From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id DE44C780443 for ; Wed, 3 Apr 2024 08:12:17 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=weFvHJ0kP/xgRBkzbyy4gKJf53PIW2Ne+Apv5wK8VdI=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1712131936; v=1; b=3JQtZnbmKmnTb1zPWVTNNNOrB5phQJvM5m1eTt8uQzF7+x6YoB5axwR6EP68BhaoI3bpam3Z S/EFGr5nJR/617zTswH3yNkGrTxUtZo6Hc0J+Nmeuv6DF9eiOc88YkfMZDiH4uBUeN7rD3jR7Hn ZEfMs96G9Kktq5SZyG2fWpNhuskLK2jzqKTEP4hKyeY0fTNcAhmhJZzahtrhLj684ccWj6Q8DfM gjBI6cV9DbPOxc3jWzGhunlnRm2lJRlshocaKN35kX5hFpmUCjIz/autcIHkXQz4djvQl7GsNIZ 6ynIDIT4C0qTzzvt7E4MrDrRfRF8xCHtgwHTWAXY/LIjA== X-Received: by 127.0.0.2 with SMTP id COOdYY7687511xDak7HbpClg; Wed, 03 Apr 2024 01:12:16 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) by mx.groups.io with SMTP id smtpd.web11.6129.1712131935424366189 for ; Wed, 03 Apr 2024 01:12:15 -0700 X-CSE-ConnectionGUID: Qb076oeUQm67CSf0yiLyOQ== X-CSE-MsgGUID: Z/0ttLN9RBippZ0Xwnm3Bw== X-IronPort-AV: E=McAfee;i="6600,9927,11032"; a="7536845" X-IronPort-AV: E=Sophos;i="6.07,176,1708416000"; d="scan'208";a="7536845" X-Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Apr 2024 01:12:15 -0700 X-CSE-ConnectionGUID: OBVM02WvQhqn8PZ7gzsnTw== X-CSE-MsgGUID: sTZmF7sKTpKuhimTpsiHRw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,176,1708416000"; d="scan'208";a="18442880" X-Received: from shwdesfp01.ccr.corp.intel.com ([10.239.158.151]) by fmviesa007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Apr 2024 01:12:12 -0700 From: "Zhiguang Liu" To: devel@edk2.groups.io Cc: Zhiguang Liu , Chasel Chiu , Nate DeSimone , Duggapu Chinni B , Star Zeng , Ted Kuo , Ashraf Ali S , Susovan Mohapatra , Ray Ni Subject: [edk2-devel] [PATCH] IntelFsp2Pkg: Optional Plugin for FSP SecCore/PeiCore Rebasing Date: Wed, 3 Apr 2024 16:12:02 +0800 Message-Id: <20240403081202.2069-1-zhiguang.liu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 03 Apr 2024 01:12:15 -0700 Resent-From: zhiguang.liu@intel.com Reply-To: devel@edk2.groups.io,zhiguang.liu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: aDdbfQded5KN1ZjkdnEyKSG5x7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=3JQtZnbm; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io This optional plugin is designed to execute before the FSP SecCore to rebase SecCore and PeiCore during runtime. If the FSP binary requires rebasing at runtime, this module should be included within the FSP binary. Additionally, specific patches must be applied to ensure proper functionality. In the absence of this module, manual patching of API offsets within the FSP header is necessary. To illustrate, let's consider a scenario within FSP-S where 'FspSiliconInitEntry' is the initial API to be executed post-rebase. Rather than directly inputting the 'FspSiliconInit' offset into the 'FspSiliconInitEntryOffset' field of the FSP header, the entry point of this module should be used. Furthermore, the 'FspSiliconInit' offset should be placed into 'AsmGetFspSecEntry', which signifies the address to which this module will jump. It is also essential to patch the image bases of SecCore and PeiCore to enable the rebasing functionality of this module. The following is an example of how to apply the necessary patches: Patch Address Patch Value PreFspSecS:_ModuleEntryPoint - [0x0000] PreFspSecS:SecCoreRelativeOff PreFspSecS:AsmGetFspSecCore - Fsp24SecCoreS:BASE PreFspSecS:PeiCoreRelativeOff PreFspSecS:AsmGetFspPeiCore - PeiCore:BASE PreFspSecS:SecEntryRelativeOff PreFspSecS:AsmGetFspSecEntry - Fsp24SecCoreS:FspSiliconInitApi Cc: Chasel Chiu Cc: Nate DeSimone Cc: Duggapu Chinni B Cc: Star Zeng Cc: Ted Kuo Cc: Ashraf Ali S Cc: Susovan Mohapatra Cc: Ray Ni Signed-off-by: Zhiguang Liu --- IntelFsp2Pkg/IntelFsp2Pkg.dsc | 5 + IntelFsp2Pkg/PreFspSec/PreFspSec.c | 115 ++++++++++++++++++ IntelFsp2Pkg/PreFspSec/PreFspSec.inf | 61 ++++++++++ .../PreFspSec/X64/PreFspSecCommon.nasm | 69 +++++++++++ 4 files changed, 250 insertions(+) create mode 100644 IntelFsp2Pkg/PreFspSec/PreFspSec.c create mode 100644 IntelFsp2Pkg/PreFspSec/PreFspSec.inf create mode 100644 IntelFsp2Pkg/PreFspSec/X64/PreFspSecCommon.nasm diff --git a/IntelFsp2Pkg/IntelFsp2Pkg.dsc b/IntelFsp2Pkg/IntelFsp2Pkg.dsc index f236a7010b..a2cc29c940 100644 --- a/IntelFsp2Pkg/IntelFsp2Pkg.dsc +++ b/IntelFsp2Pkg/IntelFsp2Pkg.dsc @@ -33,6 +33,8 @@ SerialPortLib|MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNull.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf DebugDeviceLib|IntelFsp2Pkg/Library/BaseDebugDeviceLibNull/BaseDebugDeviceLibNull.inf + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf # FSP override DebugLib|IntelFsp2Pkg/Library/BaseFspDebugLibSerialPort/BaseFspDebugLibSerialPort.inf @@ -75,6 +77,9 @@ IntelFsp2Pkg/FspSecCore/Fsp24SecCoreS.inf IntelFsp2Pkg/FspNotifyPhase/FspNotifyPhasePeim.inf +[Components.X64] + IntelFsp2Pkg/PreFspSec/PreFspSec.inf + [PcdsFixedAtBuild.common] gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x1f gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x80080046 diff --git a/IntelFsp2Pkg/PreFspSec/PreFspSec.c b/IntelFsp2Pkg/PreFspSec/PreFspSec.c new file mode 100644 index 0000000000..d5fd028afc --- /dev/null +++ b/IntelFsp2Pkg/PreFspSec/PreFspSec.c @@ -0,0 +1,115 @@ +/** @file + + Copyright (c) 2024, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include "Guid/FspHeaderFile.h" +#include +#include +#include +#include + +/** + This interface gets SecCore image base + + @return SecCore image base, or zero if no patch in nasm code + +**/ +UINTN +EFIAPI +AsmGetFspSecCore ( + VOID + ); + +/** + This interface gets PeiCore image base + + @return PeiCore image base, or zero if no patch in nasm code + +**/ +UINTN +EFIAPI +AsmGetFspPeiCore ( + VOID + ); + +/** + Relocate Pe/Te Image + + @param[in] ImageBaseAddress Image base address + + @retval EFI_SUCCESS Image is relocated successfully + @retval Others Image is not relocated successfully +**/ +EFI_STATUS +RelocatePeTeImage ( + UINT64 ImageBaseAddress + ) +{ + RETURN_STATUS Status; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + + ZeroMem (&ImageContext, sizeof (ImageContext)); + + ImageContext.Handle = (VOID *)ImageBaseAddress; + ImageContext.ImageRead = PeCoffLoaderImageReadFromMemory; + + Status = PeCoffLoaderGetImageInfo (&ImageContext); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + ImageContext.ImageAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)ImageBaseAddress; + + // + // rebase the image + // + Status = PeCoffLoaderRelocateImage (&ImageContext); + + ASSERT_EFI_ERROR (Status); + return Status; +} + +/** + This function will patch the Sec Core and Pei Core in current FSP. +**/ +VOID +EFIAPI +FspPatchSecAndPeiCore ( + VOID + ) +{ + UINT64 SecCoreImageBase; + UINT64 PeiCoreImageBase; + EFI_STATUS Status; + + // + // Get SecCore image, and rebase it + // + SecCoreImageBase = AsmGetFspSecCore (); + if (SecCoreImageBase != 0) { + Status = RelocatePeTeImage (SecCoreImageBase); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "Sec Core is relocated successfully\n")); + } else { + DEBUG ((DEBUG_WARN, "Sec Core is not relocated. May have issue later\n")); + } + } + + // + // Get PeiCore image, and rebase it + // + PeiCoreImageBase = AsmGetFspPeiCore (); + if (PeiCoreImageBase != 0) { + Status = RelocatePeTeImage (PeiCoreImageBase); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "Pei Core is relocated successfully\n")); + } else { + DEBUG ((DEBUG_INFO, "Pei Core is not relocated. May have issue later\n")); + } + } +} diff --git a/IntelFsp2Pkg/PreFspSec/PreFspSec.inf b/IntelFsp2Pkg/PreFspSec/PreFspSec.inf new file mode 100644 index 0000000000..51a0b337a1 --- /dev/null +++ b/IntelFsp2Pkg/PreFspSec/PreFspSec.inf @@ -0,0 +1,61 @@ +## @file +# Optional Plugin for FSP SecCore/PeiCore Rebasing +# +# This optional plugin is designed to execute before the FSP SecCore to rebase +# SecCore and PeiCore during runtime. If the FSP binary requires rebasing at runtime, +# this module should be included within the FSP binary. +# Additionally, specific patches must be applied to ensure proper functionality. +# +# In the absence of this module, manual patching of API offsets within the FSP header +# is necessary. To illustrate, let's consider a scenario within FSP-S where +# 'FspSiliconInitEntry' is the initial API to be executed post-rebase. +# Rather than directly inputting the 'FspSiliconInit' offset into the +# 'FspSiliconInitEntryOffset' field of the FSP header, the entry point of this module +# should be used. Furthermore, the 'FspSiliconInit' offset should be placed +# into 'AsmGetFspSecEntry', which signifies the address to which this module will jump. +# It is also essential to patch the image bases of SecCore and PeiCore to enable the +# rebasing functionality of this module. +# The following is an example of how to apply the necessary patches: +# Patch Address Patch Value +# PreFspSec:_ModuleEntryPoint - [0x0000] +# PreFspSec:SecCoreRelativeOff PreFspSec:AsmGetFspSecCore - Fsp24SecCoreS:BASE +# PreFspSec:PeiCoreRelativeOff PreFspSec:AsmGetFspPeiCore - PeiCore:BASE +# PreFspSec:SecEntryRelativeOff PreFspSec:AsmGetFspSecEntry - Fsp24SecCoreS:FspSiliconInitApi +# +# Copyright (c) 2024, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PreFspSec + FILE_GUID = ef13ad51-2bab-4333-bd96-e01c79f2d313 + MODULE_TYPE = SEC + VERSION_STRING = 1.0 + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = X64 +# + +[Sources] + PreFspSec.c + +[Sources.X64] + + X64/PreFspSecCommon.nasm + +[Packages] + MdePkg/MdePkg.dec + IntelFsp2Pkg/IntelFsp2Pkg.dec + UefiCpuPkg/UefiCpuPkg.dec + +[LibraryClasses] + BaseMemoryLib + DebugLib + BaseLib + CpuLib + PeCoffLib diff --git a/IntelFsp2Pkg/PreFspSec/X64/PreFspSecCommon.nasm b/IntelFsp2Pkg/PreFspSec/X64/PreFspSecCommon.nasm new file mode 100644 index 0000000000..f1e166de36 --- /dev/null +++ b/IntelFsp2Pkg/PreFspSec/X64/PreFspSecCommon.nasm @@ -0,0 +1,69 @@ +;; @file +; Run before FSP SecCore to rebase SecCore and PeiCore +; +; Copyright (c) 2024, Intel Corporation. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +;; + DEFAULT REL + SECTION .text + +%include "PushPopRegsNasm.inc" + +; +; Following functions will be provided in C +; +extern ASM_PFX(FspPatchSecAndPeiCore) + +;---------------------------------------------------------------------------- +; _ModuleEntryPoint API +; +; This is the PreFspSec entry point to rebase and resume the FSP execution +; Only rax register is modified. +; +;---------------------------------------------------------------------------- +global ASM_PFX(_ModuleEntryPoint) +ASM_PFX(_ModuleEntryPoint): + PUSHA_64 + call ASM_PFX(FspPatchSecAndPeiCore) + POPA_64 + call ASM_PFX(AsmGetFspSecEntry) + jmp rax + +global ASM_PFX(AsmGetFspSecCore) +ASM_PFX(AsmGetFspSecCore): + lea rax, [ASM_PFX(AsmGetFspSecCore)] + mov rcx, rax + xor rdx, rdx + DB 0x48, 0x2d ; sub rax, 0x???????? +global ASM_PFX(SecCoreRelativeOff) +ASM_PFX(SecCoreRelativeOff): + DD 0 ; This value can be patched by the build script if need to rebase SecCore + xchg rax, rcx ; After exchange, rcx is the value be subtract by the patched value + ; rax == rcx means patched value is zero + CMPXCHG rcx, rdx ; if (rcx == rax) {rcx = rdx} else {rax = rcx} + mov rax, rcx + ret + +global ASM_PFX(AsmGetFspPeiCore) +ASM_PFX(AsmGetFspPeiCore): + lea rax, [ASM_PFX(AsmGetFspPeiCore)] + mov rcx, rax + xor rdx, rdx + DB 0x48, 0x2d ; sub rax, 0x???????? +global ASM_PFX(PeiCoreRelativeOff) +ASM_PFX(PeiCoreRelativeOff): + DD 0 ; This value can be patched by the build script if need to rebase PeiCore + xchg rax, rcx ; After exchange, rcx is the value be subtract by the patched value + ; rax == rcx means patched value is zero + CMPXCHG rcx, rdx ; if (rcx == rax) {rcx = rdx} else {rax = rcx} + mov rax, rcx + ret + +global ASM_PFX(AsmGetFspSecEntry) +ASM_PFX(AsmGetFspSecEntry): + lea rax, [ASM_PFX(AsmGetFspSecEntry)] + DB 0x48, 0x2d ; sub rax, 0x???????? +global ASM_PFX(SecEntryRelativeOff) +ASM_PFX(SecEntryRelativeOff): + DD 0x12345678 ; This value must be patched by the build script + ret -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117357): https://edk2.groups.io/g/devel/message/117357 Mute This Topic: https://groups.io/mt/105304660/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-