回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too
gaoliming
gaoliming at byosoft.com.cn
Sat Oct 10 03:35:17 UTC 2020
Meg:
Pull Request is created https://github.com/tianocore/edk2/pull/999
Thanks
Liming
> -----邮件原件-----
> 发件人: bounce+27952+66058+4905953+8761045 at groups.io
> <bounce+27952+66058+4905953+8761045 at groups.io> 代表 gaoliming
> 发送时间: 2020年10月9日 17:30
> 收件人: devel at edk2.groups.io; jacek.kukiello at intel.com; 'Rothman, Michael
> A' <michael.a.rothman at intel.com>
> 抄送: 'Kinney, Michael D' <michael.d.kinney at intel.com>; 'Wang, Jian J'
> <jian.j.wang at intel.com>; 'Wu, Hao A' <hao.a.wu at intel.com>; 'Bi, Dandan'
> <dandan.bi at intel.com>; 'Liu, Zhiguang' <zhiguang.liu at intel.com>; 'Oleksiy
> Yakovlev' <oleksiyy at ami.com>; 'Ard Biesheuvel' <ard.biesheuvel at arm.com>
> 主题: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for
> hiding page-access caps from OSes hides SP and CRYPTO caps too
>
> Meg:
> Thanks for your detail information. I understand this problem now.
> I agree your patch to revert the change introduced by previous
> 3bd5c994c879f78e8e3d5346dc3b627f199291aa.
>
> Reviewed-by: Liming Gao <gaoliming at byosoft.com.cn>
>
> If no other comments, I will merge this patch set tomorrow.
>
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: bounce+27952+66053+4905953+8761045 at groups.io
> > <bounce+27952+66053+4905953+8761045 at groups.io> 代表 Malgorzata
> > Kukiello
> > 发送时间: 2020年10月9日 14:01
> > 收件人: devel at edk2.groups.io; Kukiello, Malgorzata
> > <jacek.kukiello at intel.com>; gaoliming at byosoft.com.cn; Rothman, Michael
> A
> > <michael.a.rothman at intel.com>
> > 抄送: Kinney, Michael D <michael.d.kinney at intel.com>; Wang, Jian J
> > <jian.j.wang at intel.com>; Wu, Hao A <hao.a.wu at intel.com>; Bi, Dandan
> > <dandan.bi at intel.com>; Liu, Zhiguang <zhiguang.liu at intel.com>; 'Oleksiy
> > Yakovlev' <oleksiyy at ami.com>; 'Ard Biesheuvel'
> <ard.biesheuvel at arm.com>
> > 主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for
> hiding
> > page-access caps from OSes hides SP and CRYPTO caps too
> >
> > Liming,
> > Any update/comment? It's pretty urgent from my perspective.
> > Thanks
> > Meg
> >
> > -----Original Message-----
> > From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of
> > Malgorzata Kukiello
> > Sent: Friday, October 2, 2020 2:52 PM
> > To: devel at edk2.groups.io; gaoliming at byosoft.com.cn; Rothman, Michael A
> > <michael.a.rothman at intel.com>
> > Cc: Kinney, Michael D <michael.d.kinney at intel.com>; Wang, Jian J
> > <jian.j.wang at intel.com>; Wu, Hao A <hao.a.wu at intel.com>; Bi, Dandan
> > <dandan.bi at intel.com>; Liu, Zhiguang <zhiguang.liu at intel.com>; 'Oleksiy
> > Yakovlev' <oleksiyy at ami.com>; 'Ard Biesheuvel'
> <ard.biesheuvel at arm.com>
> > Subject: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for
> > hiding page-access caps from OSes hides SP and CRYPTO caps too
> >
> > Liming,
> > I am trying to enable a crypto technology, that requires handling on the OS
> > side (implemented in the kernel.org patch), generally speaking I mark in
> > memory map all regions that can be encrypted using the before mentioned
> > tech. Then OS checks that attribute and decides whether or not to enable
> > that.
> > So the real problem is that currently all my attributes are overwritten and
> > cleared.
> > Thanks
> > Meg
> >
> > -----Original Message-----
> > From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of
> gaoliming
> > Sent: Tuesday, September 29, 2020 3:13 AM
> > To: devel at edk2.groups.io; Kukiello, Malgorzata <jacek.kukiello at intel.com>;
> > Rothman, Michael A <michael.a.rothman at intel.com>
> > Cc: Kinney, Michael D <michael.d.kinney at intel.com>; Wang, Jian J
> > <jian.j.wang at intel.com>; Wu, Hao A <hao.a.wu at intel.com>; Bi, Dandan
> > <dandan.bi at intel.com>; Liu, Zhiguang <zhiguang.liu at intel.com>; 'Oleksiy
> > Yakovlev' <oleksiyy at ami.com>; 'Ard Biesheuvel'
> <ard.biesheuvel at arm.com>
> > Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for
> > hiding page-access caps from OSes hides SP and CRYPTO caps too
> >
> > Meg:
> > What real problem do you meet with? What purpose is for this change?
> And,
> > I also include UEFI Arch Rothman.
> >
> > Rothman:
> > Can you help clarify what OS (Windows or Linux) behavior is expected for
> > UEFI SP and CRYPTO memory attribute?
> >
> > Thanks
> > Liming
> > > -----邮件原件-----
> > > 发件人: bounce+27952+65683+4905953+8761045 at groups.io
> > > <bounce+27952+65683+4905953+8761045 at groups.io> 代表
> Malgorzata
> > Kukiello
> > > 发送时间: 2020年9月28日 23:39
> > > 收件人: devel at edk2.groups.io; gaoliming at byosoft.com.cn
> > > 抄送: Kinney, Michael D <michael.d.kinney at intel.com>; Wang, Jian J
> > > <jian.j.wang at intel.com>; Wu, Hao A <hao.a.wu at intel.com>; Bi, Dandan
> > > <dandan.bi at intel.com>; Liu, Zhiguang <zhiguang.liu at intel.com>;
> > > 'Oleksiy Yakovlev' <oleksiyy at ami.com>; 'Ard Biesheuvel'
> > > <ard.biesheuvel at arm.com>
> > > 主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for
> > hiding
> > > page-access caps from OSes hides SP and CRYPTO caps too
> > >
> > > Liming,
> > > As for mktme there is a change commited:
> > > https://patchwork.kernel.org/patch/10935909/
> > > As for SP I can't find anything specific.
> > > Thanks
> > > Meg
> > >
> > > -----Original Message-----
> > > From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of
> > > gaoliming
> > > Sent: Friday, September 25, 2020 10:55 AM
> > > To: devel at edk2.groups.io; Kukiello, Malgorzata
> > > <jacek.kukiello at intel.com>
> > > Cc: Kinney, Michael D <michael.d.kinney at intel.com>; Wang, Jian J
> > > <jian.j.wang at intel.com>; Wu, Hao A <hao.a.wu at intel.com>; Bi, Dandan
> > > <dandan.bi at intel.com>; Liu, Zhiguang <zhiguang.liu at intel.com>;
> > > 'Oleksiy Yakovlev' <oleksiyy at ami.com>; 'Ard Biesheuvel'
> > > <ard.biesheuvel at arm.com>
> > > Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround
> for
> > > hiding page-access caps from OSes hides SP and CRYPTO caps too
> > >
> > > Malgorzata:
> > > How do know OS (Windows or Linux) behavior for SP and CRYPTO
> > attribute?
> > > Is there the public document to describe this behavior?
> > >
> > > Thanks
> > > Liming
> > > > -----邮件原件-----
> > > > 发件人: bounce+27952+65566+4905953+8761045 at groups.io
> > > > <bounce+27952+65566+4905953+8761045 at groups.io> 代表
> > Malgorzata
> > > Kukiello
> > > > 发送时间: 2020年9月24日 18:22
> > > > 收件人: devel at edk2.groups.io
> > > > 抄送: Malgorzata Kukiello <jacek.kukiello at intel.com>; Michael D
> Kinney
> > > > <michael.d.kinney at intel.com>; Jian J Wang <jian.j.wang at intel.com>;
> > > > Hao A Wu <hao.a.wu at intel.com>; Dandan Bi <dandan.bi at intel.com>;
> > > > Liming Gao <gaoliming at byosoft.com.cn>; Zhiguang Liu
> > > > <zhiguang.liu at intel.com>; Oleksiy Yakovlev <oleksiyy at ami.com>; Ard
> > > > Biesheuvel <ard.biesheuvel at arm.com>
> > > > 主题: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for
> hiding
> > > > page-access caps from OSes hides SP and CRYPTO caps too
> > > >
> > > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982
> > > >
> > > > The workaround in the UEFI memmap construction, near the end of the
> > > > function CoreGetMemoryMap()
> [MdeModulePkg/Core/Dxe/Mem/Page.c]
> > > > should
> > > > not clear the SP and CRYPTO bits, because OSes do (apparently)
> > > > correctly interpret SP and CRYPTO as capabilities, and not as
> > > > currently set attributes (upon which the OSes should set their page
> > > > tables). For this reason, the SP and CRYPTO bits should be separated
> > > > from the bitmask that we use for hiding the page-access attributes,
> > > > in the workaround
> > > >
> > > > Signed-off-by: Malgorzata Kukiello <jacek.kukiello at intel.com>
> > > > Cc: Michael D Kinney <michael.d.kinney at intel.com>
> > > > Cc: Jian J Wang <jian.j.wang at intel.com>
> > > > Cc: Hao A Wu <hao.a.wu at intel.com>
> > > > Cc: Dandan Bi <dandan.bi at intel.com>
> > > > Cc: Liming Gao <gaoliming at byosoft.com.cn>
> > > > Cc: Zhiguang Liu <zhiguang.liu at intel.com>
> > > > Cc: Oleksiy Yakovlev <oleksiyy at ami.com>
> > > > Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel at arm.com>
> > > >
> > > > MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------
> > > > MdePkg/Include/Uefi/UefiSpec.h | 3 ++-
> > > > 2 files changed, 8 insertions(+), 7 deletions(-)
> > > > --------------------------------------------------------------------
> > > > -
> > > > Intel Technology Poland sp. z o.o.
> > > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII
> > > > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP
> > > > 957-07-52-316
> > > > | Kapita zakadowy 200.000 PLN.
> > > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego
> > > > adresata i moe zawiera informacje poufne. W razie przypadkowego
> > > > otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz
> trwae
> > > > jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest
> > zabronione.
> > > > This e-mail and any attachments may contain confidential material
> > > > for the sole use of the intended recipient(s). If you are not the
> > > > intended
> > > recipient,
> > > > please contact the sender and delete all copies; any review or
> > > distribution by
> > > > others is strictly prohibited.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > Intel Technology Poland sp. z o.o.
> > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII
> > > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP
> > > 957-07-52-316 | Kapita zakadowy 200.000 PLN.
> > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata
> > > i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej
> > > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie;
> > > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione.
> > > This e-mail and any attachments may contain confidential material for
> > > the sole use of the intended recipient(s). If you are not the intended
> > > recipient, please contact the sender and delete all copies; any review
> > > or distribution by others is strictly prohibited.
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > Intel Technology Poland sp. z o.o.
> > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia
> > Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP
> 957-07-52-316
> > | Kapita zakadowy 200.000 PLN.
> > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i
> > moe zawiera informacje poufne. W razie przypadkowego otrzymania tej
> > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie;
> > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione.
> > This e-mail and any attachments may contain confidential material for the
> > sole use of the intended recipient(s). If you are not the intended recipient,
> > please contact the sender and delete all copies; any review or distribution
> by
> > others is strictly prohibited.
> >
> >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > Intel Technology Poland sp. z o.o.
> > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia
> > Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP
> 957-07-52-316
> > | Kapita zakadowy 200.000 PLN.
> > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i
> > moe zawiera informacje poufne. W razie przypadkowego otrzymania tej
> > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie;
> > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione.
> > This e-mail and any attachments may contain confidential material for the
> > sole use of the intended recipient(s). If you are not the intended recipient,
> > please contact the sender and delete all copies; any review or distribution
> by
> > others is strictly prohibited.
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#66097): https://edk2.groups.io/g/devel/message/66097
Mute This Topic: https://groups.io/mt/77418013/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list