[edk2-devel] [PATCH v5 04/28] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib
Taylor Beebe
taylor.d.beebe at gmail.com
Mon Oct 9 00:07:16 UTC 2023
The SetMemoryProtectionsLib implementation has functionality for
setting protections based on a preset profile or a custom DXE/MM
profile passed in by the caller. The implementation also supports
locking the protections (tracked via an extra boolean stored
in the HOB entry) which prevents the protections from being
changed by any other SetMemoryProtectionsLib calls.
The GetMemoryProtectionsLib implementation populates the
gMps global in the library consructor. For cases where the global
needs to be accessed before the constructor is called,
PopulateMpsGlobal() will manually fill out the gMps global.
Signed-off-by: Taylor Beebe <taylor.d.beebe at gmail.com>
Cc: Jian J Wang <jian.j.wang at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
---
MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c | 158 ++++++
MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c | 124 +++++
MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c | 534 ++++++++++++++++++++
MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf | 34 ++
MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf | 34 ++
MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf | 48 ++
MdeModulePkg/MdeModulePkg.dsc | 3 +
7 files changed, 935 insertions(+)
diff --git a/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c b/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c
new file mode 100644
index 000000000000..c622a7b99f42
--- /dev/null
+++ b/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c
@@ -0,0 +1,158 @@
+/** @file
+Library fills out gMps global for accessing the platform memory protection settings
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <PiDxe.h>
+
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
+
+MEMORY_PROTECTION_SETTINGS_UNION gMps = { 0 };
+
+/**
+ This function checks the memory protection settings for conflicts.
+
+ @param[in] Mps Pointer to the memory protection settings to check.
+
+ @retval EFI_SUCCESS The memory protection settings are consistent.
+ @retval EFI_INVALID_PARAMETER The memory protection settings are not consistent.
+**/
+STATIC
+EFI_STATUS
+DxeMemoryProtectionSettingsConsistencyCheck (
+ IN MEMORY_PROTECTION_SETTINGS *Mps
+ )
+{
+ if ((Mps->Dxe.HeapGuard.PoolGuardEnabled || Mps->Dxe.HeapGuard.PageGuardEnabled) &&
+ Mps->Dxe.HeapGuard.FreedMemoryGuardEnabled)
+ {
+ DEBUG ((
+ DEBUG_WARN,
+ "%a: - HeapGuard.FreedMemoryGuardEnabled and "
+ "UEFI HeapGuard.PoolGuardEnabled/HeapGuard.PageGuardEnabled "
+ "cannot be active at the same time. Setting all three to ZERO in "
+ "the memory protection settings global.\n",
+ __func__
+ ));
+ ASSERT (
+ !(Mps->Dxe.HeapGuard.FreedMemoryGuardEnabled &&
+ (Mps->Dxe.HeapGuard.PoolGuardEnabled || Mps->Dxe.HeapGuard.PageGuardEnabled))
+ );
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (!IsZeroBuffer (&Mps->Dxe.PoolGuard, MPS_MEMORY_TYPE_BUFFER_SIZE) &&
+ (!(Mps->Dxe.HeapGuard.PoolGuardEnabled)))
+ {
+ DEBUG ((
+ DEBUG_WARN,
+ "%a: - PoolGuard protections are active "
+ "but HeapGuard.PoolGuardEnabled is inactive.\n",
+ __func__
+ ));
+ }
+
+ if (!IsZeroBuffer (&Mps->Dxe.PageGuard, MPS_MEMORY_TYPE_BUFFER_SIZE) &&
+ (!(Mps->Dxe.HeapGuard.PageGuardEnabled)))
+ {
+ DEBUG ((
+ DEBUG_WARN,
+ "%a: - PageGuard protections are active "
+ "but HeapGuard.PageGuardEnabled is inactive\n",
+ __func__
+ ));
+ }
+
+ if (Mps->Dxe.ExecutionProtection.EnabledForType[EfiBootServicesData] !=
+ Mps->Dxe.ExecutionProtection.EnabledForType[EfiConventionalMemory])
+ {
+ DEBUG ((
+ DEBUG_WARN,
+ "%a: - EfiBootServicesData and EfiConventionalMemory must have the same "
+ "ExecutionProtection value. Setting both to ZERO in the memory protection "
+ "settings global.\n",
+ __func__
+ ));
+ ASSERT (
+ Mps->Dxe.ExecutionProtection.EnabledForType[EfiBootServicesData] ==
+ Mps->Dxe.ExecutionProtection.EnabledForType[EfiConventionalMemory]
+ );
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Populates gMps global. This function is invoked by the library constructor and only needs to be
+ called if library contructors have not yet been invoked.
+
+ @retval EFI_SUCCESS gMps global was populated.
+ @retval EFI_NOT_FOUND The gMemoryProtectionSettingsGuid HOB was not found.
+ @retval EFI_ABORTED The version number of the DXE or MM memory protection settings was invalid.
+ @retval EFI_UNSUPPORTED NULL implementation called.
+**/
+EFI_STATUS
+EFIAPI
+PopulateMpsGlobal (
+ VOID
+ )
+{
+ VOID *Ptr;
+ MEMORY_PROTECTION_SETTINGS *Mps;
+
+ Ptr = GetFirstGuidHob (&gMemoryProtectionSettingsGuid);
+
+ if (Ptr != NULL) {
+ Mps = (MEMORY_PROTECTION_SETTINGS *)GET_GUID_HOB_DATA (Ptr);
+ if (Mps->Dxe.StructVersion != DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: - Version number of the DXE Memory Protection Settings is invalid!\n",
+ __func__
+ ));
+ ASSERT (Mps->Dxe.StructVersion == DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION);
+ return EFI_ABORTED;
+ } else if (Mps->Dxe.Signature != DXE_MEMORY_PROTECTION_SIGNATURE) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: - Signature of the DXE Memory Protection Settings is invalid!\n",
+ __func__
+ ));
+ ASSERT (Mps->Dxe.Signature == DXE_MEMORY_PROTECTION_SIGNATURE);
+ return EFI_ABORTED;
+ }
+
+ if (!EFI_ERROR (DxeMemoryProtectionSettingsConsistencyCheck (Mps))) {
+ CopyMem (&gMps.Dxe, &Mps->Dxe, sizeof (DXE_MEMORY_PROTECTION_SETTINGS));
+ }
+ } else {
+ DEBUG ((
+ DEBUG_WARN,
+ "%a: - Memory Protection Settings not found!\n",
+ __func__
+ ));
+ return EFI_NOT_FOUND;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Library constructor used to populate gMps global.
+
+ @retval EFI_SUCCESS Constructor always returns success;
+**/
+EFI_STATUS
+EFIAPI
+GetDxeMemoryProtectionSettingsConstructor (
+ VOID
+ )
+{
+ PopulateMpsGlobal ();
+ return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c b/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c
new file mode 100644
index 000000000000..09c289dd8d15
--- /dev/null
+++ b/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c
@@ -0,0 +1,124 @@
+/** @file
+Library fills out gMps global for accessing the platform memory protection settings
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <PiDxe.h>
+
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/GetMemoryProtectionsLib.h>
+
+MEMORY_PROTECTION_SETTINGS_UNION gMps = { 0 };
+
+/**
+ This function checks the memory protection settings for conflicts.
+
+ @param[in] Mps Pointer to the memory protection settings to check.
+
+ @retval EFI_SUCCESS The memory protection settings are consistent.
+ @retval EFI_INVALID_PARAMETER The memory protection settings are not consistent.
+**/
+STATIC
+EFI_STATUS
+MmMemoryProtectionSettingsConsistencyCheck (
+ IN MEMORY_PROTECTION_SETTINGS *Mps
+ )
+{
+ if (!IsZeroBuffer (&Mps->Mm.PoolGuard, MPS_MEMORY_TYPE_BUFFER_SIZE) &&
+ (!Mps->Mm.HeapGuard.PoolGuardEnabled))
+ {
+ DEBUG ((
+ DEBUG_WARN,
+ "%a: - PoolGuard protections are active "
+ "but HeapGuard.PoolGuardEnabled is inactive.\n",
+ __func__
+ ));
+ }
+
+ if (!IsZeroBuffer (&Mps->Mm.PageGuard, MPS_MEMORY_TYPE_BUFFER_SIZE) &&
+ (!Mps->Mm.HeapGuard.PageGuardEnabled))
+ {
+ DEBUG ((
+ DEBUG_WARN,
+ "%a: - PageGuard protections are active "
+ "but HeapGuard.PageGuardEnabled is inactive\n",
+ __func__
+ ));
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Populates gMps global. This function is invoked by the library constructor and only needs to be
+ called if library contructors have not yet been invoked.
+
+ @retval EFI_SUCCESS gMps global was populated.
+ @retval EFI_NOT_FOUND The gMemoryProtectionSettingsGuid HOB was not found.
+ @retval EFI_ABORTED The version number of the DXE or MM memory protection settings was invalid.
+ @retval EFI_UNSUPPORTED NULL implementation called.
+**/
+EFI_STATUS
+EFIAPI
+PopulateMpsGlobal (
+ VOID
+ )
+{
+ VOID *Ptr;
+ MEMORY_PROTECTION_SETTINGS *Mps;
+
+ Ptr = GetFirstGuidHob (&gMemoryProtectionSettingsGuid);
+
+ if (Ptr != NULL) {
+ Mps = (MEMORY_PROTECTION_SETTINGS *)GET_GUID_HOB_DATA (Ptr);
+
+ if (Mps->Mm.StructVersion != MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: - Version number of the MM Memory Protection Settings is invalid!\n",
+ __func__
+ ));
+ ASSERT (Mps->Mm.StructVersion == MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION);
+ return EFI_ABORTED;
+ } else if (Mps->Mm.Signature != MM_MEMORY_PROTECTION_SIGNATURE) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: - Signature of the MM Memory Protection Settings is invalid!\n",
+ __func__
+ ));
+ ASSERT (Mps->Mm.Signature == MM_MEMORY_PROTECTION_SIGNATURE);
+ return EFI_ABORTED;
+ }
+
+ if (!EFI_ERROR (MmMemoryProtectionSettingsConsistencyCheck (Mps))) {
+ CopyMem (&gMps.Mm, &Mps->Mm, sizeof (MM_MEMORY_PROTECTION_SETTINGS));
+ }
+ } else {
+ DEBUG ((
+ DEBUG_WARN,
+ "%a: - Memory Protection Settings not found!\n",
+ __func__
+ ));
+ return EFI_NOT_FOUND;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Library constructor used to populate gMps global.
+
+ @retval EFI_SUCCESS Constructor always returns success;
+**/
+EFI_STATUS
+EFIAPI
+GetMmMemoryProtectionSettingsConstructor (
+ VOID
+ )
+{
+ PopulateMpsGlobal ();
+ return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c
new file mode 100644
index 000000000000..13032ec80fbf
--- /dev/null
+++ b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c
@@ -0,0 +1,534 @@
+/** @file
+Library for setting the memory protection settings for DXE.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <PiPei.h>
+#include <Library/HobLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/PcdLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
+
+#pragma pack(1)
+
+typedef struct {
+ // Protection settings
+ MEMORY_PROTECTION_SETTINGS Mps;
+ // Extra byte for tracking if protection settings have been locked
+ BOOLEAN MemoryProtectionSettingsLocked;
+} MEMORY_PROTECTION_SETTINGS_PRIVATE;
+
+#pragma pack()
+
+/////////////////////////////
+// DXE PROFILE DEFINITIONS //
+/////////////////////////////
+
+//
+// A memory profile which uses the fixed at build PCDs defined in MdeModulePkg.dec
+//
+#define DXE_MEMORY_PROTECTION_SETTINGS_PCD \
+{ \
+ DXE_MEMORY_PROTECTION_SIGNATURE, \
+ DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ FixedPcdGetBool (PcdCpuStackGuard), /* Stack Guard */ \
+ TRUE, /* Stack Execution Protection (MUST BE POPULATED) */ \
+ { /* NULL Pointer Detection */ \
+ .Enabled = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0), \
+ .DisableEndOfDxe = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT7) != 0), \
+ .NonstopModeEnabled = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT6) != 0) \
+ }, \
+ { /* Image Protection */ \
+ .ProtectImageFromUnknown = ((FixedPcdGet32 (PcdImageProtectionPolicy) & BIT0) != 0), \
+ .ProtectImageFromFv = ((FixedPcdGet32 (PcdImageProtectionPolicy) & BIT1) != 0) \
+ }, \
+ { /* Execution Protection */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiReservedMemoryType) != 0), \
+ [EfiLoaderCode] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiLoaderCode) != 0), \
+ [EfiLoaderData] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiLoaderData) != 0), \
+ [EfiBootServicesCode] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiBootServicesCode) != 0), \
+ [EfiBootServicesData] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiBootServicesData) != 0), \
+ [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiRuntimeServicesCode) != 0), \
+ [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiRuntimeServicesData) != 0), \
+ [EfiConventionalMemory] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiConventionalMemory) != 0), \
+ [EfiUnusableMemory] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiUnusableMemory) != 0), \
+ [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiACPIReclaimMemory) != 0), \
+ [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiACPIMemoryNVS) != 0), \
+ [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiMemoryMappedIO) != 0), \
+ [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiMemoryMappedIOPortSpace) != 0), \
+ [EfiPalCode] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiPalCode) != 0), \
+ [EfiPersistentMemory] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiPersistentMemory) != 0), \
+ [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiUnacceptedMemoryType) != 0), \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & BIT62) != 0), \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & BIT63) != 0) \
+ } \
+ }, \
+ { /* Heap Guard */ \
+ .PageGuardEnabled = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT0) != 0), \
+ .PoolGuardEnabled = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT1) != 0), \
+ .FreedMemoryGuardEnabled = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT4) != 0), \
+ .NonstopModeEnabled = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT6) != 0), \
+ .GuardAlignedToTail = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0) \
+ }, \
+ { /* Pool Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiReservedMemoryType) != 0), \
+ [EfiLoaderCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiLoaderCode) != 0), \
+ [EfiLoaderData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiLoaderData) != 0), \
+ [EfiBootServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiBootServicesCode) != 0), \
+ [EfiBootServicesData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiBootServicesData) != 0), \
+ [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiRuntimeServicesCode) != 0), \
+ [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiRuntimeServicesData) != 0), \
+ [EfiConventionalMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiConventionalMemory) != 0), \
+ [EfiUnusableMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiUnusableMemory) != 0), \
+ [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiACPIReclaimMemory) != 0), \
+ [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiACPIMemoryNVS) != 0), \
+ [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiMemoryMappedIO) != 0), \
+ [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiMemoryMappedIOPortSpace) != 0), \
+ [EfiPalCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiPalCode) != 0), \
+ [EfiPersistentMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiPersistentMemory) != 0), \
+ [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiUnacceptedMemoryType) != 0), \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & BIT62) != 0), \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & BIT63) != 0) \
+ } \
+ }, \
+ { /* Page Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiReservedMemoryType) != 0), \
+ [EfiLoaderCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiLoaderCode) != 0), \
+ [EfiLoaderData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiLoaderData) != 0), \
+ [EfiBootServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiBootServicesCode) != 0), \
+ [EfiBootServicesData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiBootServicesData) != 0), \
+ [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiRuntimeServicesCode) != 0), \
+ [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiRuntimeServicesData) != 0), \
+ [EfiConventionalMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiConventionalMemory) != 0), \
+ [EfiUnusableMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiUnusableMemory) != 0), \
+ [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiACPIReclaimMemory) != 0), \
+ [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiACPIMemoryNVS) != 0), \
+ [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiMemoryMappedIO) != 0), \
+ [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiMemoryMappedIOPortSpace) != 0), \
+ [EfiPalCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiPalCode) != 0), \
+ [EfiPersistentMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiPersistentMemory) != 0), \
+ [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiUnacceptedMemoryType) != 0), \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPageType) & BIT62) != 0), \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPageType) & BIT63) != 0) \
+ } \
+ } \
+}
+
+////////////////////////////
+// MM PROFILE DEFINITIONS //
+////////////////////////////
+
+//
+// A memory profile which uses the fixed at build PCDs defined in MdeModulePkg.dec
+//
+#define MM_MEMORY_PROTECTION_SETTINGS_PCD \
+{ \
+ MM_MEMORY_PROTECTION_SIGNATURE, \
+ MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ { /* NULL Pointer Detection */ \
+ .Enabled = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0), \
+ .NonstopModeEnabled = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT6) != 0) \
+ }, \
+ { /* Heap Guard */ \
+ .PageGuardEnabled = ((FixedPcdGet8(PcdHeapGuardPropertyMask) & BIT2) != 0), \
+ .PoolGuardEnabled = ((FixedPcdGet8(PcdHeapGuardPropertyMask) & BIT3) != 0), \
+ .NonstopModeEnabled = ((FixedPcdGet8(PcdHeapGuardPropertyMask) & BIT6) != 0), \
+ .GuardAlignedToTail = ((FixedPcdGet8(PcdHeapGuardPropertyMask) & BIT7) == 0) \
+ }, \
+ { /* Pool Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiReservedMemoryType) != 0), \
+ [EfiLoaderCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiLoaderCode) != 0), \
+ [EfiLoaderData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiLoaderData) != 0), \
+ [EfiBootServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiBootServicesCode) != 0), \
+ [EfiBootServicesData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiBootServicesData) != 0), \
+ [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiRuntimeServicesCode) != 0), \
+ [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiRuntimeServicesData) != 0), \
+ [EfiConventionalMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiConventionalMemory) != 0), \
+ [EfiUnusableMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiUnusableMemory) != 0), \
+ [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiACPIReclaimMemory) != 0), \
+ [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiACPIMemoryNVS) != 0), \
+ [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiMemoryMappedIO) != 0), \
+ [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiMemoryMappedIOPortSpace) != 0), \
+ [EfiPalCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiPalCode) != 0), \
+ [EfiPersistentMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiPersistentMemory) != 0), \
+ [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiUnacceptedMemoryType) != 0), \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & BIT62) != 0), \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & BIT63) != 0) \
+ } \
+ }, \
+ { /* Page Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiReservedMemoryType) != 0), \
+ [EfiLoaderCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiLoaderCode) != 0), \
+ [EfiLoaderData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiLoaderData) != 0), \
+ [EfiBootServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiBootServicesCode) != 0), \
+ [EfiBootServicesData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiBootServicesData) != 0), \
+ [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiRuntimeServicesCode) != 0), \
+ [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiRuntimeServicesData) != 0), \
+ [EfiConventionalMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiConventionalMemory) != 0), \
+ [EfiUnusableMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiUnusableMemory) != 0), \
+ [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiACPIReclaimMemory) != 0), \
+ [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiACPIMemoryNVS) != 0), \
+ [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiMemoryMappedIO) != 0), \
+ [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiMemoryMappedIOPortSpace) != 0), \
+ [EfiPalCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiPalCode) != 0), \
+ [EfiPersistentMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiPersistentMemory) != 0), \
+ [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiUnacceptedMemoryType) != 0), \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPageType) & BIT62) != 0), \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPageType) & BIT63) != 0) \
+ } \
+ } \
+}
+
+////////////////////////////
+// PROFILE CONFIGURATIONS //
+////////////////////////////
+
+DXE_MEMORY_PROTECTION_PROFILES DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsMax] = {
+ [DxeMemoryProtectionSettingsPcd] = {
+ .Name = "Pcd",
+ .Description = "Memory protection settings from PCDs",
+ .Settings = DXE_MEMORY_PROTECTION_SETTINGS_PCD
+ },
+};
+
+MM_MEMORY_PROTECTION_PROFILES MmMemoryProtectionProfiles[MmMemoryProtectionSettingsMax] = {
+ [MmMemoryProtectionSettingsPcd] = {
+ .Name = "Pcd",
+ .Description = "Memory protection settings from PCDs",
+ .Settings = MM_MEMORY_PROTECTION_SETTINGS_PCD
+ },
+};
+
+/////////////////////////////////////
+// GET/SET SUPPORT FUNCTIONS //
+/////////////////////////////////////
+
+/**
+ Gets the memory protection HOB entry. This function will create the entry
+ if it is not found.
+
+ @retval NULL Unable to create the memory protection HOB entry.
+ @retval Other Pointer to the memory protection HOB entry.
+**/
+STATIC
+MEMORY_PROTECTION_SETTINGS_PRIVATE *
+GetOrCreateMemoryProtectionSettings (
+ VOID
+ )
+{
+ VOID *Ptr;
+ MEMORY_PROTECTION_SETTINGS_PRIVATE Mpsp;
+
+ Ptr = GetFirstGuidHob (&gMemoryProtectionSettingsGuid);
+
+ if (Ptr != NULL) {
+ return (MEMORY_PROTECTION_SETTINGS_PRIVATE *)GET_GUID_HOB_DATA (Ptr);
+ }
+
+ ZeroMem (&Mpsp, sizeof (Mpsp));
+ Mpsp.Mps.Dxe = DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsPcd].Settings;
+ Mpsp.Mps.Mm = MmMemoryProtectionProfiles[MmMemoryProtectionSettingsPcd].Settings;
+ Mpsp.Mps.Dxe.StackExecutionProtectionEnabled = PcdGetBool (PcdSetNxForStack);
+
+ Ptr = BuildGuidDataHob (
+ &gMemoryProtectionSettingsGuid,
+ &Mpsp,
+ sizeof (Mpsp)
+ );
+
+ return (MEMORY_PROTECTION_SETTINGS_PRIVATE *)Ptr;
+}
+
+/**
+ Gets the memory protection HOB entry and checks the version number
+ to ensure it is compatible with this module.
+
+ @retval NULL Unable to create the memory protection HOB entry.
+ @retval Other Pointer to the memory protection HOB entry.
+**/
+STATIC
+MEMORY_PROTECTION_SETTINGS_PRIVATE *
+FetchAndCheckMpsp (
+ VOID
+ )
+{
+ MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp;
+
+ Mpsp = GetOrCreateMemoryProtectionSettings ();
+
+ if (Mpsp == NULL) {
+ return NULL;
+ }
+
+ if (Mpsp->Mps.Dxe.StructVersion != DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: - Version number of the DXE Memory Protection Settings is invalid!\n"
+ "This module was compiled with version %d but the current version is %d.\n",
+ __func__,
+ Mpsp->Mps.Dxe.StructVersion,
+ DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION
+ ));
+ ASSERT (Mpsp->Mps.Dxe.StructVersion == DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION);
+ return NULL;
+ }
+
+ if (Mpsp->Mps.Mm.StructVersion != MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a: - Version number of the MM Memory Protection Settings is invalid!\n"
+ "This module was compiled with version %d but the current version is %d.\n",
+ __func__,
+ Mpsp->Mps.Mm.StructVersion,
+ MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION
+ ));
+ ASSERT (Mpsp->Mps.Mm.StructVersion == MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION);
+ return NULL;
+ }
+
+ return Mpsp;
+}
+
+/**
+ Prevent further changes to the memory protection settings via this
+ library API.
+
+ @retval EFI_SUCCESS The memory protection settings are locked.
+ @retval EFI_ABORTED Unable to get/create the memory protection settings.
+ @retval EFI_UNSUPPORTED NULL implementation called.
+**/
+EFI_STATUS
+EFIAPI
+LockMemoryProtectionSettings (
+ VOID
+ )
+{
+ MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp;
+
+ Mpsp = FetchAndCheckMpsp ();
+
+ if (Mpsp == NULL) {
+ ASSERT (Mpsp != NULL);
+ return EFI_ABORTED;
+ }
+
+ Mpsp->MemoryProtectionSettingsLocked = TRUE;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Sets the DXE memory protection settings. If DxeMps is NULL, the settings will be set based
+ on ProfileIndex.
+
+ @param[in] DxeMps Pointer to the memory protection settings to publish. If NULL, the
+ settings will be created based on ProfileIndex.
+ @param[in] ProfileIndex The index of the memory protection profile to use if DxeMps is NULL.
+
+ @retval EFI_SUCCESS The memory protection HOB was successfully created.
+ @retval EFI_INVALID_PARAMETER The ProfileIndex was invalid or the version number of the
+ input DxeMps was not equal to the version currently present
+ in the settings.
+ @retval EFI_ABORTED Unable to get/create the memory protection settings.
+ @retval EFI_ACCESS_DENIED The memory protection settings are locked.
+ @retval EFI_UNSUPPORTED NULL implementation called.
+**/
+EFI_STATUS
+EFIAPI
+SetDxeMemoryProtectionSettings (
+ IN DXE_MEMORY_PROTECTION_SETTINGS *DxeMps OPTIONAL,
+ IN DXE_MEMORY_PROTECTION_PROFILE_INDEX ProfileIndex
+ )
+{
+ MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp;
+
+ Mpsp = FetchAndCheckMpsp ();
+
+ if (Mpsp == NULL) {
+ ASSERT (Mpsp != NULL);
+ return EFI_ABORTED;
+ }
+
+ if (Mpsp->MemoryProtectionSettingsLocked) {
+ return EFI_ACCESS_DENIED;
+ }
+
+ if (DxeMps == NULL) {
+ if (ProfileIndex >= DxeMemoryProtectionSettingsMax) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ DxeMps = &DxeMemoryProtectionProfiles[ProfileIndex].Settings;
+ } else if (DxeMps->StructVersion != Mpsp->Mps.Dxe.StructVersion) {
+ ASSERT (DxeMps->StructVersion == Mpsp->Mps.Dxe.StructVersion);
+ return EFI_INVALID_PARAMETER;
+ }
+
+ CopyMem (&Mpsp->Mps.Dxe, DxeMps, sizeof (DXE_MEMORY_PROTECTION_SETTINGS));
+ return EFI_SUCCESS;
+}
+
+/**
+ Sets the MM memory protection HOB entry. If MmMps is NULL, the settings will be set based
+ on ProfileIndex.
+
+ @param[in] MmMps Pointer to the memory protection settings to publish. If NULL, the
+ settings will be created based on ProfileIndex.
+ @param[in] ProfileIndex The index of the memory protection profile to use if MmMps is NULL.
+
+ @retval EFI_SUCCESS The memory protection HOB was successfully created.
+ @retval EFI_OUT_OF_RESOURCES There was insufficient memory to create the HOB.
+ @retval EFI_INVALID_PARAMETER The ProfileIndex was invalid or the version number of the
+ input MmMps was not equal to the version currently present
+ in the settings.
+ @retval EFI_ABORTED Unable to get/create the memory protection settings.
+ @retval EFI_ACCESS_DENIED The memory protection settings are locked.
+ @retval EFI_UNSUPPORTED NULL implementation called.
+**/
+EFI_STATUS
+EFIAPI
+SetMmMemoryProtectionSettings (
+ IN MM_MEMORY_PROTECTION_SETTINGS *MmMps OPTIONAL,
+ IN MM_MEMORY_PROTECTION_PROFILE_INDEX ProfileIndex
+ )
+{
+ MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp;
+
+ Mpsp = FetchAndCheckMpsp ();
+
+ if (Mpsp == NULL) {
+ ASSERT (Mpsp != NULL);
+ return EFI_ABORTED;
+ }
+
+ if (Mpsp->MemoryProtectionSettingsLocked) {
+ return EFI_ACCESS_DENIED;
+ }
+
+ if (MmMps == NULL) {
+ if (ProfileIndex >= MmMemoryProtectionSettingsMax) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ MmMps = &MmMemoryProtectionProfiles[ProfileIndex].Settings;
+ } else if (MmMps->StructVersion != Mpsp->Mps.Mm.StructVersion) {
+ ASSERT (MmMps->StructVersion == Mpsp->Mps.Mm.StructVersion);
+ return EFI_INVALID_PARAMETER;
+ }
+
+ CopyMem (&Mpsp->Mps.Mm, MmMps, sizeof (MM_MEMORY_PROTECTION_SETTINGS));
+ return EFI_SUCCESS;
+}
+
+/**
+ Copies the current memory protection settings into the input buffer.
+
+ NOTE: The returned settings may not be the final settings used by the
+ platform on this boot. Unless LockMemoryProtectionSettings() has
+ been called, settings may be modified by drivers until DXE handoff.
+
+ @param[out] Mps The memory protection settings pointer to populate.
+
+ @retval EFI_SUCCESS The memory protection settings were copied
+ into the input buffer.
+ @retval EFI_INVALID_PARAMETER Mps was NULL.
+ @retval EFI_ABORTED Unable to get/create the memory protection settings.
+ @retval EFI_UNSUPPORTED NULL implementation called.
+**/
+EFI_STATUS
+EFIAPI
+GetCurrentMemoryProtectionSettings (
+ OUT MEMORY_PROTECTION_SETTINGS *Mps
+ )
+{
+ MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp;
+
+ if (Mps == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Mpsp = FetchAndCheckMpsp ();
+
+ if (Mpsp == NULL) {
+ ASSERT (Mpsp != NULL);
+ return EFI_ABORTED;
+ }
+
+ CopyMem (Mps, &Mpsp->Mps, sizeof (MEMORY_PROTECTION_SETTINGS));
+ return EFI_SUCCESS;
+}
+
+/**
+ Returns TRUE any form of DXE memory protection is currently active.
+
+ NOTE: The returned value may reflect the final settings used by the
+ platform on this boot. Unless LockMemoryProtectionSettings() has
+ been called, settings may be modified by drivers until DXE handoff.
+
+ @retval TRUE DXE Memory protection is active.
+ @retval FALSE DXE Memory protection is not active.
+**/
+BOOLEAN
+EFIAPI
+IsDxeMemoryProtectionActive (
+ VOID
+ )
+{
+ MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp;
+
+ Mpsp = FetchAndCheckMpsp ();
+
+ if (Mpsp == NULL) {
+ ASSERT (Mpsp != NULL);
+ return FALSE;
+ }
+
+ return Mpsp->Mps.Dxe.CpuStackGuardEnabled ||
+ Mpsp->Mps.Dxe.StackExecutionProtectionEnabled ||
+ Mpsp->Mps.Dxe.NullPointerDetection.Enabled ||
+ Mpsp->Mps.Dxe.HeapGuard.FreedMemoryGuardEnabled ||
+ Mpsp->Mps.Dxe.ImageProtection.ProtectImageFromFv ||
+ Mpsp->Mps.Dxe.ImageProtection.ProtectImageFromUnknown ||
+ !IsZeroBuffer (&Mpsp->Mps.Dxe.ExecutionProtection.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE) ||
+ (Mpsp->Mps.Dxe.HeapGuard.PageGuardEnabled && !IsZeroBuffer (&Mpsp->Mps.Dxe.PageGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE)) ||
+ (Mpsp->Mps.Dxe.HeapGuard.PoolGuardEnabled && !IsZeroBuffer (&Mpsp->Mps.Dxe.PoolGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE));
+}
+
+/**
+ Returns TRUE any form of MM memory protection is currently active.
+
+ NOTE: The returned value may reflect the final settings used by the
+ platform on this boot. Unless LockMemoryProtectionSettings() has
+ been called, settings may be modified by drivers until DXE handoff.
+
+ @retval TRUE MM Memory protection is active.
+ @retval FALSE MM Memory protection is not active.
+**/
+BOOLEAN
+EFIAPI
+IsMmMemoryProtectionActive (
+ VOID
+ )
+{
+ MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp;
+
+ Mpsp = FetchAndCheckMpsp ();
+
+ if (Mpsp == NULL) {
+ ASSERT (Mpsp != NULL);
+ return FALSE;
+ }
+
+ return Mpsp->Mps.Mm.NullPointerDetection.Enabled ||
+ (Mpsp->Mps.Mm.HeapGuard.PageGuardEnabled && !IsZeroBuffer (&Mpsp->Mps.Mm.PageGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE)) ||
+ (Mpsp->Mps.Dxe.HeapGuard.PoolGuardEnabled && !IsZeroBuffer (&Mpsp->Mps.Mm.PoolGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE));
+}
diff --git a/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf b/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf
new file mode 100644
index 000000000000..b2949a8a5b0b
--- /dev/null
+++ b/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf
@@ -0,0 +1,34 @@
+## @file
+# Library fills out gMps global for accessing the platform memory protection settings
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = DxeGetMemoryProtectionsLib
+ FILE_GUID = 723A3FA5-1B77-4E83-8978-C768829F7BE4
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = GetMemoryProtectionsLib|DXE_CORE DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER
+ CONSTRUCTOR = GetDxeMemoryProtectionSettingsConstructor
+
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ DxeGetMemoryProtectionsLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ HobLib
+ DebugLib
+ BaseMemoryLib
+
+[Guids]
+ gMemoryProtectionSettingsGuid
diff --git a/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf b/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf
new file mode 100644
index 000000000000..328eb4c78139
--- /dev/null
+++ b/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf
@@ -0,0 +1,34 @@
+## @file
+# Library fills out gMps global for accessing the platform memory protection settings
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MmGetMemoryProtectionsLib
+ FILE_GUID = 719D6FAE-7EF1-429B-9A00-D5C50E4BB15A
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = GetMemoryProtectionsLib|SMM_CORE DXE_SMM_DRIVER MM_CORE_STANDALONE MM_STANDALONE
+ CONSTRUCTOR = GetMmMemoryProtectionSettingsConstructor
+
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ MmGetMemoryProtectionsLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ HobLib
+ DebugLib
+ BaseMemoryLib
+
+[Guids]
+ gMemoryProtectionSettingsGuid
diff --git a/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf
new file mode 100644
index 000000000000..2e4a9a66ac68
--- /dev/null
+++ b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf
@@ -0,0 +1,48 @@
+## @file
+# Library for setting the memory protection settings for DXE.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SetMemoryProtectionsLib
+ FILE_GUID = DDA7DD34-0D3E-48FC-B4AE-A25581A40317
+ MODULE_TYPE = PEIM
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = SetMemoryProtectionsLib|SEC PEI_CORE PEIM
+
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ SetMemoryProtectionsLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ BaseMemoryLib
+ BaseLib
+ HobLib
+ DebugLib
+ PcdLib
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask
+ gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType
+ gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType
+ gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask
+ gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
+ gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy
+
+[Guids]
+ gMemoryProtectionSettingsGuid
+
+[BuildOptions]
+ GCC:*_*_*_CC_FLAGS = -Wno-missing-braces
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 0b5f2414dd72..919379b2a1b9 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -233,7 +233,10 @@ [Components]
MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
+ MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf
+ MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf
MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.inf
+ MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf
MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.inf
MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf
MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf
--
2.42.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109409): https://edk2.groups.io/g/devel/message/109409
Mute This Topic: https://groups.io/mt/101843345/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list