From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id A7603780091 for ; Sat, 15 Jun 2024 03:17:28 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=EbVt0FYrKe9OW+0jNxR/YlwZA/TWaUNeM9afO1JlW18=; c=relaxed/simple; d=groups.io; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding:Content-Language; s=20240206; t=1718421448; v=1; b=LezCdQ7DHYwMac3CrUdt0Gl5kFzx52qcjNLg3BEth9miw0NcOZJWg5EetOpufSQ/pYg7GJql nsZfN0+e4ImmRYG+GyvrdgiHhJzwtmA25bZjTiF3w1q8x817jUagiNOClrOt3QHN4n6YcGt1yk5 dIicXeiMNWFVG6zsRpa9uTn7vxyOdrcMLdbTkJwM2KrIteA4IhVvPqB0V8HDqXvT+qu56aZlm4D z7Dju5z4S+dggycWQku0/7SZb8q00cm4HoxIQAecm6qOkMPKgNuILrWgkR/oidJ22Zop0Miic7i m3Dhnm7miY6uKvkTvXQSJl2qTaOVrZTH+Opwj1tinNMYA== X-Received: by 127.0.0.2 with SMTP id hKpQYY7687511xOL0BzeN8JY; Fri, 14 Jun 2024 20:17:27 -0700 X-Received: from cxsh.intel-email.com (cxsh.intel-email.com [121.46.250.151]) by mx.groups.io with SMTP id smtpd.web10.5656.1718421439185564428 for ; Fri, 14 Jun 2024 20:17:26 -0700 X-Received: from cxsh.intel-email.com (localhost [127.0.0.1]) by cxsh.intel-email.com (Postfix) with ESMTP id 54A7EDDA7AF for ; Sat, 15 Jun 2024 11:16:35 +0800 (CST) X-Received: from localhost (localhost [127.0.0.1]) by cxsh.intel-email.com (Postfix) with ESMTP id 4F9E8DDA7C6 for ; Sat, 15 Jun 2024 11:16:35 +0800 (CST) X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by cxsh.intel-email.com (Postfix) with SMTP id 5B960DDA7CD for ; Sat, 15 Jun 2024 11:16:25 +0800 (CST) X-Received: from DESKTOPS6D0PVI ([114.92.182.254]) (envelope-sender ) by 192.168.6.13 with ESMTP(SSL) for ; Sat, 15 Jun 2024 11:16:25 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 114.92.182.254 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming via groups.io" To: "'Li, Zhihao'" , Cc: "'Chiu, Chasel'" , "'Desimone, Nathaniel L'" , "'Duggapu, Chinni B'" , "'Chen, Gang C'" References: <20240429032001.6657-1-zhihao.li@intel.com> <00d401dab0e3$968a1ef0$c39e5cd0$@byosoft.com.cn> <00e501dab24f$f098b0b0$d1ca1210$@byosoft.com.cn> In-Reply-To: Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIHYxIDEvMl0gTWRlTW9kdWxlUGtnL0NvcmUvUGVpOiBJbnN0YWxsIE1pZ3JhdGVUZW1wUmFtUHBp?= Date: Sat, 15 Jun 2024 11:16:23 +0800 Message-ID: <045801dabed2$66e6c3e0$34b44ba0$@byosoft.com.cn> MIME-Version: 1.0 Thread-Index: AQEWmBJrNQu4hLldKbkjEgORZ47PJgJetQRvAg2PiNoC9kfN4gIzgP05AaTd636y9pocQA== Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 14 Jun 2024 20:17:26 -0700 Resent-From: gaoliming@byosoft.com.cn Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Wd68cXiIzy4LACHBG7QeDz3Gx7686176AA= Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=LezCdQ7D; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Zhihao: I have no other comment for the change in MdeModulePkg. Please create pul= l request for it.=20 Thanks Liming > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > =E5=8F=91=E4=BB=B6=E4=BA=BA: Li, Zhihao > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2024=E5=B9=B46=E6=9C=8811=E6=97=A5 = 15:36 > =E6=94=B6=E4=BB=B6=E4=BA=BA: gaoliming ; devel@= edk2.groups.io > =E6=8A=84=E9=80=81: Chiu, Chasel ; Desimone, Natha= niel L > ; Duggapu, Chinni B > ; Chen, Gang C > =E4=B8=BB=E9=A2=98: RE: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei= : Install > MigrateTempRamPpi >=20 > Hi Liming >=20 > If there are no concerns about it, could you please help to review the pa= tch in > MdeModulePkg scope and check in? > And then, I contact with the maintainers of IntelFsp2WrapperPkg for anoth= er > patch review. >=20 > BR, > Zhihao >=20 > -----Original Message----- > From: Li, Zhihao > Sent: Thursday, May 30, 2024 2:32 PM > To: gaoliming ; devel@edk2.groups.io > Cc: Chiu, Chasel ; Desimone, Nathaniel L > ; Duggapu, Chinni B > ; Chen, Gang C > Subject: RE: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install > MigrateTempRamPpi >=20 > Yes, they are used. > Refer to https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 , Fsp bina= ry > measurement has been implemented and controlled by > PcdFspMeasurementConfig. > Current defect: > 1. FSP-T/FSP-M may not be migrated. > 2. Even if FSP-M has been migrated, its measurement still used the origin= al > address. > Corresponding modifications: > In MdeModulePkg scope: > 1. Add the gEdkiiPeiMigrateTempRamPpiGuid and install it after > EvacuateTempRam is called. > In IntelFsp2WrapperPkg scope: > 1. Add MigrateTempRamPpi notification which will check the migration of > FSP-T/M and migrate them if they are not migrated but need to be measured= . > 2. Fix Tcg notification to use migrated address if the binaries had been = migrated. >=20 > BR, > Zhihao >=20 > -----Original Message----- > From: gaoliming > Sent: Thursday, May 30, 2024 1:12 PM > To: devel@edk2.groups.io; Li, Zhihao > Cc: Chiu, Chasel ; Desimone, Nathaniel L > ; Duggapu, Chinni B > ; Chen, Gang C > Subject: =E5=9B=9E=E5=A4=8D: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Cor= e/Pei: Install > MigrateTempRamPpi >=20 > Zhihao: > If Fsp-T/M is not installed, are they still used in PEI boot? If they a= re used, I > agree they should be measured. >=20 > Thanks > Liming > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > > =E5=8F=91=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io =E4=BB=A3=E8=A1=A8 Li, Zhihao > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2024=E5=B9=B45=E6=9C=8829=E6=97= =A5 11:36 > > =E6=94=B6=E4=BB=B6=E4=BA=BA: gaoliming ; deve= l@edk2.groups.io > > =E6=8A=84=E9=80=81: Chiu, Chasel ; Desimone, Nat= haniel L > > ; Duggapu, Chinni B > > ; Chen, Gang C > > =E4=B8=BB=E9=A2=98: Re: [edk2-devel] [PATCH v1 1/2] MdeModulePkg/Core/P= ei: Install > > MigrateTempRamPpi > > > > Issue description: > > 1. PeiCore only migrates Fsp-M in dispatch mode and doesn't migrate > > Fsp-T and Fsp-M in Api mode. > > 2. Fsp-T and Fsp-M will be measured in post-mem PEI and the > > measurement uses original addresses. > > RootCause: > > PeiCore only migrates installed FVs and Fsp-T/M may not be installed. > > > > Defect in implementation: > > In MdeModulePkg/Core/Pei/PeiMain/PeiMain.c line 450: > > EvacuateTempRam will migrate installed content from Temporary RAM to > > Permanent RAM because of BootGuard TOCTOU > > vulnerability(https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614). > > In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 220: > > FspmWrapperInit will install Fspm in dispatch mode or directly call > > PeiFspMemoryInit function in api mode. > > =3D=3D> > > Api mode: Fsp-T and Fsp-M are not migrated because they are not install= ed. > > Dispatch mode: Fsp-T is not migrated because it is not installed. > > > > In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 291, > 300: > > TcgPpiNotify transmits original addresses(PcdFsptBaseAddress, > > PcdFspmBaseAddress) to MeasureFspFirmwareBlob which will trigger > > HashLogExtendEvent. > > In SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c line 966: > > TcgPpi will be installed in PeimEntryMP which will be called when the > > PEI Foundation discovers permanent memory(line 1059 mImageInMemory =3D > TRUE). > > =3D=3D> > > Original addresses of Fsp-T and Fsp-M will be used for measurement > > after permanent memory is ready and installed FVs are migrated. > > > > > > Solution: > > MdeModulePkg: PeiCore Installs MigrateTempRamPpi if > > PcdMigrateTemporaryRamFirmwareVolumes is True. > > IntelFsp2WrapperPkg : 1. MigrateTempRamPpi nitification in > > FspmWrapperPeim migrates FspT/M binary to permanent memory and build > MigatedFvInfoHob. > > 2. TCG notification checks > > MigatedFvInfoHob and transmits DRAM address for measurement. > > > > BR, > > Zhihao > > > > > > -----Original Message----- > > From: gaoliming > > Sent: Tuesday, May 28, 2024 5:44 PM > > To: Li, Zhihao ; devel@edk2.groups.io > > Cc: Chiu, Chasel ; Desimone, Nathaniel L > > ; Duggapu, Chinni B > > ; Chen, Gang C > > Subject: =E5=9B=9E=E5=A4=8D: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Inst= all > > MigrateTempRamPpi > > > > Zhihao: > > Could you explain the situation that FSP-T/M is not migrated by PeiCo= re? > > > > Thanks > > Liming > > > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- > > > =E5=8F=91=E4=BB=B6=E4=BA=BA: Zhihao Li > > > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2024=E5=B9=B44=E6=9C=8829=E6=97= =A5 11:20 > > > =E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io > > > =E6=8A=84=E9=80=81: Chasel Chiu ; Nate DeSimon= e > > > ; Duggapu Chinni B > > > ; Chen Gang C ; > > > Liming Gao > > > =E4=B8=BB=E9=A2=98: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install Mig= rateTempRamPpi > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4716 > > > > > > Migrate FSP-T/M binary from temporary RAM to permanent RAM before > > > NEM tear down. Tcg module will use permanent address of FSP-T/M for > > > measurement. > > > 1. PeiCore installs mMigrateTempRamPpi if > > > PcdMigrateTemporaryRamFirmwareVolumes is True 2. FspmWrapperPeim > > > migrate FspT/M binary to permanent memory and build MigatedFvInfoHob > > > 3. TCG notification checks MigatedFvInfoHob and transmits DRAM > > > address for measurement > > > > > > Cc: Chasel Chiu > > > Cc: Nate DeSimone > > > Cc: Duggapu Chinni B > > > Cc: Chen Gang C > > > Cc: Liming Gao > > > > > > Signed-off-by: Zhihao Li > > > --- > > > MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 10 ++++++++- > > > MdeModulePkg/Core/Pei/PeiMain.h | 3 ++- > > > MdeModulePkg/Core/Pei/PeiMain.inf | 3 ++- > > > MdeModulePkg/Include/Guid/MigratedFvInfo.h | 4 ++-- > > > MdeModulePkg/Include/Ppi/MigrateTempRam.h | 23 > > > ++++++++++++++++++++ > > > MdeModulePkg/MdeModulePkg.dec | 5 ++++- > > > 6 files changed, 42 insertions(+), 6 deletions(-) > > > > > > diff --git a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > > > b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > > > index bf1719d7941a..0e3d9a843816 100644 > > > --- a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > > > +++ b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > > > @@ -1,7 +1,7 @@ > > > /** @file > > > Pei Core Main Entry Point > > > > > > -Copyright (c) 2006 - 2019, Intel Corporation. All rights > > > reserved.
> > > +Copyright (c) 2006 - 2024, Intel Corporation. All rights > > > +reserved.
> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > **/ > > > @@ -13,6 +13,11 @@ EFI_PEI_PPI_DESCRIPTOR mMemoryDiscoveredPpi > =3D { > > > &gEfiPeiMemoryDiscoveredPpiGuid, > > > NULL > > > }; > > > +EFI_PEI_PPI_DESCRIPTOR mMigrateTempRamPpi =3D { > > > + (EFI_PEI_PPI_DESCRIPTOR_PPI | > > > EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > > > + &gEdkiiPeiMigrateTempRamPpiGuid, > > > + NULL > > > +}; > > > > > > /// > > > /// Pei service instance > > > @@ -449,6 +454,9 @@ PeiCore ( > > > // > > > EvacuateTempRam (&PrivateData, SecCoreData); > > > > > > + Status =3D PeiServicesInstallPpi (&mMigrateTempRamPpi); > > > + ASSERT_EFI_ERROR (Status); > > > + > > > DEBUG ((DEBUG_VERBOSE, "PPI lists after temporary RAM > > > evacuation:\n")); > > > DumpPpiList (&PrivateData); > > > } > > > diff --git a/MdeModulePkg/Core/Pei/PeiMain.h > > > b/MdeModulePkg/Core/Pei/PeiMain.h index 46b6c23014a3..8df0c2d561f7 > > > 100644 > > > --- a/MdeModulePkg/Core/Pei/PeiMain.h > > > +++ b/MdeModulePkg/Core/Pei/PeiMain.h > > > @@ -1,7 +1,7 @@ > > > /** @file > > > Definition of Pei Core Structures and Services > > > > > > -Copyright (c) 2006 - 2019, Intel Corporation. All rights > > > reserved.
> > > +Copyright (c) 2006 - 2024, Intel Corporation. All rights > > > +reserved.
> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > **/ > > > @@ -26,6 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > #include #include > > > #include > > > +#include > > > #include > > > #include #include > > > diff --git a/MdeModulePkg/Core/Pei/PeiMain.inf > > > b/MdeModulePkg/Core/Pei/PeiMain.inf > > > index 893bdc052798..4e545ddab2ab 100644 > > > --- a/MdeModulePkg/Core/Pei/PeiMain.inf > > > +++ b/MdeModulePkg/Core/Pei/PeiMain.inf > > > @@ -6,7 +6,7 @@ > > > # 2) Dispatch PEIM from discovered FV. > > > # 3) Handoff control to DxeIpl to load DXE core and enter DXE phase. > > > # > > > -# Copyright (c) 2006 - 2019, Intel Corporation. All rights > > > reserved.
> > > +# Copyright (c) 2006 - 2024, Intel Corporation. All rights > > > +reserved.
> > > # > > > # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -101,6 +101,7 > > > @@ > > > gEfiPeiReset2PpiGuid ## > > > SOMETIMES_CONSUMES > > > gEfiSecHobDataPpiGuid ## > > > SOMETIMES_CONSUMES > > > gEfiPeiCoreFvLocationPpiGuid ## > > > SOMETIMES_CONSUMES > > > + gEdkiiPeiMigrateTempRamPpiGuid ## PRODUCES > > > > > > [Pcd] > > > gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeiStackSize > > > ## CONSUMES > > > diff --git a/MdeModulePkg/Include/Guid/MigratedFvInfo.h > > > b/MdeModulePkg/Include/Guid/MigratedFvInfo.h > > > index 1c8b0dfefc49..255e278235b1 100644 > > > --- a/MdeModulePkg/Include/Guid/MigratedFvInfo.h > > > +++ b/MdeModulePkg/Include/Guid/MigratedFvInfo.h > > > @@ -1,7 +1,7 @@ > > > /** @file > > > Migrated FV information > > > > > > -Copyright (c) 2020, Intel Corporation. All rights reserved.
> > > +Copyright (c) 2020 - 2024, Intel Corporation. All rights > > > +reserved.
> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > > > **/ > > > @@ -50,7 +50,7 @@ typedef struct { > > > > > > typedef struct { > > > UINT32 FvOrgBase; // original FV address > > > - UINT32 FvNewBase; // new FV address > > > + UINT32 FvNewBase; // new FV address, 0 means rebased > > data > > > is not copied > > > UINT32 FvDataBase; // original FV data, 0 means raw data= is > > not > > > copied > > > UINT32 FvLength; // Fv Length > > > } EDKII_MIGRATED_FV_INFO; > > > diff --git a/MdeModulePkg/Include/Ppi/MigrateTempRam.h > > > b/MdeModulePkg/Include/Ppi/MigrateTempRam.h > > > new file mode 100644 > > > index 000000000000..9bbb55d5cf86 > > > --- /dev/null > > > +++ b/MdeModulePkg/Include/Ppi/MigrateTempRam.h > > > @@ -0,0 +1,23 @@ > > > +/** @file > > > + This file declares Migrate Temporary Memory PPI. > > > + > > > + This PPI is published by the PEI Foundation when temporary RAM > > > + needs to > > > evacuate. > > > + Its purpose is to be used as a signal for other PEIMs who can > > > + register > > for a > > > + notification on its installation. > > > + > > > + Copyright (c) 2024, Intel Corporation. All rights reserved.
> > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > + > > > +**/ > > > + > > > +#ifndef PEI_MIGRATE_TEMP_RAM_PPI_H_ #define > > > +PEI_MIGRATE_TEMP_RAM_PPI_H_ > > > + > > > +#define EFI_PEI_MIGRATE_TEMP_RAM_PPI_GUID \ > > > + { \ > > > + 0xc79dc53b, 0xafcd, 0x4a6a, {0xad, 0x94, 0xa7, 0x6a, 0x3f, > > > +0xa9, > > 0xe9, > > > 0xc2 } \ > > > + } > > > + > > > +extern EFI_GUID gEdkiiPeiMigrateTempRamPpiGuid; > > > + > > > +#endif > > > diff --git a/MdeModulePkg/MdeModulePkg.dec > > > b/MdeModulePkg/MdeModulePkg.dec index 3a239a1687ea..43e92c68ca20 > > > 100644 > > > --- a/MdeModulePkg/MdeModulePkg.dec > > > +++ b/MdeModulePkg/MdeModulePkg.dec > > > @@ -4,7 +4,7 @@ > > > # and libraries instances, which are used for those modules. > > > # > > > # Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved. > > > -# Copyright (c) 2007 - 2021, Intel Corporation. All rights > > > reserved.
> > > +# Copyright (c) 2007 - 2024, Intel Corporation. All rights > > > +reserved.
> > > # Copyright (c) 2016, Linaro Ltd. All rights reserved.
# (C) > > > Copyright 2016 - 2019 Hewlett Packard Enterprise Development LP
> > > # Copyright (c) 2017, AMD Incorporated. All rights reserved.
@@ > > > -546,6 +546,9 @@ > > > ## Include/Ppi/MemoryAttribute.h > > > gEdkiiMemoryAttributePpiGuid =3D { 0x1be840de, 0x2d92= , > > > 0x41ec, { 0xb6, 0xd3, 0x19, 0x64, 0x13, 0x50, 0x51, 0xfb } } > > > > > > + ## Include/Ppi/MigrateTempRam.h > > > + gEdkiiPeiMigrateTempRamPpiGuid =3D { 0xc79dc53b, 0xafcd= , > > > 0x4a6a, { 0xad, 0x94, 0xa7, 0x6a, 0x3f, 0xa9, 0xe9, 0xc2 } } > > > + > > > [Protocols] > > > ## Load File protocol provides capability to load and unload EFI > > > image > > into > > > memory and execute it. > > > # Include/Protocol/LoadPe32Image.h > > > -- > > > 2.44.0.windows.1 > > > > > > > > > > > >=20 > > >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119583): https://edk2.groups.io/g/devel/message/119583 Mute This Topic: https://groups.io/mt/106682741/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-