From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=40.107.7.57; helo=eur04-he1-obe.outbound.protection.outlook.com; envelope-from=achin.gupta@arm.com; receiver=edk2-devel@lists.01.org Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70057.outbound.protection.outlook.com [40.107.7.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6782D211ACEDD for ; Mon, 7 Jan 2019 10:50:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cW67num9SQEIe3LIoP1DmGM5vgH2J+umKbRfrQkG1Bw=; b=AUyGAzWln9T0xI2gu0T1n+bjgLsdp37uux4eh6PqUaogMHOF5CbzkK4ciCYO5zA00ZBlVT3iYniLZDtfMXJyibTSYaPSCMupq8T4KdStmpsIVSi5MlQZq3bMy59U14u45DG1T5kM6E3C7btrerYS+UN4fQt6IekmsKcZz7E5Z+o= Received: from AM0PR08MB2980.eurprd08.prod.outlook.com (52.134.92.153) by AM0PR08MB3410.eurprd08.prod.outlook.com (20.177.109.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1495.6; Mon, 7 Jan 2019 18:50:08 +0000 Received: from AM0PR08MB2980.eurprd08.prod.outlook.com ([fe80::e1e6:4e33:e916:e4f4]) by AM0PR08MB2980.eurprd08.prod.outlook.com ([fe80::e1e6:4e33:e916:e4f4%3]) with mapi id 15.20.1495.011; Mon, 7 Jan 2019 18:50:08 +0000 From: Achin Gupta To: Ard Biesheuvel CC: Laszlo Ersek , Jagadeesh Ujja , "Gao, Liming" , "Kinney, Michael D" , "edk2-devel@lists.01.org" , "Zhang, Chao B" , Leif Lindholm , Supreeth Venkatesh , Jian J Wang , nd Thread-Topic: [PATCH v2 04/11] MdePkg/Include: Add StandaloneMmServicesTableLib library Thread-Index: AQHUop0PpHFsTLXAiEyGWsiTID6ivaWdYpkAgABW/YCAAUpzAIAE8eWAgAAjCACAABVzAA== Date: Mon, 7 Jan 2019 18:50:08 +0000 Message-ID: <20190107185012.GF14419@e104320-lin> References: <1546434828-24405-1-git-send-email-jagadeesh.ujja@arm.com> <1546434828-24405-5-git-send-email-jagadeesh.ujja@arm.com> <8a6e1c80-5b6e-e337-06af-5992bc38a844@redhat.com> In-Reply-To: Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Mutt/1.5.21 (2010-09-15) x-originating-ip: [217.140.106.50] x-clientproxiedby: CWLP265CA0114.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:51::30) To AM0PR08MB2980.eurprd08.prod.outlook.com (2603:10a6:208:5b::25) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Achin.Gupta@arm.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM0PR08MB3410; 6:vt76xv8Pk9ZNdDVdQ4UIrDnERMuYt8eCY1mkG8NiOGeD2XWtR8FWkdeaVVRPU2EvgzwFn+fZIEBbvlJ8EML5clU5jmjplNYmHr9sTrx4XLAWrKmAmGy8EMu0YLM43s2AcqXw/lVnTWKGKG7+RQuurPhBYljQlQJwEG2kBs2W0W5OYqxl1P+gWZi8fNGJa14OBSdSgL8MzvyoUzcyr4jYjt7DdeGF/cap1y3427Miair8uhhV9d8rF3URoDpLrY3JaY+czQSEXJRWjViEc27MHMmiO5uygG6AmqIG91MfVgajPY9qfxUMrzggYAoKXUU8krpbhieCDieJNelGCNzwCJbzi6k6JUWB+y1b0S13sm6hCybGfn2XZOq6Y7moONC5qLUNIUODCBN5jabGUDT+H4MbtCsgp2KXLH7DrnLjE4Nt83gtiHw07JfsW0vCtaC5weXCHMobZ9EMoB4QDRIToA==; 5:YZbZyDmc8LiNey/0W570R0dV3TxB+/wn4PKkMV7GwOeiXdass0b4nE3FH9lEf6X+b5SL3ezWq4aMfrycE5dKGzrs8qZo+q6NQPIr/7mF87ZvmGMjeCGfIm3eWHr/rz4HtIBszOS3VS7zQgdPJzD+AeFitMSLV9n1b2DQMknhguKMfkD8EZCc0khJ52UXYrTRJ6Lv/7XAiipE0ky+u2dU/g==; 7:9/6AGFb0AJ+VTX8cOSHb/pcTataBPK3NyQbcaBhwIh9Kmgcw6+S0sMUoBzQH1z0sy6SzJFsMTk27lMMKTD+QRdaKu6TNt7ePFnp8kWESb0dAia8jjUnzD77eA2czYnhwpUCb4/eE3IblD1o5jzdWHg== x-ms-office365-filtering-correlation-id: d56bb732-a496-418c-d382-08d674d0f1f6 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:AM0PR08MB3410; x-ms-traffictypediagnostic: AM0PR08MB3410: nodisclaimer: True x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(6040522)(8220060)(2401047)(8121501046)(10201501046)(3002001)(3231475)(944501520)(52105112)(93006095)(93001095)(6055026)(6041310)(20161123564045)(20161123560045)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:AM0PR08MB3410; BCL:0; PCL:0; RULEID:; SRVR:AM0PR08MB3410; x-forefront-prvs: 0910AAF391 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6029001)(7916004)(366004)(346002)(39860400002)(376002)(136003)(396003)(52314003)(189003)(199004)(478600001)(102836004)(575784001)(66066001)(6246003)(316002)(229853002)(93886005)(105586002)(86362001)(58126008)(4326008)(6306002)(33656002)(72206003)(386003)(76176011)(33896004)(6506007)(9686003)(6512007)(106356001)(52116002)(53936002)(54906003)(25786009)(7736002)(14454004)(6486002)(305945005)(6436002)(11346002)(446003)(2906002)(6116002)(3846002)(68736007)(33716001)(1076003)(53546011)(6916009)(81156014)(81166006)(71190400001)(71200400001)(256004)(14444005)(8936002)(26005)(476003)(5660300001)(44832011)(99286004)(486006)(8676002)(16799955002)(97736004)(186003)(18370500001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB3410; H:AM0PR08MB2980.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ax6um1RQFqFGiX+A8tic4dkFxo8q0x+swL4C2PRrxgGsdlCqcBhHiM6T9IvxpF9g/HmnvgvpAnuzcLgitLshW+7u+kVOHYBmjGiGe6FZfSgSEZO2GvtAX75525yw977IM6DJpI3KFERfOQ3xYd2BU8ralROCvw7ry2w8wHR60184TwYgETcbwEJzKZsHvaVvy8k5vOWDKARfNOOcKqYqm5tcJnxlUDnLacdkisq/hifhJ6ArBybD9nW7mlQDhziCW3e2WXbrm45S6iTQAoSDUqmsro3pR8DArGvQcvs2Fj+zpm1gqK3SuxCqQtCScIQf spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: d56bb732-a496-418c-d382-08d674d0f1f6 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jan 2019 18:50:07.8508 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3410 Subject: Re: [PATCH v2 04/11] MdePkg/Include: Add StandaloneMmServicesTableLib library X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 X-List-Received-Date: Mon, 07 Jan 2019 18:50:13 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-ID: <85F11964F187424A9D1DFDEBC5489AE2@eurprd08.prod.outlook.com> Content-Transfer-Encoding: quoted-printable On Mon, Jan 07, 2019 at 06:33:26PM +0100, Ard Biesheuvel wrote: > On Mon, 7 Jan 2019 at 16:28, Laszlo Ersek wrote: > > > > On 01/04/19 12:57, Ard Biesheuvel wrote: > > > On Thu, 3 Jan 2019 at 17:14, Laszlo Ersek wrote: > > >> > > >> On 01/03/19 12:03, Ard Biesheuvel wrote: > > >>> On Wed, 2 Jan 2019 at 14:14, Jagadeesh Ujja wrote: > > >>>> > > >>>> Some of the existing DXE drivers can be refactored to execute with= in > > >>>> the Standalone MM execution environment as well. Allow such driver= s to > > >>>> get access to the Standalone MM services tables. > > >>>> > > >>>> Add a mechanism to determine the execution mode is required. > > >>>> i.e, in MM or non-MM > > >>>> > > >>>> Contributed-under: TianoCore Contribution Agreement 1.1 > > >>>> Signed-off-by: Jagadeesh Ujja > > >>>> --- > > >>>> MdePkg/Include/Library/StandaloneMmServicesTableLib.h = | 43 ++++++++++++++++++++ > > >>>> MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesT= ableLib.c | 39 ++++++++++++++++++ > > >>>> MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesT= ableLib.inf | 36 ++++++++++++++++ > > >>>> MdePkg/MdePkg.dec = | 4 ++ > > >>>> 4 files changed, 122 insertions(+) > > >>>> > > >>> > > >>> OK, so since the PI spec only refers to MM mode now, this library > > >>> class should be > > >>> > > >>> MmServicesTableLib|Include/Library/MmServicesTableLib.h > > >>> > > >>> with an implementation in MdeModulePkg that exposes the deprecated = SMM > > >>> system table as the MM system table. > > >>> > > >>> In StandaloneMmPkg, we can add an implementation that exposes the > > >>> standalone MM system table. > > >>> > > >>> (They are binary compatible, so it is just a matter of casting one > > >>> pointer to the other) > > >>> > > >>> With this in place, we can go ahead and update FaultTolerantWrite a= nd > > >>> Variable SMM driver to switch from SmmServicesTableLib to > > >>> MmServicesTableLib. This will require existing x86 platforms to def= ine > > >>> a new library class resolution for MmServicesTableLib, referring to > > >>> the implementation in MdeModulePkg. This is unfortunate, but it is = an > > >>> unavoidable consequence of the PI spec changes. > > >> > > >> It shouldn't be too intrusive or hard to review, I expect. > > >> > > >>> > > >>> Remaining question is what to do with InSmm() ... > > >> > > >> I'm lacking the context on this; on the other hand, I can refer back= to > > >> at least one earlier discussion -- there had been multiple -- of the > > >> discrepancy between the PI spec and the edk2 code. See: > > >> > > >> - bullet (9) in > > >> , > > >> - and > > >> . > > >> > > >> Not sure how that can be applied to Arm. > > >> > > > > > > The code I posted yesterday does not use InMm() at all. For standalon= e > > > MM, it should always return TRUE anyway, and any code that a driver > > > would execute if it returned FALSE needs to be factored out anyway, > > > since it should not end up in standalone MM binaries as dead code. > > > > > > > OK. That seems to make sense. I've read up a bit on "standalone MM" in > > the PI v1.6 spec, vol 4. Having no access to UEFI protocols even in the > > entry point function, at driver init time, seems challenging to me. I > > guess I'll learn more about this as a part of the usual list traffic. > > > > What is the MODULE_TYPE that standalone MM drivers use, in place of > > DXE_SMM_DRIVER (=3D EFI_FV_FILETYPE_MM, 0x0A)? > > > > Hm... from the other patches, it seems to be MM_STANDALONE (=3D > > EFI_FV_FILETYPE_MM_STANDALONE, 0x0E). OK. > > > > If I'd like to see a short summary of standalone MM, relative to > > traditional MM, and why it is more suitable -- I presume -- for aarch64= , > > which document should I look at, from > > , for example? > > >=20 > Perhaps Achin can answer this, since he has been driving the spec side > of this? (and maintains StandaloneMmPkg) The idea behind MM Standalone mode was to sandbox MM code in self sufficien= t execution context. This was a step to avoid some of the vulnerabilities in traditional SMM due to code and data sharing with DXE.=20 On AArch64, the MM standalone mode is initialised during the SEC phase. Thi= s corresponds to Trustzone initialisation. Furthermore, the MM standalone execution context is placed in user mode (Secure EL0) instead of running it= in a privileged processor mode (S-EL1 or EL3 on AArch64, Ring -2 or SMM on x86).= This restricts what the MM standalone context can see and do. Lastly, after SEC = no more MM Standalone drivers can be initialized during PEI or DXE (in contras= t to the example in PI 1.6 Section 1.5.2).=20 Hope that makes sense? I have not seen all the patches in this and related series but the use of I= nMM() to allow code to have a DXE driver or a MM Standalone driver personality se= ems to defeat the entire purpose of Standalone MM. My concern is that any code = that is relevant only to DXE or PEI must not be a part of the MM Standalone context. This could be achieved through proper refactoring + conditional compilation. If the decision is taken at runtime then this is just traditio= nal MM. Please let me know if I am missing something. cheers, Achin