From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=ruiyu.ni@intel.com; receiver=edk2-devel@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A526E2118F77E for ; Mon, 12 Nov 2018 23:33:49 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Nov 2018 23:33:49 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,498,1534834800"; d="scan'208";a="86071475" Received: from ray-dev.ccr.corp.intel.com ([10.239.9.22]) by fmsmga008.fm.intel.com with ESMTP; 12 Nov 2018 23:33:47 -0800 From: Ruiyu Ni To: edk2-devel@lists.01.org Cc: Eric Dong , Laszlo Ersek , Andrew Fish , Leif Lindholm , Michael D Kinney Date: Tue, 13 Nov 2018 15:35:10 +0800 Message-Id: <20181113073510.31208-1-ruiyu.ni@intel.com> X-Mailer: git-send-email 2.16.1.windows.1 Subject: [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Nov 2018 07:33:49 -0000 The patch reverts commit 1ed6498c4a0210204bf4b95cc0c0cd6623ad6a0b * UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled FEATURE_CONTROL.Lock bit is controlled by feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649 fixes a bug that when the feature is disabled, the Lock bit is cleared. But it's a security hole if the bit is cleared when booting OS. We can argue that platform needs to make sure the value of PcdCpuFeaturesUserConfiguration should be set properly to make sure feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled. But it's better to guarantee this in the generic core code. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ruiyu Ni Cc: Eric Dong Cc: Laszlo Ersek Cc: Andrew Fish Cc: Leif Lindholm Cc: Michael D Kinney --- UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c index 631c836857..8c1eb5eb4f 100644 --- a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c +++ b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c @@ -1,7 +1,7 @@ /** @file Features in MSR_IA32_FEATURE_CONTROL register. - Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -184,15 +184,6 @@ LockFeatureControlRegisterInitialize ( { MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister; - // - // When Lock Feature Control Register feature is disabled, - // just skip the MSR lock bit setting. - // The MSR lock bit is cleared by default and write-once in a boot. - // - if (!State) { - return RETURN_SUCCESS; - } - // // The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for // below processor type, only program MSR_IA32_FEATURE_CONTROL for thread 0 in each -- 2.16.1.windows.1