From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D256B81FEC for ; Wed, 8 Feb 2017 23:43:26 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP; 08 Feb 2017 23:43:26 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,349,1484035200"; d="scan'208";a="56829028" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga004.jf.intel.com with ESMTP; 08 Feb 2017 23:43:26 -0800 Received: from fmsmsx151.amr.corp.intel.com (10.18.125.4) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 8 Feb 2017 23:43:26 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX151.amr.corp.intel.com (10.18.125.4) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 8 Feb 2017 23:43:25 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.204]) with mapi id 14.03.0248.002; Thu, 9 Feb 2017 15:43:22 +0800 From: "Yao, Jiewen" To: "Yao, Jiewen" , "edk2-devel@lists.01.org" CC: "Tian, Feng" , Ard Biesheuvel , Leif Lindholm , "Kinney, Michael D" , "Fan, Jeff" , "Zeng, Star" Thread-Topic: [edk2] [PATCH V3 0/4] DXE Memory Protection Thread-Index: AQHSgqUbN7Jz0f1B3Eq2SFYIOVpghqFgSkIg Date: Thu, 9 Feb 2017 07:43:21 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8EBD52@shsmsx102.ccr.corp.intel.com> References: <1486624832-15736-1-git-send-email-jiewen.yao@intel.com> In-Reply-To: <1486624832-15736-1-git-send-email-jiewen.yao@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH V3 0/4] DXE Memory Protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 07:43:27 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Lindholm/Ard This version 3 contains both of your feedback before. If you can do me a favor to evaluated the impact to ARM, that will be great= . Thank you Yao Jiewen > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ji= ewen > Yao > Sent: Wednesday, February 8, 2017 11:20 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng ; Ard Biesheuvel > ; Leif Lindholm ; Ki= nney, > Michael D ; Fan, Jeff ; Z= eng, > Star > Subject: [edk2] [PATCH V3 0/4] DXE Memory Protection >=20 > =3D=3D=3D=3D V3 =3D=3D=3D=3D > 1) Add PCD for policy control (feedback from Ard Biesheuvel) > (Discussed with Mike Kinney) > + # BIT0 - Image from unknown device.
> + # BIT1 - Image from firmware volume.
> + # @Prompt Set image protection policy. > + # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F > + > gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UIN > T32|0x00001047 >=20 > 2) Remove unused function in CpuDxe.(feedback from Liming Gao) > 3) Add commit log on link option assumption (feedback from Feng Tian) >=20 > =3D=3D=3D=3D V2 =3D=3D=3D=3D > 1) Clean up ArmPkg, (feedback from Leif Lindholm) >=20 > =3D=3D=3D=3D V1 =3D=3D=3D=3D > This series patch provides capability to protect PE/COFF image > in DXE memory. > If the UEFI image is page aligned, the image code section is set to read > only and the image data section is set to non-executable. >=20 > The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect > the image. >=20 > Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal X6= 4/ > Tested OS: UEFI Win10, UEFI Ubuntu 16.04. >=20 > Untested platform: ARM/AARCH64. > Can ARM/AARCH64 owner help to take a look and try the ARM platform? >=20 >=20 > Cc: Jeff Fan > Cc: Michael Kinney > Cc: Leif Lindholm > Cc: Ard Biesheuvel > Cc: Star Zeng > Cc: Feng Tian > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao >=20 > Jiewen Yao (4): > UefiCpuPkg/CpuDxe: Add memory attribute setting. > ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage > MdeModulePkg/dec: add PcdImageProtectionPolicy. > MdeModulePkg/DxeCore: Add UEFI image protection. >=20 > ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 3 +- > ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 14 +- > ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c | 5 +- > ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 3 +- > MdeModulePkg/Core/Dxe/DxeMain.h | 53 ++ > MdeModulePkg/Core/Dxe/DxeMain.inf | 5 +- > MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 3 +- > MdeModulePkg/Core/Dxe/Image/Image.c | 7 +- > MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 735 > ++++++++++++++++++ > MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c | 24 +- > MdeModulePkg/MdeModulePkg.dec | 10 + > UefiCpuPkg/CpuDxe/CpuDxe.c | 141 ++-- > UefiCpuPkg/CpuDxe/CpuDxe.inf | 5 +- > UefiCpuPkg/CpuDxe/CpuPageTable.c | 779 > ++++++++++++++++++++ > UefiCpuPkg/CpuDxe/CpuPageTable.h | 113 +++ > 15 files changed, 1801 insertions(+), 99 deletions(-) > create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c > create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h >=20 > -- > 2.7.4.windows.1 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel