From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id C4C3E780091 for ; Mon, 9 Oct 2023 00:08:24 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=v9ZjbkudaRqB0nsKXshxkIdMP0afYhe+30/oXgr+ESw=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1696810103; v=1; b=WQhIC1iMadWEDLZ97X6DAkgTbT+LVlww++5FmXW4wlvLvhvesSN4C+B3Yg+NfmpN9eungsdP JRbAFR7pZfm937ULIdG3lx6YvrAjoN4xufLm5ZMHKo4xAIr7bjruCh9xuA6W9FXKZW2P6dP2I5o wu/NWp02e1EVUiKUGWYM/9K8= X-Received: by 127.0.0.2 with SMTP id IPFVYY7687511xMQOuRWumjk; Sun, 08 Oct 2023 17:08:23 -0700 X-Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web10.50231.1696810090315496628 for ; Sun, 08 Oct 2023 17:08:10 -0700 X-Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-690fa0eea3cso3612098b3a.0 for ; Sun, 08 Oct 2023 17:08:10 -0700 (PDT) X-Gm-Message-State: 5ngl1JG5y5iWljAamQqHk7xlx7686176AA= X-Google-Smtp-Source: AGHT+IHMj32ZaHOZKj7cN79llq55Uv/izFptokzWfiFlkoO9bePOJXiNbuy6B5GEIORJZ1IQTf6JHw== X-Received: by 2002:a05:6a00:1411:b0:68c:638b:e2c6 with SMTP id l17-20020a056a00141100b0068c638be2c6mr17060464pfu.9.1696810089606; Sun, 08 Oct 2023 17:08:09 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id t20-20020a62ea14000000b0068fcc7f6b00sm5048320pfh.74.2023.10.08.17.08.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Oct 2023 17:08:08 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann Subject: [edk2-devel] [PATCH v5 22/28] OvmfPkg: Add MemoryProtectionConfigLib Date: Sun, 8 Oct 2023 17:07:34 -0700 Message-ID: <20231009000742.1792-23-taylor.d.beebe@gmail.com> In-Reply-To: <20231009000742.1792-1-taylor.d.beebe@gmail.com> References: <20231009000742.1792-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=WQhIC1iM; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io MemoryProtectionConfigLib enables parsing the fw_cfg for the memory protection profile. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann --- OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c | 118 ++++++++++++++++++++ OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc | 1 + OvmfPkg/Include/Library/MemoryProtectionConfigLib.h | 49 ++++++++ OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf | 35 ++++++ OvmfPkg/OvmfPkg.dec | 4 + 5 files changed, 207 insertions(+) diff --git a/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c new file mode 100644 index 000000000000..b568665f407c --- /dev/null +++ b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.c @@ -0,0 +1,118 @@ +/** @file + Parses the fw_cfg file for the DXE and MM memory protection settings profile. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include + +#include +#include +#include +#include +#include + +#define DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \ + "opt/org.tianocore/DxeMemoryProtectionProfile" + +#define MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE \ + "opt/org.tianocore/MmMemoryProtectionProfile" + +/** + Parses the fw_cfg file for the MM memory protection settings profile. + + @param[in] MmSettings The MM memory protection settings profile to populate. + + @retval EFI_SUCCESS The MM memory protection settings profile was populated. + @retval EFI_INVALID_PARAMETER MmSettings is NULL. + @retval EFI_ABORTED The MM memory protection settings profile name found in + fw_cfg was invalid. + @retval EFI_NOT_FOUND The MM memory protection settings profile was not found. +**/ +EFI_STATUS +EFIAPI +ParseFwCfgMmMemoryProtectionSettings ( + IN MM_MEMORY_PROTECTION_SETTINGS *MmSettings + ) +{ + CHAR8 String[100]; + UINTN StringSize; + UINTN Index; + + if (MmSettings == NULL) { + return EFI_INVALID_PARAMETER; + } + + StringSize = sizeof (String); + + if (!EFI_ERROR (QemuFwCfgParseString (MM_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String))) { + Index = 0; + do { + if (AsciiStriCmp (MmMemoryProtectionProfiles[Index].Name, String) == 0) { + DEBUG ((DEBUG_INFO, "Setting MM Memory Protection Profile: %a\n", String)); + break; + } + } while (++Index < MmMemoryProtectionSettingsMax); + + if (Index >= MmMemoryProtectionSettingsMax) { + DEBUG ((DEBUG_ERROR, "Invalid MM memory protection profile: %a\n", String)); + ASSERT (Index < MmMemoryProtectionSettingsMax); + return EFI_ABORTED; + } else { + CopyMem (MmSettings, &MmMemoryProtectionProfiles[Index].Settings, sizeof (MM_MEMORY_PROTECTION_SETTINGS)); + return EFI_SUCCESS; + } + } + + return EFI_NOT_FOUND; +} + +/** + Parses the fw_cfg file for the DXE memory protection settings profile. + + @param[in] DxeSettings The DXE memory protection settings profile to populate. + + @retval EFI_SUCCESS The DXE memory protection settings profile was populated. + @retval EFI_INVALID_PARAMETER DxeSettings is NULL. + @retval EFI_ABORTED The DXE memory protection settings profile name found in + fw_cfg was invalid. + @retval EFI_NOT_FOUND The DXE memory protection settings profile was not found. +**/ +EFI_STATUS +EFIAPI +ParseFwCfgDxeMemoryProtectionSettings ( + IN DXE_MEMORY_PROTECTION_SETTINGS *DxeSettings + ) +{ + CHAR8 String[100]; + UINTN StringSize; + UINTN Index; + + if (DxeSettings == NULL) { + return EFI_INVALID_PARAMETER; + } + + StringSize = sizeof (String); + + if (!EFI_ERROR (QemuFwCfgParseString (DXE_MEMORY_PROTECTION_PROFILE_FWCFG_FILE, &StringSize, String))) { + Index = 0; + do { + if (AsciiStriCmp (DxeMemoryProtectionProfiles[Index].Name, String) == 0) { + DEBUG ((DEBUG_INFO, "Setting DXE Memory Protection Profile: %a\n", String)); + break; + } + } while (++Index < DxeMemoryProtectionSettingsMax); + + if (Index >= DxeMemoryProtectionSettingsMax) { + DEBUG ((DEBUG_ERROR, "Invalid DXE memory protection profile: %a\n", String)); + ASSERT (Index < DxeMemoryProtectionSettingsMax); + return EFI_ABORTED; + } else { + CopyMem (DxeSettings, &DxeMemoryProtectionProfiles[Index].Settings, sizeof (DXE_MEMORY_PROTECTION_SETTINGS)); + return EFI_SUCCESS; + } + } + + return EFI_NOT_FOUND; +} diff --git a/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc b/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc index 049fdef3f0c1..fcd8ef23c5a5 100644 --- a/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc +++ b/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc @@ -7,6 +7,7 @@ # [LibraryClasses.common] SetMemoryProtectionsLib|MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf + MemoryProtectionConfigLib|OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf [LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE] GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf diff --git a/OvmfPkg/Include/Library/MemoryProtectionConfigLib.h b/OvmfPkg/Include/Library/MemoryProtectionConfigLib.h new file mode 100644 index 000000000000..d30de58001c3 --- /dev/null +++ b/OvmfPkg/Include/Library/MemoryProtectionConfigLib.h @@ -0,0 +1,49 @@ +/** @file + Parses the fw_cfg file for the DXE and MM memory protection settings profile. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef MEMORY_PROTECTION_CONFIG_LIB_H_ +#define MEMORY_PROTECTION_CONFIG_LIB_H_ + +#include + +#include + +/** + Parses the fw_cfg file for the MM memory protection settings profile. + + @param[in] MmSettings The MM memory protection settings profile to populate. + + @retval EFI_SUCCESS The MM memory protection settings profile was populated. + @retval EFI_INVALID_PARAMETER MmSettings is NULL. + @retval EFI_ABORTED The MM memory protection settings profile name found in + fw_cfg was invalid. + @retval EFI_NOT_FOUND The MM memory protection settings profile was not found. +**/ +EFI_STATUS +EFIAPI +ParseFwCfgMmMemoryProtectionSettings ( + IN MM_MEMORY_PROTECTION_SETTINGS *MmSettings + ); + +/** + Parses the fw_cfg file for the DXE memory protection settings profile. + + @param[in] DxeSettings The DXE memory protection settings profile to populate. + + @retval EFI_SUCCESS The DXE memory protection settings profile was populated. + @retval EFI_INVALID_PARAMETER DxeSettings is NULL. + @retval EFI_ABORTED The DXE memory protection settings profile name found in + fw_cfg was invalid. + @retval EFI_NOT_FOUND The DXE memory protection settings profile was not found. +**/ +EFI_STATUS +EFIAPI +ParseFwCfgDxeMemoryProtectionSettings ( + IN DXE_MEMORY_PROTECTION_SETTINGS *DxeSettings + ); + +#endif diff --git a/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf new file mode 100644 index 000000000000..0ff431752901 --- /dev/null +++ b/OvmfPkg/Library/MemoryProtectionConfigLib/MemoryProtectionConfigLib.inf @@ -0,0 +1,35 @@ +## @file +# Parses the fw_cfg file for the DXE and MM memory protection settings profile. +# +# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MemoryProtectionConfigLib + FILE_GUID = 865BFF85-CC3A-43E7-82E1-36E1894BC8EF + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = MemoryProtectionConfigLib|SEC PEI_CORE PEIM + +# +# The following information is for reference only and not required by the build +# tools. +# +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 +# + +[Sources] + MemoryProtectionConfigLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + QemuFwCfgSimpleParserLib diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index e3861e5c1b39..126be04ca302 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -42,6 +42,10 @@ [LibraryClasses] # MemEncryptTdxLib|Include/Library/MemEncryptTdxLib.h + ## @libraryclass Declares helper functions for parsing fw_cfg for + # the memory protection profile strings + MemoryProtectionConfigLib|Include/Library/MemoryProtectionConfigLib.h + ## @libraryclass Handle TPL changes within nested interrupt handlers # NestedInterruptTplLib|Include/Library/NestedInterruptTplLib.h -- 2.42.0.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109427): https://edk2.groups.io/g/devel/message/109427 Mute This Topic: https://groups.io/mt/101843366/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-