From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=217.140.101.70; helo=foss.arm.com; envelope-from=jagadeesh.ujja@arm.com; receiver=edk2-devel@lists.01.org Received: from foss.arm.com (foss.arm.com [217.140.101.70]) by ml01.01.org (Postfix) with ESMTP id 4364B211A43AB for ; Fri, 14 Dec 2018 04:13:39 -0800 (PST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CC8A5EBD; Fri, 14 Dec 2018 04:13:38 -0800 (PST) Received: from usa.arm.com (a075555-lin.blr.arm.com [10.162.2.152]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 0FDBE3F575; Fri, 14 Dec 2018 04:13:36 -0800 (PST) From: Jagadeesh Ujja To: edk2-devel@lists.01.org, liming.gao@intel.com, chao.b.zhang@intel.com, leif.lindholm@linaro.org, ard.biesheuvel@linaro.org Date: Fri, 14 Dec 2018 17:43:14 +0530 Message-Id: <1544789607-11316-1-git-send-email-jagadeesh.ujja@arm.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Subject: [PATCH 00/13] Extend secure variable service to be usable from Standalone MM X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 X-List-Received-Date: Fri, 14 Dec 2018 12:13:40 -0000 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changes since RFC v4: - Addressed all the comments from Liming Gao - Added an additional PCD 'PcdStandaloneMmCodeEnabled' to indicate presence of StandaloneMM support. - MdePkg.dec file updated to include StandaloneMmServiceTableLib and StandaloneMmRuntimeDxe library. - Platform specific changes will be posted in a seperate patchset. - AsmLfence wrapper function is supported for AArch64 platforms. - All the patches in this series can be pulled from https://github.com/jagadeeshujja/edk2 (branch: topics/aarch64_secure_vars) Changes since RFC v3: - Addressed all the comments from Liming Gao - Added a AArch64 implementation of AsmLfence which is a wrapper for MemoryFence. The changes in variable service driver in v3 of this patchset that used MemoryFence instead of AsmLfence have been removed. - Added StandaloneMmServicesTableLib.h and StandaloneMmRuntimeDxe library into MdePkg. - Renamed PcdStandaloneMmEnable as PcdStandaloneMmVariableEnabled and added to in to MdePkg. - Now with above changes, edk2 packages don't need to depend on StandaloneMmPkg/StandaloneMmPkg.dec - Addressed comments from Ting Ye - Removed the hacks in the v3 version. - Will relook into the “TimerWrapp.c” file and add a appropriate implementation of this for MM Standalone mode code. Changes since RFC v2: - Added 'Contributed-under' tag, removed Change-ID tag and maintained a single signed-off-by for the all the patches. Changes since RFC v1: - Addressed all the comments from Liming Gao - Removed the use of #ifdef/#else/#endif and used a Pcd instead to select between MM and non-MM paths. - Removed all dependencies on edk2-platforms. - Dropped the use of mMmst and used gSmst instead. - Added a dummy implementation UefiRuntimeServiceTableLib for MM_STANDALONE usage - Replaced all uses of AsmLfence with MemoryFence from variable service code. - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. This patch series extends the existing secure variable service support for use with Standalone MM. This is applicable to paltforms that use Standalone Management Mode to protect access to non-volatile memory (NOR flash in case of these patches) used to store the secure EFI variables. The first patch pulls in additional libraries from the staging branch of StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure variable service implementation supports only the traditional MM mode and so the rest of the patches extends the existing secure variable service support to be useable with Standalone MM mode as well. Jagadeesh Ujja (13): StandaloneMmPkg: Pull in additonal libraries from staging branch MdePkg: Add a PCD that indicates presence of Standalone MM mode MdeModulePkg: Add a PCD to indicate Standalone MM supports secure variable MdePkg/Include: add StandaloneMmServicesTableLib header file MdePkg/Library/BaseLib/AArch64: Add AsmLfence function MdePkg/Library: Add StandaloneMmRuntimeDxe library MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM Standalone MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this library CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this library ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c | 2 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c | 210 ++++- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h | 5 +- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf | 2 + ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c | 96 +-- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf | 76 ++ CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 7 +- CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf | 4 + CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c | 15 +- MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf | 5 +- MdeModulePkg/MdeModulePkg.dec | 5 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf | 1 + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 203 +++-- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf | 101 +++ MdeModulePkg/Universal/FaultTolerantWriteDxe/UpdateWorkingBlock.c | 27 +- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 37 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 201 ++++- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 31 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 3 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 132 ++++ MdePkg/Include/Library/BaseLib.h | 33 +- MdePkg/Include/Library/StandaloneMmRuntimeDxe.h | 39 + MdePkg/Include/Library/StandaloneMmServicesTableLib.h | 25 + MdePkg/Library/BaseLib/AArch64/AsmLfence.S | 42 + MdePkg/Library/BaseLib/AArch64/AsmLfence.asm | 41 + MdePkg/Library/BaseLib/BaseLib.inf | 2 + MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c | 36 + MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf | 36 + MdePkg/MdePkg.dec | 12 + SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf | 5 +- StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf | 2 +- StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c | 64 ++ StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c | 655 ++++++++++++++++ StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf | 48 ++ StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.c | 824 ++++++++++++++++++++ StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf | 45 ++ StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c | 64 ++ StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf | 36 + 39 files changed, 2929 insertions(+), 244 deletions(-) create mode 100644 ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashStandaloneMm.inf create mode 100644 MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandaloneMm.inf create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf create mode 100644 MdePkg/Include/Library/StandaloneMmRuntimeDxe.h create mode 100644 MdePkg/Include/Library/StandaloneMmServicesTableLib.h create mode 100644 MdePkg/Library/BaseLib/AArch64/AsmLfence.S create mode 100644 MdePkg/Library/BaseLib/AArch64/AsmLfence.asm create mode 100644 MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c create mode 100644 MdePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.inf create mode 100644 StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHobLibInternal.c create mode 100644 StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c create mode 100644 StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf create mode 100644 StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.c create mode 100644 StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf create mode 100644 StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.c create mode 100644 StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf -- 2.7.4