From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.4847.1686342389221070567 for ; Fri, 09 Jun 2023 13:26:29 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@taylorbeebe.com header.s=google header.b=UP4mhxnR; spf=pass (domain: taylorbeebe.com, ip: 209.85.214.173, mailfrom: t@taylorbeebe.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1b2439e9004so9532185ad.3 for ; Fri, 09 Jun 2023 13:26:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=taylorbeebe.com; s=google; t=1686342388; x=1688934388; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6/A6rCuy44zz71ZgzvfxOaA0JVf2BrXw6rm+xPOF4RA=; b=UP4mhxnRPocazo+8/jpNLVqIaIgEWmmBq/W6HuT1Zl5Pk4XkknBJ7bf8acaZ+CKNTL CqYrq+YPHpWXIbEO+aamNyl/LktLX8OCfP1cqIIVfswcH2bc5zePjhg+xnM4Jlupg9eb QTnK0wdCkotlDykPaLbmlkkXR7H4LeYzWQsXyBAqCs21ZqyblRq9uch59B8dJQbnL3F0 4rPvvmT337ojqbJztrYWnPmLOrWT2VG1xUc3hTfXV8P77eF5L6J1g5ZBMlAS0MzI04p9 8Rk2zRTHuufi97J0rvsCoo3t+KgGEeQtyZD7LBvV8n4njmt218YOrAPtjm+d+/t9K9pK /3Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686342388; x=1688934388; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6/A6rCuy44zz71ZgzvfxOaA0JVf2BrXw6rm+xPOF4RA=; b=WxKJ+2SKdv6TwAM3qhLAG7hq254Dw5jx+C6VMf8Ka2Zz9s4GMEKoLCrv9zISBxfUdw uocn5fPMTHJdZ1gkJFatPJS6V+RjUOkmHO5hcmXm1J3csm2GJLPBkcEVl1BcE15LDQDR Vijl7nkyC+JPzxt2lFKetPf2G4XDbXzlSlk8I0j2uRwGK8nuHr3DwAfH3FnT1tgynJpW fSI1f/2FG0SDXJLMuD/hCW6kDZELP7J1rmZDmjdJ8a04OAvz3+45sPYI1l4yDRb1xJmI CnvoyKWK5U5Yddy1lM2/aObj66zDWJ99Xvcdf0iFTOMY8Mak7V5fwvsHdeUHmr/sKbk3 WeXQ== X-Gm-Message-State: AC+VfDzzucijzE78weBr+ojfoJBki3b8ERQyQlZjbnZDW2AAVFKEPYnN OQQQqoCa6r84Kyf0MRlbgwFdhAwAZLpyVTvCXjRyFA== X-Google-Smtp-Source: ACHHUZ43Iwt5gjIslgJ49/ZgIEEjbicwE5BsGLTGTG/+0x0OSrCVFdKBs+DAMjkGgMcSg1QDCH+ntw== X-Received: by 2002:a17:902:ea84:b0:1ab:8f4:af2b with SMTP id x4-20020a170902ea8400b001ab08f4af2bmr1787040plb.38.1686342388061; Fri, 09 Jun 2023 13:26:28 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([50.46.230.135]) by smtp.gmail.com with ESMTPSA id a7-20020a170902ecc700b001a69c1c78e7sm3689500plh.71.2023.06.09.13.26.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jun 2023 13:26:27 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Taylor Beebe , Jian J Wang , Liming Gao , Dandan Bi Subject: [PATCH v1 1/3] MdeModulePkg: Add DXE and MM Memory Protection Settings HOB Definitions Date: Fri, 9 Jun 2023 13:25:59 -0700 Message-Id: <20230609202601.1153-2-t@taylorbeebe.com> X-Mailer: git-send-email 2.36.1.windows.1 In-Reply-To: <20230609202601.1153-1-t@taylorbeebe.com> References: <20230609202601.1153-1-t@taylorbeebe.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable These headers provide settings definitions for memory protections,=0D settings profiles for easily enabling memory protections,=0D and the GUIDs used for producing the memory protection HOB.=0D =0D The settings options are functionally 1:1 with the existing=0D PCD bitfield definitions. Instead of setting a fixed at build=0D PCD, memory protection settings will be created via a HOB=0D at runtime.=0D =0D Signed-off-by: Taylor Beebe =0D Cc: Jian J Wang =0D Cc: Liming Gao =0D Cc: Dandan Bi =0D ---=0D MdeModulePkg/Include/Guid/DxeMemoryProtectionSettings.h | 503 ++++++++++++= ++++++++=0D MdeModulePkg/Include/Guid/MmMemoryProtectionSettings.h | 239 ++++++++++=0D MdeModulePkg/MdeModulePkg.dec | 10 +=0D 3 files changed, 752 insertions(+)=0D =0D diff --git a/MdeModulePkg/Include/Guid/DxeMemoryProtectionSettings.h b/MdeM= odulePkg/Include/Guid/DxeMemoryProtectionSettings.h=0D new file mode 100644=0D index 000000000000..7f4b573805a8=0D --- /dev/null=0D +++ b/MdeModulePkg/Include/Guid/DxeMemoryProtectionSettings.h=0D @@ -0,0 +1,503 @@=0D +/** @file=0D +=0D +Defines memory protection settings guid and struct=0D +=0D +Copyright (C) Microsoft Corporation. All rights reserved.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#ifndef DXE_MEMORY_PROTECTION_SETTINGS_H_=0D +#define DXE_MEMORY_PROTECTION_SETTINGS_H_=0D +=0D +typedef union {=0D + UINT8 Data;=0D + struct {=0D + UINT8 NullDetectionEnabled : 1;=0D + UINT8 DisableEndOfDxe : 1;=0D + UINT8 NonstopModeEnabled : 1;=0D + } Fields;=0D +} DXE_NULL_DETECTION_POLICY;=0D +=0D +typedef union {=0D + UINT8 Data;=0D + struct {=0D + UINT8 PageGuardEnabled : 1;=0D + UINT8 PoolGuardEnabled : 1;=0D + UINT8 FreedMemoryGuardEnabled : 1;=0D + UINT8 NonstopModeEnabled : 1;=0D + UINT8 GuardAlignment : 1;=0D + } Fields;=0D +} DXE_HEAP_GUARD_POLICY;=0D +=0D +typedef union {=0D + UINT32 Data;=0D + struct {=0D + UINT8 EfiReservedMemoryType : 1;=0D + UINT8 EfiLoaderCode : 1;=0D + UINT8 EfiLoaderData : 1;=0D + UINT8 EfiBootServicesCode : 1;=0D + UINT8 EfiBootServicesData : 1;=0D + UINT8 EfiRuntimeServicesCode : 1;=0D + UINT8 EfiRuntimeServicesData : 1;=0D + UINT8 EfiConventionalMemory : 1;=0D + UINT8 EfiUnusableMemory : 1;=0D + UINT8 EfiACPIReclaimMemory : 1;=0D + UINT8 EfiACPIMemoryNVS : 1;=0D + UINT8 EfiMemoryMappedIO : 1;=0D + UINT8 EfiMemoryMappedIOPortSpace : 1;=0D + UINT8 EfiPalCode : 1;=0D + UINT8 EfiPersistentMemory : 1;=0D + UINT8 OEMReserved : 1;=0D + UINT8 OSReserved : 1;=0D + } Fields;=0D +} DXE_HEAP_GUARD_MEMORY_TYPES;=0D +=0D +typedef union {=0D + UINT8 Data;=0D + struct {=0D + UINT8 ProtectImageFromUnknown : 1;=0D + UINT8 ProtectImageFromFv : 1;=0D + } Fields;=0D +} DXE_IMAGE_PROTECTION_POLICY;=0D +=0D +typedef UINT8 DXE_MEMORY_PROTECTION_SETTINGS_VERSION;=0D +=0D +#define DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION 1 // Current itera= tion of DXE_MEMORY_PROTECTION_SETTINGS=0D +=0D +//=0D +// Memory Protection Settings struct=0D +//=0D +typedef struct {=0D + // The current version of the structure definition. This is used to ensu= re there isn't a definition mismatch=0D + // if modules have differing iterations of this header. When creating th= is struct, use the=0D + // DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION macro.=0D + DXE_MEMORY_PROTECTION_SETTINGS_VERSION StructVersion;=0D +=0D + // Indicates if UEFI Stack Guard will be enabled.=0D + //=0D + // If enabled, stack overflow in UEFI can be caught.=0D + // TRUE - UEFI Stack Guard will be enabled.=0D + // FALSE - UEFI Stack Guard will be disabled.=0D + BOOLEAN CpuStackGuard;=0D +=0D + // Bitfield to control the NULL address detection in code for different = phases.=0D + // If enabled, accessing NULL address in UEFI or SMM code can be caught = by marking=0D + // the NULL page as not present.=0D + // .NullDetectionEnabled : Enable NULL pointer detection for UEFI.= =0D + // .DisableEndOfDxe : Disable NULL pointer detection just afte= r EndOfDxe.=0D + // This is a workaround for those unsolvabl= e NULL access issues in=0D + // OptionROM, boot loader, etc. It can also= help to avoid unnecessary=0D + // exception caused by legacy memory (0-409= 5) access after EndOfDxe,=0D + // such as Windows 7 boot on Qemu.=0D + // .NonstopModeEnabled : Enable UEFI non-stop mode. If enabled, U= EFI will raise the debug flag=0D + // to break into debugger when a fault occu= rs.=0D + DXE_NULL_DETECTION_POLICY NullPointerDetectionPolicy;=0D +=0D + // Bitfield to control Heap Guard behavior.=0D + //=0D + // Note:=0D + // a) Due to the limit of pool memory implementation and the alignment= =0D + // requirement of UEFI spec, HeapGuardPolicy.GuardAlignment is a try= -best=0D + // setting which cannot guarantee that the returned pool is exactly= =0D + // adjacent to head guard page or tail guard page.=0D + // b) UEFI freed-memory guard and UEFI pool/page guard cannot be enable= d=0D + // at the same time.=0D + //=0D + // .PageGuardEnabled : Enable UEFI page guard.=0D + // .PoolGuardEnabled : Enable UEFI pool guard.=0D + // .FreedMemoryGuardEnabled : Enable UEFI freed-memory guard (Use-Afte= r-Free memory detection).=0D + // .NonstopModeEnabled : Enable UEFI non-stop mode. If enabled, t= he debug flag will be raised=0D + // to break into debugger when a fault occu= rs.=0D + // .GuardAlignment : The alignment of Guard Page for Pool Gua= rd.=0D + // 0 - The returned pool is near the tail g= uard page.=0D + // 1 - The returned pool is near the head g= uard page.=0D + DXE_HEAP_GUARD_POLICY HeapGuardPolicy;=0D +=0D + // Set image protection policy.=0D + //=0D + // .ProtectImageFromUnknown : If set, images from unknown devi= ces will be protected by DxeCore=0D + // if they are aligned. The code se= ction becomes read-only, and the data=0D + // section becomes non-executable.= =0D + // .ProtectImageFromFv : If set, images from firmware vol= umes will be protected by DxeCore=0D + // if they are aligned. The code se= ction becomes read-only, and the data=0D + // section becomes non-executable.= =0D + //=0D + // Note: If a bit is cleared, an image data section could be still non-e= xecutable if=0D + // NxProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData = or EfiRuntimeServicesData.=0D + DXE_IMAGE_PROTECTION_POLICY ImageProtectionPolicy;=0D +=0D + // Indicates which type allocation need guard page.=0D + //=0D + // If bit is set, a head guard page and a tail guard page will be added = just=0D + // before and after corresponding type of pages which the allocated pool= occupies,=0D + // if there's enough free memory for all of them. The pool allocation fo= r the=0D + // type related to cleared bits keeps the same as ususal.=0D + //=0D + // This bitfield is only valid if PoolGuardEnabled and/or PoolGuardEnabl= ed are set in HeapGuardPolicy.=0D + DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardPoolType;=0D +=0D + // Indicates which type allocation need guard page.=0D + //=0D + // If a bit is set, a head guard page and a tail guard page will be adde= d just=0D + // before and after corresponding type of pages allocated if there's eno= ugh=0D + // free pages for all of them. The page allocation for the type related = to=0D + // cleared bits keeps the same as ususal.=0D + //=0D + // This bitfield is only valid if PageGuardEnabled is set in HeapGuardPo= licy.=0D + DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardPageType;=0D +=0D + // DXE no execute memory protection policy.=0D + //=0D + // If a bit is set, memory regions of the associated type will be mapped= =0D + // non-executable. If a bit is cleared, nothing will be done to associat= ed type of memory.=0D + //=0D + // NOTE: User MUST set the same NX protection for EfiBootServicesData an= d EfiConventionalMemory.=0D + DXE_HEAP_GUARD_MEMORY_TYPES NxProtectionPolicy;=0D +} DXE_MEMORY_PROTECTION_SETTINGS;=0D +=0D +#define HOB_DXE_MEMORY_PROTECTION_SETTINGS_GUID \=0D + { \=0D + { 0x9ABFD639, 0xD1D0, 0x4EFF, { 0xBD, 0xB6, 0x7E, 0xC4, 0x19, 0x0D, 0x= 17, 0xD5 } } \=0D + }=0D +=0D +extern GUID gDxeMemoryProtectionSettingsGuid;=0D +=0D +// HeapGuardPolicy.Fields.GuardAlignment value indicating tail alignment=0D +#define POOL_ALIGNED_TO_TAIL_GUARD 0=0D +=0D +// HeapGuardPolicy.Fields.GuardAlignment value indicating head alignment=0D +#define POOL_ALIGNED_TO_HEAD_GUARD 1=0D +=0D +//=0D +// A memory profile with strict settings.=0D +//=0D +#define DXE_MEMORY_PROTECTION_SETTINGS_DEBUG \=0D + { \=0D + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \=0D + TRUE, /* Stack Guard On */ \=0D + { \=0D + .Fields.NullDetectionEnabled =3D 1, \=0D + .Fields.DisableEndOfDxe =3D 0, \=0D + .Fields.NonstopModeEnabled =3D 1 \=0D + }, \=0D + { \=0D + .Fields.PageGuardEnabled =3D 1, \=0D + .Fields.PoolGuardEnabled =3D 1, \=0D + .Fields.FreedMemoryGuardEnabled =3D 0, \=0D + .Fields.NonstopModeEnabled =3D 1, \=0D + .Fields.GuardAlignment =3D 0 \=0D + }, \=0D + { \=0D + .Fields.ProtectImageFromUnknown =3D 1, \=0D + .Fields.ProtectImageFromFv =3D 1, \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 1, \=0D + .Fields.EfiLoaderCode =3D 1, \=0D + .Fields.EfiLoaderData =3D 1, \=0D + .Fields.EfiBootServicesCode =3D 1, \=0D + .Fields.EfiBootServicesData =3D 1, \=0D + .Fields.EfiRuntimeServicesCode =3D 1, \=0D + .Fields.EfiRuntimeServicesData =3D 1, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 1, \=0D + .Fields.EfiACPIReclaimMemory =3D 1, \=0D + .Fields.EfiACPIMemoryNVS =3D 1, \=0D + .Fields.EfiMemoryMappedIO =3D 1, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \=0D + .Fields.EfiPalCode =3D 1, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 1, \=0D + .Fields.OSReserved =3D 1 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 1, \=0D + .Fields.EfiLoaderCode =3D 1, \=0D + .Fields.EfiLoaderData =3D 1, \=0D + .Fields.EfiBootServicesCode =3D 1, \=0D + .Fields.EfiBootServicesData =3D 1, \=0D + .Fields.EfiRuntimeServicesCode =3D 1, \=0D + .Fields.EfiRuntimeServicesData =3D 1, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 1, \=0D + .Fields.EfiACPIReclaimMemory =3D 1, \=0D + .Fields.EfiACPIMemoryNVS =3D 1, \=0D + .Fields.EfiMemoryMappedIO =3D 1, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \=0D + .Fields.EfiPalCode =3D 1, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 1, \=0D + .Fields.OSReserved =3D 1 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 1, \=0D + .Fields.EfiLoaderCode =3D 1, \=0D + .Fields.EfiLoaderData =3D 1, \=0D + .Fields.EfiBootServicesCode =3D 1, \=0D + .Fields.EfiBootServicesData =3D 1, \=0D + .Fields.EfiRuntimeServicesCode =3D 1, \=0D + .Fields.EfiRuntimeServicesData =3D 1, \=0D + .Fields.EfiConventionalMemory =3D 1, \=0D + .Fields.EfiUnusableMemory =3D 1, \=0D + .Fields.EfiACPIReclaimMemory =3D 1, \=0D + .Fields.EfiACPIMemoryNVS =3D 1, \=0D + .Fields.EfiMemoryMappedIO =3D 1, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \=0D + .Fields.EfiPalCode =3D 1, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 1, \=0D + .Fields.OSReserved =3D 1 \=0D + } \=0D + }=0D +=0D +//=0D +// A memory profile recommended for production. Compared to the debug=0D +// settings, this removes the pool guards and uses page guards for=0D +// fewer memory types.=0D +//=0D +#define DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE \=0D + { \=0D + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \=0D + TRUE, /* Stack Guard On */ \=0D + { \=0D + .Fields.NullDetectionEnabled =3D 1, \=0D + .Fields.DisableEndOfDxe =3D 0, \=0D + .Fields.NonstopModeEnabled =3D 0 \=0D + }, \=0D + { \=0D + .Fields.PageGuardEnabled =3D 1, \=0D + .Fields.PoolGuardEnabled =3D 0, \=0D + .Fields.FreedMemoryGuardEnabled =3D 0, \=0D + .Fields.NonstopModeEnabled =3D 0, \=0D + .Fields.GuardAlignment =3D 0 \=0D + }, \=0D + { \=0D + .Fields.ProtectImageFromUnknown =3D 0, \=0D + .Fields.ProtectImageFromFv =3D 1, \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 0, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 0, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 1, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 1, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 1, \=0D + .Fields.EfiLoaderCode =3D 1, \=0D + .Fields.EfiLoaderData =3D 1, \=0D + .Fields.EfiBootServicesCode =3D 1, \=0D + .Fields.EfiBootServicesData =3D 1, \=0D + .Fields.EfiRuntimeServicesCode =3D 1, \=0D + .Fields.EfiRuntimeServicesData =3D 1, \=0D + .Fields.EfiConventionalMemory =3D 1, \=0D + .Fields.EfiUnusableMemory =3D 1, \=0D + .Fields.EfiACPIReclaimMemory =3D 1, \=0D + .Fields.EfiACPIMemoryNVS =3D 1, \=0D + .Fields.EfiMemoryMappedIO =3D 1, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \=0D + .Fields.EfiPalCode =3D 1, \=0D + .Fields.EfiPersistentMemory =3D 1, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + } \=0D + }=0D +=0D +//=0D +// A memory profile which mirrors DXE_MEMORY_PROTECTION_SETTINGS_PROD_MOD= E=0D +// but doesn't include page guards.=0D +//=0D +#define DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE_NO_PAGE_GUARDS \=0D + { \=0D + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \=0D + TRUE, /* Stack Guard On */ \=0D + { \=0D + .Fields.NullDetectionEnabled =3D 1, \=0D + .Fields.DisableEndOfDxe =3D 0, \=0D + .Fields.NonstopModeEnabled =3D 0 \=0D + }, \=0D + { \=0D + .Fields.PageGuardEnabled =3D 0, \=0D + .Fields.PoolGuardEnabled =3D 0, \=0D + .Fields.FreedMemoryGuardEnabled =3D 0, \=0D + .Fields.NonstopModeEnabled =3D 0, \=0D + .Fields.GuardAlignment =3D 0 \=0D + }, \=0D + { \=0D + .Fields.ProtectImageFromUnknown =3D 0, \=0D + .Fields.ProtectImageFromFv =3D 1, \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 0, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 0, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 0, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 0, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 1, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 1, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 1, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 1, \=0D + .Fields.EfiConventionalMemory =3D 1, \=0D + .Fields.EfiUnusableMemory =3D 1, \=0D + .Fields.EfiACPIReclaimMemory =3D 1, \=0D + .Fields.EfiACPIMemoryNVS =3D 1, \=0D + .Fields.EfiMemoryMappedIO =3D 1, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 1, \=0D + .Fields.EfiPalCode =3D 1, \=0D + .Fields.EfiPersistentMemory =3D 1, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + } \=0D + }=0D +=0D +//=0D +// A memory profile which disables all memory protection settings.=0D +//=0D +#define DXE_MEMORY_PROTECTION_SETTINGS_OFF \=0D + { \=0D + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \=0D + FALSE, /* Stack Guard On */ \=0D + { \=0D + .Fields.NullDetectionEnabled =3D 0, \=0D + .Fields.DisableEndOfDxe =3D 0, \=0D + .Fields.NonstopModeEnabled =3D 0 \=0D + }, \=0D + { \=0D + .Fields.PageGuardEnabled =3D 0, \=0D + .Fields.PoolGuardEnabled =3D 0, \=0D + .Fields.FreedMemoryGuardEnabled =3D 0, \=0D + .Fields.NonstopModeEnabled =3D 0, \=0D + .Fields.GuardAlignment =3D 0 \=0D + }, \=0D + { \=0D + .Fields.ProtectImageFromUnknown =3D 0, \=0D + .Fields.ProtectImageFromFv =3D 0, \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 0, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 0, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 0, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 0, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 0, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 0, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + } \=0D + }=0D +=0D +#endif=0D diff --git a/MdeModulePkg/Include/Guid/MmMemoryProtectionSettings.h b/MdeMo= dulePkg/Include/Guid/MmMemoryProtectionSettings.h=0D new file mode 100644=0D index 000000000000..77c362afcc1e=0D --- /dev/null=0D +++ b/MdeModulePkg/Include/Guid/MmMemoryProtectionSettings.h=0D @@ -0,0 +1,239 @@=0D +/** @file=0D +=0D +Defines memory protection settings guid and struct=0D +=0D +Copyright (C) Microsoft Corporation. All rights reserved.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#ifndef MM_MEMORY_PROTECTION_SETTINGS_H_=0D +#define MM_MEMORY_PROTECTION_SETTINGS_H_=0D +=0D +typedef union {=0D + UINT8 Data;=0D + struct {=0D + UINT8 NullDetectionEnabled : 1;=0D + UINT8 NonstopModeEnabled : 1;=0D + } Fields;=0D +} MM_NULL_DETECTION_POLICY;=0D +=0D +typedef union {=0D + UINT8 Data;=0D + struct {=0D + UINT8 PageGuardEnabled : 1;=0D + UINT8 PoolGuardEnabled : 1;=0D + UINT8 NonstopModeEnabled : 1;=0D + UINT8 GuardAlignment : 1;=0D + } Fields;=0D +} MM_HEAP_GUARD_POLICY;=0D +=0D +typedef union {=0D + UINT32 Data;=0D + struct {=0D + UINT8 EfiReservedMemoryType : 1;=0D + UINT8 EfiLoaderCode : 1;=0D + UINT8 EfiLoaderData : 1;=0D + UINT8 EfiBootServicesCode : 1;=0D + UINT8 EfiBootServicesData : 1;=0D + UINT8 EfiRuntimeServicesCode : 1;=0D + UINT8 EfiRuntimeServicesData : 1;=0D + UINT8 EfiConventionalMemory : 1;=0D + UINT8 EfiUnusableMemory : 1;=0D + UINT8 EfiACPIReclaimMemory : 1;=0D + UINT8 EfiACPIMemoryNVS : 1;=0D + UINT8 EfiMemoryMappedIO : 1;=0D + UINT8 EfiMemoryMappedIOPortSpace : 1;=0D + UINT8 EfiPalCode : 1;=0D + UINT8 EfiPersistentMemory : 1;=0D + UINT8 OEMReserved : 1;=0D + UINT8 OSReserved : 1;=0D + } Fields;=0D +} MM_HEAP_GUARD_MEMORY_TYPES;=0D +=0D +typedef UINT8 MM_MEMORY_PROTECTION_SETTINGS_VERSION;=0D +=0D +#define MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION 1 // Current iterat= ion of MM_MEMORY_PROTECTION_SETTINGS=0D +=0D +//=0D +// Memory Protection Settings struct=0D +//=0D +typedef struct {=0D + // The current version of the structure definition. This is used to ensu= re there isn't a definition mismatch=0D + // if modules have differing iterations of this header. When creating th= is struct, use the=0D + // MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION macro.=0D + MM_MEMORY_PROTECTION_SETTINGS_VERSION StructVersion;=0D +=0D + // If enabled, accessing NULL address in UEFI or SMM code can be caught = by marking=0D + // the NULL page as not present.=0D + //=0D + // .NullDetectionEnabled : Enable MM NULL detection.=0D + // .NonstopModeEnabled : Enable MM non-stop mode. If enabled, t= he debug flag will be raised=0D + // to break into debugger when a fault oc= curs.=0D + MM_NULL_DETECTION_POLICY NullPointerDetectionPolicy;=0D +=0D + // Bitfield to control Heap Guard behavior.=0D + //=0D + // Note:=0D + // a) Due to the limit of pool memory implementation and the alignment= =0D + // requirement of UEFI spec, HeapGuardPolicy.GuardAlignment is a try= -best=0D + // setting which cannot guarantee that the returned pool is exactly= =0D + // adjacent to head guard page or tail guard page.=0D + //=0D + // .PageGuardEnabled : Enable MM page guard.=0D + // .PoolGuardEnabled : Enable MM pool guard.=0D + // .NonstopModeEnabled : Enable MM non-stop mode. If enabled, th= e debug flag will be raised=0D + // to break into debugger when a fault occ= urs.=0D + // .GuardAlignment : The alignment of Guard Page for Pool Gu= ard.=0D + // 0 - The returned pool is near the tail = guard page.=0D + // 1 - The returned pool is near the head = guard page.=0D + MM_HEAP_GUARD_POLICY HeapGuardPolicy;=0D +=0D + // Indicates which type allocation need guard page.=0D + //=0D + // If bit is set, a head guard page and a tail guard page will be added = just=0D + // before and after corresponding type of pages which the allocated pool= occupies,=0D + // if there's enough free memory for all of them. The pool allocation fo= r the=0D + // type related to cleared bits keeps the same as ususal.=0D + //=0D + // This bitfield is only valid if PoolGuardEnabled and/or PoolGuardEnabl= ed are set in HeapGuardPolicy.=0D + MM_HEAP_GUARD_MEMORY_TYPES HeapGuardPoolType;=0D +=0D + // Indicates which type allocation need guard page.=0D + //=0D + // If a bit is set, a head guard page and a tail guard page will be adde= d just=0D + // before and after corresponding type of pages allocated if there's eno= ugh=0D + // free pages for all of them. The page allocation for the type related = to=0D + // cleared bits keeps the same as ususal.=0D + //=0D + // This bitfield is only valid if PageGuardEnabled is set in HeapGuardPo= licy.=0D + MM_HEAP_GUARD_MEMORY_TYPES HeapGuardPageType;=0D +} MM_MEMORY_PROTECTION_SETTINGS;=0D +=0D +#define HOB_MM_MEMORY_PROTECTION_SETTINGS_GUID \=0D + { \=0D + { 0x0CF445DD, 0xA67C, 0x4F8C, { 0x81, 0x9B, 0xB7, 0xB6, 0x86, 0xED, 0x= 7C, 0x75 } } \=0D + }=0D +=0D +extern GUID gMmMemoryProtectionSettingsGuid;=0D +=0D +// HeapGuardPolicy.Fields.GuardAlignment value indicating tail alignment=0D +#define HEAP_GUARD_ALIGNED_TO_TAIL 0=0D +=0D +// HeapGuardPolicy.Fields.GuardAlignment value indicating head alignment=0D +#define HEAP_GUARD_ALIGNED_TO_HEAD 1=0D +=0D +//=0D +// An MM memory profile with strict settings. This will likely add to the= =0D +// total boot time but will catch more configuration and memory errors.=0D +//=0D +#define MM_MEMORY_PROTECTION_SETTINGS_DEBUG \=0D + { \=0D + MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \=0D + { \=0D + .Fields.NullDetectionEnabled =3D 1, \=0D + .Fields.NonstopModeEnabled =3D 1 \=0D + }, \=0D + { \=0D + .Fields.PageGuardEnabled =3D 1, \=0D + .Fields.PoolGuardEnabled =3D 1, \=0D + .Fields.NonstopModeEnabled =3D 1, \=0D + .Fields.GuardAlignment =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 1, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 1, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 1, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 1, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + } \=0D + }=0D +=0D +//=0D +// An SMM memory profile with all settings off.=0D +//=0D +#define MM_MEMORY_PROTECTION_SETTINGS_OFF \=0D + { \=0D + MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \=0D + { \=0D + .Fields.NullDetectionEnabled =3D 1, \=0D + .Fields.NonstopModeEnabled =3D 0 \=0D + }, \=0D + { \=0D + .Fields.PageGuardEnabled =3D 0, \=0D + .Fields.PoolGuardEnabled =3D 0, \=0D + .Fields.NonstopModeEnabled =3D 0, \=0D + .Fields.GuardAlignment =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 0, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 0, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + }, \=0D + { \=0D + .Fields.EfiReservedMemoryType =3D 0, \=0D + .Fields.EfiLoaderCode =3D 0, \=0D + .Fields.EfiLoaderData =3D 0, \=0D + .Fields.EfiBootServicesCode =3D 0, \=0D + .Fields.EfiBootServicesData =3D 0, \=0D + .Fields.EfiRuntimeServicesCode =3D 0, \=0D + .Fields.EfiRuntimeServicesData =3D 0, \=0D + .Fields.EfiConventionalMemory =3D 0, \=0D + .Fields.EfiUnusableMemory =3D 0, \=0D + .Fields.EfiACPIReclaimMemory =3D 0, \=0D + .Fields.EfiACPIMemoryNVS =3D 0, \=0D + .Fields.EfiMemoryMappedIO =3D 0, \=0D + .Fields.EfiMemoryMappedIOPortSpace =3D 0, \=0D + .Fields.EfiPalCode =3D 0, \=0D + .Fields.EfiPersistentMemory =3D 0, \=0D + .Fields.OEMReserved =3D 0, \=0D + .Fields.OSReserved =3D 0 \=0D + } \=0D + }=0D +=0D +#endif=0D diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec= =0D index 95dd077e19b3..89001f217ed1 100644=0D --- a/MdeModulePkg/MdeModulePkg.dec=0D +++ b/MdeModulePkg/MdeModulePkg.dec=0D @@ -399,6 +399,16 @@ [Guids]=0D ## Include/Guid/EndofS3Resume.h=0D gEdkiiEndOfS3ResumeGuid =3D { 0x96f5296d, 0x05f7, 0x4f3c, {0x84, 0x67, 0= xe4, 0x56, 0x89, 0x0e, 0x0c, 0xb5 } }=0D =0D + ## DXE Memory Protection Settings Guid. Used to create and fetch the DXE= memory protection settings HOB entry.=0D + #=0D + # Include/Guid/DxeMemoryProtectionSettings=0D + gDxeMemoryProtectionSettingsGuid =3D { 0x9ABFD639, 0xD1D0, 0x4EFF, { 0xB= D, 0xB6, 0x7E, 0xC4, 0x19, 0x0D, 0x17, 0xD5 }}=0D +=0D + ## SMM Memory Protection Settings Guid. Used to create and fetch the SMM= memory protection settings HOB entry.=0D + #=0D + # Include/Guid/MmMemoryProtectionSettings=0D + gMmMemoryProtectionSettingsGuid =3D { 0x0CF445DD, 0xA67C, 0x4F8C, { 0x81= , 0x9B, 0xB7, 0xB6, 0x86, 0xED, 0x7C, 0x75 }}=0D +=0D ## Used (similar to Variable Services) to communicate policies to the en= forcement engine.=0D # {DA1B0D11-D1A7-46C4-9DC9-F3714875C6EB}=0D gVarCheckPolicyLibMmiHandlerGuid =3D { 0xda1b0d11, 0xd1a7, 0x46c4, { 0x9= d, 0xc9, 0xf3, 0x71, 0x48, 0x75, 0xc6, 0xeb }}=0D -- =0D 2.36.1.windows.1=0D =0D