public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH v6 00/10] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098)
@ 2020-07-20 11:30 Guomin Jiang
  2020-07-20 11:30 ` [PATCH v6 01/10] MdeModulePkg: Add new PCD to control the evacuate temporary memory feature (CVE-2019-11098) Guomin Jiang
                   ` (9 more replies)
  0 siblings, 10 replies; 21+ messages in thread
From: Guomin Jiang @ 2020-07-20 11:30 UTC (permalink / raw)
  To: devel
  Cc: Jian J Wang, Hao A Wu, Dandan Bi, Liming Gao, Debkumar De,
	Harry Han, Catharine West, Eric Dong, Ray Ni, Jordan Justen,
	Andrew Fish, Laszlo Ersek, Ard Biesheuvel, Anthony Perard,
	Julien Grall, Leif Lindholm, Rahul Kumar, Jiewen Yao, Chao Zhang,
	Qi Zhang

The TOCTOU vulnerability allow that the physical present person to replace the code with the normal BootGuard check and PCR0 value.
The issue occur when BootGuard measure IBB and access flash code after NEM disable.
the reason why we access the flash code is that we have some pointer to flash.
To avoid this vulnerability, we need to convert those pointers, the patch series do this work and make sure that no code will access flash address.

v2:
Create gEdkiiMigratedFvInfoGuid HOB and add PcdMigrateTemporaryRamFirmwareVolumes to control whole feature.

v3:
Remove changes which is not related with the feature and disable the feature in virtual platform.

v4:
Disable the feature as default, Copy the Tcg2Pei behavior to TcgPei

v5:
Initialize local variable Shadow and return EFI_ABORTED when RepublishSecPpi not installed.

v6:
Avoid redundant shadow PEIM when enable Migrated PCD.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Anthony Perard <anthony.perard@citrix.com>
Cc: Julien Grall <julien@xen.org>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>


Guomin Jiang (7):
  MdeModulePkg: Add new PCD to control the evacuate temporary memory
    feature (CVE-2019-11098)
  MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash
    (CVE-2019-11098)
  SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash
    (CVE-2019-11098)
  UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU
    (CVE-2019-11098)
  UefiCpuPkg: Correct some typos.
  SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash
    (CVE-2019-11098)
  MdeModulePkg/Core: Avoid redundant shadow when enable the Migrated PCD
    (CVE-2019-11098)

Michael Kubacki (3):
  MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore
    (CVE-2019-11098)
  UefiCpuPkg/CpuMpPei: Add GDT migration support (CVE-2019-11098)
  UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)

 MdeModulePkg/MdeModulePkg.dec                 |  11 +
 UefiCpuPkg/UefiCpuPkg.dec                     |   3 +
 UefiCpuPkg/UefiCpuPkg.dsc                     |   1 +
 MdeModulePkg/Core/Pei/PeiMain.inf             |   3 +
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf           |   1 +
 SecurityPkg/Tcg/TcgPei/TcgPei.inf             |   1 +
 UefiCpuPkg/CpuMpPei/CpuMpPei.inf              |   4 +
 UefiCpuPkg/SecCore/SecCore.inf                |   2 +
 .../SecMigrationPei/SecMigrationPei.inf       |  67 +++
 MdeModulePkg/Core/Pei/PeiMain.h               | 170 +++++++
 MdeModulePkg/Include/Guid/MigratedFvInfo.h    |  22 +
 UefiCpuPkg/CpuMpPei/CpuMpPei.h                |  14 +-
 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h      |  54 +++
 .../CpuExceptionCommon.h                      |   4 +-
 UefiCpuPkg/SecCore/SecMain.h                  |   1 +
 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h  | 154 +++++++
 MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 431 +++++++++++++++++-
 MdeModulePkg/Core/Pei/Image/Image.c           | 130 +++++-
 MdeModulePkg/Core/Pei/Memory/MemoryServices.c |  82 ++++
 MdeModulePkg/Core/Pei/PeiMain/PeiMain.c       |  34 +-
 MdeModulePkg/Core/Pei/Ppi/Ppi.c               | 287 ++++++++++++
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c             |  31 +-
 SecurityPkg/Tcg/TcgPei/TcgPei.c               |  29 +-
 UefiCpuPkg/CpuMpPei/CpuMpPei.c                |  37 ++
 UefiCpuPkg/CpuMpPei/CpuPaging.c               |  42 +-
 .../Ia32/ArchExceptionHandler.c               |   4 +-
 .../SecPeiCpuException.c                      |   2 +-
 .../X64/ArchExceptionHandler.c                |   4 +-
 UefiCpuPkg/SecCore/SecMain.c                  |  26 +-
 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c  | 381 ++++++++++++++++
 MdeModulePkg/MdeModulePkg.uni                 |   6 +
 .../SecMigrationPei/SecMigrationPei.uni       |  13 +
 32 files changed, 2023 insertions(+), 28 deletions(-)
 create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
 create mode 100644 MdeModulePkg/Include/Guid/MigratedFvInfo.h
 create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
 create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
 create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
 create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni

-- 
2.25.1.windows.1


^ permalink raw reply	[flat|nested] 21+ messages in thread

end of thread, other threads:[~2020-07-22  7:27 UTC | newest]

Thread overview: 21+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-20 11:30 [PATCH v6 00/10] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098) Guomin Jiang
2020-07-20 11:30 ` [PATCH v6 01/10] MdeModulePkg: Add new PCD to control the evacuate temporary memory feature (CVE-2019-11098) Guomin Jiang
2020-07-22  2:26   ` [edk2-devel] " Wang, Jian J
2020-07-22  2:42   ` Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 02/10] MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore (CVE-2019-11098) Guomin Jiang
2020-07-20 11:30 ` [PATCH v6 03/10] UefiCpuPkg/CpuMpPei: Add GDT migration support (CVE-2019-11098) Guomin Jiang
2020-07-22  2:43   ` [edk2-devel] " Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 04/10] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) Guomin Jiang
2020-07-22  3:07   ` [edk2-devel] " Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 05/10] MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash (CVE-2019-11098) Guomin Jiang
2020-07-22  3:16   ` Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 06/10] SecurityPkg/Tcg2Pei: Use " Guomin Jiang
2020-07-22  1:25   ` Qi Zhang
2020-07-20 11:30 ` [PATCH v6 07/10] UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU (CVE-2019-11098) Guomin Jiang
2020-07-22  3:31   ` [edk2-devel] " Wang, Jian J
2020-07-20 11:30 ` [PATCH v6 08/10] UefiCpuPkg: Correct some typos Guomin Jiang
2020-07-20 11:30 ` [PATCH v6 09/10] SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Guomin Jiang
2020-07-22  1:25   ` Qi Zhang
2020-07-20 11:30 ` [PATCH v6 10/10] MdeModulePkg/Core: Avoid redundant shadow when enable the Migrated PCD (CVE-2019-11098) Guomin Jiang
2020-07-22  6:58   ` [edk2-devel] " Wang, Jian J
2020-07-22  7:27     ` Liming Gao

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox