From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web12.11422.1595387787516142339 for ; Tue, 21 Jul 2020 20:16:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=rEYQoSyv; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jian.j.wang@intel.com) IronPort-SDR: eyCMxKIqm/5R+NapV/aeAuOrRV34sIjCzroLY03cZf4tivve3dKkoaAQw03I753Onxdc6ElmY5 a34ZnyyDbQwA== X-IronPort-AV: E=McAfee;i="6000,8403,9689"; a="235128138" X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="235128138" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jul 2020 20:16:25 -0700 IronPort-SDR: MVx/Em6OckmcV1bDIvxfyeaa/IPKvDbzHUlMgT496iARZBWzKumSVsveP8TjHkcRdpCH+6nonl jENPMhpnZmCw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="326569868" Received: from orsmsx106.amr.corp.intel.com ([10.22.225.133]) by FMSMGA003.fm.intel.com with ESMTP; 21 Jul 2020 20:16:25 -0700 Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by ORSMSX106.amr.corp.intel.com (10.22.225.133) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 21 Jul 2020 20:16:24 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.173) by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 21 Jul 2020 20:16:22 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O7hoh8nnLV+VL3bX0rXQg8JGQYRWQBVm1LcI7oKgHXwyItmHW+davDqlhGm3fUMpkyxm9aDfR0dKDtMEfbjRtBggr/gsuPTUYrg3hhWkLVQdymfHH6QPrsjZHcG2086yUDpNtd7SgCNGXSp3w6/PknuqCNTG9KozxjMCxf8P3TxqzAGQBxp/gm2mHf/d/xr9M0dVLhlXUoFSclVWb6ATGvVqhmMxvC6huTMGju34AozLGisaPgmZHnmQ/nGdHB2qNVVtqukS3atoGM94B1BscelY3Eby8pP+yBOKAIruPr2QVaeMtt3OXmR77+NoaJzYe7hr60vQ6Dr0irjINotDUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DsyMSyySEbZfFclqMCYIY7HxlVikEKJ1sKj3isnp7x8=; b=SD/1B5ZxuapYqeyTfA3AlqBWo2fcs0QyvVuVmdUDesz6/rI2BGEwqb8Ot9w98tNWzMkhxUsHREYVQK55AIA2/VXuQQvf2CoNmLhbE3fsdHkkUzhXwbnt3MhfyYnowzYA7/PCdb4Z+4KqDL05SMLu0OUsxaXXcmXdikapThxGSok6hLawxsrF/k99qxiD20MN1QYBYL+0JhSonHIlq/MfuZAUM56TtBY/LXDyYLGIsPxaFtXWZTPcPZESpOQFXVDiBwXx4Oh5Y23t1zVcrv0EUMZ6/U5Ge10xuN6t4564xUIoSibFjZznpIFm9zSkxKozwDfbn0oZ57Gu2a+kEHmt2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DsyMSyySEbZfFclqMCYIY7HxlVikEKJ1sKj3isnp7x8=; b=rEYQoSyv8G83h1r3DaoM3haHTxEB4RsJNPY+X/fXYh2+9lENW7U0o2QSgZUe2kWeSqjJGll0Kl0Z6GAuf1HQw1j3FY9aX1Unov2gPE2E0ODWYANAxuK57XyHNlLXTy3+eaYj0CTgwObEzq8a3xhbQClovT1QLdnYsQgodRU4xtQ= Received: from BYAPR11MB3303.namprd11.prod.outlook.com (2603:10b6:a03:18::15) by BYAPR11MB2920.namprd11.prod.outlook.com (2603:10b6:a03:82::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.25; Wed, 22 Jul 2020 03:16:20 +0000 Received: from BYAPR11MB3303.namprd11.prod.outlook.com ([fe80::fc2a:d66e:8c79:6ecd]) by BYAPR11MB3303.namprd11.prod.outlook.com ([fe80::fc2a:d66e:8c79:6ecd%7]) with mapi id 15.20.3195.025; Wed, 22 Jul 2020 03:16:20 +0000 From: "Wang, Jian J" To: "Jiang, Guomin" , "devel@edk2.groups.io" CC: "Wu, Hao A" , "Bi, Dandan" , "Gao, Liming" , "De, Debkumar" , "Han, Harry" , "West, Catharine" , Laszlo Ersek Subject: Re: [PATCH v6 05/10] MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Topic: [PATCH v6 05/10] MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Index: AQHWXolCFs9IUeAgG0qUyUzTH4fBF6kS7vFw Date: Wed, 22 Jul 2020 03:16:20 +0000 Message-ID: References: <20200720113022.675-1-guomin.jiang@intel.com> <20200720113022.675-6-guomin.jiang@intel.com> In-Reply-To: <20200720113022.675-6-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNDVmMmQ0NzktMzQ2ZC00ZDQzLWI3Y2MtZWRhNjdhYWIzYmEwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoieGtFMmxcL0dNXC9RbVhGc2pSdHFEazhlNVd2czBjMFZoeDdoNDhXY052ZGdXYkJOZDJpK2Y1WlFXelVZSm5JaFwvQSJ9 dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows x-ctpclassification: CTP_NT authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.194] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7a5d8c81-7f25-47d7-3e20-08d82ded9b13 x-ms-traffictypediagnostic: BYAPR11MB2920: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: zaJRhXQJzIy4k0PrOXS0ql3R/vKGNGsnOLF2Kt3ksw+KVvOMZSraaMImdTg8rAqg8uXweVYEXc4BpftwTD5RjFh+A9PXxQSAaFrrvt7HOaVT7SK/xk4eSKu2uUrSsMLeYpaio2QhmmhqPr2iEh6DK5sQlocpFIiMxvz0DDMBa4nOiw45xVPNqE8LATJ6NAbZQm8Ys3NjMK1zPErTUDT/BySXA47mjPCHLrYqJoMs6WxE1VrirR2eCcwo7I+3ykzKYhucm6qiXl7JsAMxOpW2Mz36kotPmd7vZjgO9ib2YSJG8ghi+dZ5ik/Hpeq5JGAmRuxe+S9GiEmG4GcaK7i204x4LByZlxdNCBaC4hD99flfjaMMpGOPZ289MhFl7jKYS6J3xoRCPU2Bt3KoE1CIxQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR11MB3303.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(136003)(376002)(39860400002)(396003)(366004)(346002)(71200400001)(53546011)(76116006)(6506007)(66476007)(33656002)(66446008)(186003)(64756008)(66556008)(26005)(83380400001)(66946007)(2906002)(7696005)(54906003)(110136005)(316002)(478600001)(52536014)(4326008)(5660300002)(8936002)(9686003)(19627235002)(86362001)(8676002)(55016002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: rxGmz1p5MeBqDz32IP5pLj1R25Zhn3+kGp2BkoxISV1+c7iIgzohBiPi+2Nl/0lrmxEmNtyX8pTBjFYEe3eUjNkV9xdNHfWeNd4L8Ji+8dI11lPLkN7dIVbm4VEx+OLo3hjRYwwECefBFK9IFt9aQcIO5zp+lmdvxzenn0+NDUdZbEkfgsicLAD97TJnWRQg6LWtrmLRsb4/XwiasNKjxddP38/JBm5vfFUGJmWMaSVlXWV+fZBV+rp6Rd0ZHFmgbcnxCVTtRsNh0jpHsKD5kTOgF7Si9IqYyV6f3uEEySTppxBvxbP7HCRrJ4yYVEXevTB5Fy7nvbXrtPG1YhWpj4y40svwkCR4F2WF3vpgYgMZjJPBGqZgJq0uYLH1Nlgmy6hLqm7y8Eym/AbdDB3WiA7meq/rR/fbpbaAOuR3CI15RTs4cbJlz3AkSSM5EDBbzkG/GSnQEZpZdc21xeb6SAu2txJSBTExRjyA3G0I6NiyieT7SAnbvgtbwttiCx+P MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3303.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7a5d8c81-7f25-47d7-3e20-08d82ded9b13 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2020 03:16:20.3614 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: IoY512bFrx2uK749tZfoO6LFwOwobbKjg225INvvdsp3WNDOVcL/bfM80yi9ed+I4cQ1QVCQTvXiaomzDqzUSg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2920 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Guomin, Just two minor grammar corrections below. With them fixed, Reviewed-by: Jian J Wang > -----Original Message----- > From: Jiang, Guomin > Sent: Monday, July 20, 2020 7:30 PM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Wu, Hao A ; > Bi, Dandan ; Gao, Liming ; De, > Debkumar ; Han, Harry ; > West, Catharine ; Laszlo Ersek > Subject: [PATCH v6 05/10] MdeModulePkg/Core: Create Migrated FV Info Hob > for calculating hash (CVE-2019-11098) >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 >=20 > When we allocate pool to save the rebased PEIMs, the address will change > randomly, therefore the hash will change and result PCR0 change as well. > To avoid this, we save the raw PEIMs and use it to calculate hash. >=20 > The MigratedFvInfo HOB will never produce when > PcdMigrateTemporaryRamFirmwareVolumes is FALSE, because the PCD control > the total feature. >=20 > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Dandan Bi > Cc: Liming Gao > Cc: Debkumar De > Cc: Harry Han > Cc: Catharine West > Signed-off-by: Guomin Jiang > Acked-by: Laszlo Ersek > --- > MdeModulePkg/MdeModulePkg.dec | 3 ++ > MdeModulePkg/Core/Pei/PeiMain.inf | 1 + > MdeModulePkg/Core/Pei/PeiMain.h | 1 + > MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 +++++++++++++++ > MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 28 +++++++++++++++++++ > 5 files changed, 55 insertions(+) > create mode 100644 MdeModulePkg/Include/Guid/MigratedFvInfo.h >=20 > diff --git a/MdeModulePkg/MdeModulePkg.dec > b/MdeModulePkg/MdeModulePkg.dec > index e88f22756d7f..e0ad9373e62f 100644 > --- a/MdeModulePkg/MdeModulePkg.dec > +++ b/MdeModulePkg/MdeModulePkg.dec > @@ -389,6 +389,9 @@ [Guids] > ## GUID indicates the capsule is to store Capsule On Disk file names. > gEdkiiCapsuleOnDiskNameGuid =3D { 0x98c80a4f, 0xe16b, 0x4d11, { 0x93, = 0x9a, > 0xab, 0xe5, 0x61, 0x26, 0x3, 0x30 } } >=20 > + ## Include/Guid/MigratedFvInfo.h > + gEdkiiMigratedFvInfoGuid =3D { 0xc1ab12f7, 0x74aa, 0x408d, { 0xa2, 0xf= 4, 0xc6, > 0xce, 0xfd, 0x17, 0x98, 0x71 } } > + > [Ppis] > ## Include/Ppi/AtaController.h > gPeiAtaControllerPpiGuid =3D { 0xa45e60d1, 0xc719, 0x44aa, { 0xb= 0, 0x7a, > 0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }} > diff --git a/MdeModulePkg/Core/Pei/PeiMain.inf > b/MdeModulePkg/Core/Pei/PeiMain.inf > index 5b36d516b3fa..0cf357371a16 100644 > --- a/MdeModulePkg/Core/Pei/PeiMain.inf > +++ b/MdeModulePkg/Core/Pei/PeiMain.inf > @@ -77,6 +77,7 @@ [Guids] > ## CONSUMES ## GUID # Used to compare with FV's file system GUI= D and > get the FV's file system format > gEfiFirmwareFileSystem3Guid > gStatusCodeCallbackGuid > + gEdkiiMigratedFvInfoGuid ## SOMETIMES_PRODUCES = ## HOB >=20 > [Ppis] > gEfiPeiStatusCodePpiGuid ## SOMETIMES_CONSUMES # > PeiReportStatusService is not ready if this PPI doesn't exist > diff --git a/MdeModulePkg/Core/Pei/PeiMain.h > b/MdeModulePkg/Core/Pei/PeiMain.h > index 6d95a5d32c78..c27e8fc33bc6 100644 > --- a/MdeModulePkg/Core/Pei/PeiMain.h > +++ b/MdeModulePkg/Core/Pei/PeiMain.h > @@ -44,6 +44,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > #include > +#include >=20 > /// > /// It is an FFS type extension used for PeiFindFileEx. It indicates cur= rent > diff --git a/MdeModulePkg/Include/Guid/MigratedFvInfo.h > b/MdeModulePkg/Include/Guid/MigratedFvInfo.h > new file mode 100644 > index 000000000000..061c17ed0e48 > --- /dev/null > +++ b/MdeModulePkg/Include/Guid/MigratedFvInfo.h > @@ -0,0 +1,22 @@ > +/** @file > + Migrated FV information > + > +Copyright (c) 2020, Intel Corporation. All rights reserved.
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __EDKII_MIGRATED_FV_INFO_GUID_H__ > +#define __EDKII_MIGRATED_FV_INFO_GUID_H__ > + > +typedef struct { > + UINT32 FvOrgBase; // original FV address > + UINT32 FvNewBase; // new FV address > + UINT32 FvDataBase; // original FV data > + UINT32 FvLength; // Fv Length > +} EDKII_MIGRATED_FV_INFO; > + > +extern EFI_GUID gEdkiiMigratedFvInfoGuid; > + > +#endif // #ifndef __EDKII_MIGRATED_FV_INFO_GUID_H__ > + > diff --git a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c > b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c > index 6cf32fdeeb14..210b5b22f727 100644 > --- a/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c > +++ b/MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c > @@ -1223,10 +1223,12 @@ EvacuateTempRam ( > EFI_FIRMWARE_VOLUME_HEADER *FvHeader; > EFI_FIRMWARE_VOLUME_HEADER *ChildFvHeader; > EFI_FIRMWARE_VOLUME_HEADER *MigratedFvHeader; > + EFI_FIRMWARE_VOLUME_HEADER *RawDataFvHeader; > EFI_FIRMWARE_VOLUME_HEADER *MigratedChildFvHeader; >=20 > PEI_CORE_FV_HANDLE PeiCoreFvHandle; > EFI_PEI_CORE_FV_LOCATION_PPI *PeiCoreFvLocationPpi; > + EDKII_MIGRATED_FV_INFO MigratedFvInfo; >=20 > ASSERT (Private->PeiMemoryInstalled); >=20 > @@ -1263,6 +1265,9 @@ EvacuateTempRam ( > (((EFI_PHYSICAL_ADDRESS)(UINTN) FvHeader + (FvHeader->FvLength -= 1)) < > Private->FreePhysicalMemoryTop) > ) > ) { > + // > + // Allocate page to save the rebased PEIMs, the PEIMs will get dis= patched > later. > + // > Status =3D PeiServicesAllocatePages ( > EfiBootServicesCode, > EFI_SIZE_TO_PAGES ((UINTN) FvHeader->FvLength), > @@ -1270,6 +1275,17 @@ EvacuateTempRam ( > ); > ASSERT_EFI_ERROR (Status); >=20 > + // > + // Allocate pool to save the raw PEIMs, it used to keep consistent= context > across "it used" -> "which is used" > + // multiple boot and PCR0 will keep same no matter if the address = of > allocated page is changed. "same" -> "the same" Regards, Jian Regards, Jian > + // > + Status =3D PeiServicesAllocatePages ( > + EfiBootServicesCode, > + EFI_SIZE_TO_PAGES ((UINTN) FvHeader->FvLength), > + (EFI_PHYSICAL_ADDRESS *) &RawDataFvHeader > + ); > + ASSERT_EFI_ERROR (Status); > + > DEBUG (( > DEBUG_VERBOSE, > " Migrating FV[%d] from 0x%08X to 0x%08X\n", > @@ -1278,7 +1294,19 @@ EvacuateTempRam ( > (UINTN) MigratedFvHeader > )); >=20 > + // > + // Copy the context to the rebased pages and raw pages, and create= hob to > save the > + // information. The MigratedFvInfo HOB will never be produced when > + // PcdMigrateTemporaryRamFirmwareVolumes is FALSE, because the PCD > control the > + // feature. > + // > CopyMem (MigratedFvHeader, FvHeader, (UINTN) FvHeader->FvLength); > + CopyMem (RawDataFvHeader, MigratedFvHeader, (UINTN) FvHeader- > >FvLength); > + MigratedFvInfo.FvOrgBase =3D (UINT32) (UINTN) FvHeader; > + MigratedFvInfo.FvNewBase =3D (UINT32) (UINTN) MigratedFvHeader; > + MigratedFvInfo.FvDataBase =3D (UINT32) (UINTN) RawDataFvHeader; > + MigratedFvInfo.FvLength =3D (UINT32) (UINTN) FvHeader->FvLength; > + BuildGuidDataHob (&gEdkiiMigratedFvInfoGuid, &MigratedFvInfo, size= of > (MigratedFvInfo)); >=20 > // > // Migrate any children for this FV now > -- > 2.25.1.windows.1