From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169])
 by mx.groups.io with SMTP id smtpd.web11.4785.1686342396563230431
 for <devel@edk2.groups.io>;
 Fri, 09 Jun 2023 13:26:36 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@taylorbeebe.com header.s=google header.b=Cd0cNsOL;
 spf=pass (domain: taylorbeebe.com, ip: 209.85.214.169, mailfrom: t@taylorbeebe.com)
Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1b038064d97so9687395ad.0
        for <devel@edk2.groups.io>; Fri, 09 Jun 2023 13:26:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=taylorbeebe.com; s=google; t=1686342396; x=1688934396;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=nS606XyAKSTM6auKI/pJKqhuE4zVG12K0d4LRf2clc0=;
        b=Cd0cNsOLI4GNkM1uFHA90u2L1FzxPWdLjNGVTAYoqb5AAcVDrPEb5wXG/7G58cTLxn
         NscsJCAyWV3ZaHBEU+OA6Bt2wl/Z+8Mpu2i86kQSL4HqV+ZJJuexGbfS1ibs8EMNmYV2
         bhYUy6mEiUIuPg217ndf8KPyjp65TGwoSXpYAEb/cLcRR50nqzg7Iyw+FjT7bc9yYVPO
         o90yAAB2nxsPTt8RKlX2W2f3eOiyBM1HcjQfDVp3QwgLmuKcn9UPaLBsVH147zT73hhN
         V3BZiAjNcpsunDTjs77xolMCP21h/3JPSu8BYLCQ6Vl2hEqzmZLJRIkZLTP+viEfh/Os
         /4lA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1686342396; x=1688934396;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=nS606XyAKSTM6auKI/pJKqhuE4zVG12K0d4LRf2clc0=;
        b=FbumP4iK3hHwtAfKky1P+cTHuLnKEsKESokuPyGb0Z0jjtXfBan8s1coJN7kVHt+VK
         oTYv4UbdLqM0l8wd6OIje8HaMl4rYv/6IWrRNnUuAGBn9QzVpDZODhO7+s/EH3/Hai2X
         PT/b8ygQHiiRFn212bL3ROjBXynQinIxEv8Pv+kdiDNtLIWIZogJpotdgmSLHn65+IZK
         aBslYGrC0o7bDJrCwZHulg0kmtXQrwXFepGL96gD+uzUR76qpskHWYIbrpqWoh6GzLk/
         Tnq70RB4ZYCvfwbEa1NIeog508rIv2q8vDmtZHoAqjfAkmihW1eQK/zWWyUPGcGwSLjc
         fe2g==
X-Gm-Message-State: AC+VfDyzLqhcLdubyBdmb1WDjJoN+6c8kAqh2SMhpq0EBBYkfH598wQD
	MmoS/YyFUf9BLOQmPMz3U94w0VG4gERiceAulur6eA==
X-Google-Smtp-Source: ACHHUZ5p9DDWC77GhXFQy2PPm+zHxjo/XBA0j8HdqdhTyEOMgApGwAwAT7VvnSpKPwqcrWTw++G/fw==
X-Received: by 2002:a17:902:ce87:b0:1b2:4fc1:da47 with SMTP id f7-20020a170902ce8700b001b24fc1da47mr7296447plg.21.1686342395825;
        Fri, 09 Jun 2023 13:26:35 -0700 (PDT)
Return-Path: <t@taylorbeebe.com>
Received: from localhost.localdomain ([50.46.230.135])
        by smtp.gmail.com with ESMTPSA id a7-20020a170902ecc700b001a69c1c78e7sm3689500plh.71.2023.06.09.13.26.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 Jun 2023 13:26:35 -0700 (PDT)
From: "Taylor Beebe" <t@taylorbeebe.com>
To: devel@edk2.groups.io
Cc: Taylor Beebe <t@taylorbeebe.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Dandan Bi <dandan.bi@intel.com>
Subject: [PATCH v1 3/3] MdeModulePkg: Add Phase-Specific MemoryProtectionHobLib Implementations
Date: Fri,  9 Jun 2023 13:26:01 -0700
Message-Id: <20230609202601.1153-4-t@taylorbeebe.com>
X-Mailer: git-send-email 2.36.1.windows.1
In-Reply-To: <20230609202601.1153-1-t@taylorbeebe.com>
References: <20230609202601.1153-1-t@taylorbeebe.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Add DXE, SMM, and STANDALONE MM implementations of the=0D
MemoryProtectionHobLib.=0D
=0D
Signed-off-by: Taylor Beebe <t@taylorbeebe.com>=0D
Cc: Jian J Wang <jian.j.wang@intel.com>=0D
Cc: Liming Gao <gaoliming@byosoft.com.cn>=0D
Cc: Dandan Bi <dandan.bi@intel.com>=0D
---=0D
 MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.c   =
         | 182 ++++++++++++++++++++=0D
 MdeModulePkg/Library/MemoryProtectionHobLib/MmCommonMemoryProtectionHobLib=
.c       | 139 +++++++++++++++=0D
 MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib.c   =
         |  37 ++++=0D
 MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtectionHo=
bLib.c   |  37 ++++=0D
 MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.inf =
         |  34 ++++=0D
 MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib.inf =
         |  35 ++++=0D
 MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtectionHo=
bLib.inf |  36 ++++=0D
 MdeModulePkg/MdeModulePkg.dsc                                             =
         |   3 +=0D
 8 files changed, 503 insertions(+)=0D
=0D
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectio=
nHobLib.c b/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtection=
HobLib.c=0D
new file mode 100644=0D
index 000000000000..fa6137f90eba=0D
--- /dev/null=0D
+++ b/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib=
.c=0D
@@ -0,0 +1,182 @@=0D
+/** @file=0D
+Library fills out gDxeMps global=0D
+=0D
+Copyright (c) Microsoft Corporation.=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#include <Uefi.h>=0D
+#include <Pi/PiMultiPhase.h>=0D
+#include <Uefi/UefiMultiPhase.h>=0D
+=0D
+#include <Library/DxeMemoryProtectionHobLib.h>=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/HobLib.h>=0D
+#include <Library/BaseMemoryLib.h>=0D
+=0D
+DXE_MEMORY_PROTECTION_SETTINGS  gDxeMps;=0D
+=0D
+/**=0D
+  Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPE=
S bitfield=0D
+=0D
+  @param[in]  MemoryType            Memory type to check.=0D
+  @param[in]  HeapGuardMemoryType   DXE_HEAP_GUARD_MEMORY_TYPES bitfield=0D
+=0D
+  @return TRUE  The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GU=
ARD_MEMORY_TYPES=0D
+  @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_G=
UARD_MEMORY_TYPES=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+GetDxeMemoryTypeSettingFromBitfield (=0D
+  IN EFI_MEMORY_TYPE              MemoryType,=0D
+  IN DXE_HEAP_GUARD_MEMORY_TYPES  HeapGuardMemoryType=0D
+  )=0D
+{=0D
+  switch (MemoryType) {=0D
+    case EfiReservedMemoryType:=0D
+      return HeapGuardMemoryType.Fields.EfiReservedMemoryType;=0D
+    case EfiLoaderCode:=0D
+      return HeapGuardMemoryType.Fields.EfiLoaderCode;=0D
+    case EfiLoaderData:=0D
+      return HeapGuardMemoryType.Fields.EfiLoaderData;=0D
+    case EfiBootServicesCode:=0D
+      return HeapGuardMemoryType.Fields.EfiBootServicesCode;=0D
+    case EfiBootServicesData:=0D
+      return HeapGuardMemoryType.Fields.EfiBootServicesData;=0D
+    case EfiRuntimeServicesCode:=0D
+      return HeapGuardMemoryType.Fields.EfiRuntimeServicesCode;=0D
+    case EfiRuntimeServicesData:=0D
+      return HeapGuardMemoryType.Fields.EfiRuntimeServicesData;=0D
+    case EfiConventionalMemory:=0D
+      return HeapGuardMemoryType.Fields.EfiConventionalMemory;=0D
+    case EfiUnusableMemory:=0D
+      return HeapGuardMemoryType.Fields.EfiUnusableMemory;=0D
+    case EfiACPIReclaimMemory:=0D
+      return HeapGuardMemoryType.Fields.EfiACPIReclaimMemory;=0D
+    case EfiACPIMemoryNVS:=0D
+      return HeapGuardMemoryType.Fields.EfiACPIMemoryNVS;=0D
+    case EfiMemoryMappedIO:=0D
+      return HeapGuardMemoryType.Fields.EfiMemoryMappedIO;=0D
+    case EfiMemoryMappedIOPortSpace:=0D
+      return HeapGuardMemoryType.Fields.EfiMemoryMappedIOPortSpace;=0D
+    case EfiPalCode:=0D
+      return HeapGuardMemoryType.Fields.EfiPalCode;=0D
+    case EfiPersistentMemory:=0D
+      return HeapGuardMemoryType.Fields.EfiPersistentMemory;=0D
+    default:=0D
+      return FALSE;=0D
+  }=0D
+}=0D
+=0D
+/**=0D
+  This function checks the memory protection settings and provides warning=
s of conflicts and/or=0D
+  potentially unforseen consequences from the settings. This logic will on=
ly ever turn off=0D
+  protections to create consistency, never turn others on.=0D
+**/=0D
+VOID=0D
+DxeMemoryProtectionSettingsConsistencyCheck (=0D
+  VOID=0D
+  )=0D
+{=0D
+  if ((gDxeMps.HeapGuardPolicy.Fields.PoolGuardEnabled || gDxeMps.HeapGuar=
dPolicy.Fields.PageGuardEnabled) &&=0D
+      gDxeMps.HeapGuardPolicy.Fields.FreedMemoryGuardEnabled)=0D
+  {=0D
+    DEBUG ((=0D
+      DEBUG_WARN,=0D
+      "%a: - HeapGuardPolicy.FreedMemoryGuardEnabled and "=0D
+      "UEFI HeapGuardPolicy.PoolGuardEnabled/HeapGuardPolicy.PageGuardEnab=
led "=0D
+      "cannot be active at the same time. Setting all three to ZERO in "=0D
+      "the memory protection settings global.\n",=0D
+      __func__=0D
+      ));=0D
+    ASSERT (=0D
+      !(gDxeMps.HeapGuardPolicy.Fields.FreedMemoryGuardEnabled &&=0D
+        (gDxeMps.HeapGuardPolicy.Fields.PoolGuardEnabled || gDxeMps.HeapGu=
ardPolicy.Fields.PageGuardEnabled))=0D
+      );=0D
+    gDxeMps.HeapGuardPolicy.Fields.PoolGuardEnabled        =3D 0;=0D
+    gDxeMps.HeapGuardPolicy.Fields.PageGuardEnabled        =3D 0;=0D
+    gDxeMps.HeapGuardPolicy.Fields.FreedMemoryGuardEnabled =3D 0;=0D
+  }=0D
+=0D
+  if (gDxeMps.HeapGuardPoolType.Data &&=0D
+      (!(gDxeMps.HeapGuardPolicy.Fields.PoolGuardEnabled)))=0D
+  {=0D
+    DEBUG ((=0D
+      DEBUG_WARN,=0D
+      "%a: - Heap Guard Pool protections are active, "=0D
+      "but neither HeapGuardPolicy.PoolGuardEnabled nor "=0D
+      "HeapGuardPolicy.PoolGuardEnabled are active.\n",=0D
+      __func__=0D
+      ));=0D
+  }=0D
+=0D
+  if (gDxeMps.HeapGuardPageType.Data &&=0D
+      (!(gDxeMps.HeapGuardPolicy.Fields.PageGuardEnabled)))=0D
+  {=0D
+    DEBUG ((=0D
+      DEBUG_WARN,=0D
+      "%a: - Heap Guard Page protections are active, "=0D
+      "but neither HeapGuardPolicy.PageGuardEnabled nor "=0D
+      "HeapGuardPolicy.PageGuardEnabled are active.\n",=0D
+      __func__=0D
+      ));=0D
+  }=0D
+=0D
+  if (gDxeMps.NxProtectionPolicy.Fields.EfiBootServicesData !=3D gDxeMps.N=
xProtectionPolicy.Fields.EfiConventionalMemory) {=0D
+    DEBUG ((=0D
+      DEBUG_WARN,=0D
+      "%a: - NxProtectionPolicy.EfiBootServicesData "=0D
+      "and NxProtectionPolicy.EfiConventionalMemory must have the same val=
ue. "=0D
+      "Setting both to ZERO in the memory protection settings global.\n",=
=0D
+      __func__=0D
+      ));=0D
+    ASSERT (=0D
+      gDxeMps.NxProtectionPolicy.Fields.EfiBootServicesData =3D=3D=0D
+      gDxeMps.NxProtectionPolicy.Fields.EfiConventionalMemory=0D
+      );=0D
+    gDxeMps.NxProtectionPolicy.Fields.EfiBootServicesData   =3D 0;=0D
+    gDxeMps.NxProtectionPolicy.Fields.EfiConventionalMemory =3D 0;=0D
+  }=0D
+}=0D
+=0D
+/**=0D
+  Populates gDxeMps global with the data present in the HOB. If the HOB en=
try does not exist,=0D
+  this constructor will zero the memory protection settings.=0D
+=0D
+  @param[in]  ImageHandle   The firmware allocated handle for the EFI imag=
e.=0D
+  @param[in]  SystemTable   A pointer to the EFI System Table.=0D
+=0D
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+DxeMemoryProtectionHobLibConstructor (=0D
+  IN EFI_HANDLE        ImageHandle,=0D
+  IN EFI_SYSTEM_TABLE  *SystemTable=0D
+  )=0D
+{=0D
+  VOID  *Ptr;=0D
+=0D
+  Ptr =3D GetFirstGuidHob (&gDxeMemoryProtectionSettingsGuid);=0D
+=0D
+  //=0D
+  // Cache the Memory Protection Settings HOB entry=0D
+  //=0D
+  if (Ptr !=3D NULL) {=0D
+    if (*((UINT8 *)GET_GUID_HOB_DATA (Ptr)) !=3D (UINT8)DXE_MEMORY_PROTECT=
ION_SETTINGS_CURRENT_VERSION) {=0D
+      DEBUG ((=0D
+        DEBUG_ERROR,=0D
+        "%a: - Version number of the Memory Protection Settings HOB is inv=
alid!\n",=0D
+        __func__=0D
+        ));=0D
+      ASSERT (*((UINT8 *)GET_GUID_HOB_DATA (Ptr)) =3D=3D (UINT8)DXE_MEMORY=
_PROTECTION_SETTINGS_CURRENT_VERSION);=0D
+      ZeroMem (&gDxeMps, sizeof (gDxeMps));=0D
+      return EFI_SUCCESS;=0D
+    }=0D
+=0D
+    CopyMem (&gDxeMps, GET_GUID_HOB_DATA (Ptr), sizeof (DXE_MEMORY_PROTECT=
ION_SETTINGS));=0D
+    DxeMemoryProtectionSettingsConsistencyCheck ();=0D
+  }=0D
+=0D
+  return EFI_SUCCESS;=0D
+}=0D
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/MmCommonMemoryProt=
ectionHobLib.c b/MdeModulePkg/Library/MemoryProtectionHobLib/MmCommonMemory=
ProtectionHobLib.c=0D
new file mode 100644=0D
index 000000000000..c546a943a515=0D
--- /dev/null=0D
+++ b/MdeModulePkg/Library/MemoryProtectionHobLib/MmCommonMemoryProtectionH=
obLib.c=0D
@@ -0,0 +1,139 @@=0D
+/** @file=0D
+Library fills out gMmMps global=0D
+=0D
+Copyright (c) Microsoft Corporation.=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#include <Uefi.h>=0D
+#include <Pi/PiMultiPhase.h>=0D
+#include <Uefi/UefiMultiPhase.h>=0D
+=0D
+#include <Library/MmMemoryProtectionHobLib.h>=0D
+#include <Library/DebugLib.h>=0D
+#include <Library/HobLib.h>=0D
+#include <Library/BaseMemoryLib.h>=0D
+=0D
+MM_MEMORY_PROTECTION_SETTINGS  gMmMps;=0D
+=0D
+/**=0D
+  Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES=
 bitfield=0D
+=0D
+  @param[in]  MemoryType            Memory type to check.=0D
+  @param[in]  HeapGuardMemoryType   MM_HEAP_GUARD_MEMORY_TYPES bitfield=0D
+=0D
+  @return TRUE  The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUA=
RD_MEMORY_TYPES=0D
+  @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GU=
ARD_MEMORY_TYPES=0D
+**/=0D
+BOOLEAN=0D
+EFIAPI=0D
+GetMmMemoryTypeSettingFromBitfield (=0D
+  IN EFI_MEMORY_TYPE             MemoryType,=0D
+  IN MM_HEAP_GUARD_MEMORY_TYPES  HeapGuardMemoryType=0D
+  )=0D
+{=0D
+  switch (MemoryType) {=0D
+    case EfiReservedMemoryType:=0D
+      return HeapGuardMemoryType.Fields.EfiReservedMemoryType;=0D
+    case EfiLoaderCode:=0D
+      return HeapGuardMemoryType.Fields.EfiLoaderCode;=0D
+    case EfiLoaderData:=0D
+      return HeapGuardMemoryType.Fields.EfiLoaderData;=0D
+    case EfiBootServicesCode:=0D
+      return HeapGuardMemoryType.Fields.EfiBootServicesCode;=0D
+    case EfiBootServicesData:=0D
+      return HeapGuardMemoryType.Fields.EfiBootServicesData;=0D
+    case EfiRuntimeServicesCode:=0D
+      return HeapGuardMemoryType.Fields.EfiRuntimeServicesCode;=0D
+    case EfiRuntimeServicesData:=0D
+      return HeapGuardMemoryType.Fields.EfiRuntimeServicesData;=0D
+    case EfiConventionalMemory:=0D
+      return HeapGuardMemoryType.Fields.EfiConventionalMemory;=0D
+    case EfiUnusableMemory:=0D
+      return HeapGuardMemoryType.Fields.EfiUnusableMemory;=0D
+    case EfiACPIReclaimMemory:=0D
+      return HeapGuardMemoryType.Fields.EfiACPIReclaimMemory;=0D
+    case EfiACPIMemoryNVS:=0D
+      return HeapGuardMemoryType.Fields.EfiACPIMemoryNVS;=0D
+    case EfiMemoryMappedIO:=0D
+      return HeapGuardMemoryType.Fields.EfiMemoryMappedIO;=0D
+    case EfiMemoryMappedIOPortSpace:=0D
+      return HeapGuardMemoryType.Fields.EfiMemoryMappedIOPortSpace;=0D
+    case EfiPalCode:=0D
+      return HeapGuardMemoryType.Fields.EfiPalCode;=0D
+    case EfiPersistentMemory:=0D
+      return HeapGuardMemoryType.Fields.EfiPersistentMemory;=0D
+    default:=0D
+      return FALSE;=0D
+  }=0D
+}=0D
+=0D
+/**=0D
+  This function checks the memory protection settings and provides warning=
s of conflicts and/or=0D
+  potentially unforseen consequences from the settings. This logic will on=
ly ever turn off=0D
+  protections to create consistency, never turn others on.=0D
+**/=0D
+VOID=0D
+MmMemoryProtectionSettingsConsistencyCheck (=0D
+  VOID=0D
+  )=0D
+{=0D
+  if (gMmMps.HeapGuardPoolType.Data &&=0D
+      (!(gMmMps.HeapGuardPolicy.Fields.PoolGuardEnabled)))=0D
+  {=0D
+    DEBUG ((=0D
+      DEBUG_WARN,=0D
+      "%a: - Bits set in gMmMps.HeapGuardPoolType, but gMmMps.HeapGuardPol=
icy.Fields.PoolGuardEnabled is inactive. "=0D
+      "No pool guards will be set.\n",=0D
+      __func__=0D
+      ));=0D
+  }=0D
+=0D
+  if (gMmMps.HeapGuardPageType.Data &&=0D
+      (!(gMmMps.HeapGuardPolicy.Fields.PageGuardEnabled)))=0D
+  {=0D
+    DEBUG ((=0D
+      DEBUG_WARN,=0D
+      "%a: - Bits are set in gMmMps.HeapGuardPageType, but gMmMps.HeapGuar=
dPolicy.Fields.PageGuardEnabled is inactive. "=0D
+      "No page guards will be set.\n",=0D
+      __func__=0D
+      ));=0D
+  }=0D
+}=0D
+=0D
+/**=0D
+  Abstraction layer for library constructor of Standalone MM and SMM insta=
nces.=0D
+=0D
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+MmMemoryProtectionHobLibConstructorCommon (=0D
+  VOID=0D
+  )=0D
+{=0D
+  VOID  *Ptr;=0D
+=0D
+  Ptr =3D GetFirstGuidHob (&gMmMemoryProtectionSettingsGuid);=0D
+=0D
+  //=0D
+  // Cache the Memory Protection Settings HOB entry=0D
+  //=0D
+  if (Ptr !=3D NULL) {=0D
+    if (*((UINT8 *)GET_GUID_HOB_DATA (Ptr)) !=3D (UINT8)MM_MEMORY_PROTECTI=
ON_SETTINGS_CURRENT_VERSION) {=0D
+      DEBUG ((=0D
+        DEBUG_ERROR,=0D
+        "%a: - Version number of the Memory Protection Settings HOB is inv=
alid!\n",=0D
+        __func__=0D
+        ));=0D
+      ASSERT (*((UINT8 *)GET_GUID_HOB_DATA (Ptr)) =3D=3D (UINT8)MM_MEMORY_=
PROTECTION_SETTINGS_CURRENT_VERSION);=0D
+      ZeroMem (&gMmMps, sizeof (gMmMps));=0D
+      return EFI_SUCCESS;=0D
+    }=0D
+=0D
+    CopyMem (&gMmMps, GET_GUID_HOB_DATA (Ptr), sizeof (MM_MEMORY_PROTECTIO=
N_SETTINGS));=0D
+    MmMemoryProtectionSettingsConsistencyCheck ();=0D
+  }=0D
+=0D
+  return EFI_SUCCESS;=0D
+}=0D
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectio=
nHobLib.c b/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtection=
HobLib.c=0D
new file mode 100644=0D
index 000000000000..fffc90a7215c=0D
--- /dev/null=0D
+++ b/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib=
.c=0D
@@ -0,0 +1,37 @@=0D
+/** @file=0D
+Library fills out gMmMps global=0D
+=0D
+Copyright (c) Microsoft Corporation.=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#include <PiSmm.h>=0D
+=0D
+/**=0D
+  Abstraction layer for library constructor of Standalone MM and SMM insta=
nces.=0D
+=0D
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+MmMemoryProtectionHobLibConstructorCommon (=0D
+  VOID=0D
+  );=0D
+=0D
+/**=0D
+  Library constructor of SMM instance.=0D
+=0D
+  @param[in]  ImageHandle   The firmware allocated handle for the EFI imag=
e.=0D
+  @param[in]  SystemTable   A pointer to the EFI System Table.=0D
+=0D
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+SmmMemoryProtectionHobLibConstructor (=0D
+  IN EFI_HANDLE        ImageHandle,=0D
+  IN EFI_SYSTEM_TABLE  *SystemTable=0D
+  )=0D
+{=0D
+  return MmMemoryProtectionHobLibConstructorCommon ();=0D
+}=0D
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemory=
ProtectionHobLib.c b/MdeModulePkg/Library/MemoryProtectionHobLib/Standalone=
MmMemoryProtectionHobLib.c=0D
new file mode 100644=0D
index 000000000000..3fd8b9f2593d=0D
--- /dev/null=0D
+++ b/MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtect=
ionHobLib.c=0D
@@ -0,0 +1,37 @@=0D
+/** @file=0D
+Library fills out gMmMps global=0D
+=0D
+Copyright (c) Microsoft Corporation.=0D
+SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+**/=0D
+=0D
+#include <PiMm.h>=0D
+=0D
+/**=0D
+  Abstraction layer for library constructor of Standalone MM and SMM insta=
nces.=0D
+=0D
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+MmMemoryProtectionHobLibConstructorCommon (=0D
+  VOID=0D
+  );=0D
+=0D
+/**=0D
+  Library constructor of Standalone MM instance.=0D
+=0D
+  @param[in]  ImageHandle   The firmware allocated handle for the EFI imag=
e.=0D
+  @param[in]  SystemTable   A pointer to the EFI MM System Table.=0D
+=0D
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.=0D
+**/=0D
+EFI_STATUS=0D
+EFIAPI=0D
+StandaloneMmMemoryProtectionHobLibConstructor (=0D
+  IN EFI_HANDLE           ImageHandle,=0D
+  IN EFI_MM_SYSTEM_TABLE  *SystemTable=0D
+  )=0D
+{=0D
+  return MmMemoryProtectionHobLibConstructorCommon ();=0D
+}=0D
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectio=
nHobLib.inf b/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtecti=
onHobLib.inf=0D
new file mode 100644=0D
index 000000000000..57ca55446b81=0D
--- /dev/null=0D
+++ b/MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib=
.inf=0D
@@ -0,0 +1,34 @@=0D
+## @file=0D
+# DXE library instance to support platform-specific global controls for al=
l memory protections.=0D
+#=0D
+# Copyright (c) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+##=0D
+=0D
+[Defines]=0D
+  INF_VERSION                    =3D 0x00010005=0D
+  BASE_NAME                      =3D DxeMemoryProtectionHobLib=0D
+  FILE_GUID                      =3D f497f7de-b9ab-4b9f-807e-89778922542d=
=0D
+  MODULE_TYPE                    =3D UEFI_DRIVER=0D
+  VERSION_STRING                 =3D 1.0=0D
+  LIBRARY_CLASS                  =3D DxeMemoryProtectionHobLib|DXE_DRIVER =
DXE_CORE UEFI_APPLICATION UEFI_DRIVER=0D
+  CONSTRUCTOR                    =3D DxeMemoryProtectionHobLibConstructor=
=0D
+=0D
+#=0D
+#  VALID_ARCHITECTURES           =3D IA32 X64 AARCH64=0D
+#=0D
+=0D
+[Sources]=0D
+  DxeMemoryProtectionHobLib.c=0D
+=0D
+[Packages]=0D
+  MdePkg/MdePkg.dec=0D
+  MdeModulePkg/MdeModulePkg.dec=0D
+=0D
+[LibraryClasses]=0D
+  HobLib=0D
+  DebugLib=0D
+  BaseMemoryLib=0D
+=0D
+[Guids]=0D
+  gDxeMemoryProtectionSettingsGuid=0D
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectio=
nHobLib.inf b/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtecti=
onHobLib.inf=0D
new file mode 100644=0D
index 000000000000..4651158bd405=0D
--- /dev/null=0D
+++ b/MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib=
.inf=0D
@@ -0,0 +1,35 @@=0D
+## @file=0D
+# SMM library instance to support platform-specific global controls for al=
l memory protections.=0D
+#=0D
+# Copyright (c) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+##=0D
+=0D
+[Defines]=0D
+  INF_VERSION                    =3D 0x00010005=0D
+  BASE_NAME                      =3D SmmMemoryProtectionHobLib=0D
+  FILE_GUID                      =3D dc9666f4-917f-400d-8026-2b3beeeff195=
=0D
+  MODULE_TYPE                    =3D DXE_SMM_DRIVER=0D
+  VERSION_STRING                 =3D 1.0=0D
+  LIBRARY_CLASS                  =3D MmMemoryProtectionHobLib|SMM_CORE DXE=
_SMM_DRIVER=0D
+  CONSTRUCTOR                    =3D SmmMemoryProtectionHobLibConstructor=
=0D
+=0D
+#=0D
+#  VALID_ARCHITECTURES           =3D IA32 X64 AARCH64=0D
+#=0D
+=0D
+[Sources]=0D
+  MmCommonMemoryProtectionHobLib.c=0D
+  SmmMemoryProtectionHobLib.c=0D
+=0D
+[Packages]=0D
+  MdePkg/MdePkg.dec=0D
+  MdeModulePkg/MdeModulePkg.dec=0D
+=0D
+[LibraryClasses]=0D
+  HobLib=0D
+  DebugLib=0D
+  BaseMemoryLib=0D
+=0D
+[Guids]=0D
+  gMmMemoryProtectionSettingsGuid=0D
diff --git a/MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemory=
ProtectionHobLib.inf b/MdeModulePkg/Library/MemoryProtectionHobLib/Standalo=
neMmMemoryProtectionHobLib.inf=0D
new file mode 100644=0D
index 000000000000..3cadb5ec6e9a=0D
--- /dev/null=0D
+++ b/MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtect=
ionHobLib.inf=0D
@@ -0,0 +1,36 @@=0D
+## @file=0D
+# SMM library instance to support platform-specific global controls for al=
l memory protections.=0D
+#=0D
+# Copyright (c) Microsoft Corporation.=0D
+# SPDX-License-Identifier: BSD-2-Clause-Patent=0D
+##=0D
+=0D
+[Defines]=0D
+  INF_VERSION                    =3D 0x00010005=0D
+  BASE_NAME                      =3D StandaloneMmMemoryProtectionHobLib=0D
+  FILE_GUID                      =3D C0A0D9C4-A249-483A-86EA-D73146D397B3=
=0D
+  MODULE_TYPE                    =3D MM_CORE_STANDALONE=0D
+  PI_SPECIFICATION_VERSION       =3D 0x00010032=0D
+  VERSION_STRING                 =3D 1.0=0D
+  LIBRARY_CLASS                  =3D MmMemoryProtectionHobLib|MM_CORE_STAN=
DALONE MM_STANDALONE=0D
+  CONSTRUCTOR                    =3D StandaloneMmMemoryProtectionHobLibCon=
structor=0D
+=0D
+#=0D
+#  VALID_ARCHITECTURES           =3D IA32 X64 AARCH64=0D
+#=0D
+=0D
+[Sources]=0D
+  MmCommonMemoryProtectionHobLib.c=0D
+  StandaloneMmMemoryProtectionHobLib.c=0D
+=0D
+[Packages]=0D
+  MdePkg/MdePkg.dec=0D
+  MdeModulePkg/MdeModulePkg.dec=0D
+=0D
+[LibraryClasses]=0D
+  HobLib=0D
+  DebugLib=0D
+  BaseMemoryLib=0D
+=0D
+[Guids]=0D
+  gMmMemoryProtectionSettingsGuid=0D
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc=
=0D
index ab6848dc934b..bad4318771f9 100644=0D
--- a/MdeModulePkg/MdeModulePkg.dsc=0D
+++ b/MdeModulePkg/MdeModulePkg.dsc=0D
@@ -237,6 +237,9 @@ [Components]=0D
   MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf=0D
   MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf=0D
   MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf=0D
+  MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.in=
f=0D
+  MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib.in=
f=0D
+  MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtection=
HobLib.inf=0D
   MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLi=
bNull.inf=0D
   MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLib=
Null.inf=0D
   MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf=0D
-- =0D
2.36.1.windows.1=0D
=0D