From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <star.zeng@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.31; helo=mga06.intel.com;
 envelope-from=star.zeng@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 5045021CF58CE
 for <edk2-devel@lists.01.org>; Thu,  5 Oct 2017 00:39:18 -0700 (PDT)
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by orsmga104.jf.intel.com with ESMTP; 05 Oct 2017 00:42:40 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.42,480,1500966000"; d="scan'208";a="1202470250"
Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202])
 by fmsmga001.fm.intel.com with ESMTP; 05 Oct 2017 00:42:14 -0700
Received: from FMSMSX109.amr.corp.intel.com (10.18.116.9) by
 fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Thu, 5 Oct 2017 00:42:14 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 fmsmsx109.amr.corp.intel.com (10.18.116.9) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Thu, 5 Oct 2017 00:42:13 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.175]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.213]) with mapi id 14.03.0319.002;
 Thu, 5 Oct 2017 15:42:11 +0800
From: "Zeng, Star" <star.zeng@intel.com>
To: Laszlo Ersek <lersek@redhat.com>, edk2-devel-01 <edk2-devel@lists.01.org>
CC: "Dong, Eric" <eric.dong@intel.com>, "Yao, Jiewen" <jiewen.yao@intel.com>, 
 Ladi Prosek <lprosek@redhat.com>, "Zeng, Star" <star.zeng@intel.com>
Thread-Topic: [PATCH 0/6] MdeModulePkg/VariableSmm: fix MOR / MorLock
 inconsistency
Thread-Index: AQHTPI6Vl/AI6JtY50m8bvuo5sVHz6LU4LHA
Date: Thu, 5 Oct 2017 07:42:10 +0000
Message-ID: <0C09AFA07DD0434D9E2A0C6AEB0483103B97E72A@shsmsx102.ccr.corp.intel.com>
References: <20171003212834.25740-1-lersek@redhat.com>
In-Reply-To: <20171003212834.25740-1-lersek@redhat.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 11.0.0.116
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH 0/6] MdeModulePkg/VariableSmm: fix MOR / MorLock inconsistency
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2017 07:39:18 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Laszlo,

If the series is not so urgent to be pushed, I want to take some time(of ma=
ybe one or two days) to look at the discussion background and the patches.
If it is urgent, go ahead to push the patches if you have got Jiewen's RB.


Thanks,
Star
-----Original Message-----
From: Laszlo Ersek [mailto:lersek@redhat.com]=20
Sent: Wednesday, October 4, 2017 5:28 AM
To: edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Dong, Eric <eric.dong@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; L=
adi Prosek <lprosek@redhat.com>; Zeng, Star <star.zeng@intel.com>
Subject: [PATCH 0/6] MdeModulePkg/VariableSmm: fix MOR / MorLock inconsiste=
ncy

Repo:   https://github.com/lersek/edk2.git
Branch: mor_lock_init_at_end_of_dxe

This patch set fixes the issue reported in the following items:

* Inconsistent MOR control variables exposed by OVMF, breaks Windows
  Device Guard

  https://bugzilla.redhat.com/show_bug.cgi?id=3D1496170

* VariableSmm MorLockInit(): create MORLock only if / after MOR exists

  https://bugzilla.tianocore.org/show_bug.cgi?id=3D727

Patches #1 through #3 are cleanups.

Patch #4 is a small helper patch for patch #5.

Patch #5 is the actual fix, following Jiewen's suggestions from the edk2-de=
vel thread

* [edk2] multiple levels of support for MOR / MORLock

  https://lists.01.org/pipermail/edk2-devel/2017-September/015444.html
  https://lists.01.org/pipermail/edk2-devel/2017-October/015530.html

Patch #6 is a workaround for some OSes (minimally Fedora 24-26, and some De=
bian versions) that create the MOR variable even if the platform doesn't of=
fer it up-front. This patch also follows Jiewen's suggestion from the same =
edk2-devel thread.

(

BTW, at Paolo's recommendation, I've now reported this kernel issue for Fed=
ora, under

* incorrect downstream-only Platform Reset Attack Mitigation patch in
  the F24-F26 kernels

  https://bugzilla.redhat.com/show_bug.cgi?id=3D1498159

)

I've checked this set for basic regressions, using OVMF, normal boot and
S3 suspend/resume:

* Q35, SMM, IA32:
  - Fedora 25 -- verified patch #6 specifically

* i440fx, no SMM, X64:
  - Fedora 24

* Q35, SMM, IA32X64:
  - Fedora 26 -- verified patch #6 specifically
  - Windows 7
  - Windows 8.1
  - Windows 10
  - Windows Server 2008 R2
  - Windows Server 2012 R2

I didn't / couldn't test this set in the following two environments:

- on platforms where TcgMor.inf is included in the firmware, and the MOR
  variable exists genuinely,

- in the nested virt setup where Ladi reported the Device Guard
  breakage. (If I understand correctly, ATM this requires additional
  host kernel (KVM) patches.)

Test results / feedback from those envs would be appreciated.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>

Thanks,
Laszlo

Laszlo Ersek (6):
  MdeModulePkg/Variable/RuntimeDxe: move SecureBootHook() decl to new
    header
  MdeModulePkg/Variable/RuntimeDxe: move MOR func. declarations to
    header
  MdeModulePkg/Variable/RuntimeDxe: introduce MorLockInitAtEndOfDxe()
    hook
  MdeModulePkg/Variable/RuntimeDxe: permit MorLock deletion for passthru
    req
  MdeModulePkg/Variable/RuntimeDxe: delay MorLock creation until
    EndOfDxe
  MdeModulePkg/Variable/RuntimeDxe: delete and lock OS-created MOR
    variable

 MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c             |   2=
 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h    |  89=
 ++++++++++
 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c           |  45=
 +++--
 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c           | 173=
 ++++++++++++++++++--
 MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c                |  51=
 ------
 MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h                |   2=
 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c             |   2=
 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf    |   1=
 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c             |   2=
 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf           |   4=
 +
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c   |  16=
 +-
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf |   1=
 +
 12 files changed, 294 insertions(+), 94 deletions(-)  create mode 100644 M=
deModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h

--
2.14.1.3.gb7cf6e02401b