From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 7075DAC1BA2 for ; Wed, 30 Aug 2023 23:19:10 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=bn9jXa9prESXRxSO6e4zwPmqvi5x+9Zh5LUxbn1Eync=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693437548; v=1; b=NuwIEDqyLEiH2EVrV+6B2sOsYSyuUYd2d1vIYup+rjUbnR13uxcwphG1YplgPWAqJIN8mFti dXsuNaIlArVkDZmAw0gqZg5xX01pXwoD4+FsdUUvrmlYopQa52u5IjtR/rDqchDYVN2o+t2YqqN 1l3I+Nj43Ayt4Z7oggFYrxMk= X-Received: by 127.0.0.2 with SMTP id 0cMXYY7687511x2ENeBpkLZ6; Wed, 30 Aug 2023 16:19:08 -0700 X-Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.4861.1693437547000658524 for ; Wed, 30 Aug 2023 16:19:07 -0700 X-Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-68c0d4cc3a4so165275b3a.1 for ; Wed, 30 Aug 2023 16:19:06 -0700 (PDT) X-Gm-Message-State: cUHXh0CGsrPD3er3QGHAxHq9x7686176AA= X-Google-Smtp-Source: AGHT+IGvRadp1PB7XIOtBzzc8/Ybx0fngvMm1+VsN5+5PbU2UKJ+3K6ukOIY2KSGBajAHJyiN6nkrQ== X-Received: by 2002:a05:6a00:2302:b0:68b:eb60:c0a4 with SMTP id h2-20020a056a00230200b0068beb60c0a4mr3862840pfh.6.1693437545778; Wed, 30 Aug 2023 16:19:05 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id x16-20020a62fb10000000b0064398fe3451sm102550pfm.217.2023.08.30.16.19.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Aug 2023 16:19:05 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao Subject: [edk2-devel] [PATCH v3 04/26] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib Date: Wed, 30 Aug 2023 16:18:12 -0700 Message-ID: <20230830231851.779-5-taylor.d.beebe@gmail.com> In-Reply-To: <20230830231851.779-1-taylor.d.beebe@gmail.com> References: <20230830231851.779-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=NuwIEDqy; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io The SetMemoryProtectionsLib implementation has functionality for setting protections based on a preset profile or a custom DXE/MM profile passed in by the caller. The implementation also supports locking the protections (tracked via an extra boolean stored in the HOB entry) which prevents the protections from being changed by any other SetMemoryProtectionsLib calls. The GetMemoryProtectionsLib implementation populates the gMps global in the library consructor. For cases where the global needs to be accessed before the constructor is called, PopulateMpsGlobal() will manually fill out the gMps global. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao --- MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c | 158 ++++++ MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c | 124 +++++ MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c | 534 ++++++++++++++++++++ MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf | 34 ++ MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf | 34 ++ MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf | 48 ++ MdeModulePkg/MdeModulePkg.dsc | 3 + 7 files changed, 935 insertions(+) diff --git a/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c b/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c new file mode 100644 index 000000000000..c622a7b99f42 --- /dev/null +++ b/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c @@ -0,0 +1,158 @@ +/** @file +Library fills out gMps global for accessing the platform memory protection settings + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +#include +#include +#include + +MEMORY_PROTECTION_SETTINGS_UNION gMps = { 0 }; + +/** + This function checks the memory protection settings for conflicts. + + @param[in] Mps Pointer to the memory protection settings to check. + + @retval EFI_SUCCESS The memory protection settings are consistent. + @retval EFI_INVALID_PARAMETER The memory protection settings are not consistent. +**/ +STATIC +EFI_STATUS +DxeMemoryProtectionSettingsConsistencyCheck ( + IN MEMORY_PROTECTION_SETTINGS *Mps + ) +{ + if ((Mps->Dxe.HeapGuard.PoolGuardEnabled || Mps->Dxe.HeapGuard.PageGuardEnabled) && + Mps->Dxe.HeapGuard.FreedMemoryGuardEnabled) + { + DEBUG (( + DEBUG_WARN, + "%a: - HeapGuard.FreedMemoryGuardEnabled and " + "UEFI HeapGuard.PoolGuardEnabled/HeapGuard.PageGuardEnabled " + "cannot be active at the same time. Setting all three to ZERO in " + "the memory protection settings global.\n", + __func__ + )); + ASSERT ( + !(Mps->Dxe.HeapGuard.FreedMemoryGuardEnabled && + (Mps->Dxe.HeapGuard.PoolGuardEnabled || Mps->Dxe.HeapGuard.PageGuardEnabled)) + ); + return EFI_INVALID_PARAMETER; + } + + if (!IsZeroBuffer (&Mps->Dxe.PoolGuard, MPS_MEMORY_TYPE_BUFFER_SIZE) && + (!(Mps->Dxe.HeapGuard.PoolGuardEnabled))) + { + DEBUG (( + DEBUG_WARN, + "%a: - PoolGuard protections are active " + "but HeapGuard.PoolGuardEnabled is inactive.\n", + __func__ + )); + } + + if (!IsZeroBuffer (&Mps->Dxe.PageGuard, MPS_MEMORY_TYPE_BUFFER_SIZE) && + (!(Mps->Dxe.HeapGuard.PageGuardEnabled))) + { + DEBUG (( + DEBUG_WARN, + "%a: - PageGuard protections are active " + "but HeapGuard.PageGuardEnabled is inactive\n", + __func__ + )); + } + + if (Mps->Dxe.ExecutionProtection.EnabledForType[EfiBootServicesData] != + Mps->Dxe.ExecutionProtection.EnabledForType[EfiConventionalMemory]) + { + DEBUG (( + DEBUG_WARN, + "%a: - EfiBootServicesData and EfiConventionalMemory must have the same " + "ExecutionProtection value. Setting both to ZERO in the memory protection " + "settings global.\n", + __func__ + )); + ASSERT ( + Mps->Dxe.ExecutionProtection.EnabledForType[EfiBootServicesData] == + Mps->Dxe.ExecutionProtection.EnabledForType[EfiConventionalMemory] + ); + return EFI_INVALID_PARAMETER; + } + + return EFI_SUCCESS; +} + +/** + Populates gMps global. This function is invoked by the library constructor and only needs to be + called if library contructors have not yet been invoked. + + @retval EFI_SUCCESS gMps global was populated. + @retval EFI_NOT_FOUND The gMemoryProtectionSettingsGuid HOB was not found. + @retval EFI_ABORTED The version number of the DXE or MM memory protection settings was invalid. + @retval EFI_UNSUPPORTED NULL implementation called. +**/ +EFI_STATUS +EFIAPI +PopulateMpsGlobal ( + VOID + ) +{ + VOID *Ptr; + MEMORY_PROTECTION_SETTINGS *Mps; + + Ptr = GetFirstGuidHob (&gMemoryProtectionSettingsGuid); + + if (Ptr != NULL) { + Mps = (MEMORY_PROTECTION_SETTINGS *)GET_GUID_HOB_DATA (Ptr); + if (Mps->Dxe.StructVersion != DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION) { + DEBUG (( + DEBUG_ERROR, + "%a: - Version number of the DXE Memory Protection Settings is invalid!\n", + __func__ + )); + ASSERT (Mps->Dxe.StructVersion == DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION); + return EFI_ABORTED; + } else if (Mps->Dxe.Signature != DXE_MEMORY_PROTECTION_SIGNATURE) { + DEBUG (( + DEBUG_ERROR, + "%a: - Signature of the DXE Memory Protection Settings is invalid!\n", + __func__ + )); + ASSERT (Mps->Dxe.Signature == DXE_MEMORY_PROTECTION_SIGNATURE); + return EFI_ABORTED; + } + + if (!EFI_ERROR (DxeMemoryProtectionSettingsConsistencyCheck (Mps))) { + CopyMem (&gMps.Dxe, &Mps->Dxe, sizeof (DXE_MEMORY_PROTECTION_SETTINGS)); + } + } else { + DEBUG (( + DEBUG_WARN, + "%a: - Memory Protection Settings not found!\n", + __func__ + )); + return EFI_NOT_FOUND; + } + + return EFI_SUCCESS; +} + +/** + Library constructor used to populate gMps global. + + @retval EFI_SUCCESS Constructor always returns success; +**/ +EFI_STATUS +EFIAPI +GetDxeMemoryProtectionSettingsConstructor ( + VOID + ) +{ + PopulateMpsGlobal (); + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c b/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c new file mode 100644 index 000000000000..09c289dd8d15 --- /dev/null +++ b/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c @@ -0,0 +1,124 @@ +/** @file +Library fills out gMps global for accessing the platform memory protection settings + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +#include +#include +#include + +MEMORY_PROTECTION_SETTINGS_UNION gMps = { 0 }; + +/** + This function checks the memory protection settings for conflicts. + + @param[in] Mps Pointer to the memory protection settings to check. + + @retval EFI_SUCCESS The memory protection settings are consistent. + @retval EFI_INVALID_PARAMETER The memory protection settings are not consistent. +**/ +STATIC +EFI_STATUS +MmMemoryProtectionSettingsConsistencyCheck ( + IN MEMORY_PROTECTION_SETTINGS *Mps + ) +{ + if (!IsZeroBuffer (&Mps->Mm.PoolGuard, MPS_MEMORY_TYPE_BUFFER_SIZE) && + (!Mps->Mm.HeapGuard.PoolGuardEnabled)) + { + DEBUG (( + DEBUG_WARN, + "%a: - PoolGuard protections are active " + "but HeapGuard.PoolGuardEnabled is inactive.\n", + __func__ + )); + } + + if (!IsZeroBuffer (&Mps->Mm.PageGuard, MPS_MEMORY_TYPE_BUFFER_SIZE) && + (!Mps->Mm.HeapGuard.PageGuardEnabled)) + { + DEBUG (( + DEBUG_WARN, + "%a: - PageGuard protections are active " + "but HeapGuard.PageGuardEnabled is inactive\n", + __func__ + )); + } + + return EFI_SUCCESS; +} + +/** + Populates gMps global. This function is invoked by the library constructor and only needs to be + called if library contructors have not yet been invoked. + + @retval EFI_SUCCESS gMps global was populated. + @retval EFI_NOT_FOUND The gMemoryProtectionSettingsGuid HOB was not found. + @retval EFI_ABORTED The version number of the DXE or MM memory protection settings was invalid. + @retval EFI_UNSUPPORTED NULL implementation called. +**/ +EFI_STATUS +EFIAPI +PopulateMpsGlobal ( + VOID + ) +{ + VOID *Ptr; + MEMORY_PROTECTION_SETTINGS *Mps; + + Ptr = GetFirstGuidHob (&gMemoryProtectionSettingsGuid); + + if (Ptr != NULL) { + Mps = (MEMORY_PROTECTION_SETTINGS *)GET_GUID_HOB_DATA (Ptr); + + if (Mps->Mm.StructVersion != MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION) { + DEBUG (( + DEBUG_ERROR, + "%a: - Version number of the MM Memory Protection Settings is invalid!\n", + __func__ + )); + ASSERT (Mps->Mm.StructVersion == MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION); + return EFI_ABORTED; + } else if (Mps->Mm.Signature != MM_MEMORY_PROTECTION_SIGNATURE) { + DEBUG (( + DEBUG_ERROR, + "%a: - Signature of the MM Memory Protection Settings is invalid!\n", + __func__ + )); + ASSERT (Mps->Mm.Signature == MM_MEMORY_PROTECTION_SIGNATURE); + return EFI_ABORTED; + } + + if (!EFI_ERROR (MmMemoryProtectionSettingsConsistencyCheck (Mps))) { + CopyMem (&gMps.Mm, &Mps->Mm, sizeof (MM_MEMORY_PROTECTION_SETTINGS)); + } + } else { + DEBUG (( + DEBUG_WARN, + "%a: - Memory Protection Settings not found!\n", + __func__ + )); + return EFI_NOT_FOUND; + } + + return EFI_SUCCESS; +} + +/** + Library constructor used to populate gMps global. + + @retval EFI_SUCCESS Constructor always returns success; +**/ +EFI_STATUS +EFIAPI +GetMmMemoryProtectionSettingsConstructor ( + VOID + ) +{ + PopulateMpsGlobal (); + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c new file mode 100644 index 000000000000..13032ec80fbf --- /dev/null +++ b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c @@ -0,0 +1,534 @@ +/** @file +Library for setting the memory protection settings for DXE. + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include +#include +#include +#include +#include +#include + +#pragma pack(1) + +typedef struct { + // Protection settings + MEMORY_PROTECTION_SETTINGS Mps; + // Extra byte for tracking if protection settings have been locked + BOOLEAN MemoryProtectionSettingsLocked; +} MEMORY_PROTECTION_SETTINGS_PRIVATE; + +#pragma pack() + +///////////////////////////// +// DXE PROFILE DEFINITIONS // +///////////////////////////// + +// +// A memory profile which uses the fixed at build PCDs defined in MdeModulePkg.dec +// +#define DXE_MEMORY_PROTECTION_SETTINGS_PCD \ +{ \ + DXE_MEMORY_PROTECTION_SIGNATURE, \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + FixedPcdGetBool (PcdCpuStackGuard), /* Stack Guard */ \ + TRUE, /* Stack Execution Protection (MUST BE POPULATED) */ \ + { /* NULL Pointer Detection */ \ + .Enabled = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT0) != 0), \ + .DisableEndOfDxe = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT7) != 0), \ + .NonstopModeEnabled = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT6) != 0) \ + }, \ + { /* Image Protection */ \ + .ProtectImageFromUnknown = ((FixedPcdGet32 (PcdImageProtectionPolicy) & BIT0) != 0), \ + .ProtectImageFromFv = ((FixedPcdGet32 (PcdImageProtectionPolicy) & BIT1) != 0) \ + }, \ + { /* Execution Protection */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiReservedMemoryType) != 0), \ + [EfiLoaderCode] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiLoaderCode) != 0), \ + [EfiLoaderData] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiLoaderData) != 0), \ + [EfiBootServicesCode] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiBootServicesCode) != 0), \ + [EfiBootServicesData] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiBootServicesData) != 0), \ + [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiRuntimeServicesCode) != 0), \ + [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiRuntimeServicesData) != 0), \ + [EfiConventionalMemory] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiConventionalMemory) != 0), \ + [EfiUnusableMemory] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiUnusableMemory) != 0), \ + [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiACPIReclaimMemory) != 0), \ + [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiACPIMemoryNVS) != 0), \ + [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiMemoryMappedIO) != 0), \ + [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiMemoryMappedIOPortSpace) != 0), \ + [EfiPalCode] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiPalCode) != 0), \ + [EfiPersistentMemory] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiPersistentMemory) != 0), \ + [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & EfiUnacceptedMemoryType) != 0), \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & BIT62) != 0), \ + [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdDxeNxMemoryProtectionPolicy) & BIT63) != 0) \ + } \ + }, \ + { /* Heap Guard */ \ + .PageGuardEnabled = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT0) != 0), \ + .PoolGuardEnabled = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT1) != 0), \ + .FreedMemoryGuardEnabled = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT4) != 0), \ + .NonstopModeEnabled = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT6) != 0), \ + .GuardAlignedToTail = ((FixedPcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0) \ + }, \ + { /* Pool Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiReservedMemoryType) != 0), \ + [EfiLoaderCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiLoaderCode) != 0), \ + [EfiLoaderData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiLoaderData) != 0), \ + [EfiBootServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiBootServicesCode) != 0), \ + [EfiBootServicesData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiBootServicesData) != 0), \ + [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiRuntimeServicesCode) != 0), \ + [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiRuntimeServicesData) != 0), \ + [EfiConventionalMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiConventionalMemory) != 0), \ + [EfiUnusableMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiUnusableMemory) != 0), \ + [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiACPIReclaimMemory) != 0), \ + [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiACPIMemoryNVS) != 0), \ + [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiMemoryMappedIO) != 0), \ + [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiMemoryMappedIOPortSpace) != 0), \ + [EfiPalCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiPalCode) != 0), \ + [EfiPersistentMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiPersistentMemory) != 0), \ + [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiUnacceptedMemoryType) != 0), \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & BIT62) != 0), \ + [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & BIT63) != 0) \ + } \ + }, \ + { /* Page Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiReservedMemoryType) != 0), \ + [EfiLoaderCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiLoaderCode) != 0), \ + [EfiLoaderData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiLoaderData) != 0), \ + [EfiBootServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiBootServicesCode) != 0), \ + [EfiBootServicesData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiBootServicesData) != 0), \ + [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiRuntimeServicesCode) != 0), \ + [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiRuntimeServicesData) != 0), \ + [EfiConventionalMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiConventionalMemory) != 0), \ + [EfiUnusableMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiUnusableMemory) != 0), \ + [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiACPIReclaimMemory) != 0), \ + [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiACPIMemoryNVS) != 0), \ + [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiMemoryMappedIO) != 0), \ + [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiMemoryMappedIOPortSpace) != 0), \ + [EfiPalCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiPalCode) != 0), \ + [EfiPersistentMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiPersistentMemory) != 0), \ + [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiUnacceptedMemoryType) != 0), \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPageType) & BIT62) != 0), \ + [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPageType) & BIT63) != 0) \ + } \ + } \ +} + +//////////////////////////// +// MM PROFILE DEFINITIONS // +//////////////////////////// + +// +// A memory profile which uses the fixed at build PCDs defined in MdeModulePkg.dec +// +#define MM_MEMORY_PROTECTION_SETTINGS_PCD \ +{ \ + MM_MEMORY_PROTECTION_SIGNATURE, \ + MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + { /* NULL Pointer Detection */ \ + .Enabled = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0), \ + .NonstopModeEnabled = ((FixedPcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT6) != 0) \ + }, \ + { /* Heap Guard */ \ + .PageGuardEnabled = ((FixedPcdGet8(PcdHeapGuardPropertyMask) & BIT2) != 0), \ + .PoolGuardEnabled = ((FixedPcdGet8(PcdHeapGuardPropertyMask) & BIT3) != 0), \ + .NonstopModeEnabled = ((FixedPcdGet8(PcdHeapGuardPropertyMask) & BIT6) != 0), \ + .GuardAlignedToTail = ((FixedPcdGet8(PcdHeapGuardPropertyMask) & BIT7) == 0) \ + }, \ + { /* Pool Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiReservedMemoryType) != 0), \ + [EfiLoaderCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiLoaderCode) != 0), \ + [EfiLoaderData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiLoaderData) != 0), \ + [EfiBootServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiBootServicesCode) != 0), \ + [EfiBootServicesData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiBootServicesData) != 0), \ + [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiRuntimeServicesCode) != 0), \ + [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiRuntimeServicesData) != 0), \ + [EfiConventionalMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiConventionalMemory) != 0), \ + [EfiUnusableMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiUnusableMemory) != 0), \ + [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiACPIReclaimMemory) != 0), \ + [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiACPIMemoryNVS) != 0), \ + [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiMemoryMappedIO) != 0), \ + [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiMemoryMappedIOPortSpace) != 0), \ + [EfiPalCode] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiPalCode) != 0), \ + [EfiPersistentMemory] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiPersistentMemory) != 0), \ + [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & EfiUnacceptedMemoryType) != 0), \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & BIT62) != 0), \ + [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPoolType) & BIT63) != 0) \ + } \ + }, \ + { /* Page Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiReservedMemoryType) != 0), \ + [EfiLoaderCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiLoaderCode) != 0), \ + [EfiLoaderData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiLoaderData) != 0), \ + [EfiBootServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiBootServicesCode) != 0), \ + [EfiBootServicesData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiBootServicesData) != 0), \ + [EfiRuntimeServicesCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiRuntimeServicesCode) != 0), \ + [EfiRuntimeServicesData] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiRuntimeServicesData) != 0), \ + [EfiConventionalMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiConventionalMemory) != 0), \ + [EfiUnusableMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiUnusableMemory) != 0), \ + [EfiACPIReclaimMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiACPIReclaimMemory) != 0), \ + [EfiACPIMemoryNVS] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiACPIMemoryNVS) != 0), \ + [EfiMemoryMappedIO] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiMemoryMappedIO) != 0), \ + [EfiMemoryMappedIOPortSpace] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiMemoryMappedIOPortSpace) != 0), \ + [EfiPalCode] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiPalCode) != 0), \ + [EfiPersistentMemory] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiPersistentMemory) != 0), \ + [EfiUnacceptedMemoryType] = ((FixedPcdGet64 (PcdHeapGuardPageType) & EfiUnacceptedMemoryType) != 0), \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPageType) & BIT62) != 0), \ + [OS_RESERVED_MPS_MEMORY_TYPE] = ((FixedPcdGet64 (PcdHeapGuardPageType) & BIT63) != 0) \ + } \ + } \ +} + +//////////////////////////// +// PROFILE CONFIGURATIONS // +//////////////////////////// + +DXE_MEMORY_PROTECTION_PROFILES DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsMax] = { + [DxeMemoryProtectionSettingsPcd] = { + .Name = "Pcd", + .Description = "Memory protection settings from PCDs", + .Settings = DXE_MEMORY_PROTECTION_SETTINGS_PCD + }, +}; + +MM_MEMORY_PROTECTION_PROFILES MmMemoryProtectionProfiles[MmMemoryProtectionSettingsMax] = { + [MmMemoryProtectionSettingsPcd] = { + .Name = "Pcd", + .Description = "Memory protection settings from PCDs", + .Settings = MM_MEMORY_PROTECTION_SETTINGS_PCD + }, +}; + +///////////////////////////////////// +// GET/SET SUPPORT FUNCTIONS // +///////////////////////////////////// + +/** + Gets the memory protection HOB entry. This function will create the entry + if it is not found. + + @retval NULL Unable to create the memory protection HOB entry. + @retval Other Pointer to the memory protection HOB entry. +**/ +STATIC +MEMORY_PROTECTION_SETTINGS_PRIVATE * +GetOrCreateMemoryProtectionSettings ( + VOID + ) +{ + VOID *Ptr; + MEMORY_PROTECTION_SETTINGS_PRIVATE Mpsp; + + Ptr = GetFirstGuidHob (&gMemoryProtectionSettingsGuid); + + if (Ptr != NULL) { + return (MEMORY_PROTECTION_SETTINGS_PRIVATE *)GET_GUID_HOB_DATA (Ptr); + } + + ZeroMem (&Mpsp, sizeof (Mpsp)); + Mpsp.Mps.Dxe = DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsPcd].Settings; + Mpsp.Mps.Mm = MmMemoryProtectionProfiles[MmMemoryProtectionSettingsPcd].Settings; + Mpsp.Mps.Dxe.StackExecutionProtectionEnabled = PcdGetBool (PcdSetNxForStack); + + Ptr = BuildGuidDataHob ( + &gMemoryProtectionSettingsGuid, + &Mpsp, + sizeof (Mpsp) + ); + + return (MEMORY_PROTECTION_SETTINGS_PRIVATE *)Ptr; +} + +/** + Gets the memory protection HOB entry and checks the version number + to ensure it is compatible with this module. + + @retval NULL Unable to create the memory protection HOB entry. + @retval Other Pointer to the memory protection HOB entry. +**/ +STATIC +MEMORY_PROTECTION_SETTINGS_PRIVATE * +FetchAndCheckMpsp ( + VOID + ) +{ + MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp; + + Mpsp = GetOrCreateMemoryProtectionSettings (); + + if (Mpsp == NULL) { + return NULL; + } + + if (Mpsp->Mps.Dxe.StructVersion != DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION) { + DEBUG (( + DEBUG_ERROR, + "%a: - Version number of the DXE Memory Protection Settings is invalid!\n" + "This module was compiled with version %d but the current version is %d.\n", + __func__, + Mpsp->Mps.Dxe.StructVersion, + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION + )); + ASSERT (Mpsp->Mps.Dxe.StructVersion == DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION); + return NULL; + } + + if (Mpsp->Mps.Mm.StructVersion != MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION) { + DEBUG (( + DEBUG_ERROR, + "%a: - Version number of the MM Memory Protection Settings is invalid!\n" + "This module was compiled with version %d but the current version is %d.\n", + __func__, + Mpsp->Mps.Mm.StructVersion, + MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION + )); + ASSERT (Mpsp->Mps.Mm.StructVersion == MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION); + return NULL; + } + + return Mpsp; +} + +/** + Prevent further changes to the memory protection settings via this + library API. + + @retval EFI_SUCCESS The memory protection settings are locked. + @retval EFI_ABORTED Unable to get/create the memory protection settings. + @retval EFI_UNSUPPORTED NULL implementation called. +**/ +EFI_STATUS +EFIAPI +LockMemoryProtectionSettings ( + VOID + ) +{ + MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp; + + Mpsp = FetchAndCheckMpsp (); + + if (Mpsp == NULL) { + ASSERT (Mpsp != NULL); + return EFI_ABORTED; + } + + Mpsp->MemoryProtectionSettingsLocked = TRUE; + + return EFI_SUCCESS; +} + +/** + Sets the DXE memory protection settings. If DxeMps is NULL, the settings will be set based + on ProfileIndex. + + @param[in] DxeMps Pointer to the memory protection settings to publish. If NULL, the + settings will be created based on ProfileIndex. + @param[in] ProfileIndex The index of the memory protection profile to use if DxeMps is NULL. + + @retval EFI_SUCCESS The memory protection HOB was successfully created. + @retval EFI_INVALID_PARAMETER The ProfileIndex was invalid or the version number of the + input DxeMps was not equal to the version currently present + in the settings. + @retval EFI_ABORTED Unable to get/create the memory protection settings. + @retval EFI_ACCESS_DENIED The memory protection settings are locked. + @retval EFI_UNSUPPORTED NULL implementation called. +**/ +EFI_STATUS +EFIAPI +SetDxeMemoryProtectionSettings ( + IN DXE_MEMORY_PROTECTION_SETTINGS *DxeMps OPTIONAL, + IN DXE_MEMORY_PROTECTION_PROFILE_INDEX ProfileIndex + ) +{ + MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp; + + Mpsp = FetchAndCheckMpsp (); + + if (Mpsp == NULL) { + ASSERT (Mpsp != NULL); + return EFI_ABORTED; + } + + if (Mpsp->MemoryProtectionSettingsLocked) { + return EFI_ACCESS_DENIED; + } + + if (DxeMps == NULL) { + if (ProfileIndex >= DxeMemoryProtectionSettingsMax) { + return EFI_INVALID_PARAMETER; + } + + DxeMps = &DxeMemoryProtectionProfiles[ProfileIndex].Settings; + } else if (DxeMps->StructVersion != Mpsp->Mps.Dxe.StructVersion) { + ASSERT (DxeMps->StructVersion == Mpsp->Mps.Dxe.StructVersion); + return EFI_INVALID_PARAMETER; + } + + CopyMem (&Mpsp->Mps.Dxe, DxeMps, sizeof (DXE_MEMORY_PROTECTION_SETTINGS)); + return EFI_SUCCESS; +} + +/** + Sets the MM memory protection HOB entry. If MmMps is NULL, the settings will be set based + on ProfileIndex. + + @param[in] MmMps Pointer to the memory protection settings to publish. If NULL, the + settings will be created based on ProfileIndex. + @param[in] ProfileIndex The index of the memory protection profile to use if MmMps is NULL. + + @retval EFI_SUCCESS The memory protection HOB was successfully created. + @retval EFI_OUT_OF_RESOURCES There was insufficient memory to create the HOB. + @retval EFI_INVALID_PARAMETER The ProfileIndex was invalid or the version number of the + input MmMps was not equal to the version currently present + in the settings. + @retval EFI_ABORTED Unable to get/create the memory protection settings. + @retval EFI_ACCESS_DENIED The memory protection settings are locked. + @retval EFI_UNSUPPORTED NULL implementation called. +**/ +EFI_STATUS +EFIAPI +SetMmMemoryProtectionSettings ( + IN MM_MEMORY_PROTECTION_SETTINGS *MmMps OPTIONAL, + IN MM_MEMORY_PROTECTION_PROFILE_INDEX ProfileIndex + ) +{ + MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp; + + Mpsp = FetchAndCheckMpsp (); + + if (Mpsp == NULL) { + ASSERT (Mpsp != NULL); + return EFI_ABORTED; + } + + if (Mpsp->MemoryProtectionSettingsLocked) { + return EFI_ACCESS_DENIED; + } + + if (MmMps == NULL) { + if (ProfileIndex >= MmMemoryProtectionSettingsMax) { + return EFI_INVALID_PARAMETER; + } + + MmMps = &MmMemoryProtectionProfiles[ProfileIndex].Settings; + } else if (MmMps->StructVersion != Mpsp->Mps.Mm.StructVersion) { + ASSERT (MmMps->StructVersion == Mpsp->Mps.Mm.StructVersion); + return EFI_INVALID_PARAMETER; + } + + CopyMem (&Mpsp->Mps.Mm, MmMps, sizeof (MM_MEMORY_PROTECTION_SETTINGS)); + return EFI_SUCCESS; +} + +/** + Copies the current memory protection settings into the input buffer. + + NOTE: The returned settings may not be the final settings used by the + platform on this boot. Unless LockMemoryProtectionSettings() has + been called, settings may be modified by drivers until DXE handoff. + + @param[out] Mps The memory protection settings pointer to populate. + + @retval EFI_SUCCESS The memory protection settings were copied + into the input buffer. + @retval EFI_INVALID_PARAMETER Mps was NULL. + @retval EFI_ABORTED Unable to get/create the memory protection settings. + @retval EFI_UNSUPPORTED NULL implementation called. +**/ +EFI_STATUS +EFIAPI +GetCurrentMemoryProtectionSettings ( + OUT MEMORY_PROTECTION_SETTINGS *Mps + ) +{ + MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp; + + if (Mps == NULL) { + return EFI_INVALID_PARAMETER; + } + + Mpsp = FetchAndCheckMpsp (); + + if (Mpsp == NULL) { + ASSERT (Mpsp != NULL); + return EFI_ABORTED; + } + + CopyMem (Mps, &Mpsp->Mps, sizeof (MEMORY_PROTECTION_SETTINGS)); + return EFI_SUCCESS; +} + +/** + Returns TRUE any form of DXE memory protection is currently active. + + NOTE: The returned value may reflect the final settings used by the + platform on this boot. Unless LockMemoryProtectionSettings() has + been called, settings may be modified by drivers until DXE handoff. + + @retval TRUE DXE Memory protection is active. + @retval FALSE DXE Memory protection is not active. +**/ +BOOLEAN +EFIAPI +IsDxeMemoryProtectionActive ( + VOID + ) +{ + MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp; + + Mpsp = FetchAndCheckMpsp (); + + if (Mpsp == NULL) { + ASSERT (Mpsp != NULL); + return FALSE; + } + + return Mpsp->Mps.Dxe.CpuStackGuardEnabled || + Mpsp->Mps.Dxe.StackExecutionProtectionEnabled || + Mpsp->Mps.Dxe.NullPointerDetection.Enabled || + Mpsp->Mps.Dxe.HeapGuard.FreedMemoryGuardEnabled || + Mpsp->Mps.Dxe.ImageProtection.ProtectImageFromFv || + Mpsp->Mps.Dxe.ImageProtection.ProtectImageFromUnknown || + !IsZeroBuffer (&Mpsp->Mps.Dxe.ExecutionProtection.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE) || + (Mpsp->Mps.Dxe.HeapGuard.PageGuardEnabled && !IsZeroBuffer (&Mpsp->Mps.Dxe.PageGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE)) || + (Mpsp->Mps.Dxe.HeapGuard.PoolGuardEnabled && !IsZeroBuffer (&Mpsp->Mps.Dxe.PoolGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE)); +} + +/** + Returns TRUE any form of MM memory protection is currently active. + + NOTE: The returned value may reflect the final settings used by the + platform on this boot. Unless LockMemoryProtectionSettings() has + been called, settings may be modified by drivers until DXE handoff. + + @retval TRUE MM Memory protection is active. + @retval FALSE MM Memory protection is not active. +**/ +BOOLEAN +EFIAPI +IsMmMemoryProtectionActive ( + VOID + ) +{ + MEMORY_PROTECTION_SETTINGS_PRIVATE *Mpsp; + + Mpsp = FetchAndCheckMpsp (); + + if (Mpsp == NULL) { + ASSERT (Mpsp != NULL); + return FALSE; + } + + return Mpsp->Mps.Mm.NullPointerDetection.Enabled || + (Mpsp->Mps.Mm.HeapGuard.PageGuardEnabled && !IsZeroBuffer (&Mpsp->Mps.Mm.PageGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE)) || + (Mpsp->Mps.Dxe.HeapGuard.PoolGuardEnabled && !IsZeroBuffer (&Mpsp->Mps.Mm.PoolGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE)); +} diff --git a/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf b/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf new file mode 100644 index 000000000000..b2949a8a5b0b --- /dev/null +++ b/MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf @@ -0,0 +1,34 @@ +## @file +# Library fills out gMps global for accessing the platform memory protection settings +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeGetMemoryProtectionsLib + FILE_GUID = 723A3FA5-1B77-4E83-8978-C768829F7BE4 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = GetMemoryProtectionsLib|DXE_CORE DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = GetDxeMemoryProtectionSettingsConstructor + +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + DxeGetMemoryProtectionsLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + HobLib + DebugLib + BaseMemoryLib + +[Guids] + gMemoryProtectionSettingsGuid diff --git a/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf b/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf new file mode 100644 index 000000000000..328eb4c78139 --- /dev/null +++ b/MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf @@ -0,0 +1,34 @@ +## @file +# Library fills out gMps global for accessing the platform memory protection settings +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MmGetMemoryProtectionsLib + FILE_GUID = 719D6FAE-7EF1-429B-9A00-D5C50E4BB15A + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = GetMemoryProtectionsLib|SMM_CORE DXE_SMM_DRIVER MM_CORE_STANDALONE MM_STANDALONE + CONSTRUCTOR = GetMmMemoryProtectionSettingsConstructor + +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + MmGetMemoryProtectionsLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + HobLib + DebugLib + BaseMemoryLib + +[Guids] + gMemoryProtectionSettingsGuid diff --git a/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf new file mode 100644 index 000000000000..2e4a9a66ac68 --- /dev/null +++ b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf @@ -0,0 +1,48 @@ +## @file +# Library for setting the memory protection settings for DXE. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SetMemoryProtectionsLib + FILE_GUID = DDA7DD34-0D3E-48FC-B4AE-A25581A40317 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + LIBRARY_CLASS = SetMemoryProtectionsLib|SEC PEI_CORE PEIM + +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + SetMemoryProtectionsLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseMemoryLib + BaseLib + HobLib + DebugLib + PcdLib + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask + gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType + gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType + gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask + gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy + +[Guids] + gMemoryProtectionSettingsGuid + +[BuildOptions] + GCC:*_*_*_CC_FLAGS = -Wno-missing-braces diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 4932a05079ae..10340583f119 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -233,7 +233,10 @@ [Components] MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf + MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.inf + MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.inf MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf -- 2.42.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108158): https://edk2.groups.io/g/devel/message/108158 Mute This Topic: https://groups.io/mt/101064076/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-