From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: ray.ni@intel.com) Received: from mga14.intel.com (mga14.intel.com []) by groups.io with SMTP; Sun, 25 Aug 2019 15:46:19 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Aug 2019 15:46:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,431,1559545200"; d="scan'208";a="331277782" Received: from ray-dev.ccr.corp.intel.com ([10.239.9.9]) by orsmga004.jf.intel.com with ESMTP; 25 Aug 2019 15:46:08 -0700 From: "Ni, Ray" To: devel@edk2.groups.io Cc: Eric Dong , Jiewen Yao , Laszlo Ersek Subject: [PATCH 4/5] UefiCpuPkg: Explain relationship between several SMM PCDs Date: Mon, 26 Aug 2019 06:45:12 +0800 Message-Id: <20190825224513.171572-5-ray.ni@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20190825224513.171572-1-ray.ni@intel.com> References: <20190825224513.171572-1-ray.ni@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit There are three PCDs that may impact the behavior of each other in SMM environment: PcdCpuSmmProfileEnable PcdHeapGuardPropertyMask in MdeModulePkg PcdCpuSmmRestrictedMemoryAccess The patch updates the comments in DEC file to document it. Signed-off-by: Ray Ni Cc: Eric Dong Cc: Jiewen Yao Cc: Laszlo Ersek --- UefiCpuPkg/UefiCpuPkg.dec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 83acd33612..9a03bdd716 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -81,7 +81,8 @@ [Ppis] [PcdsFeatureFlag] ## Indicates if SMM Profile will be enabled. # If enabled, instruction executions in and data accesses to memory outside of SMRAM will be logged. - # It could not be enabled at the same time with SMM static page table feature (PcdCpuSmmStaticPageTable). + # In X64 build, it could not be enabled when PcdCpuSmmRestrictedMemoryAccess is TRUE. + # In IA32 build, the page table memory is not marked as read-only when it is enabled. # This PCD is only for validation purpose. It should be set to false in production.

# TRUE - SMM Profile will be enabled.
# FALSE - SMM Profile will be disabled.
@@ -285,6 +286,11 @@ [PcdsFixedAtBuild.X64, PcdsPatchableInModule.X64, PcdsDynamic.X64, PcdsDynamicEx # The PCD value is considered as constantly TRUE in IA32 platforms. # When the PCD value is TRUE, page table is initialized to cover all memory spaces # and the memory occupied by page table is protected by page table itself as read-only. + # In X64 build, it cannot be enabled at the same time with SMM profile feature (PcdCpuSmmProfileEnable). + # In X64 build, it could not be enabled also at the same time with heap guard feature for SMM + # (PcdHeapGuardPropertyMask in MdeModulePkg). + # In IA32 build, page table memory is not marked as read-only when either SMM profile feature (PcdCpuSmmProfileEnable) + # or heap guard feature for SMM (PcdHeapGuardPropertyMask in MdeModulePkg) is enabled. # TRUE - Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.
# FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is allowed.
# @Prompt Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock. -- 2.21.0.windows.1