From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BB6AE21B02822 for ; Wed, 19 Sep 2018 02:46:05 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Sep 2018 02:46:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,393,1531810800"; d="scan'208";a="87428497" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga002.fm.intel.com with ESMTP; 19 Sep 2018 02:46:04 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 19 Sep 2018 02:46:04 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.226]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.150]) with mapi id 14.03.0319.002; Wed, 19 Sep 2018 17:46:01 +0800 From: "Yao, Jiewen" To: Ard Biesheuvel CC: "Ni, Ruiyu" , "Zimmer, Vincent" , "Dong, Eric" , "edk2-devel@lists.01.org" , Andrew Fish , "Gao, Liming" , "Kinney, Michael D" , "Richardson, Brian" , "Carsey, Jaben" , "Zeng, Star" Thread-Topic: [edk2] [PATCH v2 0/7] MdeModulePkg: add support for dispatching foreign arch PE/COFF images Thread-Index: AQHUTPgb78b5a3jcP0GDpiWeAuM4+qT1qROA///k4YCAAc65RIAABIjD Date: Wed, 19 Sep 2018 09:46:00 +0000 Message-ID: References: <20180915132859.25727-1-ard.biesheuvel@linaro.org> <74D8A39837DF1E4DA445A8C0B3885C503AD62A6A@shsmsx102.ccr.corp.intel.com>, , In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: MIME-Version: 1.0 Subject: Re: [PATCH v2 0/7] MdeModulePkg: add support for dispatching foreign arch PE/COFF images X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Sep 2018 09:46:05 -0000 Content-Language: zh-CN Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable One more, did you enable tpm to see if tpm measurement still works well ? Also did defer image solution still takes effect with this change? Sorry to ask many questions, I want to make sure the current security desig= n still work with this new capability.=20 thank you! Yao, Jiewen > =1B$B:_=1B(B 2018=1B$BG/=1B(B9=1B$B7n=1B(B19=1B$BF|!$2<8a=1B(B5:30=1B$B!$= =1B(BYao, Jiewen =1B$B=20 > Thank you Ard. Good to know.=20 >=20 > Did you also try some security test, such as input a bad image to see if = the code can return failure gracefully?=20 >=20 > Or enable secure boot to see if the image verification process still work= s well ? >=20 > thank you! > Yao, Jiewen >=20 >=20 >>> =1B$B:_=1B(B 2018=1B$BG/=1B(B9=1B$B7n=1B(B18=1B$BF|!$2<8a=1B(B9:53=1B$B= !$=1B(BArd Biesheuvel =1B$B>>=20 >>> On 18 September 2018 at 00:32, Yao, Jiewen wrote= : >>> HI Ard >>> This is a great feature. >>>=20 >>=20 >> Thanks! >>=20 >>> May I know what test has been done for this patch series? >>>=20 >>> Would you please share that information? No matter your unit test, or s= ystem level test. >>>=20 >>=20 >> I have used ArmVirtPkg/ArmVirtQemu.dsc built for AARCH64 in two configur= ations: >> - one replacing the native FAT driver built from source with the EBC >> binary version >> - another one replacing the FAT driver and including the X86 emulator [0= ] >>=20 >> The tests involved accessing a FAT partition (both builds) and running >> the X86 version of iPXE (the latter build only) >>=20 >>=20 >>=20 >> [0] https://github.com/ardbiesheuvel/X86EmulatorPkg >>=20 >>=20 >>>> -----Original Message----- >>>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of >>>> Ard Biesheuvel >>>> Sent: Saturday, September 15, 2018 9:29 PM >>>> To: edk2-devel@lists.01.org >>>> Cc: Ni, Ruiyu ; Zimmer, Vincent >>>> ; Dong, Eric ; Andrew >>>> Fish ; Carsey, Jaben ; >>>> Richardson, Brian ; Gao, Liming >>>> ; Kinney, Michael D = ; >>>> Zeng, Star >>>> Subject: [edk2] [PATCH v2 0/7] MdeModulePkg: add support for dispatchi= ng >>>> foreign arch PE/COFF images >>>>=20 >>>> Add the basic plumbing to DXE core, the PCI bus driver and the boot ma= nager >>>> to allow PE/COFF images to be dispatched that target an architecture t= hat is >>>> not native for the platform, but which is supported by one of potentia= lly >>>> several available emulators. >>>>=20 >>>> One implementation of such an emulator can be found here: >>>> https://github.com/ardbiesheuvel/X86EmulatorPkg >>>>=20 >>>> This also allows us to get rid of the special treatment of EBC images = in >>>> core code. Instead, the EbcDxe driver is augmented with an implementat= ion >>>> of the EDK2 PE/COFF image emulator so that internal knowledge of how E= BC >>>> is implemented (I-cache flushing, thunks) is removed from the DXE core= . >>>>=20 >>>> Changes since v2: >>>> - subsume the EBC handling into the EDK2 emulator protocol and abstrac= t >>>> away from EBC specifics in core code. >>>> - allow multiple emulator implementations to co-exist >>>> - incorporate Star's review feedback >>>>=20 >>>> Cc: Vincent Zimmer >>>> Cc: Brian Richardson >>>> Cc: Michael D Kinney >>>> Cc: Andrew Fish >>>> Cc: Leif Lindholm >>>> Cc: Star Zeng >>>> Cc: Eric Dong >>>> Cc: Ruiyu Ni >>>> Cc: Liming Gao >>>> Cc: Jaben Carsey >>>> Cc: Steven Shi >>>>=20 >>>> Ard Biesheuvel (7): >>>> MdeModulePkg: introduce PE/COFF image emulator protocol >>>> MdeModulePkg/DxeCore: invoke the emulator protocol for foreign >>>> images >>>> MdeModulePkg/PciBusDxe: invoke PE/COFF emulator for foreign option >>>> ROMs >>>> MdeModulePkg/UefiBootManagerLib: allow foreign Driver#### images >>>> MdeModulePkg/EbcDxe: implement the PE/COFF emulator protocol >>>> MdePkg/UefiBaseType.h: treat EBC as a non-native machine type >>>> MdeModulePkg/DxeCore: remove explicit EBC handling >>>>=20 >>>> MdeModulePkg/Bus/Pci/PciBusDxe/PciBus.h | 1 + >>>> MdeModulePkg/Bus/Pci/PciBusDxe/PciBusDxe.inf | 1 + >>>> .../Bus/Pci/PciBusDxe/PciOptionRomSupport.c | 51 ++++++- >>>> MdeModulePkg/Core/Dxe/DxeMain.h | 6 +- >>>> MdeModulePkg/Core/Dxe/DxeMain.inf | 2 +- >>>> MdeModulePkg/Core/Dxe/Image/Image.c | 141 >>>> +++++++++++------- >>>> .../Include/Protocol/PeCoffImageEmulator.h | 99 ++++++++++++ >>>> .../Library/UefiBootManagerLib/BmLoadOption.c | 51 ++++++- >>>> .../Library/UefiBootManagerLib/InternalBm.h | 1 + >>>> .../UefiBootManagerLib/UefiBootManagerLib.inf | 1 + >>>> MdeModulePkg/MdeModulePkg.dec | 4 + >>>> MdeModulePkg/Universal/EbcDxe/EbcDxe.inf | 3 + >>>> MdeModulePkg/Universal/EbcDxe/EbcInt.c | 124 >>>> +++++++++++++++ >>>> MdeModulePkg/Universal/EbcDxe/EbcInt.h | 3 + >>>> MdePkg/Include/Uefi/UefiBaseType.h | 8 +- >>>> 15 files changed, 432 insertions(+), 64 deletions(-) >>>> create mode 100644 >>>> MdeModulePkg/Include/Protocol/PeCoffImageEmulator.h >>>>=20 >>>> -- >>>> 2.17.1 >>>>=20 >>>> _______________________________________________ >>>> edk2-devel mailing list >>>> edk2-devel@lists.01.org >>>> https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel