From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web10.4852.1686342393938174145 for ; Fri, 09 Jun 2023 13:26:34 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="signature has expired" header.i=@taylorbeebe.com header.s=google header.b=bJHTTtFH; spf=pass (domain: taylorbeebe.com, ip: 209.85.214.169, mailfrom: t@taylorbeebe.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1b075e13a5eso11321615ad.3 for ; Fri, 09 Jun 2023 13:26:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=taylorbeebe.com; s=google; t=1686342393; x=1688934393; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=txSCufe1qmjao3hC+QCJqBNrEml31LpxVv78Fj3UlGI=; b=bJHTTtFHX1c0c/cGvzsi7SbxAKTW6kpH8ZBtEHBSLbs//mMXI6kQCghJQQy5hsj6p9 9TsvyIxGrxsxiKXntJwpEooU8biK0f1Wl4dhF1SMf/2QfSYoVVB+8cMbWsysz9uISpx0 dqGPxAaBVSWstC6uR3POerdhraJ56bSRNfeKzf/HMvpnlMXveQaaDkpyaszEpRrGW4Jn FnBTNMgbEY49dxEafryjwNuEheo9QI21q5MgQ+HOmHgFbW1vws3CgF+v8zGWhJUhTgPA j7XTFP2iAzLmZI7CAyNBB0PtZDhS5xB/wuQbEhSWCMnaKI3hWBmFLPqYR9rNWm1/6Heg A5FQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686342393; x=1688934393; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=txSCufe1qmjao3hC+QCJqBNrEml31LpxVv78Fj3UlGI=; b=IhrstqpAnV/3dPbQpBmOUDQGIA1NjRUFnnM9D2WnRay7WPYgAEwdmMiAXkl98LcIdz /uG/0NIXLd/IWcBIbUgJBxr1g9/DbfiQXeuHockCR52cE624eyWszIgZR4VsoWbgmpov pmpvsnqIFupALJCKUzzFvzmtyQDhIZWfIJAuRnbE6J/83vxrBLe1uMfobK2nLRfA3mAF Z1zkbrARVMYHfueZ7q3p8U0E6dM0cF4ipsDzofYU5/lZlALrd/46CsIj2yLrpTQR6xVZ JU5OtXKPLFvwXl4abamn8IH6mnB6OZAWaeSg+kP5QtdJdyFbkYm/NVGNNIvb9iMOGVei pLJA== X-Gm-Message-State: AC+VfDz5MTmU1oF7NVilFP21MnpAAns0m3/37R9qWPkcufMRZ7/v3hVR 8MQbrJVmOB/z0bQTzhrtxZxp7qj/RJw9ngyxxWw3Hw== X-Google-Smtp-Source: ACHHUZ6aIccLH5NGUDk1Esq3+aYZxPasmqz/kMlBI4zY0gvE7ThHYt0coTaiV/plS1ZJValq8vrqTA== X-Received: by 2002:a17:903:1109:b0:1b0:2d08:eb51 with SMTP id n9-20020a170903110900b001b02d08eb51mr2543481plh.12.1686342393295; Fri, 09 Jun 2023 13:26:33 -0700 (PDT) Return-Path: Received: from localhost.localdomain ([50.46.230.135]) by smtp.gmail.com with ESMTPSA id a7-20020a170902ecc700b001a69c1c78e7sm3689500plh.71.2023.06.09.13.26.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jun 2023 13:26:33 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Taylor Beebe , Jian J Wang , Liming Gao , Dandan Bi Subject: [PATCH v1 2/3] MdeModulePkg: Add MemoryProtectionHobLib Definitions and NULL Libs Date: Fri, 9 Jun 2023 13:26:00 -0700 Message-Id: <20230609202601.1153-3-t@taylorbeebe.com> X-Mailer: git-send-email 2.36.1.windows.1 In-Reply-To: <20230609202601.1153-1-t@taylorbeebe.com> References: <20230609202601.1153-1-t@taylorbeebe.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable DxeMemoryProtectionHobLib and MmMemoryProtectionHobLib will fetch=0D the memory protection settings HOB entry for their respective phase,=0D validate the settings, and populate a global for access.=0D =0D Memory protection settings are currently dictated via=0D FixedAtBuild PCDs where the settings needed to be masked.=0D A future patch series will replace instances of checking the=0D PCDs with checks to the memory protection globals populated by=0D MemoryProtectionHobLib.=0D =0D Signed-off-by: Taylor Beebe =0D Cc: Jian J Wang =0D Cc: Liming Gao =0D Cc: Dandan Bi =0D ---=0D MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibN= ull.c | 33 ++++++++++++++++++=0D MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNu= ll.c | 33 ++++++++++++++++++=0D MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h = | 36 ++++++++++++++++++++=0D MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h = | 36 ++++++++++++++++++++=0D MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibN= ull.inf | 25 ++++++++++++++=0D MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNu= ll.inf | 26 ++++++++++++++=0D MdeModulePkg/MdeModulePkg.dec = | 8 +++++=0D MdeModulePkg/MdeModulePkg.dsc = | 8 +++++=0D 8 files changed, 205 insertions(+)=0D =0D diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProte= ctionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemo= ryProtectionHobLibNull.c=0D new file mode 100644=0D index 000000000000..4f0191d04974=0D --- /dev/null=0D +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHo= bLibNull.c=0D @@ -0,0 +1,33 @@=0D +/** @file=0D +Library defines the gDxeMps global=0D +=0D +Copyright (c) Microsoft Corporation.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +**/=0D +=0D +#include =0D +#include =0D +=0D +// According to the C Specification, a global variable=0D +// which is uninitialized will be zero. The net effect=0D +// is memory protections will be OFF.=0D +DXE_MEMORY_PROTECTION_SETTINGS gDxeMps;=0D +=0D +/**=0D + Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPE= S bitfield=0D +=0D + @param[in] MemoryType Memory type to check.=0D + @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield=0D +=0D + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GU= ARD_MEMORY_TYPES=0D + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_G= UARD_MEMORY_TYPES=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +GetDxeMemoryTypeSettingFromBitfield (=0D + IN EFI_MEMORY_TYPE MemoryType,=0D + IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType=0D + )=0D +{=0D + return FALSE;=0D +}=0D diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtec= tionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemory= ProtectionHobLibNull.c=0D new file mode 100644=0D index 000000000000..c62c9d772063=0D --- /dev/null=0D +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHob= LibNull.c=0D @@ -0,0 +1,33 @@=0D +/** @file=0D +Library defines the gMmMps global=0D +=0D +Copyright (c) Microsoft Corporation.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +**/=0D +=0D +#include =0D +#include =0D +=0D +// According to the C Specification, a global variable=0D +// which is uninitialized will be zero. The net effect=0D +// is memory protections will be OFF.=0D +MM_MEMORY_PROTECTION_SETTINGS gMmMps;=0D +=0D +/**=0D + Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES= bitfield=0D +=0D + @param[in] MemoryType Memory type to check.=0D + @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield=0D +=0D + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUA= RD_MEMORY_TYPES=0D + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GU= ARD_MEMORY_TYPES=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +GetMmMemoryTypeSettingFromBitfield (=0D + IN EFI_MEMORY_TYPE MemoryType,=0D + IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType=0D + )=0D +{=0D + return FALSE;=0D +}=0D diff --git a/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h b/Mde= ModulePkg/Include/Library/DxeMemoryProtectionHobLib.h=0D new file mode 100644=0D index 000000000000..4f49a00a8683=0D --- /dev/null=0D +++ b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h=0D @@ -0,0 +1,36 @@=0D +/** @file=0D +=0D +Library for controlling hob-backed memory protection settings=0D +=0D +Copyright (C) Microsoft Corporation. All rights reserved.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#ifndef DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_=0D +#define DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_=0D +=0D +#include =0D +=0D +//=0D +// The global used to access current Memory Protection Settings=0D +//=0D +extern DXE_MEMORY_PROTECTION_SETTINGS gDxeMps;=0D +=0D +/**=0D + Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPE= S bitfield=0D +=0D + @param[in] MemoryType Memory type to check.=0D + @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield=0D +=0D + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GU= ARD_MEMORY_TYPES=0D + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_G= UARD_MEMORY_TYPES=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +GetDxeMemoryTypeSettingFromBitfield (=0D + IN EFI_MEMORY_TYPE MemoryType,=0D + IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType=0D + );=0D +=0D +#endif=0D diff --git a/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h b/MdeM= odulePkg/Include/Library/MmMemoryProtectionHobLib.h=0D new file mode 100644=0D index 000000000000..efeaa9fd55aa=0D --- /dev/null=0D +++ b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h=0D @@ -0,0 +1,36 @@=0D +/** @file=0D +=0D +Library for controlling hob-backed memory protection settings=0D +=0D +Copyright (C) Microsoft Corporation. All rights reserved.=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#ifndef MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_=0D +#define MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_=0D +=0D +#include =0D +=0D +//=0D +// The global used to access current Memory Protection Settings=0D +//=0D +extern MM_MEMORY_PROTECTION_SETTINGS gMmMps;=0D +=0D +/**=0D + Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES= bitfield=0D +=0D + @param[in] MemoryType Memory type to check.=0D + @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield=0D +=0D + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUA= RD_MEMORY_TYPES=0D + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GU= ARD_MEMORY_TYPES=0D +**/=0D +BOOLEAN=0D +EFIAPI=0D +GetMmMemoryTypeSettingFromBitfield (=0D + IN EFI_MEMORY_TYPE MemoryType,=0D + IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType=0D + );=0D +=0D +#endif=0D diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProte= ctionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMe= moryProtectionHobLibNull.inf=0D new file mode 100644=0D index 000000000000..6a3166a23b46=0D --- /dev/null=0D +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHo= bLibNull.inf=0D @@ -0,0 +1,25 @@=0D +## @file=0D +# NULL library which defines gDxeMps=0D +#=0D +# Copyright (c) Microsoft Corporation.=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D DxeMemoryProtectionHobLibNull=0D + FILE_GUID =3D a35c1dc1-0769-421b-a8bc-9db69fae4334= =0D + MODULE_TYPE =3D BASE=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D DxeMemoryProtectionHobLib=0D +=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64=0D +#=0D +=0D +[Sources]=0D + DxeMemoryProtectionHobLibNull.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + MdeModulePkg/MdeModulePkg.dec=0D diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtec= tionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemo= ryProtectionHobLibNull.inf=0D new file mode 100644=0D index 000000000000..61f50921ee04=0D --- /dev/null=0D +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHob= LibNull.inf=0D @@ -0,0 +1,26 @@=0D +## @file=0D +# NULL library which defines gMmMps=0D +#=0D +# Copyright (c) Microsoft Corporation.=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D MmMemoryProtectionHobLibNull=0D + FILE_GUID =3D 4e3f6fd9-4ab5-4911-b80b-009d3338b4b2= =0D + MODULE_TYPE =3D BASE=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D MmMemoryProtectionHobLib=0D +=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64=0D +#=0D +=0D +[Sources]=0D + MmMemoryProtectionHobLibNull.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + MdeModulePkg/MdeModulePkg.dec=0D +=0D diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec= =0D index 89001f217ed1..50dae9180d2b 100644=0D --- a/MdeModulePkg/MdeModulePkg.dec=0D +++ b/MdeModulePkg/MdeModulePkg.dec=0D @@ -164,6 +164,14 @@ [LibraryClasses]=0D #=0D VariableFlashInfoLib|Include/Library/VariableFlashInfoLib.h=0D =0D + ## @libraryclass Provides a way to toggle DXE memory protection settings= =0D + #=0D + DxeMemoryProtectionHobLib|Include/Library/DxeMemoryProtectionHobLib.h=0D +=0D + ## @libraryclass Provides a way to toggle SMM memory protection settings= =0D + #=0D + MmMemoryProtectionHobLib|Include/Library/MmMemoryProtectionHobLib.h=0D +=0D [Guids]=0D ## MdeModule package token space guid=0D # Include/Guid/MdeModulePkgTokenSpace.h=0D diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc= =0D index 5b1f50e9c084..ab6848dc934b 100644=0D --- a/MdeModulePkg/MdeModulePkg.dsc=0D +++ b/MdeModulePkg/MdeModulePkg.dsc=0D @@ -107,6 +107,12 @@ [LibraryClasses]=0D VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseV= ariableFlashInfoLib.inf=0D IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiComma= ndLibNull.inf=0D =0D +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, Library= Classes.common.UEFI_APPLICATION]=0D + DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNul= l/DxeMemoryProtectionHobLibNull.inf=0D +=0D +[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, Lib= raryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE]= =0D + MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull= /MmMemoryProtectionHobLibNull.inf=0D +=0D [LibraryClasses.EBC.PEIM]=0D IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf=0D =0D @@ -231,6 +237,8 @@ [Components]=0D MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf=0D MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf=0D MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf=0D + MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLi= bNull.inf=0D + MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLib= Null.inf=0D MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf=0D MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTa= bleLib.inf=0D MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf=0D -- =0D 2.36.1.windows.1=0D =0D