From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id ACED67803CE for ; Wed, 20 Sep 2023 00:58:07 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=W6IfGIh6HtpIrktfh10Ng6To1HOyoAxm5FDSuD09nJE=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20140610; t=1695171486; v=1; b=MPa6LxfUFv5eNRbKm6jS5eleTsJdlv4AbQ76aq1dvehsOlWkZty00nXefiWEEV1A8bLHL/qf 26R/61bGGsOY6RmkIbmSfwOIKTDVsDUCnPtepioOB27nrCyEp1rD+Dmuws3F6RWt9vZRanmcInu WYaMSD/VWPR7uPdTlVJct7LM= X-Received: by 127.0.0.2 with SMTP id tCjBYY7687511xu3xfkZBrlu; Tue, 19 Sep 2023 17:58:06 -0700 X-Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.26913.1695171485737123084 for ; Tue, 19 Sep 2023 17:58:05 -0700 X-Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1c59c40b840so12601325ad.3 for ; Tue, 19 Sep 2023 17:58:05 -0700 (PDT) X-Gm-Message-State: qBmJGWyxWq70aLaw8KbFf1Pkx7686176AA= X-Google-Smtp-Source: AGHT+IF6Ld5DLaULjhCEwYk6YesuQhRk5EW3n9HYYSgD/3VW/W49W6nHt2VIwPKM20y+MaUEgmz10w== X-Received: by 2002:a17:902:db0d:b0:1c3:f572:6701 with SMTP id m13-20020a170902db0d00b001c3f5726701mr1052820plx.45.1695171484716; Tue, 19 Sep 2023 17:58:04 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id 13-20020a170902c24d00b001bb988ac243sm10563576plg.297.2023.09.19.17.58.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Sep 2023 17:58:04 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Abner Chang , Andrei Warkentin , Anatol Belski , Andrew Fish , Anthony Perard , Ard Biesheuvel , =?UTF-8?q?Corvin=20K=C3=B6hne?= , Dandan Bi , Eric Dong , Erdem Aktas , Gerd Hoffmann , Guo Dong , Gua Guo , James Bottomley , James Lu , Jian J Wang , Jianyong Wu , Jiewen Yao , Jordan Justen , Julien Grall , Leif Lindholm , Liming Gao , Michael Roth , Min Xu , Peter Grehan , Rahul Kumar , Ray Ni , Rebecca Cran , Sami Mujawar , Sean Rhodes , Sunil V L , Tom Lendacky Subject: [edk2-devel] [PATCH v4 00/28] Implement Dynamic Memory Protection Settings Date: Tue, 19 Sep 2023 17:57:23 -0700 Message-ID: <20230920005752.2041-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=MPa6LxfU; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io v4: -Update the memory protection profiles to align the allocated pools to the tail guard by default (patch 20). - Add a patch to create MemoryProtectionConfigLib which consolidates code for parsing the fw_cfg for the memory protection profile strings (patch 22). -Move the update to add QemuFwCfgParseString() to its own patch (patch 21). v3: - Fix incorrect ordering of the SetMemoryProtectionsLib profile definitions midway through the patch series by using C99 instantialization. - Update OvmfPkg to use the Release profile by default. - Update the method by which platform initialization in OvmfPkg associates the input FwCfg data with the platform memory protection settings. The new way will try to match the string in FwCfg with the profile name. If no match is found, the default profile is used. - SetMemoryProtectionsLib profile struct definition uses CHAR8 for the description and name strings instead of CHAR16. - A new patch has been added to copy the PEI PCD database from the HOB to a new buffer so HOB memory is not written to. - Move the call to protect HOB memory after NX and Heap Guard instantialization has occurred to avoid them overwritting the HOB protections. v2: - The previous version required the platform manage the HOB creation during PEI phase. v2 adds a new library, SetMemoryProtectionsLib, which offers an interface for setting, locking, and checking the memory protections for the boot. The settings are still backed by a HOB entry. SetMemoryProtectionsLib is a PEI/SEC only library as protections must be locked in by DxeHandoff(). - The previous version had a separate MM and DXE library for getting the platform memory protection settings and populating the global for access. v2 consolidates these two libraries into a single GetMemoryProtectionsLib which has DXE and MM instances. The global populated is a union of the MM and DXE settings. The first 4 bytes of the union is the signature used to identify whether the global contains the DXE or MM settings. - Add a patch to page-align the DXE allocated HOB list and apply RO and NX to it during memory protection initialization. - Add a patch which checks the debug print level before executing the memory map dump routine. This saves several seconds of boot time on debug builds with memory protections active. - Remove unnecessary code consolidation from the patch series to make it easier to review. The code consolidation will be in a future patch series. - Add the ability to set the memory protection profile via the fw_cfg QEMU interface on OvmfPkg platforms. The cfg parsing library needs to be ported to ArmVirtPkg to enable the same functionality on ARM virtual platforms. ArmVirtPkg will use the Release protection profile by default. -Restructure the patch series to ensure bisectability as the memory logic is transitioned to use the Get and Set libraries one package at a time. The memory protection PCDs are still removed in this patch series to avoid confusing the interface and remove the ties to the legacy implementation. v1: In the past, memory protection settings were configured via FixedAtBuild PCDs, which resulted in a build-time configuration of memory mitigations. This approach limited the flexibility of applying mitigations to the system and made it difficult to update or adjust the settings post-build. In a design, the configuration interface has been revised to allow for dynamic configuration. This is achieved by setting memory protections via a library interface which stores/updates the memory protection settings in a GUIDed HOB, which is then consumed during and after DXE handoff. ArmVirtPkg will use the Release profile. Reference: https://github.com/tianocore/edk2/pull/4566 Cc: Abner Chang Cc: Andrei Warkentin Cc: Anatol Belski Cc: Andrew Fish Cc: Anthony Perard Cc: Ard Biesheuvel Cc: Corvin Köhne Cc: Dandan Bi Cc: Eric Dong Cc: Erdem Aktas Cc: Gerd Hoffmann Cc: Guo Dong Cc: Gua Guo Cc: James Bottomley Cc: James Lu Cc: Jian J Wang Cc: Jianyong Wu Cc: Jiewen Yao Cc: Jordan Justen Cc: Julien Grall Cc: Leif Lindholm Cc: Liming Gao Cc: Michael Roth Cc: Min Xu Cc: Peter Grehan Cc: Rahul Kumar Cc: Ray Ni Cc: Rebecca Cran Cc: Sami Mujawar Cc: Sean Rhodes Cc: Sunil V L Cc: Tom Lendacky Taylor Beebe (28): MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib MdeModulePkg: Copy PEI PCD Database Into New Buffer MdeModulePkg: Apply Protections to the HOB List MdeModulePkg: Check Print Level Before Dumping GCD Memory Map UefiCpuPkg: Always Set Stack Guard in MpPei Init ArmVirtPkg: Add Memory Protection Library Definitions to Platforms OvmfPkg: Add Memory Protection Library Definitions to Platforms OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib UefiPayloadPkg: Update DXE Handoff to use SetMemoryProtectionsLib MdeModulePkg: Update DXE Handoff to use SetMemoryProtectionsLib ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs EmulatorPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs OvmfPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs UefiCpuPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs MdeModulePkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib OvmfPkg: Add QemuFwCfgParseString to QemuFwCfgSimpleParserLib OvmfPkg: Add MemoryProtectionConfigLib OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib OvmfPkg: Delete Memory Protection PCDs ArmVirtPkg: Delete Memory Protection PCDs MdeModulePkg: Delete Memory Protection PCDs ArmPkg/Drivers/CpuDxe/CpuDxe.c | 5 +- ArmVirtPkg/MemoryInitPei/MemoryInitPeim.c | 11 +- MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 4 +- MdeModulePkg/Core/Dxe/Gcd/Gcd.c | 22 +- MdeModulePkg/Core/Dxe/Mem/HeapGuard.c | 46 +- MdeModulePkg/Core/Dxe/Mem/Page.c | 2 +- MdeModulePkg/Core/Dxe/Mem/Pool.c | 4 +- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 96 ++- MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c | 4 +- MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 + MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 9 +- MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 6 +- MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 16 +- MdeModulePkg/Core/PiSmmCore/HeapGuard.c | 29 +- MdeModulePkg/Core/PiSmmCore/Pool.c | 4 +- MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c | 158 ++++ MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.c | 29 + MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c | 124 ++++ MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c | 781 ++++++++++++++++++++ MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.c | 144 ++++ MdeModulePkg/Universal/PCD/Dxe/Service.c | 6 +- OvmfPkg/Fdt/HighMemDxe/HighMemDxe.c | 5 +- OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c | 118 +++ OvmfPkg/Library/PeilessStartupLib/DxeLoad.c | 6 +- OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c | 22 +- OvmfPkg/Library/PeilessStartupLib/X64/VirtualMemory.c | 26 +- OvmfPkg/Library/PlatformInitLib/Platform.c | 15 - OvmfPkg/Library/QemuFwCfgSimpleParserLib/QemuFwCfgSimpleParser.c | 11 + OvmfPkg/PlatformPei/IntelTdx.c | 2 - OvmfPkg/PlatformPei/Platform.c | 38 +- OvmfPkg/QemuVideoDxe/VbeShim.c | 3 +- OvmfPkg/TdxDxe/TdxDxe.c | 7 +- UefiCpuPkg/CpuDxe/CpuDxe.c | 2 +- UefiCpuPkg/CpuDxe/CpuMp.c | 2 +- UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 +- UefiCpuPkg/CpuMpPei/CpuPaging.c | 16 +- UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTestCommon.c | 6 +- UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerUnitTest.c | 15 + UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerUnitTest.c | 21 + UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 3 +- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 2 +- UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 13 +- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 2 +- UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 2 +- UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c | 11 +- UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c | 2 + UefiPayloadPkg/UefiPayloadEntry/X64/DxeLoadFunc.c | 8 +- UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c | 15 +- ArmPkg/ArmPkg.dsc | 1 + ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 2 +- ArmVirtPkg/ArmVirt.dsc.inc | 21 +- ArmVirtPkg/ArmVirtCloudHv.dsc | 5 - ArmVirtPkg/ArmVirtQemu.dsc | 5 - ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf | 1 + EmulatorPkg/EmulatorPkg.dsc | 3 +- MdeModulePkg/Core/Dxe/DxeMain.h | 1 + MdeModulePkg/Core/Dxe/DxeMain.inf | 9 +- MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 + MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 11 +- MdeModulePkg/Core/PiSmmCore/PiSmmCore.h | 1 + MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf | 4 +- MdeModulePkg/Include/Guid/MemoryProtectionSettings.h | 216 ++++++ MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h | 83 +++ MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h | 157 ++++ MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf | 34 + MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.inf | 25 + MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf | 34 + MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf | 37 + MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.inf | 25 + MdeModulePkg/MdeModulePkg.dec | 182 +---- MdeModulePkg/MdeModulePkg.dsc | 7 + MdeModulePkg/MdeModulePkg.uni | 153 ---- OvmfPkg/AmdSev/AmdSevX64.dsc | 4 +- OvmfPkg/Bhyve/BhyveX64.dsc | 4 +- OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf | 1 - OvmfPkg/CloudHv/CloudHvX64.dsc | 4 +- OvmfPkg/Fdt/HighMemDxe/HighMemDxe.inf | 4 +- OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc | 16 + OvmfPkg/Include/Library/MemoryProtectionConfigLib.h | 49 ++ OvmfPkg/Include/Library/PlatformInitLib.h | 13 - OvmfPkg/Include/Library/QemuFwCfgSimpleParserLib.h | 8 + OvmfPkg/IntelTdx/IntelTdxX64.dsc | 5 +- OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf | 35 + OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf | 6 +- OvmfPkg/Microvm/MicrovmX64.dsc | 5 +- OvmfPkg/OvmfPkg.dec | 4 + OvmfPkg/OvmfPkgIa32.dsc | 4 +- OvmfPkg/OvmfPkgIa32X64.dsc | 4 +- OvmfPkg/OvmfPkgX64.dsc | 4 +- OvmfPkg/OvmfXen.dsc | 5 +- OvmfPkg/PlatformCI/PlatformBuildLib.py | 8 + OvmfPkg/PlatformPei/PlatformPei.inf | 3 +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf | 2 +- OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 13 - OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc | 2 + OvmfPkg/TdxDxe/TdxDxe.inf | 1 - UefiCpuPkg/CpuDxe/CpuDxe.h | 11 +- UefiCpuPkg/CpuDxe/CpuDxe.inf | 4 +- UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf | 3 - UefiCpuPkg/CpuMpPei/CpuMpPei.h | 3 +- UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 - UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf | 1 - UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.inf | 1 - UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf | 1 - UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.inf | 1 - UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/CpuExceptionHandlerTest.h | 13 +- UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/DxeCpuExceptionHandlerLibUnitTest.inf | 2 +- UefiCpuPkg/Library/CpuExceptionHandlerLib/UnitTest/PeiCpuExceptionHandlerLibUnitTest.inf | 2 +- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 +- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 3 +- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfileInternal.h | 9 +- UefiCpuPkg/UefiCpuPkg.dec | 7 +- UefiCpuPkg/UefiCpuPkg.dsc | 2 + UefiCpuPkg/UefiCpuPkg.uni | 10 +- UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.h | 1 + UefiPayloadPkg/UefiPayloadEntry/UefiPayloadEntry.inf | 9 +- UefiPayloadPkg/UefiPayloadEntry/UniversalPayloadEntry.inf | 9 +- UefiPayloadPkg/UefiPayloadPkg.dsc | 12 + 118 files changed, 2523 insertions(+), 692 deletions(-) create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.c create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.c create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.c create mode 100644 MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c create mode 100644 MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.c create mode 100644 OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c create mode 100644 MdeModulePkg/Include/Guid/MemoryProtectionSettings.h create mode 100644 MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h create mode 100644 MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/GetMemoryProtectionsLibNull.inf create mode 100644 MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf create mode 100644 MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf create mode 100644 MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLibNull.inf create mode 100644 OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc create mode 100644 OvmfPkg/Include/Library/MemoryProtectionConfigLib.h create mode 100644 OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf -- 2.42.0.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108862): https://edk2.groups.io/g/devel/message/108862 Mute This Topic: https://groups.io/mt/101469937/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-