[edk2-devel] [PATCH v7 04/10] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)
Laszlo Ersek
lersek at redhat.com
Wed Jul 22 21:24:17 UTC 2020
On 07/22/20 10:36, Guomin Jiang wrote:
> From: Michael Kubacki <michael.a.kubacki at intel.com>
>
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614
>
> Adds a PEIM that republishes structures produced in SEC. This
> is done because SEC modules may not be shadowed in some platforms
> due to space constraints or special alignment requirements. The
> SecMigrationPei module locates interfaces that may be published in
> SEC and reinstalls the interface with permanent memory addresses.
>
> This is important if pre-memory address access is forbidden after
> memory initialization and data such as a PPI descriptor, PPI GUID,
> or PPI inteface reside in pre-memory.
>
> Cc: Eric Dong <eric.dong at intel.com>
> Cc: Ray Ni <ray.ni at intel.com>
> Cc: Laszlo Ersek <lersek at redhat.com>
> Cc: Rahul Kumar <rahul1.kumar at intel.com>
> Cc: Debkumar De <debkumar.de at intel.com>
> Cc: Harry Han <harry.han at intel.com>
> Cc: Catharine West <catharine.west at intel.com>
> Signed-off-by: Michael Kubacki <michael.a.kubacki at intel.com>
> Acked-by: Laszlo Ersek <lersek at redhat.com>
> ---
> UefiCpuPkg/UefiCpuPkg.dec | 3 +
> UefiCpuPkg/UefiCpuPkg.dsc | 1 +
> UefiCpuPkg/SecCore/SecCore.inf | 2 +
> .../SecMigrationPei/SecMigrationPei.inf | 67 +++
> UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++
> UefiCpuPkg/SecCore/SecMain.h | 1 +
> UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 158 +++++++
> UefiCpuPkg/SecCore/SecMain.c | 26 +-
> UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 385 ++++++++++++++++++
> .../SecMigrationPei/SecMigrationPei.uni | 13 +
> 10 files changed, 708 insertions(+), 2 deletions(-)
> create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
> create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
> create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
> create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
> create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni
>
> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
> index 762badf5d239..8b2e03d49d07 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dec
> +++ b/UefiCpuPkg/UefiCpuPkg.dec
> @@ -84,6 +84,9 @@ [Ppis]
> ## Include/Ppi/ShadowMicrocode.h
> gEdkiiPeiShadowMicrocodePpiGuid = { 0x430f6965, 0x9a69, 0x41c5, { 0x93, 0xed, 0x8b, 0xf0, 0x64, 0x35, 0xc1, 0xc6 }}
>
> + ## Include/Ppi/RepublishSecPpi.h
> + gRepublishSecPpiPpiGuid = { 0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0xd0, 0x92 }}
> +
> [PcdsFeatureFlag]
> ## Indicates if SMM Profile will be enabled.
> # If enabled, instruction executions in and data accesses to memory outside of SMRAM will be logged.
> diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
> index afa304128221..964720048dd7 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dsc
> +++ b/UefiCpuPkg/UefiCpuPkg.dsc
> @@ -146,6 +146,7 @@ [Components.IA32, Components.X64]
> UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
> UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
> UefiCpuPkg/SecCore/SecCore.inf
> + UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf {
> <Defines>
> diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.inf
> index 0562820c95e0..545781d6b4b3 100644
> --- a/UefiCpuPkg/SecCore/SecCore.inf
> +++ b/UefiCpuPkg/SecCore/SecCore.inf
> @@ -68,6 +68,8 @@ [Ppis]
> ## SOMETIMES_CONSUMES
> gPeiSecPerformancePpiGuid
> gEfiPeiCoreFvLocationPpiGuid
> + ## CONSUMES
> + gRepublishSecPpiPpiGuid
>
> [Guids]
> ## SOMETIMES_PRODUCES ## HOB
> diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
> new file mode 100644
> index 000000000000..f4c2f6b658fb
> --- /dev/null
> +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
> @@ -0,0 +1,67 @@
> +## @file
> +# Migrates SEC structures after permanent memory is installed.
> +#
> +# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = SecMigrationPei
> + MODULE_UNI_FILE = SecMigrationPei.uni
> + FILE_GUID = 58B35361-8922-41BC-B313-EF7ED9ADFDF7
> + MODULE_TYPE = PEIM
> + VERSION_STRING = 1.0
> + ENTRY_POINT = SecMigrationPeiInitialize
> +
> +#
> +# The following information is for reference only and not required by the build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64 EBC
> +#
> +
> +[Sources]
> + SecMigrationPei.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + UefiCpuPkg/UefiCpuPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + DebugLib
> + HobLib
> + MemoryAllocationLib
> + PeimEntryPoint
> + PeiServicesLib
> + PeiServicesTablePointerLib
> +
> +[Ppis]
> + ## PRODUCES
> + gRepublishSecPpiPpiGuid
> +
> + ## SOMETIMES_PRODUCES
> + gEfiTemporaryRamDonePpiGuid
> +
> + ## SOMETIME_PRODUCES
> + gEfiTemporaryRamSupportPpiGuid
> +
> + ## SOMETIMES_PRODUCES
> + gPeiSecPerformancePpiGuid
> +
> + ## SOMETIMES_CONSUMES
> + ## PRODUCES
> + gEfiSecPlatformInformationPpiGuid
> +
> + ## SOMETIMES_CONSUMES
> + ## SOMETIMES_PRODUCES
> + gEfiSecPlatformInformation2PpiGuid
> +
> +[Pcd]
> + gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes ## CONSUMES
> +
> +[Depex]
> + TRUE
> diff --git a/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
> new file mode 100644
> index 000000000000..ea865acbb5c8
> --- /dev/null
> +++ b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
> @@ -0,0 +1,54 @@
> +/** @file
> + This file declares Sec Platform Information PPI.
> +
> + This service is the primary handoff state into the PEI Foundation.
> + The Security (SEC) component creates the early, transitory memory
> + environment and also encapsulates knowledge of at least the
> + location of the Boot Firmware Volume (BFV).
> +
> + Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> + @par Revision Reference:
> + This PPI is introduced in PI Version 1.0.
> +
> +**/
> +
> +#ifndef __REPUBLISH_SEC_PPI_H__
> +#define __REPUBLISH_SEC_PPI_H__
> +
> +#include <Pi/PiPeiCis.h>
> +
> +#define REPUBLISH_SEC_PPI_PPI_GUID \
> + { \
> + 0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0xd0, 0x92 } \
> + }
> +
> +typedef struct _REPUBLISH_SEC_PPI_PPI REPUBLISH_SEC_PPI_PPI;
> +
> +/**
> + This interface re-installs PPIs installed in SecCore from a post-memory PEIM.
> +
> + This is to allow a platform that may not support relocation of SecCore to update the PPI instance to a post-memory
> + copy from a PEIM that has been shadowed to permanent memory.
> +
> + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfully.
> + @retval Others An error occurred re-installing the SecCore PPIs.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS)(
> + VOID
> + );
> +
> +///
> +/// Republish SEC PPIs
> +///
> +struct _REPUBLISH_SEC_PPI_PPI {
> + REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS RepublishSecPpis;
> +};
> +
> +extern EFI_GUID gRepublishSecPpiPpiGuid;
> +
> +#endif
> diff --git a/UefiCpuPkg/SecCore/SecMain.h b/UefiCpuPkg/SecCore/SecMain.h
> index e8c05d713668..e20bcf86532c 100644
> --- a/UefiCpuPkg/SecCore/SecMain.h
> +++ b/UefiCpuPkg/SecCore/SecMain.h
> @@ -15,6 +15,7 @@
> #include <Ppi/TemporaryRamDone.h>
> #include <Ppi/SecPerformance.h>
> #include <Ppi/PeiCoreFvLocation.h>
> +#include <Ppi/RepublishSecPpi.h>
>
> #include <Guid/FirmwarePerformance.h>
>
> diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
> new file mode 100644
> index 000000000000..2d28490d9eb8
> --- /dev/null
> +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
> @@ -0,0 +1,158 @@
> +/** @file
> + Migrates SEC structures after permanent memory is installed.
> +
> + Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef __SEC_MIGRATION_H__
> +#define __SEC_MIGRATION_H__
> +
> +#include <Base.h>
> +
> +#include <Pi/PiPeiCis.h>
> +#include <Ppi/RepublishSecPpi.h>
> +#include <Ppi/SecPerformance.h>
> +#include <Ppi/SecPlatformInformation.h>
> +#include <Ppi/SecPlatformInformation2.h>
> +#include <Ppi/TemporaryRamDone.h>
> +#include <Ppi/TemporaryRamSupport.h>
> +
> +/**
> + This interface conveys state information out of the Security (SEC) phase into PEI.
> +
> + @param[in] PeiServices Pointer to the PEI Services Table.
> + @param[in,out] StructureSize Pointer to the variable describing size of the input buffer.
> + @param[out] PlatformInformationRecord Pointer to the EFI_SEC_PLATFORM_INFORMATION_RECORD.
> +
> + @retval EFI_SUCCESS The data was successfully returned.
> + @retval EFI_NOT_FOUND Can't found the HOB created by SecMigrationPei component.
> + @retval EFI_BUFFER_TOO_SMALL The size of buffer pointed by StructureSize is too small and will return
> + the minimal required size in the buffer pointed by StructureSize.
> + @retval EFI_INVALID_PARAMETER The StructureSize is NULL or PlatformInformationRecord is NULL.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SecPlatformInformationPostMemory (
> + IN CONST EFI_PEI_SERVICES **PeiServices,
> + IN OUT UINT64 *StructureSize,
> + OUT EFI_SEC_PLATFORM_INFORMATION_RECORD *PlatformInformationRecord
> + );
> +
> +/**
> + Re-installs the SEC Platform Information PPIs to implementation in this module to support post-memory.
> +
> + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
> + @param[in] NotifyDescriptor Address of the notification descriptor data structure.
> + @param[in] Ppi Address of the PPI that was installed.
> +
> + @retval EFI_SUCCESS The SEC Platform Information PPI could not be re-installed.
> + @return Others An error occurred during PPI re-install.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SecPlatformInformationPpiNotifyCallback (
> + IN EFI_PEI_SERVICES **PeiServices,
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
> + IN VOID *Ppi
> + );
> +
> +/**
> + This interface re-installs PPIs installed in SecCore from a post-memory PEIM.
> +
> + This is to allow a platform that may not support relocation of SecCore to update the PPI instance to a post-memory
> + copy from a PEIM that has been shadowed to permanent memory.
> +
> + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfully.
> + @retval Others An error occurred re-installing the SecCore PPIs.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RepublishSecPpis (
> + VOID
> + );
> +
> +/**
> + Disables the use of Temporary RAM.
> +
> + If present, this service is invoked by the PEI Foundation after
> + the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed.
> +
> + @retval EFI_SUCCESS Dummy function, alway return this value.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SecTemporaryRamDonePostMemory (
> + VOID
> + );
> +
> +/**
> + This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates temporary RAM into
> + permanent memory.
> +
> + @param PeiServices Pointer to the PEI Services Table.
> + @param TemporaryMemoryBase Source Address in temporary memory from which the SEC or PEIM will copy the
> + Temporary RAM contents.
> + @param PermanentMemoryBase Destination Address in permanent memory into which the SEC or PEIM will copy the
> + Temporary RAM contents.
> + @param CopySize Amount of memory to migrate from temporary to permanent memory.
> +
> + @retval EFI_SUCCESS The data was successfully returned.
> + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > TemporaryMemoryBase when
> + TemporaryMemoryBase > PermanentMemoryBase.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SecTemporaryRamSupportPostMemory (
> + IN CONST EFI_PEI_SERVICES **PeiServices,
> + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase,
> + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase,
> + IN UINTN CopySize
> + );
> +
> +/**
> + This interface conveys performance information out of the Security (SEC) phase into PEI.
> +
> + This service is published by the SEC phase. The SEC phase handoff has an optional
> + EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is passed from SEC into the
> + PEI Foundation. As such, if the platform supports collecting performance data in SEC,
> + this information is encapsulated into the data structure abstracted by this service.
> + This information is collected for the boot-strap processor (BSP) on IA-32.
> +
> + @param[in] PeiServices The pointer to the PEI Services Table.
> + @param[in] This The pointer to this instance of the PEI_SEC_PERFORMANCE_PPI.
> + @param[out] Performance The pointer to performance data collected in SEC phase.
> +
> + @retval EFI_SUCCESS The performance data was successfully returned.
> + @retval EFI_INVALID_PARAMETER The This or Performance is NULL.
> + @retval EFI_NOT_FOUND Can't found the HOB created by the SecMigrationPei component.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +GetPerformancePostMemory (
> + IN CONST EFI_PEI_SERVICES **PeiServices,
> + IN PEI_SEC_PERFORMANCE_PPI *This,
> + OUT FIRMWARE_SEC_PERFORMANCE *Performance
> + );
> +
> +typedef struct {
> + UINT64 StructureSize;
> + EFI_SEC_PLATFORM_INFORMATION_RECORD *PlatformInformationRecord;
> +} SEC_PLATFORM_INFORMATION_CONTEXT;
> +
> +typedef struct {
> + EFI_HOB_GUID_TYPE Header;
> + UINT8 Revision;
> + UINT8 Reserved[3];
> + FIRMWARE_SEC_PERFORMANCE FirmwareSecPerformance;
> + SEC_PLATFORM_INFORMATION_CONTEXT Context;
> +} SEC_PLATFORM_INFORMATION_CONTEXT_HOB;
> +
> +#endif
> diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c
> index 5d5e7f17dced..155be49a6011 100644
> --- a/UefiCpuPkg/SecCore/SecMain.c
> +++ b/UefiCpuPkg/SecCore/SecMain.c
> @@ -370,13 +370,35 @@ SecTemporaryRamDone (
> VOID
> )
> {
> - BOOLEAN State;
> + EFI_STATUS Status;
> + EFI_STATUS Status2;
> + UINTN Index;
> + BOOLEAN State;
> + EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor;
> + REPUBLISH_SEC_PPI_PPI *RepublishSecPpiPpi;
>
> //
> // Republish Sec Platform Information(2) PPI
> //
> RepublishSecPlatformInformationPpi ();
>
> + //
> + // Re-install SEC PPIs using a PEIM produced service if published
> + //
> + for (Index = 0, Status = EFI_SUCCESS; Status == EFI_SUCCESS; Index++) {
> + Status = PeiServicesLocatePpi (
> + &gRepublishSecPpiPpiGuid,
> + Index,
> + &PeiPpiDescriptor,
> + (VOID **) &RepublishSecPpiPpi
> + );
> + if (!EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_INFO, "Calling RepublishSecPpi instance %d.\n", Index));
> + Status2 = RepublishSecPpiPpi->RepublishSecPpis ();
> + ASSERT_EFI_ERROR (Status2);
> + }
> + }
> +
> //
> // Migrate DebugAgentContext.
> //
> @@ -385,7 +407,7 @@ SecTemporaryRamDone (
> //
> // Disable interrupts and save current interrupt state
> //
> - State = SaveAndDisableInterrupts();
> + State = SaveAndDisableInterrupts ();
>
> //
> // Disable Temporary RAM after Stack and Heap have been migrated at this point.
> diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
> new file mode 100644
> index 000000000000..4813a06f13fd
> --- /dev/null
> +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
> @@ -0,0 +1,385 @@
> +/** @file
> + Migrates SEC structures after permanent memory is installed.
> +
> + Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/HobLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <Library/PeiServicesLib.h>
> +#include <Library/PeiServicesTablePointerLib.h>
> +
> +#include "SecMigrationPei.h"
> +
> +STATIC REPUBLISH_SEC_PPI_PPI mEdkiiRepublishSecPpiPpi = {
> + RepublishSecPpis
> + };
> +
> +GLOBAL_REMOVE_IF_UNREFERENCED EFI_SEC_PLATFORM_INFORMATION_PPI mSecPlatformInformationPostMemoryPpi = {
> + SecPlatformInformationPostMemory
> + };
> +
> +
> +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_TEMPORARY_RAM_DONE_PPI mSecTemporaryRamDonePostMemoryPpi = {
> + SecTemporaryRamDonePostMemory
> + };
> +
> +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI mSecTemporaryRamSupportPostMemoryPpi = {
> + SecTemporaryRamSupportPostMemory
> + };
> +
> +GLOBAL_REMOVE_IF_UNREFERENCED PEI_SEC_PERFORMANCE_PPI mSecPerformancePpi = {
> + GetPerformancePostMemory
> + };
> +
> +STATIC EFI_PEI_PPI_DESCRIPTOR mEdkiiRepublishSecPpiDescriptor = {
> + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
> + &gRepublishSecPpiPpiGuid,
> + &mEdkiiRepublishSecPpiPpi
> + };
> +
> +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR mSecPlatformInformationPostMemoryDescriptor = {
> + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
> + &gEfiSecPlatformInformationPpiGuid,
> + &mSecPlatformInformationPostMemoryPpi
> + };
> +
> +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR mSecTemporaryRamDonePostMemoryDescriptor = {
> + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
> + &gEfiTemporaryRamDonePpiGuid,
> + &mSecTemporaryRamDonePostMemoryPpi
> + };
> +
> +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR mSecTemporaryRamSupportPostMemoryDescriptor = {
> + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
> + &gEfiTemporaryRamSupportPpiGuid,
> + &mSecTemporaryRamSupportPostMemoryPpi
> + };
> +
> +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR mSecPerformancePpiDescriptor = {
> + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
> + &gPeiSecPerformancePpiGuid,
> + &mSecPerformancePpi
> + };
> +
> +/**
> + Disables the use of Temporary RAM.
> +
> + If present, this service is invoked by the PEI Foundation after
> + the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed.
> +
> + @retval EFI_SUCCESS Dummy function, alway return this value.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SecTemporaryRamDonePostMemory (
> + VOID
> + )
> +{
> + //
> + // Temporary RAM Done is already done in post-memory
> + // install a stub function that is located in permanent memory
> + //
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates temporary RAM into
> + permanent memory.
> +
> + @param PeiServices Pointer to the PEI Services Table.
> + @param TemporaryMemoryBase Source Address in temporary memory from which the SEC or PEIM will copy the
> + Temporary RAM contents.
> + @param PermanentMemoryBase Destination Address in permanent memory into which the SEC or PEIM will copy the
> + Temporary RAM contents.
> + @param CopySize Amount of memory to migrate from temporary to permanent memory.
> +
> + @retval EFI_SUCCESS The data was successfully returned.
> + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > TemporaryMemoryBase when
> + TemporaryMemoryBase > PermanentMemoryBase.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SecTemporaryRamSupportPostMemory (
> + IN CONST EFI_PEI_SERVICES **PeiServices,
> + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase,
> + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase,
> + IN UINTN CopySize
> + )
> +{
> + //
> + // Temporary RAM Support is already done in post-memory
> + // install a stub function that is located in permanent memory
> + //
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This interface conveys performance information out of the Security (SEC) phase into PEI.
> +
> + This service is published by the SEC phase. The SEC phase handoff has an optional
> + EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is passed from SEC into the
> + PEI Foundation. As such, if the platform supports collecting performance data in SEC,
> + this information is encapsulated into the data structure abstracted by this service.
> + This information is collected for the boot-strap processor (BSP) on IA-32.
> +
> + @param[in] PeiServices The pointer to the PEI Services Table.
> + @param[in] This The pointer to this instance of the PEI_SEC_PERFORMANCE_PPI.
> + @param[out] Performance The pointer to performance data collected in SEC phase.
> +
> + @retval EFI_SUCCESS The performance data was successfully returned.
> + @retval EFI_INVALID_PARAMETER The This or Performance is NULL.
> + @retval EFI_NOT_FOUND Can't found the HOB created by the SecMigrationPei component.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +GetPerformancePostMemory (
> + IN CONST EFI_PEI_SERVICES **PeiServices,
> + IN PEI_SEC_PERFORMANCE_PPI *This,
> + OUT FIRMWARE_SEC_PERFORMANCE *Performance
> + )
> +{
> + SEC_PLATFORM_INFORMATION_CONTEXT_HOB *SecPlatformInformationContexHob;
> +
> + if (This == NULL || Performance == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + SecPlatformInformationContexHob = GetFirstGuidHob (&gEfiCallerIdGuid);
> + if (SecPlatformInformationContexHob == NULL) {
> + return EFI_NOT_FOUND;
> + }
> +
> + Performance->ResetEnd = SecPlatformInformationContexHob->FirmwareSecPerformance.ResetEnd;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This interface conveys state information out of the Security (SEC) phase into PEI.
> +
> + @param[in] PeiServices Pointer to the PEI Services Table.
> + @param[in,out] StructureSize Pointer to the variable describing size of the input buffer.
> + @param[out] PlatformInformationRecord Pointer to the EFI_SEC_PLATFORM_INFORMATION_RECORD.
> +
> + @retval EFI_SUCCESS The data was successfully returned.
> + @retval EFI_NOT_FOUND Can't found the HOB created by SecMigrationPei component.
> + @retval EFI_BUFFER_TOO_SMALL The size of buffer pointed by StructureSize is too small and will return
> + the minimal required size in the buffer pointed by StructureSize.
> + @retval EFI_INVALID_PARAMETER The StructureSize is NULL or PlatformInformationRecord is NULL.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SecPlatformInformationPostMemory (
> + IN CONST EFI_PEI_SERVICES **PeiServices,
> + IN OUT UINT64 *StructureSize,
> + OUT EFI_SEC_PLATFORM_INFORMATION_RECORD *PlatformInformationRecord
> + )
> +{
> + SEC_PLATFORM_INFORMATION_CONTEXT_HOB *SecPlatformInformationContexHob;
> +
> + if (StructureSize == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + SecPlatformInformationContexHob = GetFirstGuidHob (&gEfiCallerIdGuid);
> + if (SecPlatformInformationContexHob == NULL) {
> + return EFI_NOT_FOUND;
> + }
> +
> + if (*StructureSize < SecPlatformInformationContexHob->Context.StructureSize) {
> + *StructureSize = SecPlatformInformationContexHob->Context.StructureSize;
> + return EFI_BUFFER_TOO_SMALL;
> + }
> +
> + if (PlatformInformationRecord == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + *StructureSize = SecPlatformInformationContexHob->Context.StructureSize;
> + CopyMem (
> + (VOID *) PlatformInformationRecord,
> + (VOID *) SecPlatformInformationContexHob->Context.PlatformInformationRecord,
> + (UINTN) SecPlatformInformationContexHob->Context.StructureSize
> + );
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This interface re-installs PPIs installed in SecCore from a post-memory PEIM.
> +
> + This is to allow a platform that may not support relocation of SecCore to update the PPI instance to a post-memory
> + copy from a PEIM that has been shadowed to permanent memory.
> +
> + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfully.
> + @retval Others An error occurred re-installing the SecCore PPIs.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RepublishSecPpis (
> + VOID
> + )
> +{
> + EFI_STATUS Status;
> + EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor;
> + VOID *PeiPpi;
> + SEC_PLATFORM_INFORMATION_CONTEXT_HOB *SecPlatformInformationContextHob;
> + EFI_SEC_PLATFORM_INFORMATION_RECORD *SecPlatformInformationPtr;
> + UINT64 SecStructureSize;
> +
> + SecPlatformInformationPtr = NULL;
> + SecStructureSize = 0;
> +
> + Status = PeiServicesLocatePpi (
> + &gEfiTemporaryRamDonePpiGuid,
> + 0,
> + &PeiPpiDescriptor,
> + (VOID **) &PeiPpi
> + );
> + if (!EFI_ERROR (Status)) {
> + Status = PeiServicesReInstallPpi (
> + PeiPpiDescriptor,
> + &mSecTemporaryRamDonePostMemoryDescriptor
> + );
> + ASSERT_EFI_ERROR (Status);
> + }
> +
> + Status = PeiServicesLocatePpi (
> + &gEfiTemporaryRamSupportPpiGuid,
> + 0,
> + &PeiPpiDescriptor,
> + (VOID **) &PeiPpi
> + );
> + if (!EFI_ERROR (Status)) {
> + Status = PeiServicesReInstallPpi (
> + PeiPpiDescriptor,
> + &mSecTemporaryRamSupportPostMemoryDescriptor
> + );
> + ASSERT_EFI_ERROR (Status);
> + }
> +
> + Status = PeiServicesCreateHob (
> + EFI_HOB_TYPE_GUID_EXTENSION,
> + sizeof (SEC_PLATFORM_INFORMATION_CONTEXT_HOB),
> + (VOID **) &SecPlatformInformationContextHob
> + );
> + ASSERT_EFI_ERROR (Status);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "SecPlatformInformation Context HOB could not be created.\n"));
> + return Status;
> + }
> +
> + SecPlatformInformationContextHob->Header.Name = gEfiCallerIdGuid;
> + SecPlatformInformationContextHob->Revision = 1;
> +
> + Status = PeiServicesLocatePpi (
> + &gPeiSecPerformancePpiGuid,
> + 0,
> + &PeiPpiDescriptor,
> + (VOID **) &PeiPpi
> + );
> + if (!EFI_ERROR (Status)) {
> + Status = ((PEI_SEC_PERFORMANCE_PPI *) PeiPpi)->GetPerformance (
> + GetPeiServicesTablePointer (),
> + (PEI_SEC_PERFORMANCE_PPI *) PeiPpi,
> + &SecPlatformInformationContextHob->FirmwareSecPerformance
> + );
> + ASSERT_EFI_ERROR (Status);
> + if (!EFI_ERROR (Status)) {
> + Status = PeiServicesReInstallPpi (
> + PeiPpiDescriptor,
> + &mSecPerformancePpiDescriptor
> + );
> + ASSERT_EFI_ERROR (Status);
> + }
> + }
> +
> + Status = PeiServicesLocatePpi (
> + &gEfiSecPlatformInformationPpiGuid,
> + 0,
> + &PeiPpiDescriptor,
> + (VOID **) &PeiPpi
> + );
> + if (!EFI_ERROR (Status)) {
> + Status = ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)->PlatformInformation (
> + GetPeiServicesTablePointer (),
> + &SecStructureSize,
> + SecPlatformInformationPtr
> + );
> + ASSERT (Status == EFI_BUFFER_TOO_SMALL);
> + if (Status != EFI_BUFFER_TOO_SMALL) {
> + return EFI_NOT_FOUND;
> + }
> +
> + ZeroMem ((VOID *) &(SecPlatformInformationContextHob->Context), sizeof (SEC_PLATFORM_INFORMATION_CONTEXT));
> + SecPlatformInformationContextHob->Context.PlatformInformationRecord = AllocatePool ((UINTN) SecStructureSize);
> + ASSERT (SecPlatformInformationContextHob->Context.PlatformInformationRecord != NULL);
> + if (SecPlatformInformationContextHob->Context.PlatformInformationRecord == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> + SecPlatformInformationContextHob->Context.StructureSize = SecStructureSize;
> +
> + Status = ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)->PlatformInformation (
> + GetPeiServicesTablePointer (),
> + &(SecPlatformInformationContextHob->Context.StructureSize),
> + SecPlatformInformationContextHob->Context.PlatformInformationRecord
> + );
> + ASSERT_EFI_ERROR (Status);
> + if (!EFI_ERROR (Status)) {
> + Status = PeiServicesReInstallPpi (
> + PeiPpiDescriptor,
> + &mSecPlatformInformationPostMemoryDescriptor
> + );
> + ASSERT_EFI_ERROR (Status);
> + }
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This function is the entry point which installs an instance of REPUBLISH_SEC_PPI_PPI.
> +
> + It install the RepublishSecPpi depent on PcdMigrateTemporaryRamFirmwareVolumes, install
> + the PPI when the PcdMigrateTemporaryRamFirmwareVolumes enabled.
> +
> + @param[in] FileHandle Pointer to image file handle.
> + @param[in] PeiServices Pointer to PEI Services Table
> +
> + @retval EFI_ABORTED Disable evacuate temporary memory feature by disable
> + PcdMigrateTemporaryRamFirmwareVolumes.
> + @retval EFI_SUCCESS An instance of REPUBLISH_SEC_PPI_PPI was installed successfully.
Thanks for fixing this comment (relative to v5), my A-b stands.
Laszlo
> + @retval Others An error occurred installing and instance of REPUBLISH_SEC_PPI_PPI.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SecMigrationPeiInitialize (
> + IN EFI_PEI_FILE_HANDLE FileHandle,
> + IN CONST EFI_PEI_SERVICES **PeiServices
> + )
> +{
> + EFI_STATUS Status;
> +
> + Status = EFI_ABORTED;
> +
> + if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
> + Status = PeiServicesInstallPpi (&mEdkiiRepublishSecPpiDescriptor);
> + ASSERT_EFI_ERROR (Status);
> + }
> +
> + return Status;
> +}
> diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni
> new file mode 100644
> index 000000000000..62c2064ba217
> --- /dev/null
> +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni
> @@ -0,0 +1,13 @@
> +// /** @file
> +// Migrates SEC structures after permanent memory is installed.
> +//
> +// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT #language en-US "Migrates SEC structures after permanent memory is installed"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "Migrates SEC structures after permanent memory is installed."
> +
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#63156): https://edk2.groups.io/g/devel/message/63156
Mute This Topic: https://groups.io/mt/75720849/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list