From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: michael.a.kubacki@intel.com) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by groups.io with SMTP; Fri, 27 Sep 2019 18:47:28 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2019 18:47:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,557,1559545200"; d="scan'208";a="274005068" Received: from makuback-desk1.amr.corp.intel.com ([10.7.159.162]) by orsmga001.jf.intel.com with ESMTP; 27 Sep 2019 18:47:27 -0700 From: "Kubacki, Michael A" To: devel@edk2.groups.io Cc: Dandan Bi , Ard Biesheuvel , Eric Dong , Laszlo Ersek , Liming Gao , Michael D Kinney , Ray Ni , Jian J Wang , Hao A Wu , Jiewen Yao Subject: [PATCH V2 0/9] UEFI Variable SMI Reduction Date: Fri, 27 Sep 2019 18:47:08 -0700 Message-Id: <20190928014717.31372-1-michael.a.kubacki@intel.com> X-Mailer: git-send-email 2.16.2.windows.1 REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2220 V2 Changes: Patch #1 in V1 both moved functions to VariableParsing.c and modified some functionality in those functions. In V2, the functions are first moved and then functionality is modified in subsequent patches. This resulted in the following new patches in the V2 patch series: 1. MdeModulePkg/Variable: Parameterize GetNextVariableEx() store list 2. MdeModulePkg/Variable: Parameterize VARIABLE_INFO_ENTRY buffer 3. MdeModulePkg/Variable: Add local auth status in VariableParsing 4. MdeModulePkg/Variable: Add a file for NV variable functions Apart from this refactor in the patches, no functionally impacting changes were made. Overview --------- This patch series reduces SMM usage when using VariableSmmRuntimeDxe with VariableSmm. It does so by eliminating SMM usage for runtime service GetVariable () and GetNextVariableName () invocations. Most UEFI variable usage in typical systems after the variable store is initialized (e.g. manufacturing boots) is due to GetVariable ( ) and GetNextVariableName () not SetVariable (). GetVariable () calls can regularly exceed 100 per boot while SetVariable () calls typically remain less than 10 per boot. By focusing on the common case, the majority of overhead associated with SMM can be avoided while still using existing and proven code for operations such as variable authentication that require an isolated execution environment. * Advantage: Reduces overall system SMM usage * Disadvantage: Requires more Runtime data memory usage Initial Performance Observations --------------------------------- * With these proposed changes, an Intel Atom based SoC saw GetVariable ( ) time for an existing variable reduce from ~220us to ~5us. Major Changes -------------- 1. Two UEFI variable caches will be maintained. a. "Runtime Cache" - Maintained in VariableSmmRuntimeDxe. Used to serve runtime service GetVariable () and GetNextVariableName () callers. b. "SMM cache" - Maintained in VariableSmm to service SMM GetVariable () and GetNextVariableName () callers. i. A cache in SMRAM is retained so SMM modules do not operate on data outside SMRAM. 2. A new UEFI variable read and write flow will be used as described below. At any given time, the two caches would be coherent. On a variable write, the runtime cache is only updated after validation in SMM and, in the case of a non-volatile UEFI variable, the variable must also be successfully written to non-volatile storage. Prior RFC Feedback Addressed ----------------------------- RFC sent Sept. 5, 2019: https://edk2.groups.io/g/devel/message/46939 1. UEFI variable data retrieval from a ring 0 buffer A common concern with this proposed set of changes is the potential security threat presented by serving runtime services callers from a ring 0 memory buffer of EfiRuntimeServicesData type. This conclusion was that this change does not fundamentally alter the attack surface. The UEFI variable Runtime Services are invoked from ring 0 and the data already travels through ring 0 buffers (such as the SMM communicate buffer) to reach the caller. Even today if ring 0 is assumed to be malicious, the malicious code may keep one AP in a loop to monitor the communication data, when the BSP gets an (authenticated) variable. When the communication buffer is updated and the status is set to EFI_SUCCESS, the AP may modify the communication buffer contents such the tampered data is returned to the BSP caller. Or an interrupt handler on the BSP may alter the communication buffer contents before the data is returned to the caller. In summary, this was not found to introduce any attack not possible today. 2. VarCheckLib impact VarCheckLib plays a role in SetVariable () calls. This patch series only changes GetVariable () behavior. Therefore, VarCheckLib is expected to have no impact due to these changes. Testing Performed ------------------ This code was tested with the master branch of edk2 on an Intel Kaby Lake U Intel Whiskey Lake U reference validation platform. The set of tests performed included: 1. Boot from S5 to Windows 10 OS with SMM variables enabled. 2. Boot from S5 to Ubuntu 18.04.1 LTS with SMM variable enabled. 3. Boot from S5 to EFI shell with DXE variables enabled. 4. Dump UEFI variable store at shell with dmpstore to verify contents. 5. Dump NvStorage FV from SPI flash after boot to verify contents written. 6. Dump UEFI variable statistics with VariableInfo at shell. 7. Boot with emulated variables enabled. 8. Cycles of adding and deleting a UEFI variable to verify cache results. 9. Set OsIndications to stop at FW UI to verify cache load of non-volatile contents. Why Keep SMM on Variable Writes -------------------------------- * SMM provides a ubiquitous isolated execution environment in x86 for authenticated UEFI variables. * BIOS region SPI flash write restrictions to SMM in platforms today can be retained. Today's UEFI Variable Cache (for reference) -------------------------------------------- * Maintained in SMRAM via VariableSmm. * A "write-through" cache of variable data in the form of a UEFI variable store. * Non-volatile and volatile variables are maintained in separate buffers (variable stores). Runtime & SMM Cache Coherency ------------------------------ The non-volatile cache should always accurately reflect non-volatile storage contents (done today) and the "SMM cache" and "Runtime cache" should always be coherent on access. The runtime cache is updated by VariableSmm. Updating both caches from within a SMM SetVariable () operation is fairly straightforward but a race condition can occur if an SMI occurs during the execution of runtime code reading from the runtime cache. To handle this case, a runtime cache read lock is introduced that explicitly moves pending updates from SMM to the runtime cache if an SMM update occurs while the runtime cache is locked. Note that it is not expected a Runtime services call will interrupt SMM processing since all CPU cores rendezvous in SMM. New Key Elements for Coherence ------------------------------- Runtime DXE (VariableSmmRuntimeDxe) 1. RuntimeCacheReadLock - A global lock used to lock read access to the runtime cache. 2. RuntimeCachePendingUpdate - A global flag used to notify runtime code of a pending cache update in SMM. SMM (VariableSmm) 1. FlushRuntimeCachePendingUpdate SMI - A SW SMI handler that synchronizes the runtime cache buffer with the SMM cache buffer. Proposed Runtime DXE Read Flow ------------------------------- 1. Wait for RuntimeCacheReadLock to be free 2. Acquire RuntimeCacheReadLock 3. If RuntimeCachePendingUpdate flag (rare) is set then: 3.a. Trigger FlushRuntimeCachePendingUpdate SMI 3.b. Verify RuntimeCachePendingUpdate flag is cleared 4. Perform read from RuntimeCache 5. Release RuntimeCacheReadLock Proposed FlushRuntimeCachePendingUpdate SMI -------------------------------------------- 1. If RuntimeCachePendingUpdate flag is not set: 1.a. Return 2. Copy the data at RuntimeCachePendingOffset of RuntimeCachePendingLength to RuntimeCache 3. Clear the RuntimeCachePendingUpdate flag Proposed SMM Write Flow ------------------------ 1. Perform variable authentication and non-volatile write. If either fail, return an error to the caller. 2. If RuntimeCacheReadLock is set then: 2.a. Set RuntimeCachePendingUpdate flag 2.b. Update RuntimeCachePendingOffset and RuntimeCachePendingLength to cover the a superset of the pending chunk (for simplicity, the entire variable store is currently synchronized). 3. Else: 3.a. Update RuntimeCache 4. Update SmmCache - Note: RT read cannot occur during SMI processing since all cores are locked in SMM. Cc: Dandan Bi Cc: Ard Biesheuvel Cc: Eric Dong Cc: Laszlo Ersek Cc: Liming Gao Cc: Michael D Kinney Cc: Ray Ni Cc: Jian J Wang Cc: Hao A Wu Cc: Jiewen Yao Signed-off-by: Michael Kubacki Michael Kubacki (9): MdeModulePkg/Variable: Consolidate common parsing functions MdeModulePkg/Variable: Parameterize GetNextVariableEx() store list MdeModulePkg/Variable: Parameterize VARIABLE_INFO_ENTRY buffer MdeModulePkg/Variable: Add local auth status in VariableParsing MdeModulePkg/Variable: Add a file for NV variable functions MdeModulePkg VariableInfo: Always consider RT DXE and SMM stats MdeModulePkg/Variable: Add RT GetVariable() cache support MdeModulePkg/Variable: Add RT GetNextVariableName() cache support MdeModulePkg/VariableSmm: Remove unused SMI handler functions MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 6 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 6 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 31 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 11 + MdeModulePkg/Include/Guid/SmmVariableCommon.h | 33 +- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h | 158 +--- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.h | 25 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.h | 325 ++++++++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.h | 47 ++ MdeModulePkg/Application/VariableInfo/VariableInfo.c | 37 +- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 826 ++------------------ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c | 11 +- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.c | 28 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.c | 769 ++++++++++++++++++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c | 153 ++++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 212 +++-- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 726 +++++++++++++---- 17 files changed, 2231 insertions(+), 1173 deletions(-) create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.h create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.h create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.h create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableNonVolatile.c create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableParsing.c create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeCache.c -- 2.16.2.windows.1