From: "Taylor Beebe" <t@taylorbeebe.com>
To: devel@edk2.groups.io
Cc: Taylor Beebe <t@taylorbeebe.com>,
Jian J Wang <jian.j.wang@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Dandan Bi <dandan.bi@intel.com>
Subject: [PATCH v1 2/3] MdeModulePkg: Add MemoryProtectionHobLib Definitions and NULL Libs
Date: Fri, 9 Jun 2023 13:26:00 -0700 [thread overview]
Message-ID: <20230609202601.1153-3-t@taylorbeebe.com> (raw)
In-Reply-To: <20230609202601.1153-1-t@taylorbeebe.com>
DxeMemoryProtectionHobLib and MmMemoryProtectionHobLib will fetch
the memory protection settings HOB entry for their respective phase,
validate the settings, and populate a global for access.
Memory protection settings are currently dictated via
FixedAtBuild PCDs where the settings needed to be masked.
A future patch series will replace instances of checking the
PCDs with checks to the memory protection globals populated by
MemoryProtectionHobLib.
Signed-off-by: Taylor Beebe <t@taylorbeebe.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dandan Bi <dandan.bi@intel.com>
---
MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c | 33 ++++++++++++++++++
MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c | 33 ++++++++++++++++++
MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h | 36 ++++++++++++++++++++
MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h | 36 ++++++++++++++++++++
MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf | 25 ++++++++++++++
MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf | 26 ++++++++++++++
MdeModulePkg/MdeModulePkg.dec | 8 +++++
MdeModulePkg/MdeModulePkg.dsc | 8 +++++
8 files changed, 205 insertions(+)
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c
new file mode 100644
index 000000000000..4f0191d04974
--- /dev/null
+++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c
@@ -0,0 +1,33 @@
+/** @file
+Library defines the gDxeMps global
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+#include <Library/DxeMemoryProtectionHobLib.h>
+
+// According to the C Specification, a global variable
+// which is uninitialized will be zero. The net effect
+// is memory protections will be OFF.
+DXE_MEMORY_PROTECTION_SETTINGS gDxeMps;
+
+/**
+ Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPES bitfield
+
+ @param[in] MemoryType Memory type to check.
+ @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield
+
+ @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GUARD_MEMORY_TYPES
+ @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_GUARD_MEMORY_TYPES
+**/
+BOOLEAN
+EFIAPI
+GetDxeMemoryTypeSettingFromBitfield (
+ IN EFI_MEMORY_TYPE MemoryType,
+ IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType
+ )
+{
+ return FALSE;
+}
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c
new file mode 100644
index 000000000000..c62c9d772063
--- /dev/null
+++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c
@@ -0,0 +1,33 @@
+/** @file
+Library defines the gMmMps global
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+#include <Library/MmMemoryProtectionHobLib.h>
+
+// According to the C Specification, a global variable
+// which is uninitialized will be zero. The net effect
+// is memory protections will be OFF.
+MM_MEMORY_PROTECTION_SETTINGS gMmMps;
+
+/**
+ Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES bitfield
+
+ @param[in] MemoryType Memory type to check.
+ @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield
+
+ @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUARD_MEMORY_TYPES
+ @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GUARD_MEMORY_TYPES
+**/
+BOOLEAN
+EFIAPI
+GetMmMemoryTypeSettingFromBitfield (
+ IN EFI_MEMORY_TYPE MemoryType,
+ IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType
+ )
+{
+ return FALSE;
+}
diff --git a/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h
new file mode 100644
index 000000000000..4f49a00a8683
--- /dev/null
+++ b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h
@@ -0,0 +1,36 @@
+/** @file
+
+Library for controlling hob-backed memory protection settings
+
+Copyright (C) Microsoft Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_
+#define DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_
+
+#include <Guid/DxeMemoryProtectionSettings.h>
+
+//
+// The global used to access current Memory Protection Settings
+//
+extern DXE_MEMORY_PROTECTION_SETTINGS gDxeMps;
+
+/**
+ Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPES bitfield
+
+ @param[in] MemoryType Memory type to check.
+ @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield
+
+ @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GUARD_MEMORY_TYPES
+ @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_GUARD_MEMORY_TYPES
+**/
+BOOLEAN
+EFIAPI
+GetDxeMemoryTypeSettingFromBitfield (
+ IN EFI_MEMORY_TYPE MemoryType,
+ IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType
+ );
+
+#endif
diff --git a/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h
new file mode 100644
index 000000000000..efeaa9fd55aa
--- /dev/null
+++ b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h
@@ -0,0 +1,36 @@
+/** @file
+
+Library for controlling hob-backed memory protection settings
+
+Copyright (C) Microsoft Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_
+#define MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_
+
+#include <Guid/MmMemoryProtectionSettings.h>
+
+//
+// The global used to access current Memory Protection Settings
+//
+extern MM_MEMORY_PROTECTION_SETTINGS gMmMps;
+
+/**
+ Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES bitfield
+
+ @param[in] MemoryType Memory type to check.
+ @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield
+
+ @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUARD_MEMORY_TYPES
+ @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GUARD_MEMORY_TYPES
+**/
+BOOLEAN
+EFIAPI
+GetMmMemoryTypeSettingFromBitfield (
+ IN EFI_MEMORY_TYPE MemoryType,
+ IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType
+ );
+
+#endif
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
new file mode 100644
index 000000000000..6a3166a23b46
--- /dev/null
+++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
@@ -0,0 +1,25 @@
+## @file
+# NULL library which defines gDxeMps
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = DxeMemoryProtectionHobLibNull
+ FILE_GUID = a35c1dc1-0769-421b-a8bc-9db69fae4334
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = DxeMemoryProtectionHobLib
+
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ DxeMemoryProtectionHobLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
new file mode 100644
index 000000000000..61f50921ee04
--- /dev/null
+++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
@@ -0,0 +1,26 @@
+## @file
+# NULL library which defines gMmMps
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MmMemoryProtectionHobLibNull
+ FILE_GUID = 4e3f6fd9-4ab5-4911-b80b-009d3338b4b2
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = MmMemoryProtectionHobLib
+
+#
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+#
+
+[Sources]
+ MmMemoryProtectionHobLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 89001f217ed1..50dae9180d2b 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -164,6 +164,14 @@ [LibraryClasses]
#
VariableFlashInfoLib|Include/Library/VariableFlashInfoLib.h
+ ## @libraryclass Provides a way to toggle DXE memory protection settings
+ #
+ DxeMemoryProtectionHobLib|Include/Library/DxeMemoryProtectionHobLib.h
+
+ ## @libraryclass Provides a way to toggle SMM memory protection settings
+ #
+ MmMemoryProtectionHobLib|Include/Library/MmMemoryProtectionHobLib.h
+
[Guids]
## MdeModule package token space guid
# Include/Guid/MdeModulePkgTokenSpace.h
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 5b1f50e9c084..ab6848dc934b 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -107,6 +107,12 @@ [LibraryClasses]
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf
+[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, LibraryClasses.common.UEFI_APPLICATION]
+ DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
+
+[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE]
+ MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
+
[LibraryClasses.EBC.PEIM]
IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
@@ -231,6 +237,8 @@ [Components]
MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
+ MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
+ MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf
MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf
MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
--
2.36.1.windows.1
next prev parent reply other threads:[~2023-06-09 20:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-09 20:25 [PATCH v1 0/3] MdeModulePkg: Adding Dynamic Memory Protection Settings Libraries Taylor Beebe
2023-06-09 20:25 ` [PATCH v1 1/3] MdeModulePkg: Add DXE and MM Memory Protection Settings HOB Definitions Taylor Beebe
2023-06-09 20:26 ` Taylor Beebe [this message]
2023-06-09 20:26 ` [PATCH v1 3/3] MdeModulePkg: Add Phase-Specific MemoryProtectionHobLib Implementations Taylor Beebe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230609202601.1153-3-t@taylorbeebe.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox