[edk2-devel] [PATCH v2 00/25] Implement Dynamic Memory Protections
Taylor Beebe
taylor.d.beebe at gmail.com
Mon Aug 21 16:19:15 UTC 2023
Here's a summmary of the v2 changes :)
v2:
- The previous version required the platform manage the HOB creation
during PEI phase. v2 adds a new library, SetMemoryProtectionsLib, which
offers an interface for setting, locking, and checking the memory protections
for the boot. The settings are still backed by a HOB entry. SetMemoryProtectionsLib
is a PEI/SEC only library as protections must be locked in by DxeHandoff().
- The previous version had a separate MM and DXE library for getting the platform
memory protection settings and populating the global for access. v2 consolidates
these two libraries into a single GetMemoryProtectionsLib which has DXE and MM
instances. The global populated is a union of the MM and DXE settings. The first
4 bytes of the union is the signature used to identify whether the global contains
the DXE or MM settings.
- Add a patch to page-align the DXE allocated HOB list and apply RO and NX
to it during memory protection initialization.
- Add a patch which checks the debug print level before executing the memory
map dump routine. This saves several seconds of boot time on debug builds with
memory protections active.
- Remove unnecessary code consolidation from the patch series to make it easier
to review. The code consolidation will be in a future patch series.
- Add the ability to set the memory protection profile via the fw_cfg QEMU
interface on OvmfPkg platforms. The cfg parsing library needs to be ported to
ArmVirtPkg to enable the same functionality on ARM virtual platforms. ArmVirtPkg
will use the Release protection profile by default.
- Restructure the patch series to ensure bisectability as the memory logic
is transitioned to use the Get and Set libraries one package at a time.
The memory protection PCDs are still removed in this patch series to avoid
confusing the interface and remove the ties to the legacy implementation.
On 8/18/23 3:31 PM, Taylor Beebe wrote:
> In the past, memory protection settings were configured via FixedAtBuild PCDs,
> which resulted in a build-time configuration of memory mitigations. This
> approach limited the flexibility of applying mitigations to the
> system and made it difficult to update or adjust the settings post-build.
>
> In a design, the configuration interface has been revised to allow for dynamic
> configuration. This is achieved by setting memory protections via a library
> interface which stores/updates the memory protection settings in
> a GUIDed HOB, which is then consumed during and after DXE handoff.
>
> This patch series adds two libraries:
> SetMemoryProtectionsLib: A PEIM that allows for setting/fetching memory
> protections and "locking" to prevent further updates via the library interface.
> The backing for the settings are a GUIDed HOB that is created by the library
> whenever its API is invoked.
>
> GetMemoryProtectionsLib: A DXE library that allows for getting the memory
> protection settings for the current boot. This library populates a global
> with the settings from the HOB entry (if present) for access in the module.
> Previous references to the PCDs are replaced with references to the global.
>
> OvmfPkg has been updated to allow the setting of the memory protection profile
> via QemuCfg instead of just the NxForStack setting. If no profile is passed,
> the platform will default to the Debug profile for DXE and Off profile for MM.
>
> ArmVirtPkg will use the Release profile.
>
> Reference: https://github.com/tianocore/edk2/pull/4566
>
> Cc: Abner Chang <abner.chang at amd.com>
> Cc: Andrei Warkentin <andrei.warkentin at intel.com>
> Cc: Anatol Belski <anbelski at linux.microsoft.com>
> Cc: Andrew Fish <afish at apple.com>
> Cc: Anthony Perard <anthony.perard at citrix.com>
> Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
> Cc: Corvin Köhne <corvink at freebsd.org>
> Cc: Dandan Bi <dandan.bi at intel.com>
> Cc: Eric Dong <eric.dong at intel.com>
> Cc: Erdem Aktas <erdemaktas at google.com>
> Cc: Gerd Hoffmann <kraxel at redhat.com>
> Cc: Guo Dong <guo.dong at intel.com>
> Cc: Gua Guo <gua.guo at intel.com>
> Cc: James Bottomley <jejb at linux.ibm.com>
> Cc: James Lu <james.lu at intel.com>
> Cc: Jian J Wang <jian.j.wang at intel.com>
> Cc: Jianyong Wu <jianyong.wu at arm.com>
> Cc: Jiewen Yao <jiewen.yao at intel.com>
> Cc: Jordan Justen <jordan.l.justen at intel.com>
> Cc: Julien Grall <julien at xen.org>
> Cc: Leif Lindholm <quic_llindhol at quicinc.com>
> Cc: Liming Gao <gaoliming at byosoft.com.cn>
> Cc: Michael Roth <michael.roth at amd.com>
> Cc: Min Xu <min.m.xu at intel.com>
> Cc: Peter Grehan <grehan at freebsd.org>
> Cc: Rahul Kumar <rahul1.kumar at intel.com>
> Cc: Ray Ni <ray.ni at intel.com>
> Cc: Rebecca Cran <rebecca at bsdio.com>
> Cc: Sami Mujawar <sami.mujawar at arm.com>
> Cc: Sean Rhodes <sean at starlabs.systems>
> Cc: Sunil V L <sunilvl at ventanamicro.com>
> Cc: Tom Lendacky <thomas.lendacky at amd.com>
>
> Taylor Beebe (25):
> MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions
> MdeModulePkg: Define SetMemoryProtectionsLib and
> GetMemoryProtectionsLib
> MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib
> MdeModulePkg: Implement SetMemoryProtectionsLib and
> GetMemoryProtectionsLib
> MdeModulePkg: Apply Protections to the HOB List
> MdeModulePkg: Check Print Level Before Dumping GCD Memory Map
> UefiCpuPkg: Always Set Stack Guard in MpPei Init
> ArmVirtPkg: Add Memory Protection Library Definitions to Platforms
> OvmfPkg: Add Memory Protection Library Definitions to Platforms
> OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib
> OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib
> UefiPayloadPkg: Update DXE Handoff to use SetMemoryProtectionsLib
> MdeModulePkg: Update DXE Handoff to use SetMemoryProtectionsLib
> ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs
> EmulatorPkg: Use GetMemoryProtectionsLib instead of Memory Protection
> PCDs
> OvmfPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs
> UefiCpuPkg: Use GetMemoryProtectionsLib instead of Memory Protection
> PCDs
> MdeModulePkg: Use GetMemoryProtectionsLib instead of Memory Protection
> PCDs
> MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib
> OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg
> ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib
> MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib
> OvmfPkg: Delete Memory Protection PCDs
> ArmVirtPkg: Delete Memory Protection PCDs
> MdeModulePkg: Delete Memory Protection PCDs
>
> ArmPkg/Drivers/CpuDxe/CpuDxe.c | 5 +-
> ArmVirtPkg/MemoryInitPei/MemoryInitPeim.c | 11 +-
> MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 4 +-
> MdeModulePkg/Core/Dxe/Gcd/Gcd.c | 22 +-
> MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 46 +-
> MdeModulePkg/Core/Dxe/Mem/Page.c | 2 +-
> MdeModulePkg/Core/Dxe/Mem/Pool.c | 4 +-
> MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 96 ++-
> MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c | 4 +-
> MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 +
> MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 9 +-
> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 6 +-
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 16 +-
> MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 29 +-
> MdeModulePkg/Core/PiSmmCore/Pool.c | 4 +-
> MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c | 158 ++++
> MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.c | 29 +
> MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c | 124 ++++
> MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c | 781 ++++++++++++++++++++
> MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.c | 144 ++++
> OvmfPkg/Fdt/HighMemDxe/HighMemDxe.c | 5 +-
> OvmfPkg/Library/PeilessStartupLib/DxeLoad.c | 6 +-
> OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c | 59 +-
> OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c | 26 +-
> OvmfPkg/Library/PlatformInitLib/Platform.c | 15 -
> OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParser.c | 11 +
> OvmfPkg/PlatformPei/IntelTdx.c | 2 -
> OvmfPkg/PlatformPei/Platform.c | 73 +-
> OvmfPkg/QemuVideoDxe/VbeShim.c | 3 +-
> OvmfPkg/TdxDxe/TdxDxe.c | 7 +-
> UefiCpuPkg/CpuDxe/CpuDxe.c | 2 +-
> UefiCpuPkg/CpuDxe/CpuMp.c | 2 +-
> UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 +-
> UefiCpuPkg/CpuMpPei/CpuPaging.c | 16 +-
> UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c | 6 +-
> UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c | 15 +
> UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c | 21 +
> UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 3 +-
> UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 2 +-
> UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 13 +-
> UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 2 +-
> UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 2 +-
> UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c | 11 +-
> UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c | 2 +
> UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c | 8 +-
> UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c | 15 +-
> ArmPkg/ArmPkg.dsc | 1 +
> ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 2 +-
> ArmVirtPkg/ArmVirt.dsc.inc | 21 +-
> ArmVirtPkg/ArmVirtCloudHv.dsc | 5 -
> ArmVirtPkg/ArmVirtQemu.dsc | 5 -
> ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf | 1 +
> EmulatorPkg/EmulatorPkg.dsc | 3 +-
> MdeModulePkg/Core/Dxe/DxeMain.h | 1 +
> MdeModulePkg/Core/Dxe/DxeMain.inf | 9 +-
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 +
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 11 +-
> MdeModulePkg/Core/PiSmmCore/PiSmmCore.h | 1 +
> MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf | 4 +-
> MdeModulePkg/Include/Guid/MemoryProtectionSettings.h | 216 ++++++
> MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h | 83 +++
> MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h | 157 ++++
> MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf | 34 +
> MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.inf | 25 +
> MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf | 34 +
> MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf | 37 +
> MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.inf | 25 +
> MdeModulePkg/MdeModulePkg.dec | 182 +----
> MdeModulePkg/MdeModulePkg.dsc | 7 +
> MdeModulePkg/MdeModulePkg.uni | 153 ----
> OvmfPkg/AmdSev/AmdSevX64.dsc | 4 +-
> OvmfPkg/Bhyve/BhyveX64.dsc | 4 +-
> OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf | 1 -
> OvmfPkg/CloudHv/CloudHvX64.dsc | 4 +-
> OvmfPkg/Fdt/HighMemDxe/HighMemDxe.inf | 4 +-
> OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc | 15 +
> OvmfPkg/Include/Library/PlatformInitLib.h | 13 -
> OvmfPkg/Include/Library/QemuFwCfgSimpleParserLib.h | 8 +
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 5 +-
> OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf | 6 +-
> OvmfPkg/Microvm/MicrovmX64.dsc | 5 +-
> OvmfPkg/OvmfPkgIa32.dsc | 4 +-
> OvmfPkg/OvmfPkgIa32X64.dsc | 4 +-
> OvmfPkg/OvmfPkgX64.dsc | 4 +-
> OvmfPkg/OvmfXen.dsc | 5 +-
> OvmfPkg/PlatformCI/PlatformBuildLib.py | 31 +-
> OvmfPkg/PlatformPei/PlatformPei.inf | 2 +-
> OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf | 2 +-
> OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 13 -
> OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc | 2 +
> OvmfPkg/TdxDxe/TdxDxe.inf | 1 -
> UefiCpuPkg/CpuDxe/CpuDxe.h | 11 +-
> UefiCpuPkg/CpuDxe/CpuDxe.inf | 4 +-
> UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf | 3 -
> UefiCpuPkg/CpuMpPei/CpuMpPei.h | 3 +-
> UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 -
> UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf | 1 -
> UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf | 1 -
> UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf | 1 -
> UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf | 1 -
> UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h | 13 +-
> UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf | 2 +-
> UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf | 2 +-
> UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 +-
> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 3 +-
> UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h | 9 +-
> UefiCpuPkg/UefiCpuPkg.dec | 7 +-
> UefiCpuPkg/UefiCpuPkg.dsc | 2 +
> UefiCpuPkg/UefiCpuPkg.uni | 10 +-
> UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h | 1 +
> UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf | 9 +-
> UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf | 9 +-
> UefiPayloadPkg/UefiPayloadPkg.dsc | 12 +
> 113 files changed, 2404 insertions(+), 692 deletions(-)
> create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c
> create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.c
> create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c
> create mode 100644 MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c
> create mode 100644 MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.c
> create mode 100644 MdeModulePkg/Include/Guid/MemoryProtectionSettings.h
> create mode 100644 MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h
> create mode 100644 MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h
> create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf
> create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.inf
> create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf
> create mode 100644 MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf
> create mode 100644 MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.inf
> create mode 100644 OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107928): https://edk2.groups.io/g/devel/message/107928
Mute This Topic: https://groups.io/mt/100830898/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list