From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=40.107.5.51; helo=eur03-ve1-obe.outbound.protection.outlook.com; envelope-from=achin.gupta@arm.com; receiver=edk2-devel@lists.01.org Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50051.outbound.protection.outlook.com [40.107.5.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 57BA421962301 for ; Tue, 28 Aug 2018 07:30:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wNJS+xDT/9kLM9jfK1UCUtA00eZtA/NmnsSMNlU+xxI=; b=J3LfxpsuQBdB1Ov2jtmLCrQcRW5CpvKUCbeqi+eN5KmqOWIOKUl0GKbsCvn0CfUYNae/Lxcp9Rt5m9A5tspwYCXD8/gG6lkhltDW73DdCC+psBE8gJDml+upXMIC2kLihl2JoPJCL154kS9G00L+VPy9TPdoeYa1DX5mFrLpxg8= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Achin.Gupta@arm.com; Received: from e104320-lin (217.140.106.50) by DB7PR08MB2986.eurprd08.prod.outlook.com (2603:10a6:5:1c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1080.17; Tue, 28 Aug 2018 14:30:04 +0000 Date: Tue, 28 Aug 2018 15:30:04 +0100 From: Achin Gupta To: Ard Biesheuvel Cc: Sughosh Ganu , "edk2-devel@lists.01.org" , nd@arm.com Message-ID: <20180828143004.GA16449@e104320-lin> References: <1532090300-5250-1-git-send-email-sughosh.ganu@arm.com> <1532090300-5250-8-git-send-email-sughosh.ganu@arm.com> <1532367194.3302.36.camel@arm.com> <20180821065047.GA17216@arm.com> MIME-Version: 1.0 In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Originating-IP: [217.140.106.50] X-ClientProxiedBy: HE1PR05CA0167.eurprd05.prod.outlook.com (2603:10a6:3:f8::15) To DB7PR08MB2986.eurprd08.prod.outlook.com (2603:10a6:5:1c::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e76cb86b-96c5-484d-7dec-08d60cf2bfa2 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB7PR08MB2986; X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB2986; 3:xUyfYmDGQU3FuPrgIpWmnjWlHfCtoM3zpuuwg/ks8j4WGimMnc3iyJUNjqRYTNYgY2KOotebmnI1OAvNhIbn/72GEJvIJ4JuTl6QUfXyzRqBAbAgu2/I5wy6QwsBh4F+J75qZ7kTN4aoCEZ+W1R2nF4Dh7vABhqwap/XLYUioB712+4zvU+e9MBy4zTABC735733bkVMjvYsxIX2mgGvPypskXNtw63SZ7rf0O2N4q2fott2hNEkz63EFx3txm3j; 25:xVjL4XWNR4h3oOzEd9eZkNGhQ2T30z+bemyciDhcD2sOBzGbsIqBVqz2LvwTPyp17H0b6e6MfNjpUQt5bR+ykdIncStVCFCldV39BXkiVLJkUe5Mp10dFvdoOGTXMV8SGFD36cexxtU/81jyhmg+r9FgRvcKCrLwLxyxDeZYSzwlEu9kQXQD7o5dMnQ94H4xfdqKCZqm4wwBOqxgWvNVsNdczA/UeFc7LJM6yGXPelZoM8+7L6+NYtrcDJygr0oennoTdOOOB+v07kI5QV+5C4ZyVIMEAP59QCadI3rfSNCK2rHtOjjgl5oCc7Hc7T08GHVPKqoe7kYGr1gESS/lZA==; 31:m9XtLuGFT2PAZ9FZDw9vjUXF80iW5+J4nSbb+1f7A2taQQ4U7KtpSjSpikewPvYLSiwOlcJTnKZL7MLdfxiK8oUJZlDR0SfkLBHgESXM7fonkv/WG+ilCYNtUPj48qjHqTxQWp86ffWguz1RbSCBmWFrttX1bepL3O+ZlCkekBz1FbFR6jJI4OvT80kFC+P3TZWD+CGHigSyGn89RgC4JUCQe0gTKnNUuEJc5VI9er0= X-MS-TrafficTypeDiagnostic: DB7PR08MB2986: NoDisclaimer: True X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB2986; 20:j/e6Ut8ObaHnXcO7vUU6ZI92YSN6V9a+kR+5E+LLKjaW79wFckffJSYiWnv0w8cj7sEMOInaB1edcclCBDUDdz8AykeGGjo1U5uGKKFN+oRTni3VP6pwreSCLquLF4Zzww4EnBfhDl5iJ7AU9NHmQtSFY4xvOB/XD1S3/48mbmzEvEtJAfzDP1Zozy3YfgR+hiByXn5K8h5ecbk1aEe2ocFX1UgMmd4ZcJJ9VDntxuWM6hgak0lfyZHK8u6MlauZ/SDbigOJiOqyfCtcctW1qh6eZESny8F4p+qC94QtsaYsEZD399dxsTibcXefV1X0UPnW+VWjvFnaWP4APXFJMtw9IwITu42bwTAEhVUTYFDj6qns5eFaM0miNLuGitYO+2oBoImulsxoz/l9LtVlBfbgVI+LvEwCpAWHXyt8vJQ=; 4:ZUk4yTwxKtwk+HLzzA4wZ8ZC2PeZKwmqVfi+0n33f9LOsdRTNPlTCdzdoSI+Zv1Xn+Jbf9uzEzKNfTqFEZHYdZMAbg4TGqZqjzO8RV9tJ6XizUTOh/IMWXPx8OEgbT7639eJtPhD1/3RRwa5Yuw2wiwzhUKOn0FMV6SNHMEbvCpTG+2avdwyp6et1Mam5mpeE05BTWAFetF9nzDc6WciS6S7rDHnnuS/+t8I8JfBVfa38BGimLZqMe+cQAQ0jDzNYSWKzDp2xA8APCSsgAO6g+jH8Ot9sRDKrB8PjQ4a2Fs7IbKLV72aSu4teX4CZ+y96ihGb/GiFqhfl0sw9iE10UgfkiWIjlqsbpFSS2fyC/brhbzoF/K7LQU5ty0rG2O0 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(180628864354917)(162533806227266)(155532106045638); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(823301075)(93006095)(93001095)(3231311)(944501410)(52105095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(20161123564045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(201708071742011)(7699016); SRVR:DB7PR08MB2986; BCL:0; PCL:0; RULEID:; SRVR:DB7PR08MB2986; X-Forefront-PRVS: 077884B8B5 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(136003)(396003)(366004)(346002)(376002)(189003)(199004)(6116002)(53936002)(3846002)(53546011)(23726003)(68736007)(9686003)(33716001)(1076002)(47776003)(5660300001)(386003)(305945005)(186003)(7736002)(106356001)(16526019)(8936002)(66066001)(316002)(476003)(478600001)(72206003)(11346002)(446003)(956004)(486006)(966005)(44832011)(54906003)(58126008)(16586007)(33656002)(26005)(93886005)(105586002)(25786009)(86362001)(2906002)(6246003)(97736004)(14444005)(4326008)(15650500001)(6916009)(8676002)(81156014)(6496006)(81166006)(76176011)(52116002)(55016002)(6306002)(33896004)(50466002)(229853002)(18370500001)(107986001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR08MB2986; H:e104320-lin; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DB7PR08MB2986; 23:iCUWdQwX3TPCtd/ZVVoouG55L0n5fhH+T7WqrmGLR?= =?us-ascii?Q?3FOjPjxdkTo6yjmhaGRjkODWq9GOCydZ6ByM5t086ESx+GNvioxrtfQrkcsL?= =?us-ascii?Q?SA5VsoMSEPB35UCCdc/XlRuhcH7XJ5swoXh6Zfugjlfx2cjDw+lIkdXzD3ni?= =?us-ascii?Q?RKWmOZtXjno4HidyPOScqtMt0DUV7+XT4fjOTyYycrzreqGG9SVsesgyTUdt?= =?us-ascii?Q?Xr/Qm6CSSSntjoc5/qt+oMEp6QxAy2kKU6H6mf2mXGM0s+08rt0q5OG0G1xq?= =?us-ascii?Q?GGUT9hgq+01wdvviV9NoO34piPlUO8dGCDJfQ0lvflqY3PwXTemIaPey43oQ?= =?us-ascii?Q?QWc17h7E8Pe3HlOJTSny55x2JEiti9PTm0Og0ekakyrLuM/aAS3Z2/cUP1iF?= =?us-ascii?Q?V8x7jEtgMvFoDkEpxRY7Gona/XjrsSFcVXziBQttm5ciKBmwkX3KmeRx3fnL?= =?us-ascii?Q?sYq96WUoNPS7lJRt0g0OaYXLwytu/5Rfe87fnPNpJGd3d0mCtYtQqM4zmGgC?= =?us-ascii?Q?48OvPylJqA/WgEdER7abr0afwCio23QKmm6SX/JNt8mp+Ev7mVfJjEZAj+5r?= =?us-ascii?Q?p6ONNIVAGddzfsFbRkDQoVG9XoDuibw6ZVCWzlLSBKGLhsswMqhYR855nC5g?= =?us-ascii?Q?gZyJtNamLamGcIGk8AkYl8T6f9Awdpcx479NGRnlw0HSRCsTJ7lsDdjrxR1x?= =?us-ascii?Q?6R+tS/IiFXoUdvgxISURuFmQ2Qb/VzUfsNbZLJfrV9VwGAMlv8QfUawFS9ox?= =?us-ascii?Q?SAJkRfDHUvrsksRQa81op7xYUjSemFXvOxVXv+cS3jkWlMgVgjWk4G9ja45k?= =?us-ascii?Q?5p2CcHN+tP2ajIwrwI1BGZJl+w3M+qZtLZa/7Z1rcINA3yNPAJkRtGbQ3rgI?= =?us-ascii?Q?GTrdiO048sjj5+SE2CJxVuB/yt29rBUU50HOP2cVo9zxgMs2HjneXYVeYEvE?= =?us-ascii?Q?70JotHO6ikVcGYeQyXhSXI5TLOBuN9q1yWQ0COEQdjDwIhd6UWPCgj6Tc21U?= =?us-ascii?Q?szMD0MOtfCZgVdqU5pfgjYGrH2dXdcNTqAI7F7I/Bh9M9yAMOd0L+ACdPADZ?= =?us-ascii?Q?lqrQE0w02pvWFkx2AL2vrwUMEUgFNABXDETmO4tch9u/NOfl7lJIGJO6Vd4m?= =?us-ascii?Q?Qt3cvzymmdavyyryqvtTJXggy1AacptuWiVAld2dLb4+w9J79BpZwfJievFj?= =?us-ascii?Q?XFbhUTf31+Bbhk0FzJbbq7GCk++Ein0+oYf+txso2ejv0HhxlblA2BJsJsVF?= =?us-ascii?Q?tAA+JD3oLpvKrArUyBAl43DQCxVOXCqhCbIduqmnB5mmhEOqwizlxjvGxIx5?= =?us-ascii?Q?IiZXeKXb2uE/9318SNrNwEU+QAmtijNX5oE1/v6noImMdiMjWfcqQpStK4o5?= =?us-ascii?Q?nLtXoxgHy7wz6Nz5yaxXvyRodFOie1W3vIFBU8NHfPqp8eYjFkDypKfyIDZX?= =?us-ascii?Q?5gKKHuvg2n54houOYRyYx5oDqr5200=3D?= X-Microsoft-Antispam-Message-Info: pSFBzsULfOAfrOfdZ4B7YdzlacabmPxHbVLZELGLaX20ng9ro3Nd6m/RJ990Ud9MnVLnhiPiKodtaq7F26pJZiAKh1obU4HJruEIXrBSNGBH9QjGEpBkBjSe8pDmW/LJ1/re1Z8sTByLQg2yEJuU4T0AGX11k8XtI3PTh3fXBcP2NAj+gTLaNSLQ//Vf70Jo/iyiNew/2irIaz+WWcCDhp81eZ9KOTSGaRzO6EsEW0Dw9ZMoy/Uxz57ygh/zyy72Y+RjLT+d89UYKfhqFGhny4ZZpqfUOZZlVGA1Ufy26DYHPFxqHDoj8EJCYbUKHfARv5mINHQxqrka+ARphLXywAfL5sH2Xft+t581WGhhC9w= X-Microsoft-Exchange-Diagnostics: 1; DB7PR08MB2986; 6:LenhxdkteWUv5Fba3ckZzRRSj47BPgkP9uRHldQEAWyeeZlWPaDZkiStqCcU6h7IeoTmEHa4nCGhpv/mfK6EwTGzY4/VoFpuoau6qjDdjd2K1hqz1q9V/+Lvi6XnLYXT/no2dI/0JpBZSbc5Cd6ZmV/efqHHfKsekh0XiL7Mdsu/Go6KxLSUajqXrRto7wuDLwisGcyTUYVMnYFmMBirzYvd2In1hQcSuK8v3Iz8lX6jKhc4EbxnC8pK8U6+aQ0jmyIGiTX649UJS+A0xO7/BOfMp2kiyWx38K1ic9PmJSnWKNwHiSSHsM5sOfsZXqz3kl4AjMLnI40bgaC+rY18mQZsLyvbPxzox8Vjv21qj5NAaDQHJ3IMGYizcmkoxnLpGoooVvqIznPSPpOhqICREDa3PTME/F90OoQZpBK/oFTIEaRAgpaKVuD/9JtJXeSkBIkibthVt3Jy98vl5h2w4Q==; 5:fkBN7GaBDCRfn3HUs1CErnuROTs+FG1XVBh+7tbmtx2nPDighN+QSF761KjyAYXC7BMlNyLXwF+MMINCfum2s+ihnBwMwpJojFBQc202GZdDYyUTWt1+V8tYGcrlu6lGOgxCFRwQOy9v6KB0TwOqffEsnZxUpTlknnPFnZsg32I=; 7:42sGLGpspSnyrhfjw5hMDCE+myUp46JMh9PVfrcf3f9XbKQy5ReQMe2PST+TOvgGATQU8KYGDpwXRS9jaHfInaOnzdvf2/8ay7DzbgX6EcS4gL2ZUWYwYqh2fojKC7ZTzB1TpMp3qTOOg9O7dFvy9PxoflBn00wnVC6ONOgJ1kTlmQZIvv+Ua/u7uvA9yieG1mDmBSNcFt6bnB+6oPIr64ETL6v5i5V0fbTpXFvzX6akrnpKh0BS9od9NMzCz8Ms SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Aug 2018 14:30:04.9970 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e76cb86b-96c5-484d-7dec-08d60cf2bfa2 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB2986 Subject: Re: [PATCH v2 7/7] ArmPkg: Extra action to update permissions for S-ELO MM Image X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2018 14:30:10 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi Ard, Apologies for the delay! CIL. On Fri, Aug 24, 2018 at 03:55:29PM +0100, Ard Biesheuvel wrote: > On 21 August 2018 at 07:50, Sughosh Ganu wrote: > > hi Ard, > > > > On Tue July 23, 2018 at 11:03PM +0530, Supreeth Venkatesh wrote: > >> > >> On Sat, 2018-07-21 at 20:06 +0900, Ard Biesheuvel wrote: > >> > On 20 July 2018 at 21:38, Sughosh Ganu wrote: > >> > > > >> > > From: Achin Gupta > >> > > > >> > > The Standalone MM drivers runs in S-EL0 in AArch64 on ARM Standard > >> > > Platforms and is deployed during SEC phase. The memory allocated to > >> > > the Standalone MM drivers should be marked as RO+X. This is a bit misleading. For Standalone MM drivers, memory is allocated from the heap which is marked as RW+XN by the SPM in the S-EL1 page tables. This allows PeCoffLoaderLoadImage() to load the image from the FV into its newly allocated buffer. Before the driver can be executed, its rodata and code sections need a permission update from RW+XN to RO+XN and RO+X respectively. This patch does these permission changes after the relocation fixups have been done in PeCoffLoaderRelocateImageExtraAction(). > >> > > > >> > > During PE/COFF Image section parsing, this patch implements extra > >> > > action "UpdatePeCoffPermissions" to request the privileged firmware > >> > > in > >> > > EL3 to update the permissions. > >> > > > >> > > Contributed-under: TianoCore Contribution Agreement 1.1 > >> > > Signed-off-by: Sughosh Ganu > >> > Apologies for bringing this up only now, but I don't think I was ever > >> > cc'ed on these patches. > >> > > >> Apologies if you have missed it. But I am pretty sure it was part of > >> earlier large patch-set on which you and leif were copied, as it was > >> part of ArmPkg. > >> > > >> > We are relying on a debug hook in the PE/COFF loader to ensure that > >> > we > >> > don't end up with memory that is both writable and executable in the > >> > secure world. Do we really think that is a good idea? > >> > > >> > (I know this code was derived from a proof of concept that I did > >> > years > >> > ago, but that was just a PoC) > >> I think we need a little bit more details on what is your suggestion? > >> > >> A little bit background here: This code runs in S-EL0 and Request gets > >> sent to secure world SPM to ensure that the region permissions are > >> updated correctly via the "ArmMmuStandaloneMmCoreLib" SVC - > >> ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES_AARCH64. > >> > >> DebugPeCoffExtraActionLib is just used to extract image region > >> information, but the region permission > >> update request is sent to secure world for validation. > >> > >> With the above explanation, can you provide an insight into what was > >> your thinking? > >> Do you want us to create a separate library and call it > >> as PeCoffExtraActionLib to avoid the "Debug" word though it is a hook > >> to PeCoffExtraActionLib in MdePkg or do we want to create this library > >> in a separate package (may be in MdePkg?) or something totally > >> different. > > > > Supreeth had replied to your comments on the patch. Can you please > > check this. If you feel that this needs to be implemented differently, > > can you please suggest it to us. Thanks. > > > > My point is that such a fundamental action that needs to occur while > loading the PE/COFF image should not be hooked into the loader this > way. IIUC, your concern is about the way the PeCoffLoaderRelocateImageExtraAction() has been used? Is it meant to fulfil a different purpose? PE-COFF image loading and relocation is done by generic code and this seemed like the best mechanism to introduce an arch. specific hook. I agree that implementing the hooks in a DebugPeCoffExtraActionLib is not suitable for upstreaming. We could implement this within the StandaloneMmPkg as an Aarch64 library since it is unlikely it will ever be used in the ArmPkg itself. Please let us know what you think. cheers, Achin > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel