public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* WSMT bits
@ 2020-03-10  9:36 Laszlo Ersek
  2020-03-10 13:48 ` Laszlo Ersek
  0 siblings, 1 reply; 6+ messages in thread
From: Laszlo Ersek @ 2020-03-10  9:36 UTC (permalink / raw)
  To: Jiewen Yao; +Cc: edk2-devel-groups-io, Ray Ni

Hi Jiewen,

reading the following chapter:

  https://edk2-docs.gitbooks.io/a-tour-beyond-bios-memory-protection-in-uefi-bios/content/memory-protection-in-SMM.html

I'm having trouble associating the protection features implemented in
edk2 with the various bits in the WSMT (per
"MdePkg/Include/IndustryStandard/WindowsSmmSecurityMitigationTable.h").

For example, it seems like the bits a platform sets in the WSMT *might*
depend on "PcdCpuSmmRestrictedMemoryAccess".

Can someone clarify these please?


FWIW, in the edk2-platforms tree, the
"Platform/Intel/Vlv2TbltDevicePkg/AcpiPlatform/AcpiPlatform.c" source
file sets EFI_WSMT_PROTECTION_FLAGS_FIXED_COMM_BUFFERS and
EFI_WSMT_PROTECTION_FLAGS_COMM_BUFFER_NESTED_PTR_PROTECTION. It does not
set EFI_WSMT_PROTECTION_FLAGS_SYSTEM_RESOURCE_PROTECTION.

Is this bitmask (from Vlv2TbltDevicePkg) the general pattern that other
edk2 platforms with SMM support should expose too, as a starting point?

Does Vlv2TbltDevicePkg perform some specific actions in order to claim
these feature bits, or do they simply report guarantees that the core
edk2 SMM infrastructure provides out of the box?

This code was originally added to Vlv2TbltDevicePkg in edk2 (not
edk2-platforms) commit 2c855d3aaf36d (preceding the movement of
Vlv2TbltDevicePkg to edk2-platforms):

commit 2c855d3aaf36da80f8c4f0ae12d31900a628b0a9
Author: Lu, ShifeiX A <shifeix.a.lu@intel.com>
Date:   Thu Jul 28 16:21:28 2016 +0800

    Vlv2DeviceRefCodePkg&Vlv2DevicePkg:Add sample WSMT table.

    This is an sample WSMT table, which we only
    update BIT0 and BIT1 of Protections flags fields.

    Contributed-under: TianoCore Contribution Agreement 1.0
    Signed-off-by: lushifex <shifeix.a.lu@intel.com>
    Reviewed-by: David Wei <david.wei@intel.com>

 Vlv2DeviceRefCodePkg/AcpiTablesPCAT/AcpiTables.inf |  3 ++-
 Vlv2DeviceRefCodePkg/AcpiTablesPCAT/Wsmt/Wsmt.aslc | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 Vlv2TbltDevicePkg/AcpiPlatform/AcpiPlatform.c      | 13 +++++++++++++
 3 files changed, 75 insertions(+), 1 deletion(-)

And that's not a lot of explanation, unfortunately.

(Note: I have not read the WSMT spec.)

Thanks,
Laszlo


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-03-11 13:02 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-10  9:36 WSMT bits Laszlo Ersek
2020-03-10 13:48 ` Laszlo Ersek
2020-03-11  2:01   ` Yao, Jiewen
2020-03-11 10:23     ` Laszlo Ersek
2020-03-11 12:00       ` Yao, Jiewen
2020-03-11 13:02         ` Laszlo Ersek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox