From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4EDA781DAE for ; Wed, 9 Nov 2016 23:27:51 -0800 (PST) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP; 09 Nov 2016 23:27:54 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,617,1473145200"; d="scan'208";a="899842651" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga003.jf.intel.com with ESMTP; 09 Nov 2016 23:27:54 -0800 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 9 Nov 2016 23:27:54 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 9 Nov 2016 23:27:53 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.239]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.239]) with mapi id 14.03.0248.002; Thu, 10 Nov 2016 15:27:51 +0800 From: "Yao, Jiewen" To: "Ni, Ruiyu" , "edk2-devel@lists.01.org" Thread-Topic: [PATCH 4/4] MdeModulePkg/SecurityStubDxe: Report failure if image is load earlier Thread-Index: AQHSNjbEFJgAZ/+fFEmsziBhLow+EqDR22tg Date: Thu, 10 Nov 2016 07:27:51 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386CE16D@shsmsx102.ccr.corp.intel.com> References: <20161104005942.345832-1-ruiyu.ni@intel.com> <20161104005942.345832-5-ruiyu.ni@intel.com> In-Reply-To: <20161104005942.345832-5-ruiyu.ni@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 4/4] MdeModulePkg/SecurityStubDxe: Report failure if image is load earlier X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Nov 2016 07:27:51 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Ni, Ruiyu > Sent: Friday, November 4, 2016 9:00 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen > Subject: [PATCH 4/4] MdeModulePkg/SecurityStubDxe: Report failure if > image is load earlier >=20 > The 3rd party image should be loaded after EndOfDxe event signal and > DxeSmmReadyToLock protocol installation. But non-SMM platform doesn't > published DxeSmmReadyToLock protocol. > So the SecurityStubDxe can only depend on EndOfDxe event. >=20 > This patch enhances the SecurityStubDxe to listen on > DxeSmmReadyToLock protocol installation and if any 3rd party image > is loaded before DxeSmmReadyToLock, it reports failure. >=20 > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Ruiyu Ni > Cc: Jiewen Yao > --- > .../SecurityStubDxe/Defer3rdPartyImageLoad.c | 57 > ++++++++++++++++++++++ > .../SecurityStubDxe/Defer3rdPartyImageLoad.h | 5 +- > .../Universal/SecurityStubDxe/SecurityStubDxe.inf | 3 ++ > 3 files changed, 64 insertions(+), 1 deletion(-) >=20 > diff --git > a/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c > b/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c > index ca45d56..84d573b 100644 > --- a/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c > +++ > b/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c > @@ -30,6 +30,7 @@ typedef struct { > DEFERRED_3RD_PARTY_IMAGE_INFO *ImageInfo; ///< > deferred 3rd party image item > } DEFERRED_3RD_PARTY_IMAGE_TABLE; >=20 > +BOOLEAN mImageLoadedAfterEndOfDxe > =3D FALSE; > BOOLEAN mEndOfDxe > =3D FALSE; > DEFERRED_3RD_PARTY_IMAGE_TABLE mDeferred3rdPartyImage =3D { > 0, // Deferred image count > @@ -257,6 +258,52 @@ EndOfDxe ( > } >=20 > /** > + Event notification for gEfiDxeSmmReadyToLockProtocolGuid event. > + > + This function reports failure if any deferred image is loaded before > + this callback. > + Platform should publish ReadyToLock protocol immediately after > signaling > + of the End of DXE Event. > + > + @param Event The Event that is being processed, > not used. > + @param Context Event Context, not used. > + > +**/ > +VOID > +EFIAPI > +DxdSmmReadyToLock ( > + IN EFI_EVENT Event, > + IN VOID *Context > + ) > +{ > + EFI_STATUS Status; > + VOID *Interface; > + > + Status =3D gBS->LocateProtocol (&gEfiDxeSmmReadyToLockProtocolGuid, > NULL, &Interface); > + if (EFI_ERROR (Status)) { > + return; > + } > + > + gBS->CloseEvent (Event); > + > + if (mImageLoadedAfterEndOfDxe) { > + // > + // Platform should not dispatch the 3rd party images after signaling > EndOfDxe event > + // but before publishing DxeSmmReadyToLock protocol. > + // > + DEBUG (( > + DEBUG_ERROR, > + "[Security] 3rd party images must be dispatched after > DxeSmmReadyToLock Protocol installation!\n" > + )); > + REPORT_STATUS_CODE ( > + EFI_ERROR_CODE | EFI_ERROR_UNRECOVERED, > + (EFI_SOFTWARE_DXE_BS_DRIVER | > EFI_SW_EC_ILLEGAL_SOFTWARE_STATE) > + ); > + ASSERT (FALSE); > + } > +} > + > +/** > Defer the 3rd party image load and installs Deferred Image Load > Protocol. >=20 > @param[in] File This is a pointer to the device > path of the file that > @@ -303,6 +350,7 @@ Defer3rdPartyImageLoad ( > ); >=20 > if (mEndOfDxe) { > + mImageLoadedAfterEndOfDxe =3D TRUE; > // > // The image might be first time loaded after EndOfDxe, > // So ImageInfo can be NULL. > @@ -334,6 +382,7 @@ Defer3rdPartyImageLoadInitialize ( > EFI_STATUS Status; > EFI_HANDLE Handle; > EFI_EVENT Event; > + VOID *Registration; >=20 > Handle =3D NULL; > Status =3D gBS->InstallMultipleProtocolInterfaces ( > @@ -353,4 +402,12 @@ Defer3rdPartyImageLoadInitialize ( > &Event > ); > ASSERT_EFI_ERROR (Status); > + > + EfiCreateProtocolNotifyEvent ( > + &gEfiDxeSmmReadyToLockProtocolGuid, > + TPL_CALLBACK, > + DxdSmmReadyToLock, > + NULL, > + &Registration > + ); > } > diff --git > a/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h > b/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h > index 3fab258..75553ba 100644 > --- a/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h > +++ > b/MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.h > @@ -15,16 +15,19 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #ifndef _DEFER_3RD_PARTY_IMAGE_LOAD_H_ > #define _DEFER_3RD_PARTY_IMAGE_LOAD_H_ >=20 > -#include > +#include > #include > #include > #include > +#include >=20 > #include > #include > #include > #include > #include > +#include > +#include >=20 > /** > Returns information about a deferred image. > diff --git a/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf > b/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf > index be6ce6c..7f8f6cb 100644 > --- a/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf > +++ b/MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf > @@ -41,6 +41,8 @@ [LibraryClasses] > UefiBootServicesTableLib > DebugLib > SecurityManagementLib > + ReportStatusCodeLib > + UefiLib >=20 > [Guids] > gEfiEndOfDxeEventGroupGuid ## CONSUMES ## > Event > @@ -49,6 +51,7 @@ [Protocols] > gEfiSecurityArchProtocolGuid ## PRODUCES > gEfiSecurity2ArchProtocolGuid ## PRODUCES > gEfiDeferredImageLoadProtocolGuid ## PRODUCES > + gEfiDxeSmmReadyToLockProtocolGuid ## CONSUMES >=20 > [Depex] > TRUE > -- > 2.9.0.windows.1