From: Ruiyu Ni <ruiyu.ni@intel.com>
To: edk2-devel@lists.01.org
Cc: Jiewen Yao <jiewen.yao@intel.com>
Subject: [PATCH v2 4/9] MdeModulePkg/SecurityStubDxe: Report failure if image is load earlier
Date: Tue, 8 Nov 2016 20:29:23 +0800 [thread overview]
Message-ID: <20161108122928.53984-5-ruiyu.ni@intel.com> (raw)
In-Reply-To: <20161108122928.53984-1-ruiyu.ni@intel.com>
The 3rd party image should be loaded after EndOfDxe event signal and
DxeSmmReadyToLock protocol installation. But non-SMM platform doesn't
published DxeSmmReadyToLock protocol.
So the SecurityStubDxe can only depend on EndOfDxe event.
This patch enhances the SecurityStubDxe to listen on
DxeSmmReadyToLock protocol installation and if any 3rd party image
is loaded before DxeSmmReadyToLock, it reports failure.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
---
.../SecurityStubDxe/Defer3rdPartyImageLoad.c | 58 ++++++++++++++++++++++
.../SecurityStubDxe/Defer3rdPartyImageLoad.h | 5 +-
.../Universal/SecurityStubDxe/SecurityStubDxe.inf | 3 ++
3 files changed, 65 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c b/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c
index ca45d56..7135a9d 100644
--- a/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c
+++ b/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c
@@ -30,6 +30,7 @@ typedef struct {
DEFERRED_3RD_PARTY_IMAGE_INFO *ImageInfo; ///< deferred 3rd party image item
} DEFERRED_3RD_PARTY_IMAGE_TABLE;
+BOOLEAN mImageLoadedAfterEndOfDxe = FALSE;
BOOLEAN mEndOfDxe = FALSE;
DEFERRED_3RD_PARTY_IMAGE_TABLE mDeferred3rdPartyImage = {
0, // Deferred image count
@@ -257,6 +258,53 @@ EndOfDxe (
}
/**
+ Event notification for gEfiDxeSmmReadyToLockProtocolGuid event.
+
+ This function reports failure if any deferred image is loaded before
+ this callback.
+ Platform should publish ReadyToLock protocol immediately after signaling
+ of the End of DXE Event.
+
+ @param Event The Event that is being processed, not used.
+ @param Context Event Context, not used.
+
+**/
+VOID
+EFIAPI
+DxeSmmReadyToLock (
+ IN EFI_EVENT Event,
+ IN VOID *Context
+ )
+{
+ EFI_STATUS Status;
+ VOID *Interface;
+
+ Status = gBS->LocateProtocol (&gEfiDxeSmmReadyToLockProtocolGuid, NULL, &Interface);
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ gBS->CloseEvent (Event);
+
+ if (mImageLoadedAfterEndOfDxe) {
+ //
+ // Platform should not dispatch the 3rd party images after signaling EndOfDxe event
+ // but before publishing DxeSmmReadyToLock protocol.
+ //
+ DEBUG ((
+ DEBUG_ERROR,
+ "[Security] 3rd party images must be dispatched after DxeSmmReadyToLock Protocol installation!\n"
+ ));
+ REPORT_STATUS_CODE (
+ EFI_ERROR_CODE | EFI_ERROR_UNRECOVERED,
+ (EFI_SOFTWARE_DXE_BS_DRIVER | EFI_SW_EC_ILLEGAL_SOFTWARE_STATE)
+ );
+ ASSERT (FALSE);
+ CpuDeadLoop ();
+ }
+}
+
+/**
Defer the 3rd party image load and installs Deferred Image Load Protocol.
@param[in] File This is a pointer to the device path of the file that
@@ -303,6 +351,7 @@ Defer3rdPartyImageLoad (
);
if (mEndOfDxe) {
+ mImageLoadedAfterEndOfDxe = TRUE;
//
// The image might be first time loaded after EndOfDxe,
// So ImageInfo can be NULL.
@@ -334,6 +383,7 @@ Defer3rdPartyImageLoadInitialize (
EFI_STATUS Status;
EFI_HANDLE Handle;
EFI_EVENT Event;
+ VOID *Registration;
Handle = NULL;
Status = gBS->InstallMultipleProtocolInterfaces (
@@ -353,4 +403,12 @@ Defer3rdPartyImageLoadInitialize (
&Event
);
ASSERT_EFI_ERROR (Status);
+
+ EfiCreateProtocolNotifyEvent (
+ &gEfiDxeSmmReadyToLockProtocolGuid,
+ TPL_CALLBACK,
+ DxeSmmReadyToLock,
+ NULL,
+ &Registration
+ );
}
diff --git a/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h b/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h
index 3fab258..75553ba 100644
--- a/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h
+++ b/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h
@@ -15,16 +15,19 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef _DEFER_3RD_PARTY_IMAGE_LOAD_H_
#define _DEFER_3RD_PARTY_IMAGE_LOAD_H_
-#include <Uefi.h>
+#include <PiDxe.h>
#include <Guid/EventGroup.h>
#include <Protocol/DeferredImageLoad.h>
#include <Protocol/FirmwareVolume2.h>
+#include <Protocol/DxeSmmReadyToLock.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DebugLib.h>
+#include <Library/UefiLib.h>
+#include <Library/ReportStatusCodeLib.h>
/**
Returns information about a deferred image.
diff --git a/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf b/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
index be6ce6c..7f8f6cb 100644
--- a/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+++ b/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
@@ -41,6 +41,8 @@ [LibraryClasses]
UefiBootServicesTableLib
DebugLib
SecurityManagementLib
+ ReportStatusCodeLib
+ UefiLib
[Guids]
gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
@@ -49,6 +51,7 @@ [Protocols]
gEfiSecurityArchProtocolGuid ## PRODUCES
gEfiSecurity2ArchProtocolGuid ## PRODUCES
gEfiDeferredImageLoadProtocolGuid ## PRODUCES
+ gEfiDxeSmmReadyToLockProtocolGuid ## CONSUMES
[Depex]
TRUE
--
2.9.0.windows.1
next prev parent reply other threads:[~2016-11-08 12:29 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-08 12:29 [PATCH v2 0/9] Defer 3rd party images loading to after EndOfDxe Ruiyu Ni
2016-11-08 12:29 ` [PATCH v2 1/9] MdeModulePkg/SecurityStubDxe: Defer 3rd party image before EndOfDxe Ruiyu Ni
2016-11-10 7:24 ` Gao, Liming
2016-11-08 12:29 ` [PATCH v2 2/9] MdeModulePkg/UefiBootManager: Add EfiBootManagerDispatchDeferredImages Ruiyu Ni
2016-11-08 14:11 ` Zhang, Chao B
2016-11-10 5:52 ` Wang, Sunny (HPS SW)
2016-11-10 6:01 ` Gao, Liming
2016-11-08 12:29 ` [PATCH v2 3/9] MdeModulePkg/BdsDxe: Check deferred images before booting to OS Ruiyu Ni
2016-11-08 14:08 ` Zhang, Chao B
2016-11-10 5:50 ` Wang, Sunny (HPS SW)
2016-11-10 6:01 ` Gao, Liming
2016-11-08 12:29 ` Ruiyu Ni [this message]
2016-11-08 12:29 ` [PATCH v2 5/9] ArmVirPkg/PlatformBds: Dispatch deferred images after EndOfDxe Ruiyu Ni
2016-11-08 12:57 ` Laszlo Ersek
2016-11-08 12:29 ` [PATCH v2 6/9] OvmfPkg/PlatformBds: " Ruiyu Ni
2016-11-08 13:04 ` Laszlo Ersek
2016-11-11 11:16 ` Laszlo Ersek
2016-11-11 11:24 ` Ni, Ruiyu
2016-11-08 12:29 ` [PATCH v2 7/9] CorebootPayload/PlatformBds: " Ruiyu Ni
2016-11-09 0:13 ` Ma, Maurice
2016-11-08 12:29 ` [PATCH v2 8/9] QuarkPlatformPkg/PlatformBds: " Ruiyu Ni
2016-11-08 15:39 ` Kinney, Michael D
2016-11-08 12:29 ` [PATCH v2 9/9] Nt32Pkg/PlatformBds: " Ruiyu Ni
2016-11-09 6:55 ` Dong, Eric
2016-11-10 5:56 ` [PATCH v2 0/9] Defer 3rd party images loading to " Wang, Sunny (HPS SW)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161108122928.53984-5-ruiyu.ni@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox