From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::441; helo=mail-wr1-x441.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 61EC4211D5061 for ; Tue, 5 Mar 2019 05:33:05 -0800 (PST) Received: by mail-wr1-x441.google.com with SMTP id r5so9471943wrg.9 for ; Tue, 05 Mar 2019 05:33:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rky618Avva4UqzStzvPcrQ3U6Des/fM8Ep0IpBc6i0M=; b=e/yLKxmz5ed1SDWrhWOg0Ho/KUVLPq57ODT+5lyK7VW7xqBG4A0HHChQBzCTXH7xRh dg0aO+qyha4+qpUPf45PUUfijTsrZ5YRECPkh+9OGn6ECk3IiaUuBWWdPAsvVrr2DQeg VVrBILzH3nS7RxR6RaS7nV0+KFiA8Lb+hW4Ekzxe54cbAo1nGV0H5xNR/N8R7+frxUts +cpNEtAL2jwo/1pfzin6UxiD4otZautSmNQaQTxDsM4p2C/yUr9yGNPgcmOi0H9guS2d DRZKMSY+iYctzwiVkthdVotY/zuWaN+hWoLiA3eDZ7ysLaw6y20FeiH6wa/OOHdYsDyp 526w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rky618Avva4UqzStzvPcrQ3U6Des/fM8Ep0IpBc6i0M=; b=bcZ8Dnwuo9z13Ji3jKJwUHjrCOlV2E7SNEG38YUA6TNRAssbp5pm7XYgHMcgXRyQHn WsmctlzvNgJ5pC4pC0iilr3FZk4srNzRMRipgoZ4CQbXYl2pUlqwBzpDA1ykOIf/PoKW Y6ZmG3+4bi3CfMmxhfWNHYWxODuVq3XoSLDleNP6gOj/ftam6eutULnKNBp98Ry2GyD3 ikgbb940AKUD7YhuOmMqzoyCq75+AJn8EqbUcMcfvmUDg145O5inA+z+9bTQIckuxscb UcC2DLiT9SEkm7rbN18AgJlfH/ct6LfZROBdNJBlH/RYyEwoQMvJiD2tT6KnpT8x4/PX C8Ew== X-Gm-Message-State: APjAAAUhuyJPJiLdXug79xjXgPCbTZDJnRScvbxffkhtJyVNLXIJWPJ8 Sb4g76ixY8LxYKXZ5aZ58WBSsCkEoBQ= X-Google-Smtp-Source: APXvYqyvpV4yE0zJbabpKbO4q4uQISNPE281BF4HpRZHG9FzJmMt2Q0eQn0dJDxsok9+lHnsFFcYEQ== X-Received: by 2002:adf:e48a:: with SMTP id i10mr17300232wrm.257.1551792783667; Tue, 05 Mar 2019 05:33:03 -0800 (PST) Received: from localhost.localdomain (aputeaux-684-1-18-114.w90-86.abo.wanadoo.fr. [90.86.221.114]) by smtp.gmail.com with ESMTPSA id i4sm8370097wrw.19.2019.03.05.05.33.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Mar 2019 05:33:02 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Cc: Ard Biesheuvel , Achin Gupta , Supreeth Venkatesh , Jiewen Yao , Leif Lindholm , Jagadeesh Ujja Date: Tue, 5 Mar 2019 14:32:44 +0100 Message-Id: <20190305133248.4828-7-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190305133248.4828-1-ard.biesheuvel@linaro.org> References: <20190305133248.4828-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Subject: [PATCH 06/10] StandaloneMmPkg/Core: permit encapsulated firmware volumes X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Mar 2019 13:33:05 -0000 Content-Transfer-Encoding: 8bit Standalone MM requires 4 KB section alignment for all images, so that strict permissions can be applied. Unfortunately, this results in a lot of wasted space, which is usually costly in the secure world environment that standalone MM is expected to operate in. So let's permit the standalone MM drivers (but not the core) to be delivered in a compressed firmware volume. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- StandaloneMmPkg/Core/StandaloneMmCore.inf | 1 + StandaloneMmPkg/Core/FwVol.c | 99 ++++++++++++++++++-- 2 files changed, 91 insertions(+), 9 deletions(-) diff --git a/StandaloneMmPkg/Core/StandaloneMmCore.inf b/StandaloneMmPkg/Core/StandaloneMmCore.inf index ff2b8b9cef03..83d31e2d92c5 100644 --- a/StandaloneMmPkg/Core/StandaloneMmCore.inf +++ b/StandaloneMmPkg/Core/StandaloneMmCore.inf @@ -49,6 +49,7 @@ [LibraryClasses] BaseMemoryLib CacheMaintenanceLib DebugLib + ExtractGuidedSectionLib FvLib HobLib MemoryAllocationLib diff --git a/StandaloneMmPkg/Core/FwVol.c b/StandaloneMmPkg/Core/FwVol.c index 5abf98c24797..d95491f252f9 100644 --- a/StandaloneMmPkg/Core/FwVol.c +++ b/StandaloneMmPkg/Core/FwVol.c @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "StandaloneMmCore.h" #include +#include // // List of file types supported by dispatcher @@ -65,15 +66,25 @@ Returns: --*/ { - EFI_STATUS Status; - EFI_STATUS DepexStatus; - EFI_FFS_FILE_HEADER *FileHeader; - EFI_FV_FILETYPE FileType; - VOID *Pe32Data; - UINTN Pe32DataSize; - VOID *Depex; - UINTN DepexSize; - UINTN Index; + EFI_STATUS Status; + EFI_STATUS DepexStatus; + EFI_FFS_FILE_HEADER *FileHeader; + EFI_FV_FILETYPE FileType; + VOID *Pe32Data; + UINTN Pe32DataSize; + VOID *Depex; + UINTN DepexSize; + UINTN Index; + EFI_COMMON_SECTION_HEADER *Section; + VOID *SectionData; + UINTN SectionDataSize; + UINT32 DstBufferSize; + VOID *ScratchBuffer; + UINT32 ScratchBufferSize; + VOID *DstBuffer; + UINT16 SectionAttribute; + UINT32 AuthenticationStatus; + EFI_FIRMWARE_VOLUME_HEADER *InnerFvHeader; DEBUG ((DEBUG_INFO, "MmCoreFfsFindMmDriver - 0x%x\n", FwVolHeader)); @@ -83,6 +94,71 @@ Returns: FvIsBeingProcesssed (FwVolHeader); + // + // First check for encapsulated compressed firmware volumes + // + FileHeader = NULL; + do { + Status = FfsFindNextFile (EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE, + FwVolHeader, &FileHeader); + if (EFI_ERROR (Status)) { + break; + } + Status = FfsFindSectionData (EFI_SECTION_GUID_DEFINED, FileHeader, + &SectionData, &SectionDataSize); + if (EFI_ERROR (Status)) { + break; + } + Section = (EFI_COMMON_SECTION_HEADER *)(FileHeader + 1); + Status = ExtractGuidedSectionGetInfo (Section, &DstBufferSize, + &ScratchBufferSize, &SectionAttribute); + if (EFI_ERROR (Status)) { + break; + } + + // + // Allocate scratch buffer + // + ScratchBuffer = (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (ScratchBufferSize)); + if (ScratchBuffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Allocate destination buffer, extra one page for adjustment + // + DstBuffer = (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (DstBufferSize)); + if (DstBuffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Call decompress function + // + Status = ExtractGuidedSectionDecode (Section, &DstBuffer, ScratchBuffer, + &AuthenticationStatus); + FreePages (ScratchBuffer, EFI_SIZE_TO_PAGES (ScratchBufferSize)); + if (EFI_ERROR (Status)) { + goto FreeDstBuffer; + } + + DEBUG ((DEBUG_INFO, + "Processing compressed firmware volume (AuthenticationStatus == %x)\n", + AuthenticationStatus)); + + Status = FindFfsSectionInSections (DstBuffer, DstBufferSize, + EFI_SECTION_FIRMWARE_VOLUME_IMAGE, &Section); + if (EFI_ERROR (Status)) { + goto FreeDstBuffer; + } + + InnerFvHeader = (VOID *)(Section + 1); + Status = MmCoreFfsFindMmDriver (InnerFvHeader); + if (EFI_ERROR (Status)) { + goto FreeDstBuffer; + } + } while (TRUE); + for (Index = 0; Index < sizeof (mMmFileTypes) / sizeof (mMmFileTypes[0]); Index++) { DEBUG ((DEBUG_INFO, "Check MmFileTypes - 0x%x\n", mMmFileTypes[Index])); FileType = mMmFileTypes[Index]; @@ -100,5 +176,10 @@ Returns: } while (!EFI_ERROR (Status)); } + return EFI_SUCCESS; + +FreeDstBuffer: + FreePages (DstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize)); + return Status; } -- 2.20.1