From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0CD9B82209 for ; Mon, 20 Feb 2017 22:57:18 -0800 (PST) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Feb 2017 22:57:17 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,188,1484035200"; d="scan'208";a="1113484964" Received: from jyao1-mobl.ccr.corp.intel.com ([10.239.192.197]) by fmsmga001.fm.intel.com with ESMTP; 20 Feb 2017 22:57:14 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Jeff Fan , Michael Kinney , Leif Lindholm , Ard Biesheuvel , Star Zeng , Feng Tian Date: Tue, 21 Feb 2017 14:57:06 +0800 Message-Id: <1487660229-4820-1-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 Subject: [PATCH V4 0/3] DXE Memory Protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2017 06:57:18 -0000 ==== V4 ==== 1) Remove ARM patch. (Which was already submitted by Ard Biesheuvel in another series) 2) Unprotect RT image at ExitBootServices (feedback from Ard Biesheuvel) 3) Round up the ImageSize on protection (feedback from Ard Biesheuvel) ==== V3 ==== 1) Add PCD for policy control (feedback from Ard Biesheuvel) (Discussed with Mike Kinney) + # BIT0 - Image from unknown device.
+ # BIT1 - Image from firmware volume.
+ # @Prompt Set image protection policy. + # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047 2) Remove unused function in CpuDxe.(feedback from Liming Gao) 3) Add commit log on link option assumption (feedback from Feng Tian) 4) Rename file PageTableLib.h/.c to CpuPageTable.h/.c file (from Jeff Fan) 5) Remove multi-entrypoint usage (from Liming Gao/Mike Kinney) ==== V2 ==== 1) Clean up ArmPkg, (feedback from Leif Lindholm) ==== V1 ==== This series patch provides capability to protect PE/COFF image in DXE memory. If the UEFI image is page aligned, the image code section is set to read only and the image data section is set to non-executable. The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect the image. Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal X64/ Tested OS: UEFI Win10, UEFI Ubuntu 16.04. Untested platform: ARM/AARCH64. Can ARM/AARCH64 owner help to take a look and try the ARM platform? Cc: Jeff Fan Cc: Michael Kinney Cc: Leif Lindholm Cc: Ard Biesheuvel Cc: Star Zeng Cc: Feng Tian Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Jiewen Yao (3): UefiCpuPkg/CpuDxe: Add memory attribute setting. MdeModulePkg/dec: add PcdImageProtectionPolicy. MdeModulePkg/DxeCore: Add UEFI image protection. MdeModulePkg/Core/Dxe/DxeMain.h | 61 ++ MdeModulePkg/Core/Dxe/DxeMain.inf | 5 +- MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 5 +- MdeModulePkg/Core/Dxe/Image/Image.c | 7 +- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 769 +++++++++++++++++++ MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c | 24 +- MdeModulePkg/MdeModulePkg.dec | 10 + UefiCpuPkg/CpuDxe/CpuDxe.c | 141 ++-- UefiCpuPkg/CpuDxe/CpuDxe.inf | 5 +- UefiCpuPkg/CpuDxe/CpuPageTable.c | 779 ++++++++++++++++++++ UefiCpuPkg/CpuDxe/CpuPageTable.h | 113 +++ 11 files changed, 1832 insertions(+), 87 deletions(-) create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h -- 2.7.4.windows.1