From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 472CB940509 for ; Wed, 20 Sep 2023 00:58:28 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=OL5cLuHgCcDdkUZR7Fd1r520akvkWmjj9Aiaj+bIMe0=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1695171507; v=1; b=VpVpi5C6ylbfpFzlI6PV9Dlbl0Vju6jDEluPu+e00MXdYQ29LoVeO7Mh9ahGIL/PWD+iE0DB 9QDvavm2KuQrLqt7unU4O+fbF5FKkdE8En38rGhld69X1sYBr+gWBfWqR838EpFpnEk/TA1kl5N h9GfqoNuJ5KpIH/AU9dcjlOc= X-Received: by 127.0.0.2 with SMTP id s8HXYY7687511xRVa8C5CK0U; Tue, 19 Sep 2023 17:58:27 -0700 X-Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.26795.1695171500433385795 for ; Tue, 19 Sep 2023 17:58:20 -0700 X-Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1c3d6d88231so50443975ad.0 for ; Tue, 19 Sep 2023 17:58:20 -0700 (PDT) X-Gm-Message-State: 19Y2wN6m4z7z64PqyeQxZPw7x7686176AA= X-Google-Smtp-Source: AGHT+IFrQvKSjxFPFMxSeyVHp9aMcqjv1LNxUvg5UQ1CLszKTbto5ijjKZFYbO0cNGuSUYKnuFVfTw== X-Received: by 2002:a17:902:c1cc:b0:1bb:7b0a:374 with SMTP id c12-20020a170902c1cc00b001bb7b0a0374mr1103350plc.4.1695171499753; Tue, 19 Sep 2023 17:58:19 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id 13-20020a170902c24d00b001bb988ac243sm10563576plg.297.2023.09.19.17.58.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Sep 2023 17:58:19 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann Subject: [edk2-devel] [PATCH v4 22/28] OvmfPkg: Add MemoryProtectionConfigLib Date: Tue, 19 Sep 2023 17:57:45 -0700 Message-ID: <20230920005752.2041-23-taylor.d.beebe@gmail.com> In-Reply-To: <20230920005752.2041-1-taylor.d.beebe@gmail.com> References: <20230920005752.2041-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=VpVpi5C6; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io MemoryProtectionConfigLib enables parsing the fw_cfg for the memory protection profile. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann --- OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c | 118 ++++++++++++++++++++ OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc | 1 + OvmfPkg/Include/Library/MemoryProtectionConfigLib.h | 49 ++++++++ OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf | 35 ++++++ OvmfPkg/OvmfPkg.dec | 4 + 5 files changed, 207 insertions(+) diff --git a/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c new file mode 100644 index 000000000000..b568665f407c --- /dev/null +++ b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c @@ -0,0 +1,118 @@ +/** @file + Parses the fw_cfg file for the DXE and MM memory protection settings profile. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +#include +#include +#include +#include +#include + +#define DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \ + "opt/org.tianocore/DxeMemoryProtectionProfile" + +#define MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \ + "opt/org.tianocore/MmMemoryProtectionProfile" + +/** + Parses the fw_cfg file for the MM memory protection settings profile. + + @param[in] MmSettings The MM memory protection settings profile to populate. + + @retval EFI_SUCCESS The MM memory protection settings profile was populated. + @retval EFI_INVALID_PARAMETER MmSettings is NULL. + @retval EFI_ABORTED The MM memory protection settings profile name found in + fw_cfg was invalid. + @retval EFI_NOT_FOUND The MM memory protection settings profile was not found. +**/ +EFI_STATUS +EFIAPI +ParseFwCfgMmMemoryProtectionSettings ( + IN MM_MEMORY_PROTECTION_SETTINGS *MmSettings + ) +{ + CHAR8 String[100]; + UINTN StringSize; + UINTN Index; + + if (MmSettings == NULL) { + return EFI_INVALID_PARAMETER; + } + + StringSize = sizeof (String); + + if (!EFI_ERROR (QemuFwCfgParseString (MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String))) { + Index = 0; + do { + if (AsciiStriCmp (MmMemoryProtectionProfiles[Index].Name, String) == 0) { + DEBUG ((DEBUG_INFO, "Setting MM Memory Protection Profile: %a\n", String)); + break; + } + } while (++Index < MmMemoryProtectionSettingsMax); + + if (Index >= MmMemoryProtectionSettingsMax) { + DEBUG ((DEBUG_ERROR, "Invalid MM memory protection profile: %a\n", String)); + ASSERT (Index < MmMemoryProtectionSettingsMax); + return EFI_ABORTED; + } else { + CopyMem (MmSettings, &MmMemoryProtectionProfiles[Index].Settings, sizeof (MM_MEMORY_PROTECTION_SETTINGS)); + return EFI_SUCCESS; + } + } + + return EFI_NOT_FOUND; +} + +/** + Parses the fw_cfg file for the DXE memory protection settings profile. + + @param[in] DxeSettings The DXE memory protection settings profile to populate. + + @retval EFI_SUCCESS The DXE memory protection settings profile was populated. + @retval EFI_INVALID_PARAMETER DxeSettings is NULL. + @retval EFI_ABORTED The DXE memory protection settings profile name found in + fw_cfg was invalid. + @retval EFI_NOT_FOUND The DXE memory protection settings profile was not found. +**/ +EFI_STATUS +EFIAPI +ParseFwCfgDxeMemoryProtectionSettings ( + IN DXE_MEMORY_PROTECTION_SETTINGS *DxeSettings + ) +{ + CHAR8 String[100]; + UINTN StringSize; + UINTN Index; + + if (DxeSettings == NULL) { + return EFI_INVALID_PARAMETER; + } + + StringSize = sizeof (String); + + if (!EFI_ERROR (QemuFwCfgParseString (DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String))) { + Index = 0; + do { + if (AsciiStriCmp (DxeMemoryProtectionProfiles[Index].Name, String) == 0) { + DEBUG ((DEBUG_INFO, "Setting DXE Memory Protection Profile: %a\n", String)); + break; + } + } while (++Index < DxeMemoryProtectionSettingsMax); + + if (Index >= DxeMemoryProtectionSettingsMax) { + DEBUG ((DEBUG_ERROR, "Invalid DXE memory protection profile: %a\n", String)); + ASSERT (Index < DxeMemoryProtectionSettingsMax); + return EFI_ABORTED; + } else { + CopyMem (DxeSettings, &DxeMemoryProtectionProfiles[Index].Settings, sizeof (DXE_MEMORY_PROTECTION_SETTINGS)); + return EFI_SUCCESS; + } + } + + return EFI_NOT_FOUND; +} diff --git a/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc b/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc index 049fdef3f0c1..fcd8ef23c5a5 100644 --- a/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc +++ b/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc @@ -7,6 +7,7 @@ # [LibraryClasses.common] SetMemoryProtectionsLib|MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf + MemoryProtectionConfigLib|OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf [LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE] GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf diff --git a/OvmfPkg/Include/Library/MemoryProtectionConfigLib.h b/OvmfPkg/Include/Library/MemoryProtectionConfigLib.h new file mode 100644 index 000000000000..d30de58001c3 --- /dev/null +++ b/OvmfPkg/Include/Library/MemoryProtectionConfigLib.h @@ -0,0 +1,49 @@ +/** @file + Parses the fw_cfg file for the DXE and MM memory protection settings profile. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef MEMORY_PROTECTION_CONFIG_LIB_H_ +#define MEMORY_PROTECTION_CONFIG_LIB_H_ + +#include + +#include + +/** + Parses the fw_cfg file for the MM memory protection settings profile. + + @param[in] MmSettings The MM memory protection settings profile to populate. + + @retval EFI_SUCCESS The MM memory protection settings profile was populated. + @retval EFI_INVALID_PARAMETER MmSettings is NULL. + @retval EFI_ABORTED The MM memory protection settings profile name found in + fw_cfg was invalid. + @retval EFI_NOT_FOUND The MM memory protection settings profile was not found. +**/ +EFI_STATUS +EFIAPI +ParseFwCfgMmMemoryProtectionSettings ( + IN MM_MEMORY_PROTECTION_SETTINGS *MmSettings + ); + +/** + Parses the fw_cfg file for the DXE memory protection settings profile. + + @param[in] DxeSettings The DXE memory protection settings profile to populate. + + @retval EFI_SUCCESS The DXE memory protection settings profile was populated. + @retval EFI_INVALID_PARAMETER DxeSettings is NULL. + @retval EFI_ABORTED The DXE memory protection settings profile name found in + fw_cfg was invalid. + @retval EFI_NOT_FOUND The DXE memory protection settings profile was not found. +**/ +EFI_STATUS +EFIAPI +ParseFwCfgDxeMemoryProtectionSettings ( + IN DXE_MEMORY_PROTECTION_SETTINGS *DxeSettings + ); + +#endif diff --git a/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf new file mode 100644 index 000000000000..0ff431752901 --- /dev/null +++ b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf @@ -0,0 +1,35 @@ +## @file +# Parses the fw_cfg file for the DXE and MM memory protection settings profile. +# +# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MemoryProtectionConfigLib + FILE_GUID = 865BFF85-CC3A-43E7-82E1-36E1894BC8EF + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = MemoryProtectionConfigLib|SEC PEI_CORE PEIM + +# +# The following information is for reference only and not required by the build +# tools. +# +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 +# + +[Sources] + MemoryProtectionConfigLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + QemuFwCfgSimpleParserLib diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index e3861e5c1b39..126be04ca302 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -42,6 +42,10 @@ [LibraryClasses] # MemEncryptTdxLib|Include/Library/MemEncryptTdxLib.h + ## @libraryclass Declares helper functions for parsing fw_cfg for + # the memory protection profile strings + MemoryProtectionConfigLib|Include/Library/MemoryProtectionConfigLib.h + ## @libraryclass Handle TPL changes within nested interrupt handlers # NestedInterruptTplLib|Include/Library/NestedInterruptTplLib.h -- 2.42.0.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108884): https://edk2.groups.io/g/devel/message/108884 Mute This Topic: https://groups.io/mt/101469962/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-