From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::330; helo=mail-wm1-x330.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 19AD3211A759E for ; Wed, 16 Jan 2019 12:23:00 -0800 (PST) Received: by mail-wm1-x330.google.com with SMTP id y139so3415642wmc.5 for ; Wed, 16 Jan 2019 12:22:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Hli/q0XoE/UtzHjDRSUIMt2BcGy9QJBwUJV8lE4bcak=; b=YMA2Ugs+gZj52zF4jFGrKHBaUMNa+ZpTYxXtc97SkY9HFHIX4mRto2Uv+ZHu+HQMhi psJPkO4gwXdgM5aZiMfnNactIRFnCPeDEcJ5k70htwgpJ9LiUH+kDz0+BpMzikiEMhhR eEzl+TfbAFY8LTDcEX2jgtMb/UJXw3PxxuDz0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Hli/q0XoE/UtzHjDRSUIMt2BcGy9QJBwUJV8lE4bcak=; b=dwFXQrfiX9vhBTfKK6hYHutcpnoJxHTttnmYa/437JAT3nH8o7rBNWic2NPcbzZcMI 8WLsr4XLVGDBjwvxzbMG8Y9J6BPBhOVxPMSVgxp3mq9KWj50ZuINgPmfRpLzZAeva+R6 BYBzx1iDcYZ7ziOOsIn4vzuai4lB25oTEKTx0QvCFmSIHcmkmQNYQ+HaUjg4fVlCvPOp PBlJcMeKauDK8EZwOZwyr4zUMogAMOAEZzKmhUJeWeaGE537sdQcGWkglhZC8KL9Mga0 bOUalWrh/0iqfo9bDj+wPwsZJ6L8tBvnIKQas1ZkVGWCurkU1ssMLPXF5Bn1D7kLIZhi fQow== X-Gm-Message-State: AJcUukdDNTWutShR7qaSBG0iGnRCXUn7WtEH40gQm9rBqyed6XxUsptU mXFS3pHx9FLSfaySRIC/2GlmPzi+oCX90g== X-Google-Smtp-Source: ALg8bN6MiGkAkcE+s3oFd9PSRSYX4Ryn4ZxU5Jt/rwxi8WmByrQVNfa1a08nPPF1so+NZT65/KMi+A== X-Received: by 2002:a7b:c76b:: with SMTP id x11mr8703826wmk.37.1547670176900; Wed, 16 Jan 2019 12:22:56 -0800 (PST) Received: from dogfood.home ([2a01:cb1d:112:6f00:28df:207d:542c:1451]) by smtp.gmail.com with ESMTPSA id p139sm70901316wmd.31.2019.01.16.12.22.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Jan 2019 12:22:56 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Cc: Ard Biesheuvel , Achin Gupta , Jiewen Yao , Supreeth Venkatesh , Leif Lindholm , Jagadeesh Ujja , Thomas Panakamattam Abraham , Sami Mujawar Date: Wed, 16 Jan 2019 21:22:35 +0100 Message-Id: <20190116202236.6977-11-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190116202236.6977-1-ard.biesheuvel@linaro.org> References: <20190116202236.6977-1-ard.biesheuvel@linaro.org> Subject: [PATCH v2 10/11] StandaloneMmPkg/StandaloneMmCoreEntryPoint: permit the use of TE images X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2019 20:23:00 -0000 TE images take up less space when using 4 KB section alignment, since the FFS/FV generation code optimizes away the redundant, nested padding. This saves 4 KB of space, which is a worthwhile improvement for code that executes in place in secure context. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c | 107 +++++++++----------- 1 file changed, 46 insertions(+), 61 deletions(-) diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c index 3ca7f6660f47..90299ebbafb6 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c @@ -143,9 +143,12 @@ LocateStandaloneMmCorePeCoffData ( Status = FfsFindSectionData (EFI_SECTION_PE32, FileHeader, TeData, TeDataSize); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - 0x%x\n", - Status)); - return Status; + Status = FfsFindSectionData (EFI_SECTION_TE, FileHeader, TeData, TeDataSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - %r\n", + Status)); + return Status; + } } DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", *TeData)); @@ -155,10 +158,9 @@ LocateStandaloneMmCorePeCoffData ( STATIC EFI_STATUS GetPeCoffSectionInformation ( - IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, - IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *TmpContext, - IN OUT UINT32 *SectionHeaderOffset, - IN OUT UINT16 *NumberOfSections + IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, + OUT UINT32 *SectionHeaderOffset, + OUT UINT16 *NumberOfSections ) { RETURN_STATUS Status; @@ -168,44 +170,29 @@ GetPeCoffSectionInformation ( UINTN ReadSize; ASSERT (ImageContext != NULL); - ASSERT (TmpContext != NULL); ASSERT (SectionHeaderOffset != NULL); ASSERT (NumberOfSections != NULL); - // - // We need to copy ImageContext since PeCoffLoaderGetImageInfo () - // will mangle the ImageAddress field - // - CopyMem (TmpContext, ImageContext, sizeof (*TmpContext)); - - if (TmpContext->PeCoffHeaderOffset == 0) { - Status = PeCoffLoaderGetImageInfo (TmpContext); - if (RETURN_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, - "%a: PeCoffLoaderGetImageInfo () failed (Status = %r)\n", - __FUNCTION__, Status)); - return Status; - } - } - - if (TmpContext->IsTeImage && - TmpContext->ImageAddress == ImageContext->ImageAddress) { - DEBUG ((DEBUG_INFO, "%a: ignoring XIP TE image at 0x%lx\n", __FUNCTION__, - ImageContext->ImageAddress)); - return RETURN_UNSUPPORTED; + Status = PeCoffLoaderGetImageInfo (ImageContext); + if (RETURN_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, + "%a: PeCoffLoaderGetImageInfo () failed (Status == %r)\n", + __FUNCTION__, Status)); + return Status; } - if (TmpContext->SectionAlignment < EFI_PAGE_SIZE) { + if (ImageContext->SectionAlignment < EFI_PAGE_SIZE) { // // The sections need to be at least 4 KB aligned, since that is the // granularity at which we can tighten permissions. // - if (!TmpContext->IsTeImage) { + if (!ImageContext->IsTeImage) { DEBUG ((DEBUG_WARN, "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n", - __FUNCTION__, ImageContext->ImageAddress, TmpContext->SectionAlignment)); + __FUNCTION__, ImageContext->ImageAddress, ImageContext->SectionAlignment)); + return RETURN_UNSUPPORTED; } - return RETURN_UNSUPPORTED; + ImageContext->SectionAlignment = EFI_PAGE_SIZE; } // @@ -217,9 +204,9 @@ GetPeCoffSectionInformation ( Hdr.Union = &HdrData; Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION); ReadSize = Size; - Status = TmpContext->ImageRead ( - TmpContext->Handle, - TmpContext->PeCoffHeaderOffset, + Status = ImageContext->ImageRead ( + ImageContext->Handle, + ImageContext->PeCoffHeaderOffset, &Size, Hdr.Pe32 ); @@ -231,23 +218,28 @@ GetPeCoffSectionInformation ( return Status; } - ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE); - - *SectionHeaderOffset = TmpContext->PeCoffHeaderOffset + sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER); - *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections; - - switch (Hdr.Pe32->OptionalHeader.Magic) { - case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: - *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader; - break; - case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: - *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader; - break; - default: - ASSERT (FALSE); + if (!ImageContext->IsTeImage) { + ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE); + + *SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER); + *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections; + + switch (Hdr.Pe32->OptionalHeader.Magic) { + case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: + *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader; + break; + case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: + *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader; + break; + default: + ASSERT (FALSE); + } + } else { + *SectionHeaderOffset = (UINTN)(sizeof (EFI_TE_IMAGE_HEADER)); + *NumberOfSections = Hdr.Te->NumberOfSections; + ImageContext->ImageAddress -= (UINT32)Hdr.Te->StrippedSize - sizeof (EFI_TE_IMAGE_HEADER); } - return RETURN_SUCCESS; } @@ -261,7 +253,6 @@ GetStandaloneMmCorePeCoffSections ( ) { EFI_STATUS Status; - PE_COFF_LOADER_IMAGE_CONTEXT TmpContext; // Initialize the Image Context ZeroMem (ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT)); @@ -270,15 +261,9 @@ GetStandaloneMmCorePeCoffSections ( DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData)); - Status = PeCoffLoaderGetImageInfo (ImageContext); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Image information - 0x%x\n", Status)); - return Status; - } - - Status = GetPeCoffSectionInformation (ImageContext, &TmpContext, SectionHeaderOffset, NumberOfSections); + Status = GetPeCoffSectionInformation (ImageContext, SectionHeaderOffset, NumberOfSections); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - 0x%x\n", Status)); + DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - %r\n", Status)); return Status; } -- 2.17.1