2-devel] [PATCH v5 00/28] Implement Dynamic Memory Protection Settings

Reference: https://github.com/tianocore/edk2/pull/4895 v5: - Add a GrubCompat profile to SetMemoryProtectionsLib for compatibliity with older grub versions. This profile is now the default for ArmVirtPkg and OvmfPkg. -Add a FixedAtBuild PCD to ArmVirtPkg which is used to determine the memory

[edk2-devel] [PATCH v5 01/28] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions

These headers provide settings definitions for memory protections, settings profiles for easily enabling memory protections, and the GUIDs used for producing the memory protection HOB entry. The settings options are functionally 1:1 with the existing PCD bitfield definitions. Instead of setting a

[edk2-devel] [PATCH v5 02/28] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib

SetMemoryProtectionsLib is a PEIM which allows platforms to apply memory protection settings to the current boot. GetMemoryProtectionsLib has DXE and MM implementations to allow platforms to query the current memory protection settings via a global variable populated by the library

[edk2-devel] Event: Tools, CI, Code base construction meeting series - Monday, October 9, 2023 #cal-reminder

*Reminder: Tools, CI, Code base construction meeting series* *When:* Monday, October 9, 2023 4:30pm to 5:30pm (UTC-07:00) America/Los Angeles *Where:*

Re: [edk2-devel] [PATCH v4 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib

I appreciate the suggestions on how to add PEI fw_cfg parsing support -- it should speed up the investigation/implementation. The focus of this series is a more-or-less lateral update from the PCDs to the new interface, and even then this transitional series has grown quite long and still

Re: 回复: [edk2-devel] [PATCH v4 00/14] Add ImagePropertiesRecordLib and Fix MAT Bugs

On 10/6/2023 10:57 PM, gaoliming via groups.io wrote: Taylor: I agree to add new ImagePropertiesRecordLib library for DxeCore and SmmCore. The impact is that platform needs to update their DSC with new library. Frankly, I have not understood MAT code in detail. So, I have no comments on

[edk2-devel] ACPI table generators and ConfigurationManagerProtocol

Can someone point me to documentation on how to use ACPI table generators and ConfigurationManagerProtocol? And tell which of platforms is a good example of using those? From first look it seems like using ACPI table generators may allow to simplify code by not creating tables by hand (or in

[edk2-devel] [PATCH 2/9] ArmVirtPkg/Fdt16550SerialPortHookLib: rebase to FdtSerialPortAddressLib

This is only a refactoring; the patch is not supposed to cause any observable change. Build-tested only (with "ArmVirtKvmTool.dsc"). Cc: Ard Biesheuvel Cc: Gerd Hoffmann Cc: Leif Lindholm Cc: Sami Mujawar Signed-off-by: Laszlo Ersek ---

[edk2-devel] [PATCH 7/9] ArmVirtPkg: introduce DebugLibFdtPL011Uart RAM instance

Introduce three new DebugLib instances, forked from MdePkg/Library/BaseDebugLibSerialPort. All three instances rely on PL011UartLib rather than SerialPortLib so that they can customize the PL011 UART that the debug messages are written to. All three instances direct the debug output to the first

[edk2-devel] [PATCH 8/9] ArmVirtPkg: introduce DebugLibFdtPL011Uart DXE Runtime instance

Introduce three new DebugLib instances, forked from MdePkg/Library/BaseDebugLibSerialPort. All three instances rely on PL011UartLib rather than SerialPortLib so that they can customize the PL011 UART that the debug messages are written to. All three instances direct the debug output to the first

[edk2-devel] [PATCH 9/9] ArmVirtPkg: steer DebugLib output away from SerialPortLib+console traffic

For the RELEASE target, all ArmVirtPkg DSCs inherit BaseDebugLibNull from "ArmVirt.dsc.inc"; keep that. For NOOPT and DEBUG: - switch the lib class resolution pair (BaseDebugLibSerialPort + FdtPL011SerialPortLib) that is set as the default for all module types in "ArmVirt.dsc.inc" to

[edk2-devel] [PATCH 4/9] ArmVirtPkg: adhere to the serial port selected by /chosen "stdout-path"

Convert both EarlyFdtPL011SerialPortLib and PlatformPeiLib at the same time to clients of FdtSerialPortAddressLib (so that both "early" and "late" serial output continue going to a common serial port). If the device tree specifies just one serial port, this conversion makes no difference, but if

[edk2-devel] [PATCH 6/9] ArmVirtPkg: introduce DebugLibFdtPL011Uart Flash instance

Introduce three new DebugLib instances, forked from MdePkg/Library/BaseDebugLibSerialPort. All three instances rely on PL011UartLib rather than SerialPortLib so that they can customize the PL011 UART that the debug messages are written to. All three instances direct the debug output to the first

[edk2-devel] [PATCH 0/9] ArmVirtPkg: support two PL011 UARTs

This ArmVirtPkg series can be fetched from: repo: https://pagure.io/lersek/edk2.git branch: armvirt-dual-serial @ 65ee08413595 The series does the following: - It centralizes (and cleans up) two FDT parsing actions, namely looking up all serial ports, and looking up the /chosen

[edk2-devel] [PATCH 3/9] ArmVirtPkg: adjust whitespace in block scope declarations

I strongly dislike when *small* local variable declaration changes are muddled by whitespace changes. When that happens, a reviewer can choose from two suboptimal options: display the patch with "git show -b", which creates confusion in *other* parts of the patch, or display the patch with just

[edk2-devel] [PATCH 5/9] ArmVirtPkg: store separate console and debug PL011 addresses in GUID HOB

PlatformPeiLib produces the EarlyPL011BaseAddress GUID HOB, and FdtPL011SerialPortLib consumes it. Extend the HOB such that it also carry the base address of the PL011 UART meant for DebugLib usage -- namely the first UART that is *not* designated by the /chosen node's "stdout-path" property.

[edk2-devel] [PATCH 1/9] ArmVirtPkg: introduce FdtSerialPortAddressLib

Introduce a new library class + instance for: - collecting serial port base addresses from the device tree, - collecting the /chosen stdout-path serial port base address from the device tree. The logic is loosely based on the following functions: - SerialPortGetBaseAddress()

Re: [edk2-devel] [PATCH v2 1/1] CryptoPkg/TlsLib: fix tls cipher configuration

On 10/7/23 16:32, Li, Yi wrote: > Sorry for delayed response due to PRC holiday. > This is a pretty good solution, I also ran some basic HTTPSBOOT and EAP-TLS > test cases, and all passed. > > Reviewed-by: Yi Li Merged as commit 4ddd8ac3a29d via .

Re: [edk2-devel] [PATCH 0/2] MdeModulePkg: small improvements to UsbNetwork

On Thu, Aug 31, 2023 at 3:32 PM Rebecca Cran wrote: > > On 8/29/2023 8:05 PM, Richard Ho (何明忠) wrote: > > Hi Rebecca, > > > > We have tried the patch. It works on my device. > > I think it could be add it into UsbNetwork source. Do you think? > > I agree, it looks good. > > Reviewed-by: Rebecca

Re: [edk2-devel] [PATCH 1/1] ArmVirtPkg/FdtPL011SerialPortLib: initialize implicitly

On 10/6/23 19:08, Ard Biesheuvel wrote: > On Mon, 2 Oct 2023 at 16:47, Laszlo Ersek wrote: >> >> On 9/30/23 23:23, Laszlo Ersek wrote: >>> FdtPL011SerialPortLib claims that it's usable from the DXE_CORE. That's >>> not correct: the DXE_CORE calls DEBUG() and ASSERT() before it calls >>>

Re: [edk2-devel] another broken PR

On 10/7/23 13:33, Ard Biesheuvel wrote: > On Sat, 7 Oct 2023 at 02:26, Michael Kubacki > wrote: >> >> On 10/6/2023 8:18 PM, Michael Kubacki wrote: >>> On 10/6/2023 7:17 PM, Michael Kubacki wrote: https://edk2.groups.io/g/devel/message/109370 >>> I am planning to quickly merge that