[edk2-devel] WSMT bits

Laszlo Ersek lersek at redhat.com
Tue Mar 10 09:36:34 UTC 2020 

Hi Jiewen,

reading the following chapter:

  https://edk2-docs.gitbooks.io/a-tour-beyond-bios-memory-protection-in-uefi-bios/content/memory-protection-in-SMM.html

I'm having trouble associating the protection features implemented in
edk2 with the various bits in the WSMT (per
"MdePkg/Include/IndustryStandard/WindowsSmmSecurityMitigationTable.h").

For example, it seems like the bits a platform sets in the WSMT *might*
depend on "PcdCpuSmmRestrictedMemoryAccess".

Can someone clarify these please?


FWIW, in the edk2-platforms tree, the
"Platform/Intel/Vlv2TbltDevicePkg/AcpiPlatform/AcpiPlatform.c" source
file sets EFI_WSMT_PROTECTION_FLAGS_FIXED_COMM_BUFFERS and
EFI_WSMT_PROTECTION_FLAGS_COMM_BUFFER_NESTED_PTR_PROTECTION. It does not
set EFI_WSMT_PROTECTION_FLAGS_SYSTEM_RESOURCE_PROTECTION.

Is this bitmask (from Vlv2TbltDevicePkg) the general pattern that other
edk2 platforms with SMM support should expose too, as a starting point?

Does Vlv2TbltDevicePkg perform some specific actions in order to claim
these feature bits, or do they simply report guarantees that the core
edk2 SMM infrastructure provides out of the box?

This code was originally added to Vlv2TbltDevicePkg in edk2 (not
edk2-platforms) commit 2c855d3aaf36d (preceding the movement of
Vlv2TbltDevicePkg to edk2-platforms):

commit 2c855d3aaf36da80f8c4f0ae12d31900a628b0a9
Author: Lu, ShifeiX A <shifeix.a.lu at intel.com>
Date:   Thu Jul 28 16:21:28 2016 +0800

    Vlv2DeviceRefCodePkg&Vlv2DevicePkg:Add sample WSMT table.

    This is an sample WSMT table, which we only
    update BIT0 and BIT1 of Protections flags fields.

    Contributed-under: TianoCore Contribution Agreement 1.0
    Signed-off-by: lushifex <shifeix.a.lu at intel.com>
    Reviewed-by: David Wei <david.wei at intel.com>

 Vlv2DeviceRefCodePkg/AcpiTablesPCAT/AcpiTables.inf |  3 ++-
 Vlv2DeviceRefCodePkg/AcpiTablesPCAT/Wsmt/Wsmt.aslc | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 Vlv2TbltDevicePkg/AcpiPlatform/AcpiPlatform.c      | 13 +++++++++++++
 3 files changed, 75 insertions(+), 1 deletion(-)

And that's not a lot of explanation, unfortunately.

(Note: I have not read the WSMT spec.)

Thanks,
Laszlo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#55712): https://edk2.groups.io/g/devel/message/55712
Mute This Topic: https://groups.io/mt/71853609/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list