Re: [PATCH 0/6] MdeModulePkg/VariableSmm: fix MOR / MorLock inconsistency

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Zeng, Star" <star.zeng@intel.com>
To: Laszlo Ersek <lersek@redhat.com>,
	edk2-devel-01 <edk2-devel@lists.01.org>
Cc: "Dong, Eric" <eric.dong@intel.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	 Ladi Prosek <lprosek@redhat.com>,
	"Zeng, Star" <star.zeng@intel.com>
Subject: Re: [PATCH 0/6] MdeModulePkg/VariableSmm: fix MOR / MorLock inconsistency
Date: Thu, 5 Oct 2017 07:42:10 +0000	[thread overview]
Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103B97E72A@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <20171003212834.25740-1-lersek@redhat.com>

Laszlo,

If the series is not so urgent to be pushed, I want to take some time(of maybe one or two days) to look at the discussion background and the patches.
If it is urgent, go ahead to push the patches if you have got Jiewen's RB.


Thanks,
Star
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com] 
Sent: Wednesday, October 4, 2017 5:28 AM
To: edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Dong, Eric <eric.dong@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Ladi Prosek <lprosek@redhat.com>; Zeng, Star <star.zeng@intel.com>
Subject: [PATCH 0/6] MdeModulePkg/VariableSmm: fix MOR / MorLock inconsistency

Repo:   https://github.com/lersek/edk2.git
Branch: mor_lock_init_at_end_of_dxe

This patch set fixes the issue reported in the following items:

* Inconsistent MOR control variables exposed by OVMF, breaks Windows
  Device Guard

  https://bugzilla.redhat.com/show_bug.cgi?id=1496170

* VariableSmm MorLockInit(): create MORLock only if / after MOR exists

  https://bugzilla.tianocore.org/show_bug.cgi?id=727

Patches #1 through #3 are cleanups.

Patch #4 is a small helper patch for patch #5.

Patch #5 is the actual fix, following Jiewen's suggestions from the edk2-devel thread

* [edk2] multiple levels of support for MOR / MORLock

  https://lists.01.org/pipermail/edk2-devel/2017-September/015444.html
  https://lists.01.org/pipermail/edk2-devel/2017-October/015530.html

Patch #6 is a workaround for some OSes (minimally Fedora 24-26, and some Debian versions) that create the MOR variable even if the platform doesn't offer it up-front. This patch also follows Jiewen's suggestion from the same edk2-devel thread.

(

BTW, at Paolo's recommendation, I've now reported this kernel issue for Fedora, under

* incorrect downstream-only Platform Reset Attack Mitigation patch in
  the F24-F26 kernels

  https://bugzilla.redhat.com/show_bug.cgi?id=1498159

)

I've checked this set for basic regressions, using OVMF, normal boot and
S3 suspend/resume:

* Q35, SMM, IA32:
  - Fedora 25 -- verified patch #6 specifically

* i440fx, no SMM, X64:
  - Fedora 24

* Q35, SMM, IA32X64:
  - Fedora 26 -- verified patch #6 specifically
  - Windows 7
  - Windows 8.1
  - Windows 10
  - Windows Server 2008 R2
  - Windows Server 2012 R2

I didn't / couldn't test this set in the following two environments:

- on platforms where TcgMor.inf is included in the firmware, and the MOR
  variable exists genuinely,

- in the nested virt setup where Ladi reported the Device Guard
  breakage. (If I understand correctly, ATM this requires additional
  host kernel (KVM) patches.)

Test results / feedback from those envs would be appreciated.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>

Thanks,
Laszlo

Laszlo Ersek (6):
  MdeModulePkg/Variable/RuntimeDxe: move SecureBootHook() decl to new
    header
  MdeModulePkg/Variable/RuntimeDxe: move MOR func. declarations to
    header
  MdeModulePkg/Variable/RuntimeDxe: introduce MorLockInitAtEndOfDxe()
    hook
  MdeModulePkg/Variable/RuntimeDxe: permit MorLock deletion for passthru
    req
  MdeModulePkg/Variable/RuntimeDxe: delay MorLock creation until
    EndOfDxe
  MdeModulePkg/Variable/RuntimeDxe: delete and lock OS-created MOR
    variable

 MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c             |   2 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h    |  89 ++++++++++
 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c           |  45 +++--
 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c           | 173 ++++++++++++++++++--
 MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c                |  51 ------
 MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h                |   2 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c             |   2 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf    |   1 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c             |   2 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf           |   4 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c   |  16 +-
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf |   1 +
 12 files changed, 294 insertions(+), 94 deletions(-)  create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h

--
2.14.1.3.gb7cf6e02401b

next prev parent reply	other threads:[~2017-10-05  7:39 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-03 21:28 [PATCH 0/6] MdeModulePkg/VariableSmm: fix MOR / MorLock inconsistency Laszlo Ersek
2017-10-03 21:28 ` [PATCH 1/6] MdeModulePkg/Variable/RuntimeDxe: move SecureBootHook() decl to new header Laszlo Ersek
2017-10-03 21:28 ` [PATCH 2/6] MdeModulePkg/Variable/RuntimeDxe: move MOR func. declarations to header Laszlo Ersek
2017-10-09  6:55   ` Zeng, Star
2017-10-09 12:47     ` Laszlo Ersek
2017-10-03 21:28 ` [PATCH 3/6] MdeModulePkg/Variable/RuntimeDxe: introduce MorLockInitAtEndOfDxe() hook Laszlo Ersek
2017-10-03 21:28 ` [PATCH 4/6] MdeModulePkg/Variable/RuntimeDxe: permit MorLock deletion for passthru req Laszlo Ersek
2017-10-03 21:28 ` [PATCH 5/6] MdeModulePkg/Variable/RuntimeDxe: delay MorLock creation until EndOfDxe Laszlo Ersek
2017-10-03 21:28 ` [PATCH 6/6] MdeModulePkg/Variable/RuntimeDxe: delete and lock OS-created MOR variable Laszlo Ersek
2017-10-09  7:12   ` Zeng, Star
2017-10-09 15:20     ` Laszlo Ersek
2017-10-10  4:15       ` Yao, Jiewen
2017-10-10 13:14         ` Zeng, Star
2017-10-04  1:18 ` [PATCH 0/6] MdeModulePkg/VariableSmm: fix MOR / MorLock inconsistency Yao, Jiewen
2017-10-04 10:39   ` Laszlo Ersek
2017-10-04 12:24     ` Ladi Prosek
2017-10-10  4:17     ` Yao, Jiewen
2017-10-10 10:09       ` Laszlo Ersek
2017-10-10 12:16         ` Zeng, Star
2017-10-05  7:42 ` Zeng, Star [this message]
2017-10-05  7:57   ` Laszlo Ersek
2017-10-05  9:12     ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0C09AFA07DD0434D9E2A0C6AEB0483103B97E72A@shsmsx102.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox