From: "Taylor Beebe" <taylor.d.beebe@gmail.com>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
Jiewen Yao <jiewen.yao@intel.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH v4 22/28] OvmfPkg: Add MemoryProtectionConfigLib
Date: Tue, 19 Sep 2023 17:57:45 -0700 [thread overview]
Message-ID: <20230920005752.2041-23-taylor.d.beebe@gmail.com> (raw)
In-Reply-To: <20230920005752.2041-1-taylor.d.beebe@gmail.com>
MemoryProtectionConfigLib enables parsing the fw_cfg for the
memory protection profile.
Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c | 118 ++++++++++++++++++++
OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc | 1 +
OvmfPkg/Include/Library/MemoryProtectionConfigLib.h | 49 ++++++++
OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf | 35 ++++++
OvmfPkg/OvmfPkg.dec | 4 +
5 files changed, 207 insertions(+)
diff --git a/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c
new file mode 100644
index 000000000000..b568665f407c
--- /dev/null
+++ b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c
@@ -0,0 +1,118 @@
+/** @file
+ Parses the fw_cfg file for the DXE and MM memory protection settings profile.
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/QemuFwCfgSimpleParserLib.h>
+#include <Library/SetMemoryProtectionsLib.h>
+
+#define DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \
+ "opt/org.tianocore/DxeMemoryProtectionProfile"
+
+#define MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \
+ "opt/org.tianocore/MmMemoryProtectionProfile"
+
+/**
+ Parses the fw_cfg file for the MM memory protection settings profile.
+
+ @param[in] MmSettings The MM memory protection settings profile to populate.
+
+ @retval EFI_SUCCESS The MM memory protection settings profile was populated.
+ @retval EFI_INVALID_PARAMETER MmSettings is NULL.
+ @retval EFI_ABORTED The MM memory protection settings profile name found in
+ fw_cfg was invalid.
+ @retval EFI_NOT_FOUND The MM memory protection settings profile was not found.
+**/
+EFI_STATUS
+EFIAPI
+ParseFwCfgMmMemoryProtectionSettings (
+ IN MM_MEMORY_PROTECTION_SETTINGS *MmSettings
+ )
+{
+ CHAR8 String[100];
+ UINTN StringSize;
+ UINTN Index;
+
+ if (MmSettings == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ StringSize = sizeof (String);
+
+ if (!EFI_ERROR (QemuFwCfgParseString (MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String))) {
+ Index = 0;
+ do {
+ if (AsciiStriCmp (MmMemoryProtectionProfiles[Index].Name, String) == 0) {
+ DEBUG ((DEBUG_INFO, "Setting MM Memory Protection Profile: %a\n", String));
+ break;
+ }
+ } while (++Index < MmMemoryProtectionSettingsMax);
+
+ if (Index >= MmMemoryProtectionSettingsMax) {
+ DEBUG ((DEBUG_ERROR, "Invalid MM memory protection profile: %a\n", String));
+ ASSERT (Index < MmMemoryProtectionSettingsMax);
+ return EFI_ABORTED;
+ } else {
+ CopyMem (MmSettings, &MmMemoryProtectionProfiles[Index].Settings, sizeof (MM_MEMORY_PROTECTION_SETTINGS));
+ return EFI_SUCCESS;
+ }
+ }
+
+ return EFI_NOT_FOUND;
+}
+
+/**
+ Parses the fw_cfg file for the DXE memory protection settings profile.
+
+ @param[in] DxeSettings The DXE memory protection settings profile to populate.
+
+ @retval EFI_SUCCESS The DXE memory protection settings profile was populated.
+ @retval EFI_INVALID_PARAMETER DxeSettings is NULL.
+ @retval EFI_ABORTED The DXE memory protection settings profile name found in
+ fw_cfg was invalid.
+ @retval EFI_NOT_FOUND The DXE memory protection settings profile was not found.
+**/
+EFI_STATUS
+EFIAPI
+ParseFwCfgDxeMemoryProtectionSettings (
+ IN DXE_MEMORY_PROTECTION_SETTINGS *DxeSettings
+ )
+{
+ CHAR8 String[100];
+ UINTN StringSize;
+ UINTN Index;
+
+ if (DxeSettings == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ StringSize = sizeof (String);
+
+ if (!EFI_ERROR (QemuFwCfgParseString (DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String))) {
+ Index = 0;
+ do {
+ if (AsciiStriCmp (DxeMemoryProtectionProfiles[Index].Name, String) == 0) {
+ DEBUG ((DEBUG_INFO, "Setting DXE Memory Protection Profile: %a\n", String));
+ break;
+ }
+ } while (++Index < DxeMemoryProtectionSettingsMax);
+
+ if (Index >= DxeMemoryProtectionSettingsMax) {
+ DEBUG ((DEBUG_ERROR, "Invalid DXE memory protection profile: %a\n", String));
+ ASSERT (Index < DxeMemoryProtectionSettingsMax);
+ return EFI_ABORTED;
+ } else {
+ CopyMem (DxeSettings, &DxeMemoryProtectionProfiles[Index].Settings, sizeof (DXE_MEMORY_PROTECTION_SETTINGS));
+ return EFI_SUCCESS;
+ }
+ }
+
+ return EFI_NOT_FOUND;
+}
diff --git a/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc b/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
index 049fdef3f0c1..fcd8ef23c5a5 100644
--- a/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
+++ b/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
@@ -7,6 +7,7 @@
#
[LibraryClasses.common]
SetMemoryProtectionsLib|MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf
+ MemoryProtectionConfigLib|OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf
[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE]
GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf
diff --git a/OvmfPkg/Include/Library/MemoryProtectionConfigLib.h b/OvmfPkg/Include/Library/MemoryProtectionConfigLib.h
new file mode 100644
index 000000000000..d30de58001c3
--- /dev/null
+++ b/OvmfPkg/Include/Library/MemoryProtectionConfigLib.h
@@ -0,0 +1,49 @@
+/** @file
+ Parses the fw_cfg file for the DXE and MM memory protection settings profile.
+
+ Copyright (c) Microsoft Corporation.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef MEMORY_PROTECTION_CONFIG_LIB_H_
+#define MEMORY_PROTECTION_CONFIG_LIB_H_
+
+#include <Uefi.h>
+
+#include <Library/SetMemoryProtectionsLib.h>
+
+/**
+ Parses the fw_cfg file for the MM memory protection settings profile.
+
+ @param[in] MmSettings The MM memory protection settings profile to populate.
+
+ @retval EFI_SUCCESS The MM memory protection settings profile was populated.
+ @retval EFI_INVALID_PARAMETER MmSettings is NULL.
+ @retval EFI_ABORTED The MM memory protection settings profile name found in
+ fw_cfg was invalid.
+ @retval EFI_NOT_FOUND The MM memory protection settings profile was not found.
+**/
+EFI_STATUS
+EFIAPI
+ParseFwCfgMmMemoryProtectionSettings (
+ IN MM_MEMORY_PROTECTION_SETTINGS *MmSettings
+ );
+
+/**
+ Parses the fw_cfg file for the DXE memory protection settings profile.
+
+ @param[in] DxeSettings The DXE memory protection settings profile to populate.
+
+ @retval EFI_SUCCESS The DXE memory protection settings profile was populated.
+ @retval EFI_INVALID_PARAMETER DxeSettings is NULL.
+ @retval EFI_ABORTED The DXE memory protection settings profile name found in
+ fw_cfg was invalid.
+ @retval EFI_NOT_FOUND The DXE memory protection settings profile was not found.
+**/
+EFI_STATUS
+EFIAPI
+ParseFwCfgDxeMemoryProtectionSettings (
+ IN DXE_MEMORY_PROTECTION_SETTINGS *DxeSettings
+ );
+
+#endif
diff --git a/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf
new file mode 100644
index 000000000000..0ff431752901
--- /dev/null
+++ b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf
@@ -0,0 +1,35 @@
+## @file
+# Parses the fw_cfg file for the DXE and MM memory protection settings profile.
+#
+# Copyright (c) Microsoft Corporation.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = MemoryProtectionConfigLib
+ FILE_GUID = 865BFF85-CC3A-43E7-82E1-36E1894BC8EF
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = MemoryProtectionConfigLib|SEC PEI_CORE PEIM
+
+#
+# The following information is for reference only and not required by the build
+# tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+ MemoryProtectionConfigLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ QemuFwCfgSimpleParserLib
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index e3861e5c1b39..126be04ca302 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -42,6 +42,10 @@ [LibraryClasses]
#
MemEncryptTdxLib|Include/Library/MemEncryptTdxLib.h
+ ## @libraryclass Declares helper functions for parsing fw_cfg for
+ # the memory protection profile strings
+ MemoryProtectionConfigLib|Include/Library/MemoryProtectionConfigLib.h
+
## @libraryclass Handle TPL changes within nested interrupt handlers
#
NestedInterruptTplLib|Include/Library/NestedInterruptTplLib.h
--
2.42.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#108884): https://edk2.groups.io/g/devel/message/108884
Mute This Topic: https://groups.io/mt/101469962/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-09-20 0:58 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-20 0:57 [edk2-devel] [PATCH v4 00/28] Implement Dynamic Memory Protection Settings Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 01/28] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 02/28] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 03/28] MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 04/28] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 05/28] MdeModulePkg: Copy PEI PCD Database Into New Buffer Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 06/28] MdeModulePkg: Apply Protections to the HOB List Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 07/28] MdeModulePkg: Check Print Level Before Dumping GCD Memory Map Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 08/28] UefiCpuPkg: Always Set Stack Guard in MpPei Init Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 09/28] ArmVirtPkg: Add Memory Protection Library Definitions to Platforms Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 10/28] OvmfPkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 11/28] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 12/28] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 13/28] UefiPayloadPkg: Update DXE Handoff " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 14/28] MdeModulePkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 15/28] ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 16/28] EmulatorPkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 17/28] OvmfPkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 18/28] UefiCpuPkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 19/28] MdeModulePkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib Taylor Beebe
2023-09-27 8:19 ` Gerd Hoffmann
2023-09-29 19:52 ` Taylor Beebe
2023-10-04 8:46 ` Gerd Hoffmann
2023-10-04 16:31 ` Taylor Beebe
2023-10-05 8:20 ` Laszlo Ersek
2023-10-05 9:29 ` Gerd Hoffmann
2023-10-05 10:23 ` Gerd Hoffmann
2023-10-05 12:57 ` Laszlo Ersek
2023-10-08 20:26 ` Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 21/28] OvmfPkg: Add QemuFwCfgParseString to QemuFwCfgSimpleParserLib Taylor Beebe
2023-09-20 0:57 ` Taylor Beebe [this message]
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 23/28] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 24/28] ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 25/28] MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 26/28] OvmfPkg: Delete Memory Protection PCDs Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 27/28] ArmVirtPkg: " Taylor Beebe
2023-09-20 0:57 ` [edk2-devel] [PATCH v4 28/28] MdeModulePkg: " Taylor Beebe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230920005752.2041-23-taylor.d.beebe@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox