From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.115, mailfrom: ray.ni@intel.com) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by groups.io with SMTP; Sun, 25 Aug 2019 15:46:20 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Aug 2019 15:46:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,431,1559545200"; d="scan'208";a="331277761" Received: from ray-dev.ccr.corp.intel.com ([10.239.9.9]) by orsmga004.jf.intel.com with ESMTP; 25 Aug 2019 15:46:04 -0700 From: "Ni, Ray" To: devel@edk2.groups.io Cc: Eric Dong , Jiewen Yao , Laszlo Ersek Subject: [PATCH 1/5] UefiCpuPkg: Add PcdCpuSmmRestrictedMemoryAccess Date: Mon, 26 Aug 2019 06:45:09 +0800 Message-Id: <20190825224513.171572-2-ray.ni@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20190825224513.171572-1-ray.ni@intel.com> References: <20190825224513.171572-1-ray.ni@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The patch adds a new X64 only PCD PcdCpuSmmRestrictedMemoryAccess. The PCD indicates access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock. MMIO access is always allowed regardless of the value of this PCD. Loose of such restriction is only required by RAS components in X64 platforms. The PCD value is considered as constantly TRUE in IA32 platforms. When the PCD value is TRUE, page table is initialized to cover all memory spaces and the memory occupied by page table is protected by page table itself as read-only. Signed-off-by: Ray Ni Cc: Eric Dong Cc: Jiewen Yao Cc: Laszlo Ersek --- UefiCpuPkg/UefiCpuPkg.dec | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 86ad61f64b..83acd33612 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -278,6 +278,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] # @Prompt Current boot is a power-on reset. gUefiCpuPkgTokenSpaceGuid.PcdIsPowerOnReset|FALSE|BOOLEAN|0x0000001B +[PcdsFixedAtBuild.X64, PcdsPatchableInModule.X64, PcdsDynamic.X64, PcdsDynamicEx.X64] + ## Indicate access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock. + # MMIO access is always allowed regardless of the value of this PCD. + # Loose of such restriction is only required by RAS components in X64 platforms. + # The PCD value is considered as constantly TRUE in IA32 platforms. + # When the PCD value is TRUE, page table is initialized to cover all memory spaces + # and the memory occupied by page table is protected by page table itself as read-only. + # TRUE - Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.
+ # FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is allowed.
+ # @Prompt Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock. + gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmRestrictedMemoryAccess|TRUE|BOOLEAN|0x3213210F + [PcdsDynamic, PcdsDynamicEx] ## Contains the pointer to a CPU S3 data buffer of structure ACPI_CPU_DATA. # @Prompt The pointer to a CPU S3 data buffer. -- 2.21.0.windows.1