From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <afish@apple.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=17.171.2.33; helo=mail-in23.apple.com; envelope-from=afish@apple.com;
 receiver=edk2-devel@lists.01.org 
Received: from mail-in23.apple.com (mail-out23.apple.com [17.171.2.33])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 082EF202E5441
 for <edk2-devel@lists.01.org>; Fri, 27 Jul 2018 15:14:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s;
 c=relaxed/simple; 
 q=dns/txt; i=@apple.com; t=1532729686; x=2396643286;
 h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type:
 Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=HZrsxAnO9fnapECHpOmvSyShywDjdZgVFB3gnrPZA1o=;
 b=uud+54H/2OWUFmgRCafQc/bX9Hxqe9jmTbLkC1Ne5G0TI+lKDnhLosuHjLtZHM2O
 cBeSIuoNp/SW3TtZHCL641i/5/b5biFzT3QWTPoqPGGJ+U9aR5aS2cZDOknjceOE
 Yrr0ZuEpdOLoaIfR/e58omrcaFp+ESMCkrlhu9o9gnk2A3SlDGKVZ8lzU4x0q9Dd
 HMFKuXH0xKje/vcdj2bcoDrRMuGFk7MwWMJdjdGTIC/xL2m2sOK8qtQTU1+6Vlru
 OmASIrABMdgIjMTWCYob573tcK40C41CrEl0XUo65QZOO77jPNrbmsmta0AFX3t6
 LjYIGSioxo6YvYq72Xa7yg==;
X-AuditID: 11ab0217-d0fff70000003e90-b8-5b5b995607da
Received: from ma1-mtap-s03.corp.apple.com (ma1-mtap-s03.corp.apple.com
 [17.40.76.7])
 (using TLS with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mail-in23.apple.com (Apple Secure Mail Relay) with SMTP id
 5F.89.16016.6599B5B5; Fri, 27 Jul 2018 15:14:46 -0700 (PDT)
MIME-version: 1.0
Received: from nwk-mmpp-sz09.apple.com
 (nwk-mmpp-sz09.apple.com [17.128.115.80]) by ma1-mtap-s03.corp.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) with ESMTPS id <0PCJ00BNVPSJI320@ma1-mtap-s03.corp.apple.com>; Fri,
 27 Jul 2018 15:14:46 -0700 (PDT)
Received: from process_viserion-daemon.nwk-mmpp-sz09.apple.com by
 nwk-mmpp-sz09.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) id <0PCJ00M00PNINX00@nwk-mmpp-sz09.apple.com>; Fri,
 27 Jul 2018 15:14:46 -0700 (PDT)
X-Va-A: 
X-Va-T-CD: 7b94995cc9f7b636481b394f88e9b0f7
X-Va-E-CD: 8a618f7f4dc287a493048b03b21974e9
X-Va-R-CD: 504f23f21a6554c441c6e9be3ddf7c12
X-Va-CD: 0
X-Va-ID: f2498959-ccb7-4140-acd2-bc4026fece6a
X-V-A: 
X-V-T-CD: 7b94995cc9f7b636481b394f88e9b0f7
X-V-E-CD: 8a618f7f4dc287a493048b03b21974e9
X-V-R-CD: 504f23f21a6554c441c6e9be3ddf7c12
X-V-CD: 0
X-V-ID: acc369f3-528b-4efb-8535-3cd4b86270f1
Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by
 nwk-mmpp-sz09.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) id <0PCJ00M00PMKM400@nwk-mmpp-sz09.apple.com>; Fri,
 27 Jul 2018 15:14:44 -0700 (PDT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,,
 definitions=2018-07-27_09:,, signatures=0
X-Proofpoint-Scanner-Instance: nwk-grpmailp-qapp14.corp.apple.com-10000_instance1
Received: from [17.235.39.99] (unknown [17.235.39.99])
 by nwk-mmpp-sz09.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) with ESMTPSA id <0PCJ009ATPSFBM10@nwk-mmpp-sz09.apple.com>; Fri,
 27 Jul 2018 15:14:40 -0700 (PDT)
Sender: afish@apple.com
From: Andrew Fish <afish@apple.com>
In-reply-to: <CACgnt7_ZcJowSePez9PzVP5XZRQGOoJsmHkd2Dx99TDoU8GJJg@mail.gmail.com>
Date: Fri, 27 Jul 2018 15:14:38 -0700
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Message-id: <1B0B175F-9347-4D45-A7B3-799BC9FDFD49@apple.com>
References: <CACgnt7_ZcJowSePez9PzVP5XZRQGOoJsmHkd2Dx99TDoU8GJJg@mail.gmail.com>
To: Rafael Machado <rafaelrodrigues.machado@gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrCIsWRmVeSWpSXmKPExsUiqOHDrhs2MzraoO23pcWeQ0eZLXa+nMHu
 wOSxc9Zddo/u2f9YApiiuGxSUnMyy1KL9O0SuDK+PL7FVvBeoeJ/30zWBsbn0l2MHBwSAiYS
 B+aZdzFycQgJ7GeSWLfwOUsXIycHr4CgxI/J91hAapgF5CUOnpcFCTMLaEl8f9QKViIksIFJ
 4vpGEQi7i0ni8nI3EFtCgF3iz68dLBC2tkTX9vmMMPb3By3MMPbOhqNMEDaXxIKtp1khztGV
 ePtBFSLMJrH+xBKoEi2JFRuOwNmHZz9ghrE/rp3JDmFzSpz/MhHK1pGYs+cOC8RbnUwSE9b1
 Qt2QLbH93TWoomCJk+sa2SHu72eS2H3AEsQWFhCXeHdmEzOEbSlx9tJfMJtNQFlixfwPYPWc
 QL2LH2wH+5FFQFXi3qyfbJDwMZeYceELEyQIbSTONX9nhJgfING/pJcVxBYRMJPYO2sC+wRG
 xVlIIT0LEdKzkEJ6ASPzKkbh3MTMHN3MPCNjvcSCgpxUveT83E2MoGSwmkl8B+Pn14aHGAU4
 GJV4eC/YREcLsSaWFVfmHmKU5mBREuf9sEssWkggPbEkNTs1tSC1KL6oNCe1+BAjEwenVAOj
 dsRJm+l/NmZ2TPy+JOpk1p3+pbW63Ep/H9mys3/541Jz8NHDbJ4LymkTnr5O1Z3PMP/DpsYY
 ewP5G4yHktl/K/JeqDwR8PfNHy4PbV/ln8laz6bpnTFRD85bxf0yUHK36eW65xsy8ud8uNdj
 43vtlm60O2Ob1J6JdsXMQWKz9UWj+K1sbGcpsRRnJBpqMRcVJwIAjTVPS+cCAAA=
Subject: Re: Question About DxeDriver load process
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 22:14:48 -0000
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII

Rafael,

Since it is useful to also understand this when you are bringing up a platform....

SEC generally contains the hardware reset vector. SEC hands off to the PEI Core. Generally there is some build magic to help SEC find the PEI Core. Worst case you can walk the BFV (Boot Firmware Volume) and find it. 

SEC hands the PEI Core the EFI_SEC_PEI_HAND_OFF structure. This is how the PEI Core knows about stack, heap, and the location of the BFV to find PEIMs 
https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Pi/PiPeiCis.h#L967

The PEI Core has a PPI Notify Callback for gEfiPeiFirmwareVolumeInfoPpiGuid, and  gEfiPeiFirmwareVolumeInfo2PpiGuid to discover new FVs. 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Pei/FwVol/FwVol.c#L547

PEI Code writes hobs, EFI_HOB_TYPE_FV and EFI_HOB_TYPE_FV3, to help DXE discover FVs. 

When the DXE Core is started it will call FwVolBlockDriverInit() and  all the EFI_HOB_TYPE_FV, and optionally pick up the authentication status from EFI_HOB_TYPE_FV3, will get processed. 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c#L625

via calling ProduceFVBProtocolOnBuffer(). ProduceFVBProtocolOnBuffer() can also be called gBS->ProcessFirmwareVolume(). 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c#L452
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/FwVolBlock/FwVolBlock.c#L687

Loading drivers from the FV is the job of the DXE Dispatcher. The DXE Dispatcher has protocol notify event on gEfiFirmwareVolume2ProtocolGuid that will get the executables in the Dispatch list, mDiscoveredList.
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/Dispatcher/Dispatcher.c#L1193

So adding a gEfiFirmwareVolume2ProtocolGuid driver, or calling gBS->ProcessFirmwareVolume() is how you would make an FV show up that was not listed in the HOBs. 

In the DXE Phase security is handle by gBS->LoadImage() and it uses gEfiSecurity2ArchProtocolGuid and gEfiSecurityArchProtocolGuid to validate the image. This makes sense as a signed EFI PE/COFF image has the signature in the PE/COFF image, so you have to start the PE/COFF loading process to verify that signature.  gEfiSecurity2ArchProtocolGuid lets you build security policy based on the location of the driver. 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/Image/Image.c#L1041

When the Dispatcher runs of things to Dispatch it returns and the DXE Core calls the BDS to process platform Boot Device Selection. 
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c#L550

After BDS starts the only way to run code from an FV would be to call gDS->Dispatcher(). Likely you would call gDS->ProcessFirmwareVolume() and then  gDS->Dispatcher(). To speed boot it is not uncommon to have multiple FVs. For example you could have an FV that contained all the setup resources and only call gDS->ProcessFirmwareVolume() on that FV if the user hit the Setup hot key. 

Thanks,

Andrew Fish

PS For x86 (0xFFFFFFF0 reset vector) and any other architectures that have the reset vector at the end there is a special file name in the FV called gEfiFirmwareVolumeTopFileGuid that tells the FV creation tools to put that file at the very end of the FV, so the end of that file would end up at the reset vector location. 


> On Jul 27, 2018, at 11:12 AM, Rafael Machado <rafaelrodrigues.machado@gmail.com> wrote:
> 
> Hi everyone
> 
> I have a question.
> Let's suppose I have a BIOS with several FV regions. Between these FV there
> is one that is empty.
> 
> My question is:
> In case I get this BIOS and inject a dxe driver at this FV. Would it be
> executed, or there are specific FVs that are considered as containers to
> executable code avoiding other FVs content to be executed?
> 
> In case the answer comes with some code examples from edk2 tree it would be
> amazing :)
> 
> Thanks and Regards
> Rafael
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel