create a
lib instance to get config from Hob.
Thank you
Yao Jiewen
-Original Message-
From: Taylor Beebe
Sent: Friday, July 30, 2021 10:07 AM
To: Yao, Jiewen ; Wang, Jian J
;
devel@edk2.groups.io
Cc: spbro...@outlook.com; Dong, Eric ; Ni, Ray
; Kumar, Rahul1 ;
mikub...@linux.microsoft.c
.
Is there any sample or POC code to show the concept?
-Original Message-
From: Taylor Beebe
Sent: Friday, July 30, 2021 9:55 AM
To: Wang, Jian J ; devel@edk2.groups.io
Cc: spbro...@outlook.com; Dong, Eric ; Ni, Ray
; Kumar, Rahul1 ;
mikub...@linux.microsoft.com; Wu, Hao A ; Bi, Dandan
; gaolim
by the changes. According to your
description, it allows 3rd party software to violate memory protection policy.
I'd like to see more explanations on how to avoid it to be exploited.
+Jiewen, what's current process to evaluate the security threat?
Regards,
Jian
-Original Message-
From: Taylor Beebe
Note: I'll be accepting feedback on this until Friday after which I will
submit a patch series.
On 7/22/2021 5:32 PM, Taylor Beebe via groups.io wrote:
Current memory protection settings rely on FixedAtBuild PCD values
(minus PcdSetNxForStack). Because of this, the memory protection
such as Standalone MM where dynamic PCDs are not accessible.
I am seeking your feedback on this proposal in preparation for sending
an edk2 patch series.
--
Taylor Beebe
Software Engineer @ Microsoft
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online
Here's a git-patch so you can easily fix it:
---
OvmfPkg/IoMmuDxe/IoMmuBuffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
index 2764c35044ac..d66763263784 100644
--- a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
+++
Can I please get reviews/feedback on this patch series?
On 8/16/23 11:14 AM, Taylor Beebe via groups.io wrote:
Can I please get reviews/feedback on this patch series?
On 8/4/2023 12:46 PM, Taylor Beebe via groups.io wrote:
From: Taylor Beebe
v4:
- Expose additional functions in the Library
On 8/29/23 4:17 AM, Gerd Hoffmann wrote:
Hi,
- SetDxeMemoryProtectionSettings (,
DxeMemoryProtectionSettingsPcd);
- SetMmMemoryProtectionSettings (, MmMemoryProtectionSettingsPcd);
+ Status = QemuFwCfgParseString (DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE,
, String);
+ if (!EFI_ERROR
On 8/29/23 3:46 AM, Gerd Hoffmann wrote:
--- a/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h
+++ b/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h
@@ -17,6 +17,10 @@ typedef struct {
} DXE_MEMORY_PROTECTION_PROFILES;
typedef enum {
+ DxeMemoryProtectionSettingsDebug
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc
Now that the EDK2 tree uses GetMemoryProtectionsLib to query
the platform memory protection settings, we can add additional
profiles to SetMemoryProtectionsLib to give plaforms more options
for setting memory protections.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
and
MM_MEMORY_PROTECTION_PROFILE=release are equivalent to the above
examples.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
Cc: Rebecca Cran
Cc: Peter Grehan
Cc: Corvin Köhne
---
.../PeilessStartupLib/PeilessStartup.c| 60
Set the memory protections on Arm virtual platforms. Because
the QemuFg parser is not currently available in ArmVirtPkg, use
the RELEASE profile by default.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
---
ArmVirtPkg/MemoryInitPei
Now that the transition to use SetMemoryProtectionsLib and
GetMemoryProtectionsLib is complete, delete the PCD profile
to avoid confusing the interface. All memory protection settings
will now be set and consumed via the libraries.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Now that the transition to use SetMemoryProtectionsLib and
GetMemoryProtectionsLib is complete, delete the memory protection PCDs
to avoid confusing the interface. All memory protection settings
will now be set and consumed via the libraries.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc
on every
boot should be fine.
Signed-off-by: Taylor Beebe
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
---
UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 +++-
UefiCpuPkg/CpuMpPei/CpuPaging.c | 16
UefiCpuPkg/CpuMpPei/CpuMpPei.h | 3 ++-
UefiCpuPkg/CpuMpPei
Add library classes for SetMemoryProtectionsLib and
GetMemoryProtectionsLib to ArmVirtPkg.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Cc: Julien Grall
---
ArmVirtPkg/ArmVirt.dsc.inc | 6 ++
1 file changed, 6 insertions(+)
diff
Implementations.
The global variable is a union of the MM and DXE settings. the
DXE struct is only valid in a DXE module and the MM struct is
only valid in an SMM or Stanalone MM module.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
---
MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h
Add library classes for SetMemoryProtectionsLib and
GetMemoryProtectionsLib to OvmfPkg platfomrs.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
Cc: Rebecca Cran
Cc: Peter Grehan
Cc: Corvin Köhne
Cc: Jianyong Wu
Cc: Anatol Belski
Cc
and GetMemoryProtectionsLib is complete
in the rest of EDK2, the mechanics of setting protections in
OvmfPkg will be updated and the memory protection PCDs will
be deleted.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
---
OvmfPkg/Library/PeilessStartupLib
This patch updates the DXE Handoff in PEI-less Startup to use
SetMemoryProtectionsLib to get the platform memory protection settings
and build the page tables based on the applied protections.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
a profile, this
updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Guo Dong
Cc: Sean Rhodes
Cc: James Lu
Cc: Gua Guo
---
UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c| 11 +--
UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c | 2 ++
UefiPayloadPkg
, this
updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
---
MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c| 4 +++-
MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 ++
MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 9
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Signed-off-by: Taylor Beebe
Cc: Leif Lindholm
Cc: Ard Biesheuvel
Cc: Sami Mujawar
---
ArmPkg/Drivers/CpuDxe/CpuDxe.c | 5 ++---
ArmPkg/ArmPkg.dsc| 1
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Andrew Fish
Cc: Ray Ni
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc
Rhodes
Cc: Sunil V L
Cc: Tom Lendacky
Taylor Beebe (26):
MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions
MdeModulePkg: Define SetMemoryProtectionsLib and
GetMemoryProtectionsLib
MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib
MdeModulePkg: Implement
a fixed at build
PCD, memory protections will be set via a HOB
at runtime.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
---
MdeModulePkg/Include/Guid/MemoryProtectionSettings.h | 216
MdeModulePkg/MdeModulePkg.dec| 5 +
2 files changed
The NULL instances for GetMemoryProtectionsLib and
SetMemoryProtectionsLib just zero out the memory protections
structure effectively disabling memory protections.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
---
MdeModulePkg/Library/GetMemoryProtectionsLib
HOB memory should not be written to in DXE phase. This patch
copies the PCD database from PEI into a new buffer so updates
to dynamic PCDs don't write to HOB memory.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
---
MdeModulePkg/Universal/PCD/Dxe/Service.c | 6
the gMps global.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
---
MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c |
158 ++
MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c|
124 +
MdeModulePkg/Library
-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
---
MdeModulePkg/Core/Dxe/Gcd/Gcd.c | 18 ++--
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 29
2 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/MdeModulePkg/Core/Dxe/Gcd/Gcd.c b
even when the print level doesn't
include DEBUG_GCD. This patch adds a check for the DEBUG_GCD print
level before dumping the GCD memory map which saves several seconds
during boot when page/pool protections are active.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
Now that the transition to use SetMemoryProtectionsLib and
GetMemoryProtectionsLib is complete, delete the memory protection PCDs
to avoid confusing the interface. All memory protection settings
will now be set and consumed via the libraries.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc
Now that the transition to use SetMemoryProtectionsLib and
GetMemoryProtectionsLib is complete, delete the memory protection PCDs
to avoid confusing the interface. All memory protection settings
will now be set and consumed via the libraries.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc
This patch is the final in this series which needs a review. Can someone
take a look?
On 8/4/2023 12:46 PM, Taylor Beebe via groups.io wrote:
From: Taylor Beebe
The function EnforceMemoryMapAttribute() in the SMM MAT logic will
ensure that the CODE and DATA memory types have the desired
Add an instance of ImagePropertiesRecordLib which will be used by the
DXE Core.
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
Signed-off-by: Taylor Beebe
Reviewed-by: Michael D Kinney
Acked-by: Jiewen Yao
---
OvmfPkg/AmdSev/AmdSevX64.dsc| 1 +
OvmfPkg/Bhyve
This patch updates MemoryAttributesTable.c to reduce reliance on global
variables and allow some logic to move to a library.
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
Signed-off-by: Taylor Beebe
Reviewed-by: Liming Gao
---
MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 102
Lindholm
Cc: Liming Gao
Cc: Rahul Kumar
Cc: Ray Ni
Cc: Sami Mujawar
Cc: Sean Rhodes
Cc: Lazlo Ersek
Taylor Beebe (14):
MdeModulePkg: Add ImagePropertiesRecordLib
ArmVirtPkg: Add ImagePropertiesRecordLib Instance
EmulatorPkg: Add ImagePropertiesRecordLib Instance
OvmfPkg: Add
Cc: Liming Gao
Cc: Dandan Bi
Signed-off-by: Taylor Beebe
Reviewed-by: Liming Gao
---
MdeModulePkg/Library/ImagePropertiesRecordLib/UnitTest/ImagePropertiesRecordLibUnitTestHost.c
| 938
MdeModulePkg/Library/ImagePropertiesRecordLib/UnitTest
Fix the bugs in the MAT logic before switching the
UEFI and SMM MAT logic to use the new library.
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
Signed-off-by: Taylor Beebe
Reviewed-by: Liming Gao
---
MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c | 2
Move some DXE MAT logic to ImagePropertiesRecordLib to consolidate
code and enable unit testability.
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
Signed-off-by: Taylor Beebe
Reviewed-by: Liming Gao
---
MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c |
774
-off-by: Taylor Beebe
Reviewed-by: Liming Gao
---
MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.c | 290
MdeModulePkg/Include/Library/ImagePropertiesRecordLib.h | 137
-
2 files changed, 246 insertions(+), 181 deletions
ImagePropertiesRecordLib instead of carrying two copies
of the image properties record manipulation logic.
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
Signed-off-by: Taylor Beebe
---
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 19 +++
1 file changed, 11
Now that the bugs are fixed in the MAT logic, we can remove the
duplicate logic from PiSmmCore/MemoryAttributesTable.c and use
ImagePropertiesRecordLib instead.
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
Cc: Jiaxin Wu
Cc: Ray Ni
Signed-off-by: Taylor Beebe
Reviewed-by: Liming Gao
Add an instance of ImagePropertiesRecordLib which will be used by the
DXE Core.
Cc: Guo Dong
Cc: Sean Rhodes
Cc: James Lu
Cc: Gua Guo
Signed-off-by: Taylor Beebe
Reviewed-by: Michael D Kinney
Reviewed-by: Gua Guo
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 1 +
1 file changed, 1 insertion
Add logic to create and delete image properties records. Where
applicable, redirect existing code to use the new library.
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
Cc: Jiaxin Wu
Cc: Ray Ni
Signed-off-by: Taylor Beebe
Reviewed-by: Liming Gao
---
MdeModulePkg/Core/Dxe/Misc
Wu
Cc: Ray Ni
Signed-off-by: Taylor Beebe
Reviewed-by: Liming Gao
---
MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c |
9 ++
MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c|
11 +-
MdeModulePkg/Library/ImagePropertiesRecordLib
Create a library for manipulating image properties records. The
library is currently blank and will be filled in a future patch
to help with reviewer readability.
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
Signed-off-by: Taylor Beebe
Reviewed-by: Liming Gao
---
MdeModulePkg/Library
Add an instance of ImagePropertiesRecordLib which will be used by the
DXE Core.
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Signed-off-by: Taylor Beebe
Reviewed-by: Michael D Kinney
---
ArmVirtPkg/ArmVirt.dsc.inc | 1 +
1 file changed, 1 insertion(+)
diff --git
Add an instance of ImagePropertiesRecordLib which will be used by the
DXE Core.
Cc: Andrew Fish
Cc: Ray Ni
Signed-off-by: Taylor Beebe
Reviewed-by: Michael D Kinney
---
EmulatorPkg/EmulatorPkg.dsc | 1 +
1 file changed, 1 insertion(+)
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg
: Rebecca Cran
Cc: Sami Mujawar
Cc: Sean Rhodes
Cc: Sunil V L
Cc: Tom Lendacky
Taylor Beebe (28):
MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions
MdeModulePkg: Define SetMemoryProtectionsLib and
GetMemoryProtectionsLib
MdeModulePkg: Add NULL Instances for Get
a fixed at build
PCD, memory protections will be set via a HOB
at runtime.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
---
MdeModulePkg/Include/Guid/MemoryProtectionSettings.h | 216
MdeModulePkg/MdeModulePkg.dec| 5 +
2 files changed
Implementations.
The global variable is a union of the MM and DXE settings. the
DXE struct is only valid in a DXE module and the MM struct is
only valid in an SMM or Stanalone MM module.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
---
MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h
The NULL instances for GetMemoryProtectionsLib and
SetMemoryProtectionsLib just zero out the memory protections
structure effectively disabling memory protections.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
---
MdeModulePkg/Library/GetMemoryProtectionsLib
HOB memory should not be written to in DXE phase. This patch
copies the PCD database from PEI into a new buffer so updates
to dynamic PCDs don't write to HOB memory.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
---
MdeModulePkg/Universal/PCD/Dxe/Service.c | 6
the gMps global.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
---
MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c |
158 ++
MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c|
124 +
MdeModulePkg/Library
-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
---
MdeModulePkg/Core/Dxe/Gcd/Gcd.c | 18 ++--
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 29
2 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/MdeModulePkg/Core/Dxe/Gcd/Gcd.c b
even when the print level doesn't
include DEBUG_GCD. This patch adds a check for the DEBUG_GCD print
level before dumping the GCD memory map which saves several seconds
during boot when page/pool protections are active.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
on every
boot should be fine.
Signed-off-by: Taylor Beebe
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul Kumar
Cc: Gerd Hoffmann
---
UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 +++-
UefiCpuPkg/CpuMpPei/CpuPaging.c | 16
UefiCpuPkg/CpuMpPei/CpuMpPei.h | 3 ++-
UefiCpuPkg/CpuMpPei
Add library classes for SetMemoryProtectionsLib and
GetMemoryProtectionsLib to ArmVirtPkg.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
Cc: Julien Grall
---
ArmVirtPkg/ArmVirt.dsc.inc | 6 ++
1 file changed, 6 insertions(+)
diff
Add library classes for SetMemoryProtectionsLib and
GetMemoryProtectionsLib to OvmfPkg platfomrs.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
Cc: Rebecca Cran
Cc: Peter Grehan
Cc: Corvin Köhne
Cc: Jianyong Wu
Cc: Anatol Belski
Cc
and GetMemoryProtectionsLib is complete
in the rest of EDK2, the mechanics of setting protections in
OvmfPkg will be updated and the memory protection PCDs will
be deleted.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
---
OvmfPkg/Library/PeilessStartupLib
This patch updates the DXE Handoff in PEI-less Startup to use
SetMemoryProtectionsLib to get the platform memory protection settings
and build the page tables based on the applied protections.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
a profile, this
updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Guo Dong
Cc: Sean Rhodes
Cc: James Lu
Cc: Gua Guo
---
UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c| 11 +--
UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c | 2 ++
UefiPayloadPkg
, this
updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
---
MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c| 4 +++-
MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 ++
MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 9
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Signed-off-by: Taylor Beebe
Cc: Leif Lindholm
Cc: Ard Biesheuvel
Cc: Sami Mujawar
---
ArmPkg/Drivers/CpuDxe/CpuDxe.c | 5 ++---
ArmPkg/ArmPkg.dsc| 1
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Andrew Fish
Cc: Ray Ni
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul
Now that the EDK2 tree uses GetMemoryProtectionsLib to query
the platform memory protection settings, we can add additional
profiles to SetMemoryProtectionsLib to give plaforms more options
for setting memory protections.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
QemuFwCfgParseString allows reading strings from the fw_cfg file.
This function is needed for parsing the memory protection profile
name.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
---
OvmfPkg/Library/QemuFwCfgSimpleParserLib
MemoryProtectionConfigLib enables parsing the fw_cfg for the
memory protection profile.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
---
OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c | 118
and
MM_MEMORY_PROTECTION_PROFILE=release are equivalent to the above
examples.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
Cc: Rebecca Cran
Cc: Peter Grehan
Cc: Corvin Köhne
---
OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c | 21
Set the memory protections on Arm virtual platforms. Because
the QemuFg parser is not currently available in ArmVirtPkg, use
the RELEASE profile by default.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Leif Lindholm
Cc: Sami Mujawar
Cc: Gerd Hoffmann
---
ArmVirtPkg/MemoryInitPei
Now that the transition to use SetMemoryProtectionsLib and
GetMemoryProtectionsLib is complete, delete the PCD profile
to avoid confusing the interface. All memory protection settings
will now be set and consumed via the libraries.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Now that the transition to use SetMemoryProtectionsLib and
GetMemoryProtectionsLib is complete, delete the memory protection PCDs
to avoid confusing the interface. All memory protection settings
will now be set and consumed via the libraries.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc
Now that the transition to use SetMemoryProtectionsLib and
GetMemoryProtectionsLib is complete, delete the memory protection PCDs
to avoid confusing the interface. All memory protection settings
will now be set and consumed via the libraries.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc
Now that the transition to use SetMemoryProtectionsLib and
GetMemoryProtectionsLib is complete, delete the memory protection PCDs
to avoid confusing the interface. All memory protection settings
will now be set and consumed via the libraries.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc
Reviews on this patch series would be much appreciated :)
On 8/28/23 9:38 AM, Ard Biesheuvel wrote:
I was hoping to get around to this before the end of the week (but I
am not a MdeModulePkg maintainer)
On Mon, 28 Aug 2023 at 18:27, Taylor Beebe wrote:
Can I please get reviews/feedback
Have we given up on this patch series and Bug 4492?
On 9/26/2023 9:02 AM, Taylor Beebe via groups.io wrote:
Reviews on this patch series would be much appreciated :)
On 8/28/23 9:38 AM, Ard Biesheuvel wrote:
I was hoping to get around to this before the end of the week (but I
am
Thank you , Ard. I very much appreciate your responsiveness.
The majority of these patches fall under MdeModulePkg maintainers so
I'll also need help from them to drive this forward.
On 10/3/2023 11:57 AM, Ard Biesheuvel wrote:
On Tue, 3 Oct 2023 at 17:56, Taylor Beebe wrote:
Have we given
On 10/4/23 1:46 AM, Gerd Hoffmann wrote:
On Fri, Sep 29, 2023 at 12:52:35PM -0700, Taylor Beebe wrote:
I can also update ArmVirtPkg to disable execution protection
for EfiLoaderData by default until fw_cfg parsing
support is added to ArmVirtPkg. Let me know if you think
this is necessary
parsing
support is added to ArmVirtPkg. Let me know if you think
this is necessary.
Thanks for the feedback :)
-Taylor
On 9/27/23 1:19 AM, Gerd Hoffmann wrote:
On Tue, Sep 19, 2023 at 05:57:43PM -0700, Taylor Beebe wrote:
Now that the EDK2 tree uses GetMemoryProtectionsLib to query
On 10/6/2023 10:57 PM, gaoliming via groups.io wrote:
Taylor:
I agree to add new ImagePropertiesRecordLib library for DxeCore and SmmCore.
The impact is that platform needs to update their DSC with new library.
Frankly, I have not understood MAT code in detail. So, I have no comments on
I appreciate the suggestions on how to add PEI fw_cfg parsing support --
it should speed up the investigation/implementation.
The focus of this series is a more-or-less lateral update from the PCDs
to the new interface, and even then this transitional series
has grown quite long and still
even when the print level doesn't
include DEBUG_GCD. This patch adds a check for the DEBUG_GCD print
level before dumping the GCD memory map which saves several seconds
during boot when page/pool protections are active.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
a profile, this
updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Guo Dong
Cc: Sean Rhodes
Cc: James Lu
Cc: Gua Guo
---
UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c| 11 +--
UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c | 2 ++
UefiPayloadPkg
QemuFwCfgParseString allows reading strings from the fw_cfg file.
This function is needed for parsing the memory protection profile
name.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
---
OvmfPkg/Library/QemuFwCfgSimpleParserLib
Now that the EDK2 tree uses GetMemoryProtectionsLib to query
the platform memory protection settings, we can add additional
profiles to SetMemoryProtectionsLib to give plaforms more options
for setting memory protections.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Signed-off-by: Taylor Beebe
Cc: Leif Lindholm
Cc: Ard Biesheuvel
Cc: Sami Mujawar
---
ArmPkg/Drivers/CpuDxe/CpuDxe.c | 5 ++---
ArmPkg/ArmPkg.dsc| 1
, this
updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc: Dandan Bi
---
MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c| 4 +++-
MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 ++
MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 9
MemoryProtectionConfigLib enables parsing the fw_cfg for the
memory protection profile.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
---
OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c | 118
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Andrew Fish
Cc: Ray Ni
and
MM_MEMORY_PROTECTION_PROFILE=release are equivalent to the above
examples.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc: Jordan Justen
Cc: Gerd Hoffmann
Cc: Rebecca Cran
Cc: Peter Grehan
Cc: Corvin Köhne
---
OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c | 21
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Ard Biesheuvel
Cc: Jiewen Yao
Cc
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Eric Dong
Cc: Ray Ni
Cc: Rahul
Replace references to the memory protection PCDs to instead
check the platform protections via GetMemoryProtectionsLib.
Because the protection profile is equivalent to the PCD settings,
this updated does not cause a torn state.
Signed-off-by: Taylor Beebe
Cc: Jian J Wang
Cc: Liming Gao
Cc
1 - 100 of 298 matches
Mail list logo
