public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Achin Gupta <achin.gupta@arm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Supreeth Venkatesh <supreeth.venkatesh@arm.com>,
	Leif Lindholm <leif.lindholm@linaro.org>,
	Jagadeesh Ujja <jagadeesh.ujja@arm.com>,
	Thomas Panakamattam Abraham <thomas.abraham@arm.com>,
	Sami Mujawar <Sami.Mujawar@arm.com>
Subject: [PATCH 7/8] StandaloneMmPkg/StandaloneMmCoreEntryPoint: permit the use of TE images
Date: Fri,  4 Jan 2019 12:03:14 +0100	[thread overview]
Message-ID: <20190104110315.18339-8-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20190104110315.18339-1-ard.biesheuvel@linaro.org>

TE images take up less space when using 4 KB section alignment, since
the FFS/FV generation code optimizes away the redundant, nested padding.
This saves 4 KB of space, which is a worthwhile improvement for code
that executes in place in secure context.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c | 107 +++++++++-----------
 1 file changed, 46 insertions(+), 61 deletions(-)

diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c
index 3ca7f6660f47..90299ebbafb6 100644
--- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c
+++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c
@@ -143,9 +143,12 @@ LocateStandaloneMmCorePeCoffData (
 
   Status = FfsFindSectionData (EFI_SECTION_PE32, FileHeader, TeData, TeDataSize);
   if (EFI_ERROR (Status)) {
-      DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - 0x%x\n",
-              Status));
-    return Status;
+    Status = FfsFindSectionData (EFI_SECTION_TE, FileHeader, TeData, TeDataSize);
+    if (EFI_ERROR (Status)) {
+        DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - %r\n",
+                Status));
+      return Status;
+    }
   }
 
   DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", *TeData));
@@ -155,10 +158,9 @@ LocateStandaloneMmCorePeCoffData (
 STATIC
 EFI_STATUS
 GetPeCoffSectionInformation (
-  IN  CONST PE_COFF_LOADER_IMAGE_CONTEXT      *ImageContext,
-  IN  OUT   PE_COFF_LOADER_IMAGE_CONTEXT      *TmpContext,
-  IN  OUT   UINT32                            *SectionHeaderOffset,
-  IN  OUT   UINT16                            *NumberOfSections
+  IN  OUT   PE_COFF_LOADER_IMAGE_CONTEXT      *ImageContext,
+      OUT   UINT32                            *SectionHeaderOffset,
+      OUT   UINT16                            *NumberOfSections
   )
 {
   RETURN_STATUS                         Status;
@@ -168,44 +170,29 @@ GetPeCoffSectionInformation (
   UINTN                                 ReadSize;
 
   ASSERT (ImageContext != NULL);
-  ASSERT (TmpContext != NULL);
   ASSERT (SectionHeaderOffset != NULL);
   ASSERT (NumberOfSections != NULL);
 
-  //
-  // We need to copy ImageContext since PeCoffLoaderGetImageInfo ()
-  // will mangle the ImageAddress field
-  //
-  CopyMem (TmpContext, ImageContext, sizeof (*TmpContext));
-
-  if (TmpContext->PeCoffHeaderOffset == 0) {
-    Status = PeCoffLoaderGetImageInfo (TmpContext);
-    if (RETURN_ERROR (Status)) {
-      DEBUG ((DEBUG_ERROR,
-              "%a: PeCoffLoaderGetImageInfo () failed (Status = %r)\n",
-              __FUNCTION__, Status));
-      return Status;
-    }
-  }
-
-  if (TmpContext->IsTeImage &&
-      TmpContext->ImageAddress == ImageContext->ImageAddress) {
-    DEBUG ((DEBUG_INFO, "%a: ignoring XIP TE image at 0x%lx\n", __FUNCTION__,
-            ImageContext->ImageAddress));
-    return RETURN_UNSUPPORTED;
+  Status = PeCoffLoaderGetImageInfo (ImageContext);
+  if (RETURN_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR,
+            "%a: PeCoffLoaderGetImageInfo () failed (Status == %r)\n",
+            __FUNCTION__, Status));
+    return Status;
   }
 
-  if (TmpContext->SectionAlignment < EFI_PAGE_SIZE) {
+  if (ImageContext->SectionAlignment < EFI_PAGE_SIZE) {
     //
     // The sections need to be at least 4 KB aligned, since that is the
     // granularity at which we can tighten permissions.
     //
-    if (!TmpContext->IsTeImage) {
+    if (!ImageContext->IsTeImage) {
       DEBUG ((DEBUG_WARN,
               "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n",
-              __FUNCTION__, ImageContext->ImageAddress, TmpContext->SectionAlignment));
+              __FUNCTION__, ImageContext->ImageAddress, ImageContext->SectionAlignment));
+      return RETURN_UNSUPPORTED;
     }
-    return RETURN_UNSUPPORTED;
+    ImageContext->SectionAlignment = EFI_PAGE_SIZE;
   }
 
   //
@@ -217,9 +204,9 @@ GetPeCoffSectionInformation (
   Hdr.Union = &HdrData;
   Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION);
   ReadSize = Size;
-  Status = TmpContext->ImageRead (
-                         TmpContext->Handle,
-                         TmpContext->PeCoffHeaderOffset,
+  Status = ImageContext->ImageRead (
+                         ImageContext->Handle,
+                         ImageContext->PeCoffHeaderOffset,
                          &Size,
                          Hdr.Pe32
                          );
@@ -231,23 +218,28 @@ GetPeCoffSectionInformation (
     return Status;
   }
 
-  ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE);
-
-  *SectionHeaderOffset = TmpContext->PeCoffHeaderOffset + sizeof (UINT32) +
-                        sizeof (EFI_IMAGE_FILE_HEADER);
-  *NumberOfSections    = Hdr.Pe32->FileHeader.NumberOfSections;
-
-  switch (Hdr.Pe32->OptionalHeader.Magic) {
-  case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:
-    *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader;
-    break;
-  case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:
-    *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader;
-    break;
-  default:
-    ASSERT (FALSE);
+  if (!ImageContext->IsTeImage) {
+    ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE);
+
+    *SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + sizeof (UINT32) +
+                          sizeof (EFI_IMAGE_FILE_HEADER);
+    *NumberOfSections    = Hdr.Pe32->FileHeader.NumberOfSections;
+
+    switch (Hdr.Pe32->OptionalHeader.Magic) {
+    case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:
+      *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader;
+      break;
+    case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:
+      *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader;
+      break;
+    default:
+      ASSERT (FALSE);
+    }
+  } else {
+    *SectionHeaderOffset = (UINTN)(sizeof (EFI_TE_IMAGE_HEADER));
+    *NumberOfSections = Hdr.Te->NumberOfSections;
+    ImageContext->ImageAddress -= (UINT32)Hdr.Te->StrippedSize - sizeof (EFI_TE_IMAGE_HEADER);
   }
-
   return RETURN_SUCCESS;
 }
 
@@ -261,7 +253,6 @@ GetStandaloneMmCorePeCoffSections (
   )
 {
   EFI_STATUS                   Status;
-  PE_COFF_LOADER_IMAGE_CONTEXT TmpContext;
 
   // Initialize the Image Context
   ZeroMem (ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT));
@@ -270,15 +261,9 @@ GetStandaloneMmCorePeCoffSections (
 
   DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData));
 
-  Status = PeCoffLoaderGetImageInfo (ImageContext);
-  if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Image information - 0x%x\n", Status));
-    return Status;
-  }
-
-  Status = GetPeCoffSectionInformation (ImageContext, &TmpContext, SectionHeaderOffset, NumberOfSections);
+  Status = GetPeCoffSectionInformation (ImageContext, SectionHeaderOffset, NumberOfSections);
   if (EFI_ERROR (Status)) {
-    DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - 0x%x\n", Status));
+    DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - %r\n", Status));
     return Status;
   }
 
-- 
2.17.1



  parent reply	other threads:[~2019-01-04 11:03 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-04 11:03 [PATCH 0/8] StandaloneMmPkg: assorted fixes and improvements Ard Biesheuvel
2019-01-04 11:03 ` [PATCH 1/8] StandaloneMmPkg/StandaloneMmCpu: fix typo Standlone -> Standalone Ard Biesheuvel
2019-01-04 17:48   ` Supreeth Venkatesh
2019-01-04 11:03 ` [PATCH 2/8] StandaloneMmPkg/StandaloneMmCoreEntryPoint: add missing SerialPortLib ref Ard Biesheuvel
2019-01-04 17:49   ` Supreeth Venkatesh
2019-01-04 11:03 ` [PATCH 3/8] StandaloneMmPkg/StandaloneMmCoreEntryPoint: use %a modifier for ASCII strings Ard Biesheuvel
2019-01-04 17:51   ` Supreeth Venkatesh
2019-01-04 11:03 ` [PATCH 4/8] StandaloneMmPkg/StandaloneMmCoreEntryPoint: remove bogus ASSERT_EFI_ERROR()s Ard Biesheuvel
2019-01-04 17:52   ` Supreeth Venkatesh
2019-01-04 11:03 ` [PATCH 5/8] StandaloneMmPkg/StandaloneMmPeCoffExtraActionLib: ignore runtime attribute Ard Biesheuvel
2019-01-04 11:03 ` [PATCH 6/8] StandaloneMmPkg/Core/Dispatcher: don't copy dispatched image twice Ard Biesheuvel
2019-01-04 11:03 ` Ard Biesheuvel [this message]
2019-01-04 11:03 ` [PATCH 8/8] StandaloneMmPkg/Core: permit encapsulated firmware volumes Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190104110315.18339-8-ard.biesheuvel@linaro.org \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox