From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web12.35600.1595244629521419095 for ; Mon, 20 Jul 2020 04:30:29 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: guomin.jiang@intel.com) IronPort-SDR: Cs5NXZApu3y15s5efwmzbX1zMEXeOMClAqlsrE3vZWMMSW4uhwW7xiKqsJZBwjkfdk2+y4mRL5 bzrYdHz9v0lw== X-IronPort-AV: E=McAfee;i="6000,8403,9687"; a="137373116" X-IronPort-AV: E=Sophos;i="5.75,374,1589266800"; d="scan'208";a="137373116" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2020 04:30:28 -0700 IronPort-SDR: 6kGT0NZQCfxAMoix2r2Fbb/FZR+ECllz6Nd/svTDUYCC94LVsK95e/tvK55DohzRokXWa+sSCJ XYsOjOL/koKQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,374,1589266800"; d="scan'208";a="271411106" Received: from guominji-mobl.ccr.corp.intel.com ([10.238.13.140]) by fmsmga008.fm.intel.com with ESMTP; 20 Jul 2020 04:30:23 -0700 From: "Guomin Jiang" To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Dandan Bi , Liming Gao , Debkumar De , Harry Han , Catharine West , Eric Dong , Ray Ni , Jordan Justen , Andrew Fish , Laszlo Ersek , Ard Biesheuvel , Anthony Perard , Julien Grall , Leif Lindholm , Rahul Kumar , Jiewen Yao , Chao Zhang , Qi Zhang Subject: [PATCH v6 00/10] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098) Date: Mon, 20 Jul 2020 19:30:12 +0800 Message-Id: <20200720113022.675-1-guomin.jiang@intel.com> X-Mailer: git-send-email 2.25.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The TOCTOU vulnerability allow that the physical present person to replace the code with the normal BootGuard check and PCR0 value. The issue occur when BootGuard measure IBB and access flash code after NEM disable. the reason why we access the flash code is that we have some pointer to flash. To avoid this vulnerability, we need to convert those pointers, the patch series do this work and make sure that no code will access flash address. v2: Create gEdkiiMigratedFvInfoGuid HOB and add PcdMigrateTemporaryRamFirmwareVolumes to control whole feature. v3: Remove changes which is not related with the feature and disable the feature in virtual platform. v4: Disable the feature as default, Copy the Tcg2Pei behavior to TcgPei v5: Initialize local variable Shadow and return EFI_ABORTED when RepublishSecPpi not installed. v6: Avoid redundant shadow PEIM when enable Migrated PCD. Cc: Jian J Wang Cc: Hao A Wu Cc: Dandan Bi Cc: Liming Gao Cc: Debkumar De Cc: Harry Han Cc: Catharine West Cc: Eric Dong Cc: Ray Ni Cc: Jordan Justen Cc: Andrew Fish Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Anthony Perard Cc: Julien Grall Cc: Leif Lindholm Cc: Rahul Kumar Cc: Jiewen Yao Cc: Chao Zhang Cc: Qi Zhang Guomin Jiang (7): MdeModulePkg: Add new PCD to control the evacuate temporary memory feature (CVE-2019-11098) MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash (CVE-2019-11098) SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU (CVE-2019-11098) UefiCpuPkg: Correct some typos. SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) MdeModulePkg/Core: Avoid redundant shadow when enable the Migrated PCD (CVE-2019-11098) Michael Kubacki (3): MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore (CVE-2019-11098) UefiCpuPkg/CpuMpPei: Add GDT migration support (CVE-2019-11098) UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) MdeModulePkg/MdeModulePkg.dec | 11 + UefiCpuPkg/UefiCpuPkg.dec | 3 + UefiCpuPkg/UefiCpuPkg.dsc | 1 + MdeModulePkg/Core/Pei/PeiMain.inf | 3 + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 + UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 4 + UefiCpuPkg/SecCore/SecCore.inf | 2 + .../SecMigrationPei/SecMigrationPei.inf | 67 +++ MdeModulePkg/Core/Pei/PeiMain.h | 170 +++++++ MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 + UefiCpuPkg/CpuMpPei/CpuMpPei.h | 14 +- UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ .../CpuExceptionCommon.h | 4 +- UefiCpuPkg/SecCore/SecMain.h | 1 + UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 154 +++++++ MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 431 +++++++++++++++++- MdeModulePkg/Core/Pei/Image/Image.c | 130 +++++- MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 82 ++++ MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 34 +- MdeModulePkg/Core/Pei/Ppi/Ppi.c | 287 ++++++++++++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 +- SecurityPkg/Tcg/TcgPei/TcgPei.c | 29 +- UefiCpuPkg/CpuMpPei/CpuMpPei.c | 37 ++ UefiCpuPkg/CpuMpPei/CpuPaging.c | 42 +- .../Ia32/ArchExceptionHandler.c | 4 +- .../SecPeiCpuException.c | 2 +- .../X64/ArchExceptionHandler.c | 4 +- UefiCpuPkg/SecCore/SecMain.c | 26 +- UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 381 ++++++++++++++++ MdeModulePkg/MdeModulePkg.uni | 6 + .../SecMigrationPei/SecMigrationPei.uni | 13 + 32 files changed, 2023 insertions(+), 28 deletions(-) create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf create mode 100644 MdeModulePkg/Include/Guid/MigratedFvInfo.h create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni -- 2.25.1.windows.1