From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6FADC21B02822 for ; Fri, 18 Jan 2019 07:40:02 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Jan 2019 07:40:02 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,491,1539673200"; d="scan'208";a="107643205" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga007.jf.intel.com with ESMTP; 18 Jan 2019 07:40:01 -0800 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 18 Jan 2019 07:40:01 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 18 Jan 2019 07:40:00 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.63]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.150]) with mapi id 14.03.0415.000; Fri, 18 Jan 2019 23:39:59 +0800 From: "Yao, Jiewen" To: Ard Biesheuvel , "edk2-devel@lists.01.org" Thread-Topic: [PATCH v2 11/11] StandaloneMmPkg/Core: permit encapsulated firmware volumes Thread-Index: AQHUrdlHVvVOtZOhxEmaMUmqXf9RkaW1LBtA Date: Fri, 18 Jan 2019 15:39:58 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F4B1A3C@shsmsx102.ccr.corp.intel.com> References: <20190116202236.6977-1-ard.biesheuvel@linaro.org> <20190116202236.6977-12-ard.biesheuvel@linaro.org> In-Reply-To: <20190116202236.6977-12-ard.biesheuvel@linaro.org> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMjc0ZjgxNDUtM2NjZC00NzM4LThhNTUtOWUxYjVhYzJiYjdiIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoieGhxOTJ1Qkp1XC9Sd0lcL2lZZTZxNXViWU5JRk1IeDZnblF6azZPVlVmQ0NZV3hOVGQyMmtWVWVaTEI2bGRXdUZcLyJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2 11/11] StandaloneMmPkg/Core: permit encapsulated firmware volumes X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2019 15:40:02 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The idea seems good. May I know if there is any restriction on 64 handlers? +STATIC UINT64 mExtractGuidedSectionHandlerInfo[64]; If a system is configured with more handlers, what is expected behavior? Thank you Yao Jiewen > -----Original Message----- > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] > Sent: Wednesday, January 16, 2019 12:23 PM > To: edk2-devel@lists.01.org > Cc: Ard Biesheuvel ; Achin Gupta > ; Yao, Jiewen ; Supreeth > Venkatesh ; Leif Lindholm > ; Jagadeesh Ujja ; > Thomas Panakamattam Abraham ; Sami > Mujawar > Subject: [PATCH v2 11/11] StandaloneMmPkg/Core: permit encapsulated > firmware volumes >=20 > Standalone MM requires 4 KB section alignment for all images, so that > strict permissions can be applied. Unfortunately, this results in a > lot of wasted space, which is usually costly in the secure world > environment that standalone MM is expected to operate in. >=20 > So let's permit the standalone MM drivers (but not the core) to be > delivered in a compressed firmware volume. >=20 > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Ard Biesheuvel > --- > StandaloneMmPkg/Core/FwVol.c > | 99 ++++++++++++++++++-- > StandaloneMmPkg/Core/StandaloneMmCore.inf > | 1 + >=20 > StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/Standal > oneMmCoreEntryPoint.c | 5 + >=20 > StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCo > reEntryPoint.inf | 3 + > 4 files changed, 99 insertions(+), 9 deletions(-) >=20 > diff --git a/StandaloneMmPkg/Core/FwVol.c > b/StandaloneMmPkg/Core/FwVol.c > index 5abf98c24797..8eb827dda5c4 100644 > --- a/StandaloneMmPkg/Core/FwVol.c > +++ b/StandaloneMmPkg/Core/FwVol.c > @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. >=20 > #include "StandaloneMmCore.h" > #include > +#include >=20 > // > // List of file types supported by dispatcher > @@ -65,15 +66,25 @@ Returns: >=20 > --*/ > { > - EFI_STATUS Status; > - EFI_STATUS DepexStatus; > - EFI_FFS_FILE_HEADER *FileHeader; > - EFI_FV_FILETYPE FileType; > - VOID *Pe32Data; > - UINTN Pe32DataSize; > - VOID *Depex; > - UINTN DepexSize; > - UINTN Index; > + EFI_STATUS Status; > + EFI_STATUS DepexStatus; > + EFI_FFS_FILE_HEADER *FileHeader; > + EFI_FV_FILETYPE FileType; > + VOID *Pe32Data; > + UINTN Pe32DataSize; > + VOID *Depex; > + UINTN DepexSize; > + UINTN Index; > + EFI_COMMON_SECTION_HEADER *Section; > + VOID *SectionData; > + UINTN SectionDataSize; > + UINT32 DstBufferSize; > + VOID *ScratchBuffer; > + UINT32 ScratchBufferSize; > + VOID *DstBuffer; > + UINT16 SectionAttribute; > + UINT32 AuthenticationStatus; > + EFI_FIRMWARE_VOLUME_HEADER *InnerFvHeader; >=20 > DEBUG ((DEBUG_INFO, "MmCoreFfsFindMmDriver - 0x%x\n", > FwVolHeader)); >=20 > @@ -83,6 +94,71 @@ Returns: >=20 > FvIsBeingProcesssed (FwVolHeader); >=20 > + // > + // First check for encapsulated compressed firmware volumes > + // > + FileHeader =3D NULL; > + do { > + Status =3D FfsFindNextFile > (EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE, > + FwVolHeader, &FileHeader); > + if (EFI_ERROR (Status)) { > + break; > + } > + Status =3D FfsFindSectionData (EFI_SECTION_GUID_DEFINED, > FileHeader, > + &SectionData, &SectionDataSize); > + if (EFI_ERROR (Status)) { > + break; > + } > + Section =3D (EFI_COMMON_SECTION_HEADER *)(FileHeader + 1); > + Status =3D ExtractGuidedSectionGetInfo (Section, &DstBufferSize, > + &ScratchBufferSize, &SectionAttribute); > + if (EFI_ERROR (Status)) { > + break; > + } > + > + // > + // Allocate scratch buffer > + // > + ScratchBuffer =3D (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES > (ScratchBufferSize)); > + if (ScratchBuffer =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + // > + // Allocate destination buffer > + // > + DstBuffer =3D (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES > (DstBufferSize)); > + if (DstBuffer =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + > + // > + // Call decompress function > + // > + Status =3D ExtractGuidedSectionDecode (Section, &DstBuffer, > ScratchBuffer, > + &AuthenticationStatus); > + FreePages (ScratchBuffer, EFI_SIZE_TO_PAGES (ScratchBufferSize)); > + if (EFI_ERROR (Status)) { > + goto FreeDstBuffer; > + } > + > + DEBUG ((DEBUG_INFO, > + "Processing compressed firmware volume (AuthenticationStatus > =3D=3D %x)\n", > + AuthenticationStatus)); > + > + Status =3D FindFfsSectionInSections (DstBuffer, DstBufferSize, > + EFI_SECTION_FIRMWARE_VOLUME_IMAGE, &Section); > + if (EFI_ERROR (Status)) { > + goto FreeDstBuffer; > + } > + > + InnerFvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(Section + 1); > + Status =3D MmCoreFfsFindMmDriver (InnerFvHeader); > + if (EFI_ERROR (Status)) { > + goto FreeDstBuffer; > + } > + } while (TRUE); > + > for (Index =3D 0; Index < sizeof (mMmFileTypes) / sizeof (mMmFileTypes= [0]); > Index++) { > DEBUG ((DEBUG_INFO, "Check MmFileTypes - 0x%x\n", > mMmFileTypes[Index])); > FileType =3D mMmFileTypes[Index]; > @@ -100,5 +176,10 @@ Returns: > } while (!EFI_ERROR (Status)); > } >=20 > + return EFI_SUCCESS; > + > +FreeDstBuffer: > + FreePages (DstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize)); > + > return Status; > } > diff --git a/StandaloneMmPkg/Core/StandaloneMmCore.inf > b/StandaloneMmPkg/Core/StandaloneMmCore.inf > index ff2b8b9cef03..83d31e2d92c5 100644 > --- a/StandaloneMmPkg/Core/StandaloneMmCore.inf > +++ b/StandaloneMmPkg/Core/StandaloneMmCore.inf > @@ -49,6 +49,7 @@ [LibraryClasses] > BaseMemoryLib > CacheMaintenanceLib > DebugLib > + ExtractGuidedSectionLib > FvLib > HobLib > MemoryAllocationLib > diff --git > a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/Stand > aloneMmCoreEntryPoint.c > b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/Stand > aloneMmCoreEntryPoint.c > index 5cca532456fd..67ff9112d5c0 100644 > --- > a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/Stand > aloneMmCoreEntryPoint.c > +++ > b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/Stand > aloneMmCoreEntryPoint.c > @@ -205,6 +205,8 @@ GetSpmVersion (VOID) > return Status; > } >=20 > +STATIC UINT64 mExtractGuidedSectionHandlerInfo[64]; > + > /** > The entry point of Standalone MM Foundation. >=20 > @@ -285,6 +287,9 @@ _ModuleEntryPoint ( > goto finish; > } >=20 > + PcdSet64 (PcdGuidedExtractHandlerTableAddress, > + (UINT64)mExtractGuidedSectionHandlerInfo); > + > // > // Create Hoblist based upon boot information passed by privileged > software > // > diff --git > a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMm > CoreEntryPoint.inf > b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMm > CoreEntryPoint.inf > index 769eaeeefbea..55d769fa77e4 100644 > --- > a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMm > CoreEntryPoint.inf > +++ > b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMm > CoreEntryPoint.inf > @@ -54,3 +54,6 @@ [Guids] > gEfiMmPeiMmramMemoryReserveGuid > gEfiStandaloneMmNonSecureBufferGuid > gEfiArmTfCpuDriverEpDescriptorGuid > + > +[PatchPcd] > + gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress > -- > 2.17.1