From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.25806.1678727899217729365
 for <devel@edk2.groups.io>;
 Mon, 13 Mar 2023 10:18:19 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Yl9cgcrz;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id BB2AD6144F;
	Mon, 13 Mar 2023 17:18:18 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59695C4339E;
	Mon, 13 Mar 2023 17:18:16 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1678727898;
	bh=wVi7JHOrzygaoD6TVUb7Y0rSx1rVUO+xdkELbPY26vk=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=Yl9cgcrzezPptHePbfBSIHSE6ouRcCtv8etNyRWJ4LOO6PLFfcmsOfyu+QAdRZXFJ
	 yLzAPknEcE3b6RZEVp+JPd2w6j977MIXU0bvMBYIva0rk0CT5Y2R72OfkhahxQpGzq
	 hCpJUx78CJWVze15tjN4KM18Cw8kQhM14xaXu3zFa64apS3Lqmle7tFbjrLFBaE7BU
	 M7WeeI7v7NYVohiIzDxvSjB9Y7OudOrfCyCabTWJXrKFPzvaoNWmjI+/T2MokK3vwM
	 MvekvJoUjGD/4mAooJ8SKe/ihefmnbv7KTWNp9CUnHmSCzH2ipWTJvfWpcxkYSeQQh
	 IaQ1lO1yUyjTA==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>
Subject: [PATCH v5 17/38] MdeModulePkg/DxeIpl: Avoid shadowing IPL PEIM by default
Date: Mon, 13 Mar 2023 18:16:53 +0100
Message-Id: <20230313171714.3866151-18-ardb@kernel.org>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org>
References: <20230313171714.3866151-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Currently, the DXE IPL relies on permanent memory being available, but
does not DEPEX on the associated PPI. Instead, it registers for PEIM
shadowing, and only proceeds when running shadowed, and this implies
that permanent memory has been installed.

While PEIM shadowing is typically good for performance, there are
reasons why we might prefer to avoid it, e.g., when running under
virtualization in a mode where the write protection of the ROM is an
advantage from a safety PoV, and where the performance is identical.

This is especially true when code executing from ordinary RAM needs some
additional work to be executable, like when enabling WXN on ARM, which
only permits execution from memory that is mapped read-only.

So permit DXE IPL to run unshadowed, based on the existing PCD that
decides whether or not shadowing is preferred. While making this
behavior depend on this PCD is strictly redundant (as the IPL PEIM will
be shadowed anyway, even if RegisterForShadow() is not called), let's
test it anyway to avoid modifying the behavior on existing platforms.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf |  5 +++-
 MdeModulePkg/Core/DxeIplPeim/DxeLoad.c  | 24 +++++++++++---------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx=
eIplPeim/DxeIpl.inf
index 052ea0ec1a6f..62821477d012 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -112,6 +112,9 @@ [FeaturePcd.X64]
 [FeaturePcd]=0D
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUME=
S=0D
 =0D
+[Pcd]=0D
+  gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot            ## CONSUME=
S=0D
+=0D
 [Pcd.IA32,Pcd.X64]=0D
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable                      ##=
 SOMETIMES_CONSUMES=0D
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ##=
 CONSUMES=0D
@@ -128,7 +131,7 @@ [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## SOMETIM=
ES_CONSUMES=0D
 =0D
 [Depex]=0D
-  gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid=0D
+  gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid AND gEfiPeiMemor=
yDiscoveredPpiGuid=0D
 =0D
 #=0D
 # [BootMode]=0D
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c b/MdeModulePkg/Core/Dxe=
IplPeim/DxeLoad.c
index 2c19f1a507ba..228d39a618d3 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
@@ -77,18 +77,20 @@ PeimInitializeDxeIpl (
   BootMode =3D GetBootModeHob ();=0D
 =0D
   if (BootMode !=3D BOOT_ON_S3_RESUME) {=0D
-    Status =3D PeiServicesRegisterForShadow (FileHandle);=0D
-    if (Status =3D=3D EFI_SUCCESS) {=0D
-      //=0D
-      // EFI_SUCESS means it is the first time to call register for shadow=
.=0D
-      //=0D
-      return Status;=0D
-    }=0D
+    if (PcdGetBool (PcdShadowPeimOnBoot)) {=0D
+      Status =3D PeiServicesRegisterForShadow (FileHandle);=0D
+      if (Status =3D=3D EFI_SUCCESS) {=0D
+        //=0D
+        // EFI_SUCESS means it is the first time to call register for shad=
ow.=0D
+        //=0D
+        return Status;=0D
+      }=0D
 =0D
-    //=0D
-    // Ensure that DXE IPL is shadowed to permanent memory.=0D
-    //=0D
-    ASSERT (Status =3D=3D EFI_ALREADY_STARTED);=0D
+      //=0D
+      // Ensure that DXE IPL is shadowed to permanent memory.=0D
+      //=0D
+      ASSERT (Status =3D=3D EFI_ALREADY_STARTED);=0D
+    }=0D
 =0D
     //=0D
     // DXE core load requires permanent memory.=0D
--=20
2.39.2