From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=17.171.2.33; helo=mail-in23.apple.com; envelope-from=afish@apple.com; receiver=edk2-devel@lists.01.org Received: from mail-in23.apple.com (mail-out23.apple.com [17.171.2.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 082EF202E5441 for ; Fri, 27 Jul 2018 15:14:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1532729686; x=2396643286; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=HZrsxAnO9fnapECHpOmvSyShywDjdZgVFB3gnrPZA1o=; b=uud+54H/2OWUFmgRCafQc/bX9Hxqe9jmTbLkC1Ne5G0TI+lKDnhLosuHjLtZHM2O cBeSIuoNp/SW3TtZHCL641i/5/b5biFzT3QWTPoqPGGJ+U9aR5aS2cZDOknjceOE Yrr0ZuEpdOLoaIfR/e58omrcaFp+ESMCkrlhu9o9gnk2A3SlDGKVZ8lzU4x0q9Dd HMFKuXH0xKje/vcdj2bcoDrRMuGFk7MwWMJdjdGTIC/xL2m2sOK8qtQTU1+6Vlru OmASIrABMdgIjMTWCYob573tcK40C41CrEl0XUo65QZOO77jPNrbmsmta0AFX3t6 LjYIGSioxo6YvYq72Xa7yg==; X-AuditID: 11ab0217-d0fff70000003e90-b8-5b5b995607da Received: from ma1-mtap-s03.corp.apple.com (ma1-mtap-s03.corp.apple.com [17.40.76.7]) (using TLS with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mail-in23.apple.com (Apple Secure Mail Relay) with SMTP id 5F.89.16016.6599B5B5; Fri, 27 Jul 2018 15:14:46 -0700 (PDT) MIME-version: 1.0 Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by ma1-mtap-s03.corp.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) with ESMTPS id <0PCJ00BNVPSJI320@ma1-mtap-s03.corp.apple.com>; Fri, 27 Jul 2018 15:14:46 -0700 (PDT) Received: from process_viserion-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) id <0PCJ00M00PNINX00@nwk-mmpp-sz09.apple.com>; Fri, 27 Jul 2018 15:14:46 -0700 (PDT) X-Va-A: X-Va-T-CD: 7b94995cc9f7b636481b394f88e9b0f7 X-Va-E-CD: 8a618f7f4dc287a493048b03b21974e9 X-Va-R-CD: 504f23f21a6554c441c6e9be3ddf7c12 X-Va-CD: 0 X-Va-ID: f2498959-ccb7-4140-acd2-bc4026fece6a X-V-A: X-V-T-CD: 7b94995cc9f7b636481b394f88e9b0f7 X-V-E-CD: 8a618f7f4dc287a493048b03b21974e9 X-V-R-CD: 504f23f21a6554c441c6e9be3ddf7c12 X-V-CD: 0 X-V-ID: acc369f3-528b-4efb-8535-3cd4b86270f1 Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) id <0PCJ00M00PMKM400@nwk-mmpp-sz09.apple.com>; Fri, 27 Jul 2018 15:14:44 -0700 (PDT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-07-27_09:,, signatures=0 X-Proofpoint-Scanner-Instance: nwk-grpmailp-qapp14.corp.apple.com-10000_instance1 Received: from [17.235.39.99] (unknown [17.235.39.99]) by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14 2018)) with ESMTPSA id <0PCJ009ATPSFBM10@nwk-mmpp-sz09.apple.com>; Fri, 27 Jul 2018 15:14:40 -0700 (PDT) Sender: afish@apple.com From: Andrew Fish In-reply-to: Date: Fri, 27 Jul 2018 15:14:38 -0700 Cc: "edk2-devel@lists.01.org" Message-id: <1B0B175F-9347-4D45-A7B3-799BC9FDFD49@apple.com> References: To: Rafael Machado X-Mailer: Apple Mail (2.3445.6.18) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrCIsWRmVeSWpSXmKPExsUiqOHDrhs2MzraoO23pcWeQ0eZLXa+nMHu wOSxc9Zddo/u2f9YApiiuGxSUnMyy1KL9O0SuDK+PL7FVvBeoeJ/30zWBsbn0l2MHBwSAiYS B+aZdzFycQgJ7GeSWLfwOUsXIycHr4CgxI/J91hAapgF5CUOnpcFCTMLaEl8f9QKViIksIFJ 4vpGEQi7i0ni8nI3EFtCgF3iz68dLBC2tkTX9vmMMPb3By3MMPbOhqNMEDaXxIKtp1khztGV ePtBFSLMJrH+xBKoEi2JFRuOwNmHZz9ghrE/rp3JDmFzSpz/MhHK1pGYs+cOC8RbnUwSE9b1 Qt2QLbH93TWoomCJk+sa2SHu72eS2H3AEsQWFhCXeHdmEzOEbSlx9tJfMJtNQFlixfwPYPWc QL2LH2wH+5FFQFXi3qyfbJDwMZeYceELEyQIbSTONX9nhJgfING/pJcVxBYRMJPYO2sC+wRG xVlIIT0LEdKzkEJ6ASPzKkbh3MTMHN3MPCNjvcSCgpxUveT83E2MoGSwmkl8B+Pn14aHGAU4 GJV4eC/YREcLsSaWFVfmHmKU5mBREuf9sEssWkggPbEkNTs1tSC1KL6oNCe1+BAjEwenVAOj dsRJm+l/NmZ2TPy+JOpk1p3+pbW63Ep/H9mys3/541Jz8NHDbJ4LymkTnr5O1Z3PMP/DpsYY ewP5G4yHktl/K/JeqDwR8PfNHy4PbV/ln8laz6bpnTFRD85bxf0yUHK36eW65xsy8ud8uNdj 43vtlm60O2Ob1J6JdsXMQWKz9UWj+K1sbGcpsRRnJBpqMRcVJwIAjTVPS+cCAAA= Subject: Re: Question About DxeDriver load process X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2018 22:14:48 -0000 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Rafael, Since it is useful to also understand this when you are bringing up a platform.... SEC generally contains the hardware reset vector. SEC hands off to the PEI Core. Generally there is some build magic to help SEC find the PEI Core. Worst case you can walk the BFV (Boot Firmware Volume) and find it. SEC hands the PEI Core the EFI_SEC_PEI_HAND_OFF structure. This is how the PEI Core knows about stack, heap, and the location of the BFV to find PEIMs https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Pi/PiPeiCis.h#L967 The PEI Core has a PPI Notify Callback for gEfiPeiFirmwareVolumeInfoPpiGuid, and gEfiPeiFirmwareVolumeInfo2PpiGuid to discover new FVs. https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Pei/FwVol/FwVol.c#L547 PEI Code writes hobs, EFI_HOB_TYPE_FV and EFI_HOB_TYPE_FV3, to help DXE discover FVs. When the DXE Core is started it will call FwVolBlockDriverInit() and all the EFI_HOB_TYPE_FV, and optionally pick up the authentication status from EFI_HOB_TYPE_FV3, will get processed. https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c#L625 via calling ProduceFVBProtocolOnBuffer(). ProduceFVBProtocolOnBuffer() can also be called gBS->ProcessFirmwareVolume(). https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c#L452 https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c#L687 Loading drivers from the FV is the job of the DXE Dispatcher. The DXE Dispatcher has protocol notify event on gEfiFirmwareVolume2ProtocolGuid that will get the executables in the Dispatch list, mDiscoveredList. https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c#L1193 So adding a gEfiFirmwareVolume2ProtocolGuid driver, or calling gBS->ProcessFirmwareVolume() is how you would make an FV show up that was not listed in the HOBs. In the DXE Phase security is handle by gBS->LoadImage() and it uses gEfiSecurity2ArchProtocolGuid and gEfiSecurityArchProtocolGuid to validate the image. This makes sense as a signed EFI PE/COFF image has the signature in the PE/COFF image, so you have to start the PE/COFF loading process to verify that signature. gEfiSecurity2ArchProtocolGuid lets you build security policy based on the location of the driver. https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/Image/Image.c#L1041 When the Dispatcher runs of things to Dispatch it returns and the DXE Core calls the BDS to process platform Boot Device Selection. https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c#L550 After BDS starts the only way to run code from an FV would be to call gDS->Dispatcher(). Likely you would call gDS->ProcessFirmwareVolume() and then gDS->Dispatcher(). To speed boot it is not uncommon to have multiple FVs. For example you could have an FV that contained all the setup resources and only call gDS->ProcessFirmwareVolume() on that FV if the user hit the Setup hot key. Thanks, Andrew Fish PS For x86 (0xFFFFFFF0 reset vector) and any other architectures that have the reset vector at the end there is a special file name in the FV called gEfiFirmwareVolumeTopFileGuid that tells the FV creation tools to put that file at the very end of the FV, so the end of that file would end up at the reset vector location. > On Jul 27, 2018, at 11:12 AM, Rafael Machado wrote: > > Hi everyone > > I have a question. > Let's suppose I have a BIOS with several FV regions. Between these FV there > is one that is empty. > > My question is: > In case I get this BIOS and inject a dxe driver at this FV. Would it be > executed, or there are specific FVs that are considered as containers to > executable code avoiding other FVs content to be executed? > > In case the answer comes with some code examples from edk2 tree it would be > amazing :) > > Thanks and Regards > Rafael > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel