Re: [PATCH v2 0/7] MdeModulePkg: add support for dispatching foreign arch PE/COFF images

["Yao, Jiewen" <jiewen.yao@intel.com>]

One more, did you enable tpm to see if tpm measurement still works well ?

Also did defer image solution still takes effect with this change?

Sorry to ask many questions, I want to make sure the current security design still work with this new capability. 

thank you!
Yao, Jiewen


> 在 2018年9月19日，下午5:30，Yao, Jiewen <jiewen.yao@intel.com> 写道：
> 
> Thank you Ard. Good to know. 
> 
> Did you also try some security test, such as input a bad image to see if the code can return failure gracefully? 
> 
> Or enable secure boot to see if the image verification process still works well ?
> 
> thank you!
> Yao, Jiewen
> 
> 
>>> 在 2018年9月18日，下午9:53，Ard Biesheuvel <ard.biesheuvel@linaro.org> 写道：
>>> 
>>> On 18 September 2018 at 00:32, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>>> HI Ard
>>> This is a great feature.
>>> 
>> 
>> Thanks!
>> 
>>> May I know what test has been done for this patch series?
>>> 
>>> Would you please share that information? No matter your unit test, or system level test.
>>> 
>> 
>> I have used ArmVirtPkg/ArmVirtQemu.dsc built for AARCH64 in two configurations:
>> - one replacing the native FAT driver built from source with the EBC
>> binary version
>> - another one replacing the FAT driver and including the X86 emulator [0]
>> 
>> The tests involved accessing a FAT partition (both builds) and running
>> the X86 version of iPXE (the latter build only)
>> 
>> 
>> 
>> [0] https://github.com/ardbiesheuvel/X86EmulatorPkg
>> 
>> 
>>>> -----Original Message-----
>>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>>>> Ard Biesheuvel
>>>> Sent: Saturday, September 15, 2018 9:29 PM
>>>> To: edk2-devel@lists.01.org
>>>> Cc: Ni, Ruiyu <ruiyu.ni@intel.com>; Zimmer, Vincent
>>>> <vincent.zimmer@intel.com>; Dong, Eric <eric.dong@intel.com>; Andrew
>>>> Fish <afish@apple.com>; Carsey, Jaben <jaben.carsey@intel.com>;
>>>> Richardson, Brian <brian.richardson@intel.com>; Gao, Liming
>>>> <liming.gao@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>;
>>>> Zeng, Star <star.zeng@intel.com>
>>>> Subject: [edk2] [PATCH v2 0/7] MdeModulePkg: add support for dispatching
>>>> foreign arch PE/COFF images
>>>> 
>>>> Add the basic plumbing to DXE core, the PCI bus driver and the boot manager
>>>> to allow PE/COFF images to be dispatched that target an architecture that is
>>>> not native for the platform, but which is supported by one of potentially
>>>> several available emulators.
>>>> 
>>>> One implementation of such an emulator can be found here:
>>>> https://github.com/ardbiesheuvel/X86EmulatorPkg
>>>> 
>>>> This also allows us to get rid of the special treatment of EBC images in
>>>> core code. Instead, the EbcDxe driver is augmented with an implementation
>>>> of the EDK2 PE/COFF image emulator so that internal knowledge of how EBC
>>>> is implemented (I-cache flushing, thunks) is removed from the DXE core.
>>>> 
>>>> Changes since v2:
>>>> - subsume the EBC handling into the EDK2 emulator protocol and abstract
>>>> away from EBC specifics in core code.
>>>> - allow multiple emulator implementations to co-exist
>>>> - incorporate Star's review feedback
>>>> 
>>>> Cc: Vincent Zimmer <vincent.zimmer@intel.com>
>>>> Cc: Brian Richardson <brian.richardson@intel.com>
>>>> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>>>> Cc: Andrew Fish <afish@apple.com>
>>>> Cc: Leif Lindholm <leif.lindholm@linaro.org>
>>>> Cc: Star Zeng <star.zeng@intel.com>
>>>> Cc: Eric Dong <eric.dong@intel.com>
>>>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>>>> Cc: Liming Gao <liming.gao@intel.com>
>>>> Cc: Jaben Carsey <jaben.carsey@intel.com>
>>>> Cc: Steven Shi <steven.shi@intel.com>
>>>> 
>>>> Ard Biesheuvel (7):
>>>> MdeModulePkg: introduce PE/COFF image emulator protocol
>>>> MdeModulePkg/DxeCore: invoke the emulator protocol for foreign
>>>> images
>>>> MdeModulePkg/PciBusDxe: invoke PE/COFF emulator for foreign option
>>>>   ROMs
>>>> MdeModulePkg/UefiBootManagerLib: allow foreign Driver#### images
>>>> MdeModulePkg/EbcDxe: implement the PE/COFF emulator protocol
>>>> MdePkg/UefiBaseType.h: treat EBC as a non-native machine type
>>>> MdeModulePkg/DxeCore: remove explicit EBC handling
>>>> 
>>>> MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h       |   1 +
>>>> MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf  |   1 +
>>>> .../Bus/Pci/PciBusDxe/PciOptionRomSupport.c   |  51 ++++++-
>>>> MdeModulePkg/Core/Dxe/DxeMain.h               |   6 +-
>>>> MdeModulePkg/Core/Dxe/DxeMain.inf             |   2 +-
>>>> MdeModulePkg/Core/Dxe/Image/Image.c           | 141
>>>> +++++++++++-------
>>>> .../Include/Protocol/PeCoffImageEmulator.h    |  99 ++++++++++++
>>>> .../Library/UefiBootManagerLib/BmLoadOption.c |  51 ++++++-
>>>> .../Library/UefiBootManagerLib/InternalBm.h   |   1 +
>>>> .../UefiBootManagerLib/UefiBootManagerLib.inf |   1 +
>>>> MdeModulePkg/MdeModulePkg.dec                 |   4 +
>>>> MdeModulePkg/Universal/EbcDxe/EbcDxe.inf      |   3 +
>>>> MdeModulePkg/Universal/EbcDxe/EbcInt.c        | 124
>>>> +++++++++++++++
>>>> MdeModulePkg/Universal/EbcDxe/EbcInt.h        |   3 +
>>>> MdePkg/Include/Uefi/UefiBaseType.h            |   8 +-
>>>> 15 files changed, 432 insertions(+), 64 deletions(-)
>>>> create mode 100644
>>>> MdeModulePkg/Include/Protocol/PeCoffImageEmulator.h
>>>> 
>>>> --
>>>> 2.17.1
>>>> 
>>>> _______________________________________________
>>>> edk2-devel mailing list
>>>> edk2-devel@lists.01.org
>>>> https://lists.01.org/mailman/listinfo/edk2-devel
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel