From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=104.47.2.80; helo=eur01-db5-obe.outbound.protection.outlook.com; envelope-from=achin.gupta@arm.com; receiver=edk2-devel@lists.01.org Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on0080.outbound.protection.outlook.com [104.47.2.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B4F7A203B8BFE for ; Mon, 30 Apr 2018 12:47:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=jFcO186quFrragR2u+QCM7TkoRSXLj6fqeTUCwzOFic=; b=dJ/65N6YYFRuMu3BhVQ1HQ75xBc5OJJ+NR1yZqyTjSnfDAVI9gzYE0nsZDCQT35wZeIQNThc5K9ZbCU0VGkCj5DkzFtT6OtOJgGz10zR3hrdlDVvpsIQKxYwnNNEkUP181pcz93jTCZg89dqSYW/tanCW7PnmBu2+ya7FJt2JDo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Achin.Gupta@arm.com; Received: from e104320-lin (217.140.96.140) by AM6PR08MB2983.eurprd08.prod.outlook.com (2603:10a6:209:44::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.715.18; Mon, 30 Apr 2018 19:47:43 +0000 Date: Mon, 30 Apr 2018 20:49:11 +0100 From: Achin Gupta To: Supreeth Venkatesh Cc: edk2-devel@lists.01.org, michael.d.kinney@intel.com, liming.gao@intel.com, jiewen.yao@intel.com, leif.lindholm@linaro.org, ard.biesheuvel@linaro.org, nd@arm.com Message-ID: <20180430194911.GZ663@e104320-lin> References: <20180406144223.10931-1-supreeth.venkatesh@arm.com> <20180406144223.10931-16-supreeth.venkatesh@arm.com> MIME-Version: 1.0 In-Reply-To: <20180406144223.10931-16-supreeth.venkatesh@arm.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Originating-IP: [217.140.96.140] X-ClientProxiedBy: CWLP265CA0001.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:10::13) To AM6PR08MB2983.eurprd08.prod.outlook.com (2603:10a6:209:44::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(2017052603328)(7153060)(7193020); SRVR:AM6PR08MB2983; X-Microsoft-Exchange-Diagnostics: 1; AM6PR08MB2983; 3:pLVcbH8PRWP2fbLjw+c0XbLyMWOzvOPiLo8L3bLRsEMRygRcksgXXjWNm8L4Tu8DhSW0CVm5R5x4QoYP85b8FDrOQc4GlzcEvKRL271ij9Pkiu//3mGCvcbYmrYgj9g+Z+SibXFjaedp5AKLTh62eb0Egt6mM82EZcF1QqIt9st3e6GVgTGwiBfcnv3XX33rj91lJ+8sRggjvMXjAOCt9Wv6NOkhevnmoZkIh8P+gtpKMSjDrMScp14dw/kNjHtl; 25:ANihLEtsjIdVkh41SYLQuTd8Wxy8dYa/RkVhexKWUEvNwaafdRYgEwQOnRoukOT6/QLRIMuzAOeBYeNds5FpPba1ZK5eO+QykvyRosKknD+hwI6UseaI6ZeQf2KLl4AaMl731RPB9OGDrgHzqqdmEekHsBhLFVm98vMRCrCIJjxwQ1Rh+3fnkPrSJsVN+k2Jxda5HXDHvRVjVLiBaqiHpg6drnQpwvAetKak4k6gcPkIh1aAJvREpKxSsSlfCoXmesUGcHET02i2poURusWOn0ZvrzNIgjvNuAahLTKu4YY3ZSKNzlM2lsdYIKasZ9j693ZgfA0p8ubvM3wHmsNVXQ==; 31:HDyTWyRGZxd/+vHTqA3raELaTAfQ7LIa52gapMgj0Iiy6KPjabyl8OGIjiA38WQMMyj7M9tQhHRLwyTT0JUa8wFcBkNwfWvZI09uPW8GaTa3XgmwO+fL9/jz2Sdl6QEEsKswYuWbFW4NciCBUhETUwAXLRgVmFsroOJYlCbA/37QY/e5XgKcBLFPutWBs5ZsVnqnaRXskKlU6MjQT4ihAWlKhRoBCTEo4S0VZjFHsTw= X-MS-TrafficTypeDiagnostic: AM6PR08MB2983: NoDisclaimer: True X-Microsoft-Exchange-Diagnostics: 1; AM6PR08MB2983; 20:40qqDmi/JBuhqZrL3Hp/5nS2Hv99irbYolnEeXdu332yAp/6itiOocokfgL8UwFO2OuWEm4wQAke9Hb92Hvh03snVcgixvGDcgqJwEwsl3I7q00SWtwTnLmcRSOQ6rNFD/WQ28AV2hsAiZQ/6yR+hX9MdqOWwfPC0GAfCvl1/9nqOHI8IR6MechrTpRHHXfkpiPGl6+zjOdc0JTDd/aoVPLF1R2KHYh5m9ZWJqaVoGrx6JOO3HKCGb6dMVk0M+Wk; 4:N3YvA7inOVkeDUzwWKtpIqcHLzWQGcoNRceylT/JE8ExiAIxv4eY9BP2bbN5O1T0r9zs6Va7wDCgoxAoSmylkgAgBYp1YHM+5Qs2cVqSzIvhLVdafXgSEQ8iM8V/LX4I0iPrJiJsAq+kfvmd3hdHO7QTP7/LLnvfHmEpVI+eigd7b8jXeUI1DaD+beoLERe2EqhzjHH8pxcImgp/hBnlUBBOKHsCeHOqYDi9L+57gkyjX5k60ZshJgAx7l6rfJ2mhR3jvYa242pfxFytW9KrWPC/MmDyh6+n3/d6XQt3dtNJgIj2V64PGm6thIkXLb4L X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(180628864354917); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231254)(944501410)(52105095)(6055026)(6041310)(20161123564045)(20161123558120)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:AM6PR08MB2983; BCL:0; PCL:0; RULEID:; SRVR:AM6PR08MB2983; X-Forefront-PRVS: 0658BAF71F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(366004)(396003)(39380400002)(39860400002)(346002)(376002)(199004)(189003)(47776003)(446003)(86362001)(2906002)(11346002)(81166006)(66066001)(15650500001)(33896004)(6246003)(5660300001)(68736007)(53936002)(97736004)(229853002)(16586007)(8676002)(26005)(16526019)(316002)(476003)(486006)(44832011)(7736002)(8936002)(81156014)(58126008)(956004)(50466002)(106356001)(105586002)(33656002)(55016002)(9686003)(386003)(23726003)(478600001)(72206003)(25786009)(6862004)(52116002)(305945005)(33716001)(76176011)(4326008)(59450400001)(6496006)(6636002)(1076002)(6666003)(3846002)(6116002)(18370500001)(107986001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB2983; H:e104320-lin; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM6PR08MB2983; 23:AlhDHOoPo2T2VIZ+3rp2H6WIruVFMshYimJdvIFMu?= =?us-ascii?Q?H363q4rlk7DAA3+8UMwGRXSrB5ZzQQyEnIJkfNlmjTAdubEfh2SDTq1WmI0y?= =?us-ascii?Q?W16dH/wKr5lBOWFVLrn/RvVe/9JlwMVNEAHk13YsDweZKrmNQDak3zkiUpTn?= =?us-ascii?Q?Q5KZNXKSqag+2wybzBHnajdBPh0OX46hcmwzZp2zbXAEgDyeLQPBaD0S5uQq?= =?us-ascii?Q?5U74D6fs8srvZRVKjhlrapeg2AI3B5DGFv6U49RH2KrUFzJ/38gciVqFIgyt?= =?us-ascii?Q?UXJ17m5+I5yr6ta+ZuIWfQlVdqvqQtzt1eBP3ABRCNGDRdcYwXk4RR7P474e?= =?us-ascii?Q?2W2BkgJqn0r2kZSPfrRCIbIsGSvjlo1Y0D0YnFmFiAH6c2vFVngegbLnxR9H?= =?us-ascii?Q?t8bFfWPTqJ/JIIIRouEFOlM8Nart7t7Wx+0PROJ4CLXaqfxxinOlmhwBn7AL?= =?us-ascii?Q?9o4Otiq8Jl1zAzP7YTNS6fzVyG1CPfknBUJtKaRj9xCxrCLJNB7JkW+vRIHe?= =?us-ascii?Q?SwT6gfDSSGFD8RHQB8lmGq8Gymofy67drqPK1F+9nZQIQ6dTK8R/hMZ/KRQd?= =?us-ascii?Q?WtU4BsLKTP3pQ49wKLWzpPF9vuC+BjW9cMcl/EPGi5od0Twj4tM5Ku4HZcAZ?= =?us-ascii?Q?dX1wJG35LE0cNX+CnnYFxnYRoPYZA+ZfFGTjS/Fh79wWD5FAw2ThOrlI+Qsf?= =?us-ascii?Q?PLm3GdVlOMob4Uj3xZVeRjhTfkB3/uuIVJVk7La1+EpS00NxZjug0q1jYYge?= =?us-ascii?Q?zXPRkArBTSQCDayBT+C5YlC2g5GgR4lvLdbh6VLse4LlLCUWfHWkjWaS2sNK?= =?us-ascii?Q?suRliRndq9oKO79YF4FoHP2wJ0d3rhKRQ0V/xFdQAzgDnErJCO6PTVixiv1l?= =?us-ascii?Q?bYVit78pl6P2B5aRDxauIi22jqrQTO+9RbEXGLFhYdy7XWq4a62I5IAE323X?= =?us-ascii?Q?/syTj0qL1ZVLhNl/Hzz4HUnxx0kf+CDvIfU5VtBnNiV3P9uv6JRuOoUsqc6E?= =?us-ascii?Q?TBDyEiPB5W0NryckN2OcwlKa6dHvUTdp7jSXyXWn0obmC/OqqIwWG7flRKwa?= =?us-ascii?Q?KRM7A6B1YH0k7OmIK0TSvUHtwyJBqKTVOrZ/1XLvK0rXqQWlbuNYr1Qc6ok6?= =?us-ascii?Q?zv7sRFWVG9c+fv1eZ6VlfaunfMq26hBXGNl6mT+dlL5FPgfU6PuwlKdXFvY3?= =?us-ascii?Q?1c1tK5ObTPVakcN9bUfYjY0Zh6f5/qGe0syyK2QTQZC+9Fh+aUXVEEj48LHd?= =?us-ascii?Q?I6g9yppBH9KSKFJ1JMmKL6r5201kD75Q/X0mFGxTQ/Hvj6QXig3itEPj40sQ?= =?us-ascii?Q?0JJFGWipC5vi7C1hXTdXHbfmV9Awheu3m47GHlT3Wmrk5tGOJfB9Hb7cww5F?= =?us-ascii?Q?PTu1dLDxMwny59yyIJ9274j6xMRJQut1Cy4yy5eTCkkrrVu?= X-Microsoft-Antispam-Message-Info: LkEJo2jPUmTWTz37wa1gIDGyi3pa0r2SOmkNt5/rC/m13F3Dm/wfQ51ghPFAuGeXmc9jv39vac5h/rvk+GyF1c9tn/DtfGGRLO584xhdIr3mKyf+5iyXnAceIeI9oY0+QxmT18ekDfTgoUx9bjMUUwmEvaVGNSEKTuP383omNlb1CgeObN2gPbdViI8RPXv7 X-Microsoft-Exchange-Diagnostics: 1; AM6PR08MB2983; 6:kv5TsmezCjRZIyGRT/ydmcIbAZogzsZ2dDITXnxcP36zjFemvCF7ZcplKZe4Gt4FEPd+0jQ0bE4y0jZqCnovTe7ZYBjcNjqzyq9s2GXRhWN7ECWsmOTc9P21Om79LakFRGzPCtTQjmuscLrZL1SqL7MGjN5uq3sRIYj3qkC5IEGwcAgTKY9fUVsCzry0Xu0MdB9Qarw3Pe1yp1tsjHmKxwkEH+kCy6PGjCvcdWZohjnqTywbH1+PvShrak1FzfdQgLg5YgNklxaa6NR14bUt+rJBJSlxgqYWUpxkAPD66HawN3KcTEZ0IlM6hGodlylPbnUExiKVNMEN+UWx0yQqRtmY0iyS4dmab2+ln5YxXfV9zAyk+eSoWoa/buzYx7J7hXqbSXz1tILJaOGxgBNmQQRa0zkkie1+gbMvJZF7oJqg2gtK7BGjidnuTMXZy5tLwApeQZblE0HtKasqcdS8hw==; 5:gfOy1WFgvAvZuK02n12RVjEMUCfOqUqA9YZmFtesSobO4sBXg/tEFQom7y4aayySElWIadk2B/XHtcBUgQVyxLLDxGmkUCqewohT9PeQ8CBr6XbnbZdlTSbRYVamKAEmuXNHbsCdI6swhTr67vOPoTeTZXWuVzXUdzuoG6APEv8=; 24:hwQ5AvDRdv84N7JyWN2UG2wYphvlh5OfmVpvB+VTYSRHkuviHsaNAbEgkLTwuuuJiaChUsFaGUUWKQeUoIMQ4mLIOhjly422WuetDFa1i84= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; AM6PR08MB2983; 7:b/giNdRKvLbIvfN/s0w6/mcACoRLoy6ksTNjJ9iOsxCijNOvnQxTlEdonSOnzLmcfTwGbJYFkgWhGK3Rp71/vqP3PBzpPCG6TFZjizcIXZ93Ehwp2FrnaZGSqP8QLVZDFX8okht0KJa4URQY20/1C1TRwIxaXBjXQZI7m2+jS4rx/osCNWWJcLnvGa0gmV3UyZ/eh1L/enhzfaYeFLhSWfhMU6vEvkR75vAWcfZguJ0pCbNUnzvkHFetSTSi6iK9 X-MS-Office365-Filtering-Correlation-Id: 41c7baac-5b6f-4ed1-6509-08d5aed33de1 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2018 19:47:43.8713 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 41c7baac-5b6f-4ed1-6509-08d5aed33de1 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB2983 Subject: Re: [PATCH v1 15/18] ArmPkg: Extra action to update permissions for S-ELO MM Image. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Apr 2018 19:47:48 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi Supreeth, This file was originally contributed by Ard a while back so worth poking him and Leif for review. If MM is expected to be the only use case of this library then it might make sense to pull in under the StandaloneMmPkg instead of relying on PcdStandaloneMmEnable. Cheers, Achin On Fri, Apr 06, 2018 at 03:42:20PM +0100, Supreeth Venkatesh wrote: > The Standalone MM drivers runs in S-EL0 in AArch64 on ARM Standard > Platforms and is deployed during SEC phase. The memory allocated to the > Standalone MM drivers should be marked as RO+X. > > During PE/COFF Image section parsing, this patch implements extra action > "UpdatePeCoffPermissions" to request the privileged firmware in EL3 to > update the permissions. > > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Achin Gupta > Signed-off-by: Supreeth Venkatesh > --- > .../DebugPeCoffExtraActionLib.c | 185 +++++++++++++++++++-- > .../DebugPeCoffExtraActionLib.inf | 7 + > 2 files changed, 181 insertions(+), 11 deletions(-) > > diff --git a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c > index f298e58cdf..c87aaf05c7 100644 > --- a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c > +++ b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c > @@ -15,14 +15,165 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > **/ > > #include > -#include > > +#include > #include > -#include > #include > +#include > +#include > +#include > #include > #include > > +typedef RETURN_STATUS (*REGION_PERMISSION_UPDATE_FUNC) ( > + IN EFI_PHYSICAL_ADDRESS BaseAddress, > + IN UINT64 Length > + ); > + > +STATIC > +RETURN_STATUS > +UpdatePeCoffPermissions ( > + IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, > + IN REGION_PERMISSION_UPDATE_FUNC NoExecUpdater, > + IN REGION_PERMISSION_UPDATE_FUNC ReadOnlyUpdater > + ) > +{ > + RETURN_STATUS Status; > + EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; > + EFI_IMAGE_OPTIONAL_HEADER_UNION HdrData; > + UINTN Size; > + UINTN ReadSize; > + UINT32 SectionHeaderOffset; > + UINTN NumberOfSections; > + UINTN Index; > + EFI_IMAGE_SECTION_HEADER SectionHeader; > + PE_COFF_LOADER_IMAGE_CONTEXT TmpContext; > + EFI_PHYSICAL_ADDRESS Base; > + > + // > + // We need to copy ImageContext since PeCoffLoaderGetImageInfo () > + // will mangle the ImageAddress field > + // > + CopyMem (&TmpContext, ImageContext, sizeof (TmpContext)); > + > + if (TmpContext.PeCoffHeaderOffset == 0) { > + Status = PeCoffLoaderGetImageInfo (&TmpContext); > + if (RETURN_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, > + "%a: PeCoffLoaderGetImageInfo () failed (Status = %r)\n", > + __FUNCTION__, Status)); > + return Status; > + } > + } > + > + if (TmpContext.IsTeImage && > + TmpContext.ImageAddress == ImageContext->ImageAddress) { > + DEBUG ((DEBUG_INFO, "%a: ignoring XIP TE image at 0x%lx\n", __FUNCTION__, > + ImageContext->ImageAddress)); > + return RETURN_SUCCESS; > + } > + > + if (TmpContext.SectionAlignment < EFI_PAGE_SIZE) { > + // > + // The sections need to be at least 4 KB aligned, since that is the > + // granularity at which we can tighten permissions. So just clear the > + // noexec permissions on the entire region. > + // > + if (!TmpContext.IsTeImage) { > + DEBUG ((DEBUG_WARN, > + "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n", > + __FUNCTION__, ImageContext->ImageAddress, TmpContext.SectionAlignment)); > + } > + Base = ImageContext->ImageAddress & ~(EFI_PAGE_SIZE - 1); > + Size = ImageContext->ImageAddress - Base + ImageContext->ImageSize; > + return NoExecUpdater (Base, ALIGN_VALUE (Size, EFI_PAGE_SIZE)); > + } > + > + // > + // Read the PE/COFF Header. For PE32 (32-bit) this will read in too much > + // data, but that should not hurt anything. Hdr.Pe32->OptionalHeader.Magic > + // determines if this is a PE32 or PE32+ image. The magic is in the same > + // location in both images. > + // > + Hdr.Union = &HdrData; > + Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION); > + ReadSize = Size; > + Status = TmpContext.ImageRead (TmpContext.Handle, > + TmpContext.PeCoffHeaderOffset, &Size, Hdr.Pe32); > + if (RETURN_ERROR (Status) || (Size != ReadSize)) { > + DEBUG ((DEBUG_ERROR, > + "%a: TmpContext.ImageRead () failed (Status = %r)\n", > + __FUNCTION__, Status)); > + return Status; > + } > + > + ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE); > + > + SectionHeaderOffset = TmpContext.PeCoffHeaderOffset + sizeof (UINT32) + > + sizeof (EFI_IMAGE_FILE_HEADER); > + NumberOfSections = (UINTN)(Hdr.Pe32->FileHeader.NumberOfSections); > + > + switch (Hdr.Pe32->OptionalHeader.Magic) { > + case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: > + SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader; > + break; > + case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: > + SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader; > + break; > + default: > + ASSERT (FALSE); > + } > + > + // > + // Iterate over the sections > + // > + for (Index = 0; Index < NumberOfSections; Index++) { > + // > + // Read section header from file > + // > + Size = sizeof (EFI_IMAGE_SECTION_HEADER); > + ReadSize = Size; > + Status = TmpContext.ImageRead (TmpContext.Handle, SectionHeaderOffset, > + &Size, &SectionHeader); > + if (RETURN_ERROR (Status) || (Size != ReadSize)) { > + DEBUG ((DEBUG_ERROR, > + "%a: TmpContext.ImageRead () failed (Status = %r)\n", > + __FUNCTION__, Status)); > + return Status; > + } > + > + Base = TmpContext.ImageAddress + SectionHeader.VirtualAddress; > + > + if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_EXECUTE) == 0) { > + > + if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_WRITE) == 0 && > + TmpContext.ImageType != EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER) { > + > + DEBUG ((DEBUG_INFO, > + "%a: Mapping section %d of image at 0x%lx with RO-XN permissions and size 0x%x\n", > + __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize)); > + ReadOnlyUpdater (Base, SectionHeader.Misc.VirtualSize); > + } else { > + DEBUG ((DEBUG_WARN, > + "%a: Mapping section %d of image at 0x%lx with RW-XN permissions and size 0x%x\n", > + __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize)); > + } > + } else { > + DEBUG ((DEBUG_INFO, > + "%a: Mapping section %d of image at 0x%lx with RO-XN permissions and size 0x%x\n", > + __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize)); > + ReadOnlyUpdater (Base, SectionHeader.Misc.VirtualSize); > + > + DEBUG ((DEBUG_INFO, > + "%a: Mapping section %d of image at 0x%lx with RO-X permissions and size 0x%x\n", > + __FUNCTION__, Index, Base, SectionHeader.Misc.VirtualSize)); > + NoExecUpdater (Base, SectionHeader.Misc.VirtualSize); > + } > + > + SectionHeaderOffset += sizeof (EFI_IMAGE_SECTION_HEADER); > + } > + return RETURN_SUCCESS; > +} > > /** > If the build is done on cygwin the paths are cygpaths. > @@ -83,23 +234,29 @@ PeCoffLoaderRelocateImageExtraAction ( > CHAR8 Temp[512]; > #endif > > + if (PcdGetBool(PcdStandaloneMmEnable) == TRUE) > + { > + UpdatePeCoffPermissions (ImageContext, ArmClearMemoryRegionNoExec, > + ArmSetMemoryRegionReadOnly); > + } > + > if (ImageContext->PdbPointer) { > #ifdef __CC_ARM > #if (__ARMCC_VERSION < 500000) > // Print out the command for the RVD debugger to load symbols for this image > - DEBUG ((EFI_D_LOAD | EFI_D_INFO, "load /a /ni /np %a &0x%p\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); > + DEBUG ((DEBUG_LOAD | DEBUG_INFO, "load /a /ni /np %a &0x%p\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); > #else > // Print out the command for the DS-5 to load symbols for this image > - DEBUG ((EFI_D_LOAD | EFI_D_INFO, "add-symbol-file %a 0x%p\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); > + DEBUG ((DEBUG_LOAD | DEBUG_INFO, "add-symbol-file %a 0x%p\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); > #endif > #elif __GNUC__ > // This may not work correctly if you generate PE/COFF directlyas then the Offset would not be required > - DEBUG ((EFI_D_LOAD | EFI_D_INFO, "add-symbol-file %a 0x%p\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); > + DEBUG ((DEBUG_LOAD | DEBUG_INFO, "add-symbol-file %a 0x%p\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); > #else > - DEBUG ((EFI_D_LOAD | EFI_D_INFO, "Loading driver at 0x%11p EntryPoint=0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress, FUNCTION_ENTRY_POINT (ImageContext->EntryPoint))); > + DEBUG ((DEBUG_LOAD | DEBUG_INFO, "Loading driver at 0x%11p EntryPoint=0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress, FUNCTION_ENTRY_POINT (ImageContext->EntryPoint))); > #endif > } else { > - DEBUG ((EFI_D_LOAD | EFI_D_INFO, "Loading driver at 0x%11p EntryPoint=0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress, FUNCTION_ENTRY_POINT (ImageContext->EntryPoint))); > + DEBUG ((DEBUG_LOAD | DEBUG_INFO, "Loading driver at 0x%11p EntryPoint=0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress, FUNCTION_ENTRY_POINT (ImageContext->EntryPoint))); > } > } > > @@ -125,17 +282,23 @@ PeCoffLoaderUnloadImageExtraAction ( > CHAR8 Temp[512]; > #endif > > + if (PcdGetBool(PcdStandaloneMmEnable) == TRUE) > + { > + UpdatePeCoffPermissions (ImageContext, ArmSetMemoryRegionNoExec, > + ArmClearMemoryRegionReadOnly); > + } > + > if (ImageContext->PdbPointer) { > #ifdef __CC_ARM > // Print out the command for the RVD debugger to load symbols for this image > - DEBUG ((EFI_D_ERROR, "unload symbols_only %a\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)))); > + DEBUG ((DEBUG_ERROR, "unload symbols_only %a\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)))); > #elif __GNUC__ > // This may not work correctly if you generate PE/COFF directlyas then the Offset would not be required > - DEBUG ((EFI_D_ERROR, "remove-symbol-file %a 0x%08x\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); > + DEBUG ((DEBUG_ERROR, "remove-symbol-file %a 0x%08x\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); > #else > - DEBUG ((EFI_D_ERROR, "Unloading %a\n", ImageContext->PdbPointer)); > + DEBUG ((DEBUG_ERROR, "Unloading %a\n", ImageContext->PdbPointer)); > #endif > } else { > - DEBUG ((EFI_D_ERROR, "Unloading driver at 0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress)); > + DEBUG ((DEBUG_ERROR, "Unloading driver at 0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress)); > } > } > diff --git a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf > index c1f717e5bd..38bf3993ae 100644 > --- a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf > +++ b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf > @@ -33,7 +33,14 @@ > DebugPeCoffExtraActionLib.c > > [Packages] > + ArmPkg/ArmPkg.dec > MdePkg/MdePkg.dec > + StandaloneMmPkg/StandaloneMmPkg.dec > + > +[FeaturePcd] > + gStandaloneMmPkgTokenSpaceGuid.PcdStandaloneMmEnable > > [LibraryClasses] > + ArmMmuLib > DebugLib > + PcdLib > -- > 2.16.2 >