From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Mon, 26 Aug 2019 10:38:54 -0700 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 767CF10C030C; Mon, 26 Aug 2019 17:38:53 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-34.ams2.redhat.com [10.36.117.34]) by smtp.corp.redhat.com (Postfix) with ESMTP id 78E43196AE; Mon, 26 Aug 2019 17:38:52 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH 4/5] UefiCpuPkg: Explain relationship between several SMM PCDs To: devel@edk2.groups.io, ray.ni@intel.com Cc: Eric Dong , Jiewen Yao References: <20190825224513.171572-1-ray.ni@intel.com> <20190825224513.171572-5-ray.ni@intel.com> From: "Laszlo Ersek" Message-ID: <664200a2-58c4-7b2c-36a6-980f1ebe81d2@redhat.com> Date: Mon, 26 Aug 2019 19:38:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190825224513.171572-5-ray.ni@intel.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.65]); Mon, 26 Aug 2019 17:38:53 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 08/26/19 00:45, Ni, Ray wrote: > There are three PCDs that may impact the behavior of each other in > SMM environment: > PcdCpuSmmProfileEnable > PcdHeapGuardPropertyMask in MdeModulePkg > PcdCpuSmmRestrictedMemoryAccess > > The patch updates the comments in DEC file to document it. > > Signed-off-by: Ray Ni > Cc: Eric Dong > Cc: Jiewen Yao > Cc: Laszlo Ersek > --- > UefiCpuPkg/UefiCpuPkg.dec | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec > index 83acd33612..9a03bdd716 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dec > +++ b/UefiCpuPkg/UefiCpuPkg.dec > @@ -81,7 +81,8 @@ [Ppis] > [PcdsFeatureFlag] > ## Indicates if SMM Profile will be enabled. > # If enabled, instruction executions in and data accesses to memory outside of SMRAM will be logged. > - # It could not be enabled at the same time with SMM static page table feature (PcdCpuSmmStaticPageTable). > + # In X64 build, it could not be enabled when PcdCpuSmmRestrictedMemoryAccess is TRUE. > + # In IA32 build, the page table memory is not marked as read-only when it is enabled. > # This PCD is only for validation purpose. It should be set to false in production.

> # TRUE - SMM Profile will be enabled.
> # FALSE - SMM Profile will be disabled.
> @@ -285,6 +286,11 @@ [PcdsFixedAtBuild.X64, PcdsPatchableInModule.X64, PcdsDynamic.X64, PcdsDynamicEx > # The PCD value is considered as constantly TRUE in IA32 platforms. > # When the PCD value is TRUE, page table is initialized to cover all memory spaces > # and the memory occupied by page table is protected by page table itself as read-only. > + # In X64 build, it cannot be enabled at the same time with SMM profile feature (PcdCpuSmmProfileEnable). > + # In X64 build, it could not be enabled also at the same time with heap guard feature for SMM > + # (PcdHeapGuardPropertyMask in MdeModulePkg). > + # In IA32 build, page table memory is not marked as read-only when either SMM profile feature (PcdCpuSmmProfileEnable) > + # or heap guard feature for SMM (PcdHeapGuardPropertyMask in MdeModulePkg) is enabled. > # TRUE - Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock.
> # FALSE - Access to any type of non-SMRAM memory after SmmReadyToLock is allowed.
> # @Prompt Access to non-SMRAM memory is restricted to reserved, runtime and ACPI NVS type after SmmReadyToLock. > Please consider updating the UNI file as well. Reviewed-by: Laszlo Ersek