From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.151; helo=mga17.intel.com;
 envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 4E110211D35C2
 for <edk2-devel@lists.01.org>; Tue,  5 Mar 2019 07:50:52 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 05 Mar 2019 07:50:52 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,444,1544515200"; d="scan'208";a="152236364"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
 by fmsmga001.fm.intel.com with ESMTP; 05 Mar 2019 07:50:52 -0800
Received: from fmsmsx117.amr.corp.intel.com (10.18.116.17) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 5 Mar 2019 07:50:52 -0800
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 fmsmsx117.amr.corp.intel.com (10.18.116.17) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 5 Mar 2019 07:50:51 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.163]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.26]) with mapi id 14.03.0415.000;
 Tue, 5 Mar 2019 23:50:49 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
Thread-Topic: [PATCH 06/10] StandaloneMmPkg/Core: permit encapsulated
 firmware volumes
Thread-Index: AQHU01f6u/A0/yxbTUWHNtIq5fZCiaX9L6hg
Date: Tue, 5 Mar 2019 15:50:47 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F54D127@shsmsx102.ccr.corp.intel.com>
References: <20190305133248.4828-1-ard.biesheuvel@linaro.org>
 <20190305133248.4828-7-ard.biesheuvel@linaro.org>
In-Reply-To: <20190305133248.4828-7-ard.biesheuvel@linaro.org>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOWM4ODRhNTEtZjBhNy00YTE2LTg3ZGItYWI1YjQ4Njg4NDNiIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiTXI4ZDZRM3V2MENUdlVob3c2TVlleGtDTDVqTjdYTTArTVprY1J1OVdoWUVtMjlTeEUxVFZsN3ZKWmRhVW1LdyJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH 06/10] StandaloneMmPkg/Core: permit encapsulated firmware volumes
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 15:50:53 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: jiewen.yao@intel.com

> -----Original Message-----
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Tuesday, March 5, 2019 5:33 AM
> To: edk2-devel@lists.01.org
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Achin Gupta
> <achin.gupta@arm.com>; Supreeth Venkatesh
> <supreeth.venkatesh@arm.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Leif Lindholm <leif.lindholm@linaro.org>; Jagadeesh Ujja
> <jagadeesh.ujja@arm.com>
> Subject: [PATCH 06/10] StandaloneMmPkg/Core: permit encapsulated
> firmware volumes
>=20
> Standalone MM requires 4 KB section alignment for all images, so that
> strict permissions can be applied. Unfortunately, this results in a
> lot of wasted space, which is usually costly in the secure world
> environment that standalone MM is expected to operate in.
>=20
> So let's permit the standalone MM drivers (but not the core) to be
> delivered in a compressed firmware volume.
>=20
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  StandaloneMmPkg/Core/StandaloneMmCore.inf |  1 +
>  StandaloneMmPkg/Core/FwVol.c              | 99
> ++++++++++++++++++--
>  2 files changed, 91 insertions(+), 9 deletions(-)
>=20
> diff --git a/StandaloneMmPkg/Core/StandaloneMmCore.inf
> b/StandaloneMmPkg/Core/StandaloneMmCore.inf
> index ff2b8b9cef03..83d31e2d92c5 100644
> --- a/StandaloneMmPkg/Core/StandaloneMmCore.inf
> +++ b/StandaloneMmPkg/Core/StandaloneMmCore.inf
> @@ -49,6 +49,7 @@ [LibraryClasses]
>    BaseMemoryLib
>    CacheMaintenanceLib
>    DebugLib
> +  ExtractGuidedSectionLib
>    FvLib
>    HobLib
>    MemoryAllocationLib
> diff --git a/StandaloneMmPkg/Core/FwVol.c
> b/StandaloneMmPkg/Core/FwVol.c
> index 5abf98c24797..d95491f252f9 100644
> --- a/StandaloneMmPkg/Core/FwVol.c
> +++ b/StandaloneMmPkg/Core/FwVol.c
> @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
>=20
>  #include "StandaloneMmCore.h"
>  #include <Library/FvLib.h>
> +#include <Library/ExtractGuidedSectionLib.h>
>=20
>  //
>  // List of file types supported by dispatcher
> @@ -65,15 +66,25 @@ Returns:
>=20
>  --*/
>  {
> -  EFI_STATUS          Status;
> -  EFI_STATUS          DepexStatus;
> -  EFI_FFS_FILE_HEADER *FileHeader;
> -  EFI_FV_FILETYPE     FileType;
> -  VOID                *Pe32Data;
> -  UINTN               Pe32DataSize;
> -  VOID                *Depex;
> -  UINTN               DepexSize;
> -  UINTN               Index;
> +  EFI_STATUS                              Status;
> +  EFI_STATUS                              DepexStatus;
> +  EFI_FFS_FILE_HEADER                     *FileHeader;
> +  EFI_FV_FILETYPE                         FileType;
> +  VOID                                    *Pe32Data;
> +  UINTN                                   Pe32DataSize;
> +  VOID                                    *Depex;
> +  UINTN                                   DepexSize;
> +  UINTN                                   Index;
> +  EFI_COMMON_SECTION_HEADER               *Section;
> +  VOID                                    *SectionData;
> +  UINTN                                   SectionDataSize;
> +  UINT32                                  DstBufferSize;
> +  VOID                                    *ScratchBuffer;
> +  UINT32                                  ScratchBufferSize;
> +  VOID                                    *DstBuffer;
> +  UINT16                                  SectionAttribute;
> +  UINT32                                  AuthenticationStatus;
> +  EFI_FIRMWARE_VOLUME_HEADER              *InnerFvHeader;
>=20
>    DEBUG ((DEBUG_INFO, "MmCoreFfsFindMmDriver - 0x%x\n",
> FwVolHeader));
>=20
> @@ -83,6 +94,71 @@ Returns:
>=20
>    FvIsBeingProcesssed (FwVolHeader);
>=20
> +  //
> +  // First check for encapsulated compressed firmware volumes
> +  //
> +  FileHeader =3D NULL;
> +  do {
> +    Status =3D FfsFindNextFile
> (EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE,
> +               FwVolHeader, &FileHeader);
> +    if (EFI_ERROR (Status)) {
> +      break;
> +    }
> +    Status =3D FfsFindSectionData (EFI_SECTION_GUID_DEFINED,
> FileHeader,
> +               &SectionData, &SectionDataSize);
> +    if (EFI_ERROR (Status)) {
> +      break;
> +    }
> +    Section =3D (EFI_COMMON_SECTION_HEADER *)(FileHeader + 1);
> +    Status =3D ExtractGuidedSectionGetInfo (Section, &DstBufferSize,
> +               &ScratchBufferSize, &SectionAttribute);
> +    if (EFI_ERROR (Status)) {
> +      break;
> +    }
> +
> +    //
> +    // Allocate scratch buffer
> +    //
> +    ScratchBuffer =3D (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES
> (ScratchBufferSize));
> +    if (ScratchBuffer =3D=3D NULL) {
> +      return EFI_OUT_OF_RESOURCES;
> +    }
> +
> +    //
> +    // Allocate destination buffer, extra one page for adjustment
> +    //
> +    DstBuffer =3D (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES
> (DstBufferSize));
> +    if (DstBuffer =3D=3D NULL) {
> +      return EFI_OUT_OF_RESOURCES;
> +    }
> +
> +    //
> +    // Call decompress function
> +    //
> +    Status =3D ExtractGuidedSectionDecode (Section, &DstBuffer,
> ScratchBuffer,
> +                &AuthenticationStatus);
> +    FreePages (ScratchBuffer, EFI_SIZE_TO_PAGES (ScratchBufferSize));
> +    if (EFI_ERROR (Status)) {
> +      goto FreeDstBuffer;
> +    }
> +
> +    DEBUG ((DEBUG_INFO,
> +      "Processing compressed firmware volume (AuthenticationStatus
> =3D=3D %x)\n",
> +      AuthenticationStatus));
> +
> +    Status =3D FindFfsSectionInSections (DstBuffer, DstBufferSize,
> +               EFI_SECTION_FIRMWARE_VOLUME_IMAGE, &Section);
> +    if (EFI_ERROR (Status)) {
> +      goto FreeDstBuffer;
> +    }
> +
> +    InnerFvHeader =3D (VOID *)(Section + 1);
> +    Status =3D MmCoreFfsFindMmDriver (InnerFvHeader);
> +    if (EFI_ERROR (Status)) {
> +      goto FreeDstBuffer;
> +    }
> +  } while (TRUE);
> +
>    for (Index =3D 0; Index < sizeof (mMmFileTypes) / sizeof (mMmFileTypes=
[0]);
> Index++) {
>      DEBUG ((DEBUG_INFO, "Check MmFileTypes - 0x%x\n",
> mMmFileTypes[Index]));
>      FileType =3D mMmFileTypes[Index];
> @@ -100,5 +176,10 @@ Returns:
>      } while (!EFI_ERROR (Status));
>    }
>=20
> +  return EFI_SUCCESS;
> +
> +FreeDstBuffer:
> +  FreePages (DstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize));
> +
>    return Status;
>  }
> --
> 2.20.1