From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::544; helo=mail-ed1-x544.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-ed1-x544.google.com (mail-ed1-x544.google.com [IPv6:2a00:1450:4864:20::544]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 24DE8211AE8BA for ; Fri, 4 Jan 2019 03:03:35 -0800 (PST) Received: by mail-ed1-x544.google.com with SMTP id a20so24672291edc.8 for ; Fri, 04 Jan 2019 03:03:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Hli/q0XoE/UtzHjDRSUIMt2BcGy9QJBwUJV8lE4bcak=; b=TSAXFnk7eF4QjKPhYPI9fwrVH+A2F8w2sTQsfXCE2/YawoQlpgdo27BkXwxmK/dZDP CbbxyHdJOhchNY1U403fvFTm+lNLp/NvXcsQML2jVOyOAqN7QRZ+k60DwQcSpaOLaEHP 768OMqbKNHPlg44knqszJvLybvdNRwd7cMGcQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Hli/q0XoE/UtzHjDRSUIMt2BcGy9QJBwUJV8lE4bcak=; b=WQ9RHky+7gV8UByispJCfT4DQaE5CCHj25+8tsEhRyOsucQA9BlAI+LI/pNrYYCMIO 38UuETgNtlBUdA+qzvk637AqY8GLDZv9jXofTtlo1lk0EL6LZDS+td1CbXMoKC7GhBVu RhBKZTNEpZTumT0gX7qKziqVkB5FCU+y/2A17hNgMpoc3iUb7DUcg16fsfF/9vFP7FvP 6kU8MtzRsSo64+dIiLpQUPabpV1te34RCMZgeewCJOdcvwsbhNdhPEDnshipH0SJocuz 1aeb+MTwoQNFVfoa9aHWGbMmGwnDUSWyRiWddvwOxDou3GbR+10NqHA2L/2vcDvfPNK6 dm0w== X-Gm-Message-State: AA+aEWYFdY0Htc2oczApL68Z2KWBoX08RropPbusvxJFF9uWlw8lDOHr L/RaXPvGnVRPSELM5OdupGyPoQZAILqC4Q== X-Google-Smtp-Source: AFSGD/WB7D4C+5KcigaU07Id+px8Nz6OuOZMJrhenKipAXSFQCxGi2rO9Ubh6LZcB1G3z3OKpE/4ZQ== X-Received: by 2002:a17:906:1c5b:: with SMTP id l27-v6mr38823170ejg.118.1546599813415; Fri, 04 Jan 2019 03:03:33 -0800 (PST) Received: from dogfood.home ([2a01:cb1d:112:6f00:704e:c241:dc88:597d]) by smtp.gmail.com with ESMTPSA id n11sm26650578edn.14.2019.01.04.03.03.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Jan 2019 03:03:32 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Cc: Ard Biesheuvel , Achin Gupta , Jiewen Yao , Supreeth Venkatesh , Leif Lindholm , Jagadeesh Ujja , Thomas Panakamattam Abraham , Sami Mujawar Date: Fri, 4 Jan 2019 12:03:14 +0100 Message-Id: <20190104110315.18339-8-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190104110315.18339-1-ard.biesheuvel@linaro.org> References: <20190104110315.18339-1-ard.biesheuvel@linaro.org> Subject: [PATCH 7/8] StandaloneMmPkg/StandaloneMmCoreEntryPoint: permit the use of TE images X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jan 2019 11:03:35 -0000 TE images take up less space when using 4 KB section alignment, since the FFS/FV generation code optimizes away the redundant, nested padding. This saves 4 KB of space, which is a worthwhile improvement for code that executes in place in secure context. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c | 107 +++++++++----------- 1 file changed, 46 insertions(+), 61 deletions(-) diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c index 3ca7f6660f47..90299ebbafb6 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c @@ -143,9 +143,12 @@ LocateStandaloneMmCorePeCoffData ( Status = FfsFindSectionData (EFI_SECTION_PE32, FileHeader, TeData, TeDataSize); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - 0x%x\n", - Status)); - return Status; + Status = FfsFindSectionData (EFI_SECTION_TE, FileHeader, TeData, TeDataSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - %r\n", + Status)); + return Status; + } } DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", *TeData)); @@ -155,10 +158,9 @@ LocateStandaloneMmCorePeCoffData ( STATIC EFI_STATUS GetPeCoffSectionInformation ( - IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, - IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *TmpContext, - IN OUT UINT32 *SectionHeaderOffset, - IN OUT UINT16 *NumberOfSections + IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, + OUT UINT32 *SectionHeaderOffset, + OUT UINT16 *NumberOfSections ) { RETURN_STATUS Status; @@ -168,44 +170,29 @@ GetPeCoffSectionInformation ( UINTN ReadSize; ASSERT (ImageContext != NULL); - ASSERT (TmpContext != NULL); ASSERT (SectionHeaderOffset != NULL); ASSERT (NumberOfSections != NULL); - // - // We need to copy ImageContext since PeCoffLoaderGetImageInfo () - // will mangle the ImageAddress field - // - CopyMem (TmpContext, ImageContext, sizeof (*TmpContext)); - - if (TmpContext->PeCoffHeaderOffset == 0) { - Status = PeCoffLoaderGetImageInfo (TmpContext); - if (RETURN_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, - "%a: PeCoffLoaderGetImageInfo () failed (Status = %r)\n", - __FUNCTION__, Status)); - return Status; - } - } - - if (TmpContext->IsTeImage && - TmpContext->ImageAddress == ImageContext->ImageAddress) { - DEBUG ((DEBUG_INFO, "%a: ignoring XIP TE image at 0x%lx\n", __FUNCTION__, - ImageContext->ImageAddress)); - return RETURN_UNSUPPORTED; + Status = PeCoffLoaderGetImageInfo (ImageContext); + if (RETURN_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, + "%a: PeCoffLoaderGetImageInfo () failed (Status == %r)\n", + __FUNCTION__, Status)); + return Status; } - if (TmpContext->SectionAlignment < EFI_PAGE_SIZE) { + if (ImageContext->SectionAlignment < EFI_PAGE_SIZE) { // // The sections need to be at least 4 KB aligned, since that is the // granularity at which we can tighten permissions. // - if (!TmpContext->IsTeImage) { + if (!ImageContext->IsTeImage) { DEBUG ((DEBUG_WARN, "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n", - __FUNCTION__, ImageContext->ImageAddress, TmpContext->SectionAlignment)); + __FUNCTION__, ImageContext->ImageAddress, ImageContext->SectionAlignment)); + return RETURN_UNSUPPORTED; } - return RETURN_UNSUPPORTED; + ImageContext->SectionAlignment = EFI_PAGE_SIZE; } // @@ -217,9 +204,9 @@ GetPeCoffSectionInformation ( Hdr.Union = &HdrData; Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION); ReadSize = Size; - Status = TmpContext->ImageRead ( - TmpContext->Handle, - TmpContext->PeCoffHeaderOffset, + Status = ImageContext->ImageRead ( + ImageContext->Handle, + ImageContext->PeCoffHeaderOffset, &Size, Hdr.Pe32 ); @@ -231,23 +218,28 @@ GetPeCoffSectionInformation ( return Status; } - ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE); - - *SectionHeaderOffset = TmpContext->PeCoffHeaderOffset + sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER); - *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections; - - switch (Hdr.Pe32->OptionalHeader.Magic) { - case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: - *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader; - break; - case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: - *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader; - break; - default: - ASSERT (FALSE); + if (!ImageContext->IsTeImage) { + ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE); + + *SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER); + *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections; + + switch (Hdr.Pe32->OptionalHeader.Magic) { + case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: + *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader; + break; + case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: + *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader; + break; + default: + ASSERT (FALSE); + } + } else { + *SectionHeaderOffset = (UINTN)(sizeof (EFI_TE_IMAGE_HEADER)); + *NumberOfSections = Hdr.Te->NumberOfSections; + ImageContext->ImageAddress -= (UINT32)Hdr.Te->StrippedSize - sizeof (EFI_TE_IMAGE_HEADER); } - return RETURN_SUCCESS; } @@ -261,7 +253,6 @@ GetStandaloneMmCorePeCoffSections ( ) { EFI_STATUS Status; - PE_COFF_LOADER_IMAGE_CONTEXT TmpContext; // Initialize the Image Context ZeroMem (ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT)); @@ -270,15 +261,9 @@ GetStandaloneMmCorePeCoffSections ( DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData)); - Status = PeCoffLoaderGetImageInfo (ImageContext); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Image information - 0x%x\n", Status)); - return Status; - } - - Status = GetPeCoffSectionInformation (ImageContext, &TmpContext, SectionHeaderOffset, NumberOfSections); + Status = GetPeCoffSectionInformation (ImageContext, SectionHeaderOffset, NumberOfSections); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - 0x%x\n", Status)); + DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - %r\n", Status)); return Status; } -- 2.17.1