From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web12.6580.1592298287706275716 for ; Tue, 16 Jun 2020 02:04:50 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: zhiguang.liu@intel.com) IronPort-SDR: H9yByjTJcRGigIqsnwMiCKdu19R0v6Vo1h2ABwSOrSkYG+hdyiw+nXWGkNvzYzfM/OIZ6Ayxph 9Kdv1UmSzuDg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jun 2020 02:04:49 -0700 IronPort-SDR: /E+tAH6B0fxAtCtTONJaZ9X3oD5KibMxXU2iF1vtWgYS0bhISaikGYeEHolxZGIUnetRY6DNRi o4kRbiRcMrPw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,518,1583222400"; d="scan'208";a="290992364" Received: from fieedk002.ccr.corp.intel.com ([10.239.158.178]) by orsmga002.jf.intel.com with ESMTP; 16 Jun 2020 02:04:48 -0700 From: "Zhiguang Liu" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Laszlo Ersek , Rahul Kumar Subject: [PATCH 5/5] UefiCpuPkg: Uninstall EFI_SMM_CONFIGURATION_PROTOCOL at end of Dxe. Date: Tue, 16 Jun 2020 17:04:34 +0800 Message-Id: <20200616090434.1201-5-zhiguang.liu@intel.com> X-Mailer: git-send-email 2.25.1.windows.1 In-Reply-To: <20200616090434.1201-1-zhiguang.liu@intel.com> References: <20200616090434.1201-1-zhiguang.liu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2317 To avoid leaking information from SMM, uninstall EFI_SMM_CONFIGURATION_PROTOCOL at end of Dxe. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Rahul Kumar Signed-off-by: Zhiguang Liu --- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 37 ++++++++++++++++++++++++= +++++++++++++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 1 + 2 files changed, 38 insertions(+) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmC= puDxeSmm/PiSmmCpuDxeSmm.c index db68e1316e..a1b209e125 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c @@ -520,6 +520,33 @@ SmmReadyToLockEventNotify ( return EFI_SUCCESS;=0D }=0D =0D +/**=0D + SMM End of Dxe event notification handler.=0D +=0D + To avoid leaking information from SMM, uninstall EFI_SMM_CONFIGURATION_P= ROTOCOL=0D + at end of Dxe.=0D +=0D + @param[in] Protocol Points to the protocol's unique identifier.=0D + @param[in] Interface Points to the interface instance.=0D + @param[in] Handle The handle on which the interface was installed.=0D +=0D + @retval EFI_SUCCESS Notification handler runs successfully.=0D + **/=0D +EFI_STATUS=0D +EFIAPI=0D +SmmEndOfDxeNotify (=0D + IN CONST EFI_GUID *Protocol,=0D + IN VOID *Interface,=0D + IN EFI_HANDLE Handle=0D + )=0D +{=0D + gBS->UninstallProtocolInterface (=0D + gSmmCpuPrivate->SmmCpuHandle,=0D + &gEfiSmmConfigurationProtocolGuid, &gSmmCpuPrivate->SmmConfigurat= ion=0D + );=0D + return EFI_SUCCESS;=0D +}=0D +=0D /**=0D The module Entry Point of the CPU SMM driver.=0D =0D @@ -1038,6 +1065,16 @@ PiCpuSmmEntry ( );=0D ASSERT_EFI_ERROR (Status);=0D =0D + //=0D + // register SMM End of Dxe notification=0D + //=0D + Status =3D gSmst->SmmRegisterProtocolNotify (=0D + &gEfiSmmEndOfDxeProtocolGuid,=0D + SmmEndOfDxeNotify,=0D + &Registration=0D + );=0D + ASSERT_EFI_ERROR (Status);=0D +=0D //=0D // Initialize SMM Profile feature=0D //=0D diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf b/UefiCpuPkg/PiSm= mCpuDxeSmm/PiSmmCpuDxeSmm.inf index 76b1462996..bb994814d6 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf @@ -105,6 +105,7 @@ gEfiSmmConfigurationProtocolGuid ## PRODUCES=0D gEfiSmmCpuProtocolGuid ## PRODUCES=0D gEfiSmmReadyToLockProtocolGuid ## NOTIFY=0D + gEfiSmmEndOfDxeProtocolGuid ## NOTIFY=0D gEfiSmmCpuServiceProtocolGuid ## PRODUCES=0D gEdkiiSmmMemoryAttributeProtocolGuid ## PRODUCES=0D gEfiMmMpProtocolGuid ## PRODUCES=0D --=20 2.25.1.windows.1