From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web12.22686.1595434866659434178 for ; Wed, 22 Jul 2020 09:21:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=FnxJmHNJ; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jian.j.wang@intel.com) IronPort-SDR: gb789xHR0r1Wrybw10cJAkeXWn1XgcGGylzXEsWSdonvRkfBWXfvY5h4ocN8vIOpTQMH/Sq6hD SQxOB30+1FHg== X-IronPort-AV: E=McAfee;i="6000,8403,9690"; a="148302512" X-IronPort-AV: E=Sophos;i="5.75,383,1589266800"; d="scan'208";a="148302512" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jul 2020 09:21:05 -0700 IronPort-SDR: fH1i8WK7pd3I99tJBJ68D4DExHHyJDiv+rKOoRw+WNtMqD3T3AAn9bkkU/Vl8cXAHNss9dj9Tf VdwcO4z8ww6w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,383,1589266800"; d="scan'208";a="488510912" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by fmsmga005.fm.intel.com with ESMTP; 22 Jul 2020 09:21:05 -0700 Received: from orsmsx605.amr.corp.intel.com (10.22.229.18) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 22 Jul 2020 09:21:04 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by orsmsx605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Wed, 22 Jul 2020 09:21:04 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 22 Jul 2020 09:21:04 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YY76Nx/Ysw0d2tuRzQdtq7vjZgW59YXt2God/MtLYoLyzy4DiAWMSk6YGqsMznViXE54yHLQg67Ikad3VKX0xAdWmLQG3KSktMHW4BZ85pX6YNzJC/P7DLCEATwx36J0Jjz29uU3zn0D4aSWS73S3Njhv85glu6W65SObciKX9CXm6wdoAHFOothOM6JDK/WuQy1ZyJersCryLQCnt6Gs4x7LFYVcI1k4TPjwkB5XIL48w8/ZeUtglzQYT2xQZZ6pzesdIuj17wqX3AUh/HYif0WUgKOacunV4Yubul40qZ+EQBKw2zl7exdSQ09P+b+rQ8aPJrTrj1RadRo06ZprQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zNRdyp+2FXcCBzf0d2KyH5rEQfHtDK2o85hG63CB+/8=; b=Erq7+yqBtVBAYzO4mZScsFbJSXRg9hA4Kru6iZfGqBhFMSoHFYoBZ+051va2ICMs60kAvU9I5p8Sc0k/5XIF6sM5dCg4E8eOZCWKzbnHRQUYbUDKkd+sVpkX1QPcesEKFAFXWUNS8As1Sos/cJZiCADXhbWiirSo2jiDFYn6YTY2qKFKpwqG9nuwzlHR5cK3ihS0A/hMmQmMEIdftrcr1oamxx3n8DrIMRGlye4jDHbFaVGX4YyzBl50LzS+IOp5zXh5yNHdKxXgcjZfMWwEs5H3LuKWlvAmFN8WxaEUil/eDu9MmUSMOqFAaW6bmQ8wZHdPtql20rn6ykHAD7xp2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zNRdyp+2FXcCBzf0d2KyH5rEQfHtDK2o85hG63CB+/8=; b=FnxJmHNJuihVP42J1Y9GmSHRY/kpSZaja05kPtyLtq77oton26xen/UCbdFGYcOf0iEVRx4aFKtifwbB5ZBwQpm2pCRvgTvjuYE2CvYX0QUJhGRqkw2BvYo1OexARuIR2/UkT1E4Ef7sQsvdapCWzDagK8Beh96v5uX3BrUjCY8= Received: from BYAPR11MB3303.namprd11.prod.outlook.com (2603:10b6:a03:18::15) by BY5PR11MB4260.namprd11.prod.outlook.com (2603:10b6:a03:1ba::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23; Wed, 22 Jul 2020 16:21:02 +0000 Received: from BYAPR11MB3303.namprd11.prod.outlook.com ([fe80::fc2a:d66e:8c79:6ecd]) by BYAPR11MB3303.namprd11.prod.outlook.com ([fe80::fc2a:d66e:8c79:6ecd%7]) with mapi id 15.20.3195.025; Wed, 22 Jul 2020 16:21:02 +0000 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "Jiang, Guomin" CC: Michael Kubacki , "Dong, Eric" , "Ni, Ray" , Laszlo Ersek , "Kumar, Rahul1" , "De, Debkumar" , "Han, Harry" , "West, Catharine" Subject: Re: [edk2-devel] [PATCH v7 04/10] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) Thread-Topic: [edk2-devel] [PATCH v7 04/10] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) Thread-Index: AQHWYAOaWxreBREwm0GTys4L7m0/zKkTyBoQ Date: Wed, 22 Jul 2020 16:21:02 +0000 Message-ID: References: <20200722083657.739-1-guomin.jiang@intel.com> <20200722083657.739-5-guomin.jiang@intel.com> In-Reply-To: <20200722083657.739-5-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYmZjNGRhMDctOWE1YS00ZDk2LWI0M2QtNjllN2NkOGY4NThjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoic3BHOURnTVBkeHl4NHlIMjVuSWV0ZnNxeVpFRkFhQUc4TlM2eHBaVlpKTGE5S2Y2elVzQllKSWRweW5MdmlaViJ9 dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows x-ctpclassification: CTP_NT authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.201] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7993a90a-727d-4e04-10e5-08d82e5b3a2c x-ms-traffictypediagnostic: BY5PR11MB4260: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +yckEyyqVPJU7kz1Fv7kvguD/P6IoGFN1Eq11e3rCyTO2ElsoNo0eDxZzoJJdEbg3dW4yhr7LILp/FaAZbk4Fct4l2oAeU8DfJRkvIbe5Sg2IQoAYJR74ZESASp7puELxggPxRgUAuGzcnIqxxKV5An2i1Y9sPX4R9KW1P+VxqZWvNc+4K1iC1QJi9UthwZYUgWBKn6BHgLYR7tXDrrwaI/UPHhuMhuvbW3L71a6WCtLIguKuGMCENZiLbgKfy+kPLj7pLO/1ZT8QcJ39K64lHpODQUk724adaBxc5TkzJnHLTHD+lE3J57jPNXIgkaxAl9Nm5V6LWYXhDhspJns+N4Y4kEV0b3bpnA7rhO0jZxBMpyeaOrbUreYPkB2uvuWHzP09M4IhgJ1WK1i2fBFaA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR11MB3303.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(366004)(39860400002)(346002)(376002)(136003)(186003)(66946007)(64756008)(86362001)(76116006)(66556008)(66476007)(26005)(19627235002)(478600001)(66446008)(52536014)(966005)(2906002)(110136005)(54906003)(4326008)(8936002)(8676002)(71200400001)(5660300002)(53546011)(6506007)(83380400001)(7696005)(30864003)(6636002)(33656002)(107886003)(9686003)(55016002)(316002)(559001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: 92vCL3M7oq4uv4xIPI81n+GIpZ/nFhTHjNcfOtD/H5IJiRPOCCMH63lAA9Ii6zAUkYyImYxyLkDwA7wWOqDScyhKTV590AKB5tdStVZ4yOLi7dOR9mjcQAmav9aum/MHihuoU9xod9Y/ezGdiYEEVhWSOXW4JXpnYpQGcm2AwYLA1LWsSJ64qy12h4U+kJDkx6JeebxbXUnSwEG7EyhEVfw6DzxliW5Dr3goMIx6GeNl0xOL6e4TZQf/WLFrSDqgv92pGhs3GJebae4lop2rXZ4lI8u44saS2CrKSFy8sGTmr/ZmuR6fSjqWD8iKBGdqRGaee4wHi3DUnxolRo7/oWEjARxYwRiM/hFlqbkaakX4cwWtIQi7ItCTUexm7elmikoW7f6kGPpz8DHrmFYz7y6uQ3Q3kdc5f06gwdXQjnrg18TFPxxgVD9wSJDkBybML+phcce2sksxzxR1rk/JSynqik2djr1s4GrZKCcTGvlWce3CVw5uT9+T9FhsV81o MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3303.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7993a90a-727d-4e04-10e5-08d82e5b3a2c X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2020 16:21:02.3604 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 9qT5JP/B8iUSxa+ZUlQ4TVJdjdqdjXlGYatCyq8XI9aAU6uOIT0wMd9L3j5QMcWWDTnijkJTYchQ5viK858CUA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4260 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Guomin > Jiang > Sent: Wednesday, July 22, 2020 4:37 PM > To: devel@edk2.groups.io > Cc: Michael Kubacki ; Dong, Eric > ; Ni, Ray ; Laszlo Ersek > ; Kumar, Rahul1 ; De, > Debkumar ; Han, Harry ; > West, Catharine > Subject: [edk2-devel] [PATCH v7 04/10] UefiCpuPkg/SecMigrationPei: Add i= nitial > PEIM (CVE-2019-11098) >=20 > From: Michael Kubacki >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 >=20 > Adds a PEIM that republishes structures produced in SEC. This > is done because SEC modules may not be shadowed in some platforms > due to space constraints or special alignment requirements. The > SecMigrationPei module locates interfaces that may be published in > SEC and reinstalls the interface with permanent memory addresses. >=20 > This is important if pre-memory address access is forbidden after > memory initialization and data such as a PPI descriptor, PPI GUID, > or PPI inteface reside in pre-memory. >=20 > Cc: Eric Dong > Cc: Ray Ni > Cc: Laszlo Ersek > Cc: Rahul Kumar > Cc: Debkumar De > Cc: Harry Han > Cc: Catharine West > Signed-off-by: Michael Kubacki > Acked-by: Laszlo Ersek > --- > UefiCpuPkg/UefiCpuPkg.dec | 3 + > UefiCpuPkg/UefiCpuPkg.dsc | 1 + > UefiCpuPkg/SecCore/SecCore.inf | 2 + > .../SecMigrationPei/SecMigrationPei.inf | 67 +++ > UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ > UefiCpuPkg/SecCore/SecMain.h | 1 + > UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 158 +++++++ > UefiCpuPkg/SecCore/SecMain.c | 26 +- > UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 385 ++++++++++++++++++ > .../SecMigrationPei/SecMigrationPei.uni | 13 + > 10 files changed, 708 insertions(+), 2 deletions(-) > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni >=20 > diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec > index 762badf5d239..8b2e03d49d07 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dec > +++ b/UefiCpuPkg/UefiCpuPkg.dec > @@ -84,6 +84,9 @@ [Ppis] > ## Include/Ppi/ShadowMicrocode.h > gEdkiiPeiShadowMicrocodePpiGuid =3D { 0x430f6965, 0x9a69, 0x41c5, { 0= x93, > 0xed, 0x8b, 0xf0, 0x64, 0x35, 0xc1, 0xc6 }} >=20 > + ## Include/Ppi/RepublishSecPpi.h > + gRepublishSecPpiPpiGuid =3D { 0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0= xe3, 0x52, > 0x1a, 0x2d, 0xc5, 0xd0, 0x92 }} > + > [PcdsFeatureFlag] > ## Indicates if SMM Profile will be enabled. > # If enabled, instruction executions in and data accesses to memory = outside of > SMRAM will be logged. > diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc > index afa304128221..964720048dd7 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dsc > +++ b/UefiCpuPkg/UefiCpuPkg.dsc > @@ -146,6 +146,7 @@ [Components.IA32, Components.X64] > UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf > UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf > UefiCpuPkg/SecCore/SecCore.inf > + UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf { > > diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore= .inf > index 0562820c95e0..545781d6b4b3 100644 > --- a/UefiCpuPkg/SecCore/SecCore.inf > +++ b/UefiCpuPkg/SecCore/SecCore.inf > @@ -68,6 +68,8 @@ [Ppis] > ## SOMETIMES_CONSUMES > gPeiSecPerformancePpiGuid > gEfiPeiCoreFvLocationPpiGuid > + ## CONSUMES > + gRepublishSecPpiPpiGuid >=20 > [Guids] > ## SOMETIMES_PRODUCES ## HOB > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > new file mode 100644 > index 000000000000..f4c2f6b658fb > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > @@ -0,0 +1,67 @@ > +## @file > +# Migrates SEC structures after permanent memory is installed. > +# > +# Copyright (c) 2019, Intel Corporation. All rights reserved.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D SecMigrationPei > + MODULE_UNI_FILE =3D SecMigrationPei.uni > + FILE_GUID =3D 58B35361-8922-41BC-B313-EF7ED9ADFD= F7 > + MODULE_TYPE =3D PEIM > + VERSION_STRING =3D 1.0 > + ENTRY_POINT =3D SecMigrationPeiInitialize > + > +# > +# The following information is for reference only and not required by t= he build > tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 EBC > +# > + > +[Sources] > + SecMigrationPei.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + UefiCpuPkg/UefiCpuPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + DebugLib > + HobLib > + MemoryAllocationLib > + PeimEntryPoint > + PeiServicesLib > + PeiServicesTablePointerLib > + > +[Ppis] > + ## PRODUCES > + gRepublishSecPpiPpiGuid > + > + ## SOMETIMES_PRODUCES > + gEfiTemporaryRamDonePpiGuid > + > + ## SOMETIME_PRODUCES > + gEfiTemporaryRamSupportPpiGuid > + > + ## SOMETIMES_PRODUCES > + gPeiSecPerformancePpiGuid > + > + ## SOMETIMES_CONSUMES > + ## PRODUCES > + gEfiSecPlatformInformationPpiGuid > + > + ## SOMETIMES_CONSUMES > + ## SOMETIMES_PRODUCES > + gEfiSecPlatformInformation2PpiGuid > + > +[Pcd] > + > gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolum > es ## CONSUMES > + > +[Depex] > + TRUE > diff --git a/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > new file mode 100644 > index 000000000000..ea865acbb5c8 > --- /dev/null > +++ b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > @@ -0,0 +1,54 @@ > +/** @file > + This file declares Sec Platform Information PPI. > + > + This service is the primary handoff state into the PEI Foundation. > + The Security (SEC) component creates the early, transitory memory > + environment and also encapsulates knowledge of at least the > + location of the Boot Firmware Volume (BFV). > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > + @par Revision Reference: > + This PPI is introduced in PI Version 1.0. > + > +**/ > + > +#ifndef __REPUBLISH_SEC_PPI_H__ > +#define __REPUBLISH_SEC_PPI_H__ > + > +#include > + > +#define REPUBLISH_SEC_PPI_PPI_GUID \ > + { \ > + 0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0= xd0, > 0x92 } \ > + } > + > +typedef struct _REPUBLISH_SEC_PPI_PPI REPUBLISH_SEC_PPI_PPI; > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memo= ry PEIM. > + > + This is to allow a platform that may not support relocation of SecCor= e to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfull= y. > + @retval Others An error occurred re-installing the SecCore PP= Is. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS)( > + VOID > + ); > + > +/// > +/// Republish SEC PPIs > +/// > +struct _REPUBLISH_SEC_PPI_PPI { > + REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS RepublishSecPpis; > +}; > + > +extern EFI_GUID gRepublishSecPpiPpiGuid; > + > +#endif > diff --git a/UefiCpuPkg/SecCore/SecMain.h b/UefiCpuPkg/SecCore/SecMain.h > index e8c05d713668..e20bcf86532c 100644 > --- a/UefiCpuPkg/SecCore/SecMain.h > +++ b/UefiCpuPkg/SecCore/SecMain.h > @@ -15,6 +15,7 @@ > #include > #include > #include > +#include >=20 > #include >=20 > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > new file mode 100644 > index 000000000000..2d28490d9eb8 > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > @@ -0,0 +1,158 @@ > +/** @file > + Migrates SEC structures after permanent memory is installed. > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __SEC_MIGRATION_H__ > +#define __SEC_MIGRATION_H__ > + > +#include > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +/** > + This interface conveys state information out of the Security (SEC) ph= ase into > PEI. > + > + @param[in] PeiServices Pointer to the PEI Services = Table. > + @param[in,out] StructureSize Pointer to the variable desc= ribing size of > the input buffer. > + @param[out] PlatformInformationRecord Pointer to the > EFI_SEC_PLATFORM_INFORMATION_RECORD. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_NOT_FOUND Can't found the HOB created by > SecMigrationPei component. > + @retval EFI_BUFFER_TOO_SMALL The size of buffer pointed by Structure= Size > is too small and will return > + the minimal required size in the buffer= pointed by > StructureSize. > + @retval EFI_INVALID_PARAMETER The StructureSize is NULL or > PlatformInformationRecord is NULL. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecPlatformInformationPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN OUT UINT64 *StructureSize, > + OUT EFI_SEC_PLATFORM_INFORMATION_RECORD > *PlatformInformationRecord > + ); > + > +/** > + Re-installs the SEC Platform Information PPIs to implementation in th= is > module to support post-memory. > + > + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVI= CES table > published by the PEI Foundation. > + @param[in] NotifyDescriptor Address of the notification descriptor d= ata > structure. > + @param[in] Ppi Address of the PPI that was installed. > + > + @retval EFI_SUCCESS The SEC Platform Information PPI could n= ot be re- > installed. > + @return Others An error occurred during PPI re-install. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecPlatformInformationPpiNotifyCallback ( > + IN EFI_PEI_SERVICES **PeiServices, > + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, > + IN VOID *Ppi > + ); > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memo= ry PEIM. > + > + This is to allow a platform that may not support relocation of SecCor= e to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfull= y. > + @retval Others An error occurred re-installing the SecCore PP= Is. > + > +**/ > +EFI_STATUS > +EFIAPI > +RepublishSecPpis ( > + VOID > + ); > + > +/** > + Disables the use of Temporary RAM. > + > + If present, this service is invoked by the PEI Foundation after > + the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed. > + > + @retval EFI_SUCCESS Dummy function, alway return this value. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamDonePostMemory ( > + VOID > + ); > + > +/** > + This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates > temporary RAM into > + permanent memory. > + > + @param PeiServices Pointer to the PEI Services Table. > + @param TemporaryMemoryBase Source Address in temporary memory > from which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param PermanentMemoryBase Destination Address in permanent memory > into which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param CopySize Amount of memory to migrate from tempor= ary to > permanent memory. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > > TemporaryMemoryBase when > + TemporaryMemoryBase > PermanentMemoryBa= se. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamSupportPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase, > + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase, > + IN UINTN CopySize > + ); > + > +/** > + This interface conveys performance information out of the Security (S= EC) > phase into PEI. > + > + This service is published by the SEC phase. The SEC phase handoff has= an > optional > + EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is pas= sed > from SEC into the > + PEI Foundation. As such, if the platform supports collecting performa= nce data > in SEC, > + this information is encapsulated into the data structure abstracted b= y this > service. > + This information is collected for the boot-strap processor (BSP) on I= A-32. > + > + @param[in] PeiServices The pointer to the PEI Services Table. > + @param[in] This The pointer to this instance of the > PEI_SEC_PERFORMANCE_PPI. > + @param[out] Performance The pointer to performance data collected in= SEC > phase. > + > + @retval EFI_SUCCESS The performance data was successfully r= eturned. > + @retval EFI_INVALID_PARAMETER The This or Performance is NULL. > + @retval EFI_NOT_FOUND Can't found the HOB created by the > SecMigrationPei component. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetPerformancePostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN PEI_SEC_PERFORMANCE_PPI *This, > + OUT FIRMWARE_SEC_PERFORMANCE *Performance > + ); > + > +typedef struct { > + UINT64 StructureSize; > + EFI_SEC_PLATFORM_INFORMATION_RECORD *PlatformInformationRecord; > +} SEC_PLATFORM_INFORMATION_CONTEXT; > + > +typedef struct { > + EFI_HOB_GUID_TYPE Header; > + UINT8 Revision; > + UINT8 Reserved[3]; > + FIRMWARE_SEC_PERFORMANCE FirmwareSecPerformance; > + SEC_PLATFORM_INFORMATION_CONTEXT Context; > +} SEC_PLATFORM_INFORMATION_CONTEXT_HOB; > + > +#endif > diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c > index 5d5e7f17dced..155be49a6011 100644 > --- a/UefiCpuPkg/SecCore/SecMain.c > +++ b/UefiCpuPkg/SecCore/SecMain.c > @@ -370,13 +370,35 @@ SecTemporaryRamDone ( > VOID > ) > { > - BOOLEAN State; > + EFI_STATUS Status; > + EFI_STATUS Status2; > + UINTN Index; > + BOOLEAN State; > + EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor; > + REPUBLISH_SEC_PPI_PPI *RepublishSecPpiPpi; >=20 > // > // Republish Sec Platform Information(2) PPI > // > RepublishSecPlatformInformationPpi (); >=20 > + // > + // Re-install SEC PPIs using a PEIM produced service if published > + // > + for (Index =3D 0, Status =3D EFI_SUCCESS; Status =3D=3D EFI_SUCCESS; = Index++) { > + Status =3D PeiServicesLocatePpi ( > + &gRepublishSecPpiPpiGuid, > + Index, > + &PeiPpiDescriptor, > + (VOID **) &RepublishSecPpiPpi > + ); > + if (!EFI_ERROR (Status)) { > + DEBUG ((DEBUG_INFO, "Calling RepublishSecPpi instance %d.\n", Ind= ex)); > + Status2 =3D RepublishSecPpiPpi->RepublishSecPpis (); > + ASSERT_EFI_ERROR (Status2); > + } > + } > + > // > // Migrate DebugAgentContext. > // > @@ -385,7 +407,7 @@ SecTemporaryRamDone ( > // > // Disable interrupts and save current interrupt state > // > - State =3D SaveAndDisableInterrupts(); > + State =3D SaveAndDisableInterrupts (); >=20 > // > // Disable Temporary RAM after Stack and Heap have been migrated at t= his > point. > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > new file mode 100644 > index 000000000000..4813a06f13fd > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > @@ -0,0 +1,385 @@ > +/** @file > + Migrates SEC structures after permanent memory is installed. > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include "SecMigrationPei.h" > + > +STATIC REPUBLISH_SEC_PPI_PPI mEdkiiRepublishSecPpiPpi =3D { > + RepublishSecPpis > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED > EFI_SEC_PLATFORM_INFORMATION_PPI > mSecPlatformInformationPostMemoryPpi =3D { > + SecPl= atformInformationPostMemory > + }; > + > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_TEMPORARY_RAM_DONE_PPI > mSecTemporaryRamDonePostMemoryPpi =3D { > + SecTempo= raryRamDonePostMemory > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED > EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI > mSecTemporaryRamSupportPostMemoryPpi =3D { > + SecTe= mporaryRamSupportPostMemory > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED PEI_SEC_PERFORMANCE_PPI > mSecPerformancePpi =3D { > + GetPerformanceP= ostMemory > + }; > + > +STATIC EFI_PEI_PPI_DESCRIPTOR mEdkiiRepublishSecPpiDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gRepublishSecPpiPpiGuid, > + &mEdkiiRepublishSecPpiPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecPlatformInformationPostMemoryDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEfiSecPlatformInformationPpiGuid, > + &mSecPlatformInformationPostMemoryPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecTemporaryRamDonePostMemoryDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEfiTemporaryRamDonePpiGuid, > + &mSecTemporaryRamDonePostMemoryPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecTemporaryRamSupportPostMemoryDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEfiTemporaryRamSupportPpiGuid, > + &mSecTemporaryRamSupportPostMemoryPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecPerformancePpiDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gPeiSecPerformancePpiGuid, > + &mSecPerformancePpi > + }; > + > +/** > + Disables the use of Temporary RAM. > + > + If present, this service is invoked by the PEI Foundation after > + the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed. > + > + @retval EFI_SUCCESS Dummy function, alway return this value. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamDonePostMemory ( > + VOID > + ) > +{ > + // > + // Temporary RAM Done is already done in post-memory > + // install a stub function that is located in permanent memory > + // > + return EFI_SUCCESS; > +} > + > +/** > + This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates > temporary RAM into > + permanent memory. > + > + @param PeiServices Pointer to the PEI Services Table. > + @param TemporaryMemoryBase Source Address in temporary memory > from which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param PermanentMemoryBase Destination Address in permanent memory > into which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param CopySize Amount of memory to migrate from tempor= ary to > permanent memory. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > > TemporaryMemoryBase when > + TemporaryMemoryBase > PermanentMemoryBa= se. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamSupportPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase, > + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase, > + IN UINTN CopySize > + ) > +{ > + // > + // Temporary RAM Support is already done in post-memory > + // install a stub function that is located in permanent memory > + // > + return EFI_SUCCESS; > +} > + > +/** > + This interface conveys performance information out of the Security (S= EC) > phase into PEI. > + > + This service is published by the SEC phase. The SEC phase handoff has= an > optional > + EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is pas= sed > from SEC into the > + PEI Foundation. As such, if the platform supports collecting performa= nce data > in SEC, > + this information is encapsulated into the data structure abstracted b= y this > service. > + This information is collected for the boot-strap processor (BSP) on I= A-32. > + > + @param[in] PeiServices The pointer to the PEI Services Table. > + @param[in] This The pointer to this instance of the > PEI_SEC_PERFORMANCE_PPI. > + @param[out] Performance The pointer to performance data collected in= SEC > phase. > + > + @retval EFI_SUCCESS The performance data was successfully r= eturned. > + @retval EFI_INVALID_PARAMETER The This or Performance is NULL. > + @retval EFI_NOT_FOUND Can't found the HOB created by the > SecMigrationPei component. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetPerformancePostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN PEI_SEC_PERFORMANCE_PPI *This, > + OUT FIRMWARE_SEC_PERFORMANCE *Performance > + ) > +{ > + SEC_PLATFORM_INFORMATION_CONTEXT_HOB > *SecPlatformInformationContexHob; > + > + if (This =3D=3D NULL || Performance =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + SecPlatformInformationContexHob =3D GetFirstGuidHob (&gEfiCallerIdGui= d); > + if (SecPlatformInformationContexHob =3D=3D NULL) { > + return EFI_NOT_FOUND; > + } > + > + Performance->ResetEnd =3D SecPlatformInformationContexHob- > >FirmwareSecPerformance.ResetEnd; > + > + return EFI_SUCCESS; > +} > + > +/** > + This interface conveys state information out of the Security (SEC) ph= ase into > PEI. > + > + @param[in] PeiServices Pointer to the PEI Services = Table. > + @param[in,out] StructureSize Pointer to the variable desc= ribing size of > the input buffer. > + @param[out] PlatformInformationRecord Pointer to the > EFI_SEC_PLATFORM_INFORMATION_RECORD. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_NOT_FOUND Can't found the HOB created by > SecMigrationPei component. > + @retval EFI_BUFFER_TOO_SMALL The size of buffer pointed by Structure= Size > is too small and will return > + the minimal required size in the buffer= pointed by > StructureSize. > + @retval EFI_INVALID_PARAMETER The StructureSize is NULL or > PlatformInformationRecord is NULL. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecPlatformInformationPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN OUT UINT64 *StructureSize, > + OUT EFI_SEC_PLATFORM_INFORMATION_RECORD > *PlatformInformationRecord > + ) > +{ > + SEC_PLATFORM_INFORMATION_CONTEXT_HOB > *SecPlatformInformationContexHob; > + > + if (StructureSize =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + SecPlatformInformationContexHob =3D GetFirstGuidHob (&gEfiCallerIdGui= d); > + if (SecPlatformInformationContexHob =3D=3D NULL) { > + return EFI_NOT_FOUND; > + } > + > + if (*StructureSize < SecPlatformInformationContexHob- > >Context.StructureSize) { > + *StructureSize =3D SecPlatformInformationContexHob->Context.Structu= reSize; > + return EFI_BUFFER_TOO_SMALL; > + } > + > + if (PlatformInformationRecord =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + *StructureSize =3D SecPlatformInformationContexHob->Context.Structure= Size; > + CopyMem ( > + (VOID *) PlatformInformationRecord, > + (VOID *) SecPlatformInformationContexHob- > >Context.PlatformInformationRecord, > + (UINTN) SecPlatformInformationContexHob->Context.StructureSize > + ); > + > + return EFI_SUCCESS; > +} > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memo= ry PEIM. > + > + This is to allow a platform that may not support relocation of SecCor= e to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfull= y. > + @retval Others An error occurred re-installing the SecCore PP= Is. > + > +**/ > +EFI_STATUS > +EFIAPI > +RepublishSecPpis ( > + VOID > + ) > +{ > + EFI_STATUS Status; > + EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor; > + VOID *PeiPpi; > + SEC_PLATFORM_INFORMATION_CONTEXT_HOB > *SecPlatformInformationContextHob; > + EFI_SEC_PLATFORM_INFORMATION_RECORD *SecPlatformInformationPtr; > + UINT64 SecStructureSize; > + > + SecPlatformInformationPtr =3D NULL; > + SecStructureSize =3D 0; > + > + Status =3D PeiServicesLocatePpi ( > + &gEfiTemporaryRamDonePpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status =3D PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecTemporaryRamDonePostMemoryDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > + Status =3D PeiServicesLocatePpi ( > + &gEfiTemporaryRamSupportPpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status =3D PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecTemporaryRamSupportPostMemoryDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > + Status =3D PeiServicesCreateHob ( > + EFI_HOB_TYPE_GUID_EXTENSION, > + sizeof (SEC_PLATFORM_INFORMATION_CONTEXT_HOB), > + (VOID **) &SecPlatformInformationContextHob > + ); > + ASSERT_EFI_ERROR (Status); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "SecPlatformInformation Context HOB could not > be created.\n")); > + return Status; > + } > + > + SecPlatformInformationContextHob->Header.Name =3D gEfiCallerIdGuid; > + SecPlatformInformationContextHob->Revision =3D 1; > + > + Status =3D PeiServicesLocatePpi ( > + &gPeiSecPerformancePpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status =3D ((PEI_SEC_PERFORMANCE_PPI *) PeiPpi)->GetPerformance ( > + GetPeiServicesTabl= ePointer (), > + (PEI_SEC_PERFORMAN= CE_PPI *) PeiPpi, > + &SecPlatformInform= ationContextHob- > >FirmwareSecPerformance > + ); > + ASSERT_EFI_ERROR (Status); > + if (!EFI_ERROR (Status)) { > + Status =3D PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecPerformancePpiDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + } > + > + Status =3D PeiServicesLocatePpi ( > + &gEfiSecPlatformInformationPpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status =3D ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)- > >PlatformInformation ( > + GetPeiSer= vicesTablePointer (), > + &SecStruc= tureSize, > + SecPlatfo= rmInformationPtr > + ); > + ASSERT (Status =3D=3D EFI_BUFFER_TOO_SMALL); > + if (Status !=3D EFI_BUFFER_TOO_SMALL) { > + return EFI_NOT_FOUND; > + } > + > + ZeroMem ((VOID *) &(SecPlatformInformationContextHob->Context), siz= eof > (SEC_PLATFORM_INFORMATION_CONTEXT)); > + SecPlatformInformationContextHob->Context.PlatformInformationRecord= =3D > AllocatePool ((UINTN) SecStructureSize); > + ASSERT (SecPlatformInformationContextHob- > >Context.PlatformInformationRecord !=3D NULL); > + if (SecPlatformInformationContextHob- > >Context.PlatformInformationRecord =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + SecPlatformInformationContextHob->Context.StructureSize =3D > SecStructureSize; > + > + Status =3D ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)- > >PlatformInformation ( > + GetPeiSer= vicesTablePointer (), > + &(SecPlat= formInformationContextHob- > >Context.StructureSize), > + SecPlatfo= rmInformationContextHob- > >Context.PlatformInformationRecord > + ); > + ASSERT_EFI_ERROR (Status); > + if (!EFI_ERROR (Status)) { > + Status =3D PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecPlatformInformationPostMemoryDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + This function is the entry point which installs an instance of > REPUBLISH_SEC_PPI_PPI. > + > + It install the RepublishSecPpi depent on > PcdMigrateTemporaryRamFirmwareVolumes, install > + the PPI when the PcdMigrateTemporaryRamFirmwareVolumes enabled. > + > + @param[in] FileHandle Pointer to image file handle. > + @param[in] PeiServices Pointer to PEI Services Table > + > + @retval EFI_ABORTED Disable evacuate temporary memory feature by > disable > + PcdMigrateTemporaryRamFirmwareVolumes. > + @retval EFI_SUCCESS An instance of REPUBLISH_SEC_PPI_PPI was install= ed > successfully. > + @retval Others An error occurred installing and instance of > REPUBLISH_SEC_PPI_PPI. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecMigrationPeiInitialize ( > + IN EFI_PEI_FILE_HANDLE FileHandle, > + IN CONST EFI_PEI_SERVICES **PeiServices > + ) > +{ > + EFI_STATUS Status; > + > + Status =3D EFI_ABORTED; > + > + if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) { > + Status =3D PeiServicesInstallPpi (&mEdkiiRepublishSecPpiDescriptor)= ; > + ASSERT_EFI_ERROR (Status); > + } > + > + return Status; > +} > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > new file mode 100644 > index 000000000000..62c2064ba217 > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > @@ -0,0 +1,13 @@ > +// /** @file > +// Migrates SEC structures after permanent memory is installed. > +// > +// Copyright (c) 2019, Intel Corporation. All rights reserved.
> +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "Migrates SEC structure= s > after permanent memory is installed" > + > +#string STR_MODULE_DESCRIPTION #language en-US "Migrates SEC > structures after permanent memory is installed." > + > -- > 2.25.1.windows.1 >=20 >=20 >=20