DxeMemoryProtectionHobLib and MmMemoryProtectionHobLib will fetch the memory protection settings HOB entry for their respective phase, validate the settings, and populate a global for access.
Memory protection settings are currently dictated via FixedAtBuild PCDs where the settings needed to be masked. A future patch series will replace instances of checking the PCDs with checks to the memory protection globals populated by MemoryProtectionHobLib. Signed-off-by: Taylor Beebe <t...@taylorbeebe.com> Cc: Jian J Wang <jian.j.w...@intel.com> Cc: Liming Gao <gaolim...@byosoft.com.cn> Cc: Dandan Bi <dandan...@intel.com> --- MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c | 33 ++++++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c | 33 ++++++++++++++++++ MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h | 36 ++++++++++++++++++++ MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h | 36 ++++++++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf | 25 ++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf | 26 ++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 8 +++++ MdeModulePkg/MdeModulePkg.dsc | 8 +++++ 8 files changed, 205 insertions(+) diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c new file mode 100644 index 000000000000..4f0191d04974 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c @@ -0,0 +1,33 @@ +/** @file +Library defines the gDxeMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include <Uefi.h> +#include <Library/DxeMemoryProtectionHobLib.h> + +// According to the C Specification, a global variable +// which is uninitialized will be zero. The net effect +// is memory protections will be OFF. +DXE_MEMORY_PROTECTION_SETTINGS gDxeMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPES bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GUARD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_GUARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetDxeMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ) +{ + return FALSE; +} diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c new file mode 100644 index 000000000000..c62c9d772063 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c @@ -0,0 +1,33 @@ +/** @file +Library defines the gMmMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include <Uefi.h> +#include <Library/MmMemoryProtectionHobLib.h> + +// According to the C Specification, a global variable +// which is uninitialized will be zero. The net effect +// is memory protections will be OFF. +MM_MEMORY_PROTECTION_SETTINGS gMmMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUARD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GUARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetMmMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ) +{ + return FALSE; +} diff --git a/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h new file mode 100644 index 000000000000..4f49a00a8683 --- /dev/null +++ b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h @@ -0,0 +1,36 @@ +/** @file + +Library for controlling hob-backed memory protection settings + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ +#define DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ + +#include <Guid/DxeMemoryProtectionSettings.h> + +// +// The global used to access current Memory Protection Settings +// +extern DXE_MEMORY_PROTECTION_SETTINGS gDxeMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPES bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GUARD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_GUARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetDxeMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ); + +#endif diff --git a/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h new file mode 100644 index 000000000000..efeaa9fd55aa --- /dev/null +++ b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h @@ -0,0 +1,36 @@ +/** @file + +Library for controlling hob-backed memory protection settings + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ +#define MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ + +#include <Guid/MmMemoryProtectionSettings.h> + +// +// The global used to access current Memory Protection Settings +// +extern MM_MEMORY_PROTECTION_SETTINGS gMmMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUARD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GUARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetMmMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ); + +#endif diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf new file mode 100644 index 000000000000..6a3166a23b46 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf @@ -0,0 +1,25 @@ +## @file +# NULL library which defines gDxeMps +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeMemoryProtectionHobLibNull + FILE_GUID = a35c1dc1-0769-421b-a8bc-9db69fae4334 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = DxeMemoryProtectionHobLib + +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + DxeMemoryProtectionHobLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf new file mode 100644 index 000000000000..61f50921ee04 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf @@ -0,0 +1,26 @@ +## @file +# NULL library which defines gMmMps +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MmMemoryProtectionHobLibNull + FILE_GUID = 4e3f6fd9-4ab5-4911-b80b-009d3338b4b2 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = MmMemoryProtectionHobLib + +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + MmMemoryProtectionHobLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 89001f217ed1..50dae9180d2b 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -164,6 +164,14 @@ [LibraryClasses] # VariableFlashInfoLib|Include/Library/VariableFlashInfoLib.h + ## @libraryclass Provides a way to toggle DXE memory protection settings + # + DxeMemoryProtectionHobLib|Include/Library/DxeMemoryProtectionHobLib.h + + ## @libraryclass Provides a way to toggle SMM memory protection settings + # + MmMemoryProtectionHobLib|Include/Library/MmMemoryProtectionHobLib.h + [Guids] ## MdeModule package token space guid # Include/Guid/MdeModulePkgTokenSpace.h diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 5b1f50e9c084..ab6848dc934b 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -107,6 +107,12 @@ [LibraryClasses] VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, LibraryClasses.common.UEFI_APPLICATION] + DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf + +[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE] + MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf + [LibraryClasses.EBC.PEIM] IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf @@ -231,6 +237,8 @@ [Components] MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf + MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf -- 2.36.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105988): https://edk2.groups.io/g/devel/message/105988 Mute This Topic: https://groups.io/mt/99437080/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-