From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web11.11161.1595387254804384117 for ; Tue, 21 Jul 2020 20:07:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=gqu1CzeM; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jian.j.wang@intel.com) IronPort-SDR: X45DI2Q3ypv5ojlkSmAzn6kpw9EE/V48wrkln7MYw1kKSl8jRtNZodKcyHvEtVGbIyZZRtN0u2 C2CnrOf+/7Dg== X-IronPort-AV: E=McAfee;i="6000,8403,9689"; a="137768186" X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="137768186" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jul 2020 20:07:33 -0700 IronPort-SDR: NKje+94sw7eh8+HWszfK7pfQKPBFSkdN+mN0stHY6tLTU3kPtM/TUCwJTP9yW+LjW27vLxBvO8 p7S8XQx+u9SA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="326568572" Received: from orsmsx106.amr.corp.intel.com ([10.22.225.133]) by FMSMGA003.fm.intel.com with ESMTP; 21 Jul 2020 20:07:33 -0700 Received: from orsmsx154.amr.corp.intel.com (10.22.226.12) by ORSMSX106.amr.corp.intel.com (10.22.225.133) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 21 Jul 2020 20:07:33 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by ORSMSX154.amr.corp.intel.com (10.22.226.12) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 21 Jul 2020 20:07:32 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.173) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 21 Jul 2020 20:07:32 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c/02mSECYt31Ik84h370KPtpSnIE+y8PSPiluB1jQ+IENrlVi+VuvRnEP5DvKgvhzTtnGpGZsmcNxGcieJojVbxWan7nWi8/6lPJOWBNAAL1o3GKFBTsWtOP80hFFwAVTGJIGnNQk+r9+ylet/GqfkNmEYgFY8cl20wBDeLV7b0v55fTatUqFUS1uJQmw8RiNxPxWa+rmOM0SD4P662iE9QtmGABG6qTEBAYO5lBC9PbkVHbZGrY/8G5hejraBEFpwjyimHdUvDyfgqImuTJ6l8UUB+zqhViEmMj3VNasU83zTXvILrqW9d/2RFxOqj9vx93JpjmZB1qyEr0Z4vz3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CZgZbfqDylqnbnoxeSAI3mQ1vdpzUCqrLQnRH6Tq408=; b=GRgE0Jd+07WpDvisMvo6ALZ6j2A2OJv6N2f9NFISUeXRmQKL4bZ2h02gPXo1jxUpjoGDsmU0X2NpepD1/SXI+nHhkiOI73kA0dFl01kOU12KGZXjPRZ7rI7owexLMv0sepULiK5z/ohCaa9fft2DCfzX0zAYv0ok9j1EIFrOkcn44XNkOIsVygThlZ0dKBIeNVN0f4AijR1CCwUdaBZS3/ZD/WftEYhvAP//L+A+tDreM5Zn4MNa5gPaovfnNjkJxzZzwvkFiGLlxL5OELjHMcpuyz7k0BO34lx7YgNfdZ91VErNM7GpgnhEVoFT80glwSzeTb4Q9VNCUCJP6cFpMw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CZgZbfqDylqnbnoxeSAI3mQ1vdpzUCqrLQnRH6Tq408=; b=gqu1CzeMi3Z+aOmGmqRoeTmadO/N/Rytiw99By1iPxm5nO1XiXXX8/dvQdp+h2LUiZvB/GO/7355oqFI1+tRBiNszZAIna0TTSQzepyWbTnWdJ4M+gwcgw6u7hfxwsa8SnoI7itEGSZbv7mQtu7GKro6GTBk5V9uESPQDi26Olg= Received: from BYAPR11MB3303.namprd11.prod.outlook.com (2603:10b6:a03:18::15) by BYAPR11MB3063.namprd11.prod.outlook.com (2603:10b6:a03:89::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.22; Wed, 22 Jul 2020 03:07:29 +0000 Received: from BYAPR11MB3303.namprd11.prod.outlook.com ([fe80::fc2a:d66e:8c79:6ecd]) by BYAPR11MB3303.namprd11.prod.outlook.com ([fe80::fc2a:d66e:8c79:6ecd%7]) with mapi id 15.20.3195.025; Wed, 22 Jul 2020 03:07:29 +0000 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "Jiang, Guomin" CC: Michael Kubacki , "Dong, Eric" , "Ni, Ray" , Laszlo Ersek , "Kumar, Rahul1" , "De, Debkumar" , "Han, Harry" , "West, Catharine" Subject: Re: [edk2-devel] [PATCH v6 04/10] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) Thread-Topic: [edk2-devel] [PATCH v6 04/10] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) Thread-Index: AQHWXolBkM1ZgLBWskutcZq98//0zqkS59Jg Date: Wed, 22 Jul 2020 03:07:28 +0000 Message-ID: References: <20200720113022.675-1-guomin.jiang@intel.com> <20200720113022.675-5-guomin.jiang@intel.com> In-Reply-To: <20200720113022.675-5-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYTkxMDk2YmUtNDc3Mi00MzU4LTkxNGEtNWY1NTEyZTU2ZDg2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiOEd5ODk3WGx6MVVZSmZBZUI3Qm1kWFB4b08rUGRPelwvOGJUZDJtQlZqbFwvdkc4T01DaUgraXMxRUt2NzlcLzF0dSJ9 dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows x-ctpclassification: CTP_NT authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.194] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 135fe9d6-480f-4c25-cb1c-08d82dec5e4b x-ms-traffictypediagnostic: BYAPR11MB3063: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: cdB1F0zGmguGT0qZQZk15o5/KRS2yfoMRYaeQspMOqFbFi9q9wULleFScCfL/kedU54TsA86A4YXZucGbbgq5o1gFLZlQxo075FnzSwW2Hl9CfEgMt+YfBq1qMgc1foNHK/yj/PEvajcT35MedxVLXRICsvSAn0W6MMK3eNLALc0Leqfb60+IN1uj1LBwIynmtg7rwRrkXiTLxwHbyNIoUALh2TTi6gh4IBvLYSkqyePv1vIy3isQO24OPTMYpN+ihMkuRotYUn8G3hJUjnmVr01fO1TUTkPUxF0uwkxFULeD+Z7+Xk7AWuyi5iZ3V5o8m2faSow1Mw0PuNHQ0hoJ6c10pvXprPFoywzDCBtFcx3S17g8rLQnebqJ8EoFM2S/cQZ6uiB6YcwAk9MdN0XLg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR11MB3303.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(346002)(39860400002)(136003)(396003)(376002)(366004)(76116006)(7696005)(66476007)(66946007)(66556008)(966005)(64756008)(110136005)(107886003)(66446008)(6636002)(54906003)(71200400001)(19627235002)(186003)(86362001)(33656002)(9686003)(83380400001)(55016002)(5660300002)(478600001)(53546011)(4326008)(6506007)(8676002)(2906002)(30864003)(52536014)(26005)(316002)(8936002)(559001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: h0ouvq0lH1k0uiGfKdhOsqaEHTUPLiywSi0Zf5CaUVZMJPGmfRcUjXNU4Brh9lcKsxHzkFMjgj27wTgFlfZZ0cC72vZezd1x3dbzuszPnHXhyfYu7CAtAj6xqFnP65Rb9s55CvqDpU58SvXQnfuU3UP2HMg24D7qbISG9HJJMNGGZekfDlxi8YIrn8WuMh/4S/3HuOKpdfJEpKTPUNLHYmVBo4KiNhZlgps0bKFijRbw52k8znlZmK4ME5zkwqrzhM3tzNZoPmN82ChCW19SL0urKcfSv63uTxBokxwtc79wOG1PjKizDCwbMl4H6b4hprrFnZL9oTcL1oRF/LFgKTEWZyE5iVTVJojTS9ghJWL/tZSPo3izA6Hf4eyb6Spzr4TmGAccSO1JKFR3mX9kiNQ0zHt/Cjb9wTyXp2+amU5FbP+tZ4OdhFbcy3FtBF76NEyKFzptApwxMSWYTVKAJB3+0dktvdZwXhmTNpt6EyuDLosd0gKUI/XjkEFFvlSh MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3303.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 135fe9d6-480f-4c25-cb1c-08d82dec5e4b X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2020 03:07:28.9223 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: rx/TjcM4u5UtGQEAOLOZ+de2mv3YAE+LkxXvGcdr192VtNNyQlkO6B2DBMpCQdxrJVk444KANeIUR8V2DsByBw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3063 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Guomin, Sorry I missed several issues in this patch. See comments below. > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Guomin > Jiang > Sent: Monday, July 20, 2020 7:30 PM > To: devel@edk2.groups.io > Cc: Michael Kubacki ; Dong, Eric > ; Ni, Ray ; Laszlo Ersek > ; Kumar, Rahul1 ; De, > Debkumar ; Han, Harry ; > West, Catharine > Subject: [edk2-devel] [PATCH v6 04/10] UefiCpuPkg/SecMigrationPei: Add i= nitial > PEIM (CVE-2019-11098) >=20 > From: Michael Kubacki >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 >=20 > Adds a PEIM that republishes structures produced in SEC. This > is done because SEC modules may not be shadowed in some platforms > due to space constraints or special alignment requirements. The > SecMigrationPei module locates interfaces that may be published in > SEC and reinstalls the interface with permanent memory addresses. >=20 > This is important if pre-memory address access is forbidden after > memory initialization and data such as a PPI descriptor, PPI GUID, > or PPI inteface reside in pre-memory. >=20 > Cc: Eric Dong > Cc: Ray Ni > Cc: Laszlo Ersek > Cc: Rahul Kumar > Cc: Debkumar De > Cc: Harry Han > Cc: Catharine West > Signed-off-by: Michael Kubacki > Acked-by: Laszlo Ersek > --- > UefiCpuPkg/UefiCpuPkg.dec | 3 + > UefiCpuPkg/UefiCpuPkg.dsc | 1 + > UefiCpuPkg/SecCore/SecCore.inf | 2 + > .../SecMigrationPei/SecMigrationPei.inf | 67 +++ > UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ > UefiCpuPkg/SecCore/SecMain.h | 1 + > UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 154 +++++++ > UefiCpuPkg/SecCore/SecMain.c | 26 +- > UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 381 ++++++++++++++++++ > .../SecMigrationPei/SecMigrationPei.uni | 13 + > 10 files changed, 700 insertions(+), 2 deletions(-) > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni >=20 > diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec > index 762badf5d239..8b2e03d49d07 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dec > +++ b/UefiCpuPkg/UefiCpuPkg.dec > @@ -84,6 +84,9 @@ [Ppis] > ## Include/Ppi/ShadowMicrocode.h > gEdkiiPeiShadowMicrocodePpiGuid =3D { 0x430f6965, 0x9a69, 0x41c5, { 0= x93, > 0xed, 0x8b, 0xf0, 0x64, 0x35, 0xc1, 0xc6 }} >=20 > + ## Include/Ppi/RepublishSecPpi.h > + gRepublishSecPpiPpiGuid =3D { 0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0= xe3, 0x52, > 0x1a, 0x2d, 0xc5, 0xd0, 0x92 }} > + > [PcdsFeatureFlag] > ## Indicates if SMM Profile will be enabled. > # If enabled, instruction executions in and data accesses to memory = outside of > SMRAM will be logged. > diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc > index afa304128221..964720048dd7 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dsc > +++ b/UefiCpuPkg/UefiCpuPkg.dsc > @@ -146,6 +146,7 @@ [Components.IA32, Components.X64] > UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf > UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf > UefiCpuPkg/SecCore/SecCore.inf > + UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf { > > diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore= .inf > index 0562820c95e0..545781d6b4b3 100644 > --- a/UefiCpuPkg/SecCore/SecCore.inf > +++ b/UefiCpuPkg/SecCore/SecCore.inf > @@ -68,6 +68,8 @@ [Ppis] > ## SOMETIMES_CONSUMES > gPeiSecPerformancePpiGuid > gEfiPeiCoreFvLocationPpiGuid > + ## CONSUMES > + gRepublishSecPpiPpiGuid >=20 > [Guids] > ## SOMETIMES_PRODUCES ## HOB > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > new file mode 100644 > index 000000000000..f4c2f6b658fb > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > @@ -0,0 +1,67 @@ > +## @file > +# Migrates SEC structures after permanent memory is installed. > +# > +# Copyright (c) 2019, Intel Corporation. All rights reserved.
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D SecMigrationPei > + MODULE_UNI_FILE =3D SecMigrationPei.uni > + FILE_GUID =3D 58B35361-8922-41BC-B313-EF7ED9ADFD= F7 > + MODULE_TYPE =3D PEIM > + VERSION_STRING =3D 1.0 > + ENTRY_POINT =3D SecMigrationPeiInitialize > + > +# > +# The following information is for reference only and not required by t= he build > tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 EBC > +# > + > +[Sources] > + SecMigrationPei.c > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + UefiCpuPkg/UefiCpuPkg.dec > + > +[LibraryClasses] > + BaseLib > + BaseMemoryLib > + DebugLib > + HobLib > + MemoryAllocationLib > + PeimEntryPoint > + PeiServicesLib > + PeiServicesTablePointerLib > + > +[Ppis] > + ## PRODUCES > + gRepublishSecPpiPpiGuid > + > + ## SOMETIMES_PRODUCES > + gEfiTemporaryRamDonePpiGuid > + > + ## SOMETIME_PRODUCES > + gEfiTemporaryRamSupportPpiGuid > + > + ## SOMETIMES_PRODUCES > + gPeiSecPerformancePpiGuid > + > + ## SOMETIMES_CONSUMES > + ## PRODUCES > + gEfiSecPlatformInformationPpiGuid > + > + ## SOMETIMES_CONSUMES > + ## SOMETIMES_PRODUCES > + gEfiSecPlatformInformation2PpiGuid > + > +[Pcd] > + > gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolum > es ## CONSUMES > + > +[Depex] > + TRUE > diff --git a/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > new file mode 100644 > index 000000000000..ea865acbb5c8 > --- /dev/null > +++ b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > @@ -0,0 +1,54 @@ > +/** @file > + This file declares Sec Platform Information PPI. > + > + This service is the primary handoff state into the PEI Foundation. > + The Security (SEC) component creates the early, transitory memory > + environment and also encapsulates knowledge of at least the > + location of the Boot Firmware Volume (BFV). > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > + @par Revision Reference: > + This PPI is introduced in PI Version 1.0. > + > +**/ > + > +#ifndef __REPUBLISH_SEC_PPI_H__ > +#define __REPUBLISH_SEC_PPI_H__ > + > +#include > + > +#define REPUBLISH_SEC_PPI_PPI_GUID \ > + { \ > + 0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0= xd0, > 0x92 } \ > + } > + > +typedef struct _REPUBLISH_SEC_PPI_PPI REPUBLISH_SEC_PPI_PPI; > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memo= ry PEIM. > + > + This is to allow a platform that may not support relocation of SecCor= e to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfull= y. > + @retval Others An error occurred re-installing the SecCore PP= Is. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS)( > + VOID > + ); > + > +/// > +/// Republish SEC PPIs > +/// > +struct _REPUBLISH_SEC_PPI_PPI { > + REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS RepublishSecPpis; > +}; > + > +extern EFI_GUID gRepublishSecPpiPpiGuid; > + > +#endif > diff --git a/UefiCpuPkg/SecCore/SecMain.h b/UefiCpuPkg/SecCore/SecMain.h > index e8c05d713668..e20bcf86532c 100644 > --- a/UefiCpuPkg/SecCore/SecMain.h > +++ b/UefiCpuPkg/SecCore/SecMain.h > @@ -15,6 +15,7 @@ > #include > #include > #include > +#include >=20 > #include >=20 > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > new file mode 100644 > index 000000000000..414672a5afe6 > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > @@ -0,0 +1,154 @@ > +/** @file > + Migrates SEC structures after permanent memory is installed. > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __SEC_MIGRATION_H__ > +#define __SEC_MIGRATION_H__ > + > +#include > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +/** > + This interface conveys state information out of the Security (SEC) ph= ase into > PEI. > + > + @param[in] PeiServices Pointer to the PEI Services = Table. > + @param[in,out] StructureSize Pointer to the variable desc= ribing size of > the input buffer. > + @param[out] PlatformInformationRecord Pointer to the > EFI_SEC_PLATFORM_INFORMATION_RECORD. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_BUFFER_TOO_SMALL The buffer was too small. There're actually more errors returned in implementation code. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecPlatformInformationPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN OUT UINT64 *StructureSize, > + OUT EFI_SEC_PLATFORM_INFORMATION_RECORD > *PlatformInformationRecord > + ); > + > +/** > + Re-installs the SEC Platform Information PPIs to implementation in th= is > module to support post-memory. > + > + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVI= CES table > published by the PEI Foundation. > + @param[in] NotifyDescriptor Address of the notification descriptor d= ata > structure. > + @param[in] Ppi Address of the PPI that was installed. > + > + @retval EFI_SUCCESS The SEC Platform Information PPI could n= ot be re- > installed. > + @return Others An error occurred during PPI re-install. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecPlatformInformationPpiNotifyCallback ( > + IN EFI_PEI_SERVICES **PeiServices, > + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, > + IN VOID *Ppi > + ); > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memo= ry PEIM. > + > + This is to allow a platform that may not support relocation of SecCor= e to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfull= y. > + @retval Others An error occurred re-installing the SecCore PP= Is. > + > +**/ > +EFI_STATUS > +EFIAPI > +RepublishSecPpis ( > + VOID > + ); > + > +/** > + Disables the use of Temporary RAM. > + > + If present, this service is invoked by the PEI Foundation after > + the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed. > + > + @retval EFI_SUCCESS Use of Temporary RAM was disabled. > + @retval EFI_INVALID_PARAMETER Temporary RAM could not be disabled. This function has no parameters. EFI_INVALID_PARAMETER should not be returned. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamDonePostMemory ( > + VOID > + ); > + > +/** > + This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates > temporary RAM into > + permanent memory. > + > + @param PeiServices Pointer to the PEI Services Table. > + @param TemporaryMemoryBase Source Address in temporary memory > from which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param PermanentMemoryBase Destination Address in permanent memory > into which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param CopySize Amount of memory to migrate from tempor= ary to > permanent memory. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > > TemporaryMemoryBase when > + TemporaryMemoryBase > PermanentMemoryBa= se. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamSupportPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase, > + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase, > + IN UINTN CopySize > + ); > + > +/** > + This interface conveys performance information out of the Security (S= EC) > phase into PEI. > + > + This service is published by the SEC phase. The SEC phase handoff has= an > optional > + EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is pas= sed > from SEC into the > + PEI Foundation. As such, if the platform supports collecting performa= nce data > in SEC, > + this information is encapsulated into the data structure abstracted b= y this > service. > + This information is collected for the boot-strap processor (BSP) on I= A-32. > + > + @param[in] PeiServices The pointer to the PEI Services Table. > + @param[in] This The pointer to this instance of the > PEI_SEC_PERFORMANCE_PPI. > + @param[out] Performance The pointer to performance data collected in= SEC > phase. > + > + @retval EFI_SUCCESS The performance data was successfully return= ed. According to the implementation, there are errors returned. Please add the= m. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetPerformancePostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN PEI_SEC_PERFORMANCE_PPI *This, > + OUT FIRMWARE_SEC_PERFORMANCE *Performance > + ); > + > +typedef struct { > + UINT64 StructureSize; > + EFI_SEC_PLATFORM_INFORMATION_RECORD *PlatformInformationRecord; > +} SEC_PLATFORM_INFORMATION_CONTEXT; > + > +typedef struct { > + EFI_HOB_GUID_TYPE Header; > + UINT8 Revision; > + UINT8 Reserved[3]; > + FIRMWARE_SEC_PERFORMANCE FirmwareSecPerformance; > + SEC_PLATFORM_INFORMATION_CONTEXT Context; > +} SEC_PLATFORM_INFORMATION_CONTEXT_HOB; > + > +#endif > diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c > index 5d5e7f17dced..155be49a6011 100644 > --- a/UefiCpuPkg/SecCore/SecMain.c > +++ b/UefiCpuPkg/SecCore/SecMain.c > @@ -370,13 +370,35 @@ SecTemporaryRamDone ( > VOID > ) > { > - BOOLEAN State; > + EFI_STATUS Status; > + EFI_STATUS Status2; > + UINTN Index; > + BOOLEAN State; > + EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor; > + REPUBLISH_SEC_PPI_PPI *RepublishSecPpiPpi; >=20 > // > // Republish Sec Platform Information(2) PPI > // > RepublishSecPlatformInformationPpi (); >=20 > + // > + // Re-install SEC PPIs using a PEIM produced service if published > + // > + for (Index =3D 0, Status =3D EFI_SUCCESS; Status =3D=3D EFI_SUCCESS; = Index++) { > + Status =3D PeiServicesLocatePpi ( > + &gRepublishSecPpiPpiGuid, > + Index, > + &PeiPpiDescriptor, > + (VOID **) &RepublishSecPpiPpi > + ); > + if (!EFI_ERROR (Status)) { > + DEBUG ((DEBUG_INFO, "Calling RepublishSecPpi instance %d.\n", Ind= ex)); > + Status2 =3D RepublishSecPpiPpi->RepublishSecPpis (); > + ASSERT_EFI_ERROR (Status2); > + } > + } > + > // > // Migrate DebugAgentContext. > // > @@ -385,7 +407,7 @@ SecTemporaryRamDone ( > // > // Disable interrupts and save current interrupt state > // > - State =3D SaveAndDisableInterrupts(); > + State =3D SaveAndDisableInterrupts (); >=20 > // > // Disable Temporary RAM after Stack and Heap have been migrated at t= his > point. > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > new file mode 100644 > index 000000000000..8fe5f78bae94 > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > @@ -0,0 +1,381 @@ > +/** @file > + Migrates SEC structures after permanent memory is installed. > + > + Copyright (c) 2020, Intel Corporation. All rights reserved.
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include "SecMigrationPei.h" > + > +STATIC REPUBLISH_SEC_PPI_PPI mEdkiiRepublishSecPpiPpi =3D { > + RepublishSecPpis > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED > EFI_SEC_PLATFORM_INFORMATION_PPI > mSecPlatformInformationPostMemoryPpi =3D { > + SecPl= atformInformationPostMemory > + }; > + > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_TEMPORARY_RAM_DONE_PPI > mSecTemporaryRamDonePostMemoryPpi =3D { > + SecTempo= raryRamDonePostMemory > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED > EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI > mSecTemporaryRamSupportPostMemoryPpi =3D { > + SecTe= mporaryRamSupportPostMemory > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED PEI_SEC_PERFORMANCE_PPI > mSecPerformancePpi =3D { > + GetPerformanceP= ostMemory > + }; > + > +STATIC EFI_PEI_PPI_DESCRIPTOR mEdkiiRepublishSecPpiDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gRepublishSecPpiPpiGuid, > + &mEdkiiRepublishSecPpiPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecPlatformInformationPostMemoryDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEfiSecPlatformInformationPpiGuid, > + &mSecPlatformInformationPostMemoryPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecTemporaryRamDonePostMemoryDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEfiTemporaryRamDonePpiGuid, > + &mSecTemporaryRamDonePostMemoryPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecTemporaryRamSupportPostMemoryDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEfiTemporaryRamSupportPpiGuid, > + &mSecTemporaryRamSupportPostMemoryPpi > + }; > + > +GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR > mSecPerformancePpiDescriptor =3D { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gPeiSecPerformancePpiGuid, > + &mSecPerformancePpi > + }; > + > +/** > + Disables the use of Temporary RAM. > + > + If present, this service is invoked by the PEI Foundation after > + the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed. > + > + @retval EFI_SUCCESS Use of Temporary RAM was disabled. > + @retval EFI_INVALID_PARAMETER Temporary RAM could not be disabled. No parameters of this function. EFI_INVALID_PARAMETER should not be return= ed. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamDonePostMemory ( > + VOID > + ) > +{ > + // > + // Temporary RAM Done is already done in post-memory > + // install a stub function that is located in permanent memory > + // > + return EFI_SUCCESS; > +} > + > +/** > + This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates > temporary RAM into > + permanent memory. > + > + @param PeiServices Pointer to the PEI Services Table. > + @param TemporaryMemoryBase Source Address in temporary memory > from which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param PermanentMemoryBase Destination Address in permanent memory > into which the SEC or PEIM will copy the > + Temporary RAM contents. > + @param CopySize Amount of memory to migrate from tempor= ary to > permanent memory. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > > TemporaryMemoryBase when > + TemporaryMemoryBase > PermanentMemoryBa= se. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecTemporaryRamSupportPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase, > + IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase, > + IN UINTN CopySize > + ) > +{ > + // > + // Temporary RAM Support is already done in post-memory > + // install a stub function that is located in permanent memory > + // > + return EFI_SUCCESS; > +} > + > +/** > + This interface conveys performance information out of the Security (S= EC) > phase into PEI. > + > + This service is published by the SEC phase. The SEC phase handoff has= an > optional > + EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is pas= sed > from SEC into the > + PEI Foundation. As such, if the platform supports collecting performa= nce data > in SEC, > + this information is encapsulated into the data structure abstracted b= y this > service. > + This information is collected for the boot-strap processor (BSP) on I= A-32. > + > + @param[in] PeiServices The pointer to the PEI Services Table. > + @param[in] This The pointer to this instance of the > PEI_SEC_PERFORMANCE_PPI. > + @param[out] Performance The pointer to performance data collected in= SEC > phase. > + > + @retval EFI_SUCCESS The performance data was successfully return= ed. EFI_INVALID_PARAMETER and EFI_NOT_FOUND may also be returned. > + > +**/ > +EFI_STATUS > +EFIAPI > +GetPerformancePostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN PEI_SEC_PERFORMANCE_PPI *This, > + OUT FIRMWARE_SEC_PERFORMANCE *Performance > + ) > +{ > + SEC_PLATFORM_INFORMATION_CONTEXT_HOB > *SecPlatformInformationContexHob; > + > + if (This =3D=3D NULL || Performance =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + SecPlatformInformationContexHob =3D GetFirstGuidHob (&gEfiCallerIdGui= d); > + if (SecPlatformInformationContexHob =3D=3D NULL) { > + return EFI_NOT_FOUND; > + } > + > + Performance->ResetEnd =3D SecPlatformInformationContexHob- > >FirmwareSecPerformance.ResetEnd; > + > + return EFI_SUCCESS; > +} > + > +/** > + This interface conveys state information out of the Security (SEC) ph= ase into > PEI. > + > + @param[in] PeiServices Pointer to the PEI Services = Table. > + @param[in,out] StructureSize Pointer to the variable desc= ribing size of > the input buffer. > + @param[out] PlatformInformationRecord Pointer to the > EFI_SEC_PLATFORM_INFORMATION_RECORD. > + > + @retval EFI_SUCCESS The data was successfully returned. > + @retval EFI_BUFFER_TOO_SMALL The buffer was too small. EFI_INVALID_PARAMETER and EFI_NOT_FOUND may also be returned. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecPlatformInformationPostMemory ( > + IN CONST EFI_PEI_SERVICES **PeiServices, > + IN OUT UINT64 *StructureSize, > + OUT EFI_SEC_PLATFORM_INFORMATION_RECORD > *PlatformInformationRecord > + ) > +{ > + SEC_PLATFORM_INFORMATION_CONTEXT_HOB > *SecPlatformInformationContexHob; > + > + if (StructureSize =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + SecPlatformInformationContexHob =3D GetFirstGuidHob (&gEfiCallerIdGui= d); > + if (SecPlatformInformationContexHob =3D=3D NULL) { > + return EFI_NOT_FOUND; > + } > + > + if (*StructureSize < SecPlatformInformationContexHob- > >Context.StructureSize) { > + *StructureSize =3D SecPlatformInformationContexHob->Context.Structu= reSize; > + return EFI_BUFFER_TOO_SMALL; > + } > + > + if (PlatformInformationRecord =3D=3D NULL) { > + return EFI_INVALID_PARAMETER; > + } > + > + *StructureSize =3D SecPlatformInformationContexHob->Context.Structure= Size; > + CopyMem ( > + (VOID *) PlatformInformationRecord, > + (VOID *) SecPlatformInformationContexHob- > >Context.PlatformInformationRecord, > + (UINTN) SecPlatformInformationContexHob->Context.StructureSize > + ); > + > + return EFI_SUCCESS; > +} > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memo= ry PEIM. > + > + This is to allow a platform that may not support relocation of SecCor= e to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESS The SecCore PPIs were re-installed successfull= y. > + @retval Others An error occurred re-installing the SecCore PP= Is. > + > +**/ > +EFI_STATUS > +EFIAPI > +RepublishSecPpis ( > + VOID > + ) > +{ > + EFI_STATUS Status; > + EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor; > + VOID *PeiPpi; > + SEC_PLATFORM_INFORMATION_CONTEXT_HOB > *SecPlatformInformationContextHob; > + EFI_SEC_PLATFORM_INFORMATION_RECORD *SecPlatformInformationPtr; > + UINT64 SecStructureSize; > + > + SecPlatformInformationPtr =3D NULL; > + SecStructureSize =3D 0; > + > + Status =3D PeiServicesLocatePpi ( > + &gEfiTemporaryRamDonePpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status =3D PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecTemporaryRamDonePostMemoryDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > + Status =3D PeiServicesLocatePpi ( > + &gEfiTemporaryRamSupportPpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status =3D PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecTemporaryRamSupportPostMemoryDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > + Status =3D PeiServicesCreateHob ( > + EFI_HOB_TYPE_GUID_EXTENSION, > + sizeof (SEC_PLATFORM_INFORMATION_CONTEXT_HOB), > + (VOID **) &SecPlatformInformationContextHob > + ); > + ASSERT_EFI_ERROR (Status); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "SecPlatformInformation Context HOB could not > be created.\n")); > + return Status; > + } > + > + SecPlatformInformationContextHob->Header.Name =3D gEfiCallerIdGuid; > + SecPlatformInformationContextHob->Revision =3D 1; > + > + Status =3D PeiServicesLocatePpi ( > + &gPeiSecPerformancePpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status =3D ((PEI_SEC_PERFORMANCE_PPI *) PeiPpi)->GetPerformance ( > + GetPeiServicesTabl= ePointer (), > + (PEI_SEC_PERFORMAN= CE_PPI *) PeiPpi, > + &SecPlatformInform= ationContextHob- > >FirmwareSecPerformance > + ); > + ASSERT_EFI_ERROR (Status); > + if (!EFI_ERROR (Status)) { > + Status =3D PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecPerformancePpiDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + } > + > + Status =3D PeiServicesLocatePpi ( > + &gEfiSecPlatformInformationPpiGuid, > + 0, > + &PeiPpiDescriptor, > + (VOID **) &PeiPpi > + ); > + if (!EFI_ERROR (Status)) { > + Status =3D ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)- > >PlatformInformation ( > + GetPeiSer= vicesTablePointer (), > + &SecStruc= tureSize, > + SecPlatfo= rmInformationPtr > + ); > + ASSERT (Status =3D=3D EFI_BUFFER_TOO_SMALL); > + if (Status !=3D EFI_BUFFER_TOO_SMALL) { > + return EFI_NOT_FOUND; > + } > + > + ZeroMem ((VOID *) &(SecPlatformInformationContextHob->Context), siz= eof > (SEC_PLATFORM_INFORMATION_CONTEXT)); > + SecPlatformInformationContextHob->Context.PlatformInformationRecord= =3D > AllocatePool ((UINTN) SecStructureSize); > + ASSERT (SecPlatformInformationContextHob- > >Context.PlatformInformationRecord !=3D NULL); > + if (SecPlatformInformationContextHob- > >Context.PlatformInformationRecord =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + SecPlatformInformationContextHob->Context.StructureSize =3D > SecStructureSize; > + > + Status =3D ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)- > >PlatformInformation ( > + GetPeiSer= vicesTablePointer (), > + &(SecPlat= formInformationContextHob- > >Context.StructureSize), > + SecPlatfo= rmInformationContextHob- > >Context.PlatformInformationRecord > + ); > + ASSERT_EFI_ERROR (Status); > + if (!EFI_ERROR (Status)) { > + Status =3D PeiServicesReInstallPpi ( > + PeiPpiDescriptor, > + &mSecPlatformInformationPostMemoryDescriptor > + ); > + ASSERT_EFI_ERROR (Status); > + } > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + This function is the entry point which installs an instance of > REPUBLISH_SEC_PPI_PPI. > + > + It install the RepublishSecPpi depent on > PcdMigrateTemporaryRamFirmwareVolumes, install > + the PPI when the PcdMigrateTemporaryRamFirmwareVolumes enabled. > + > + @param[in] FileHandle Pointer to image file handle. > + @param[in] PeiServices Pointer to PEI Services Table > + > + @retval EFI_ABORTED Disable evacuate temporary memory feature by > disable > + PcdMigrateTemporaryRamFirmwareVolumes. > + @retval EFI_SUCCESS An instance of REPUBLISH_SEC_PPI_PPI was install= ed > successfully. > + @retval Others An error occurred installing and instance of > REPUBLISH_SEC_PPI_PPI. > + > +**/ > +EFI_STATUS > +EFIAPI > +SecMigrationPeiInitialize ( > + IN EFI_PEI_FILE_HANDLE FileHandle, > + IN CONST EFI_PEI_SERVICES **PeiServices > + ) > +{ > + EFI_STATUS Status; > + > + Status =3D EFI_ABORTED; > + > + if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) { > + Status =3D PeiServicesInstallPpi (&mEdkiiRepublishSecPpiDescriptor)= ; > + ASSERT_EFI_ERROR (Status); > + } > + > + return Status; > +} > diff --git a/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > new file mode 100644 > index 000000000000..62c2064ba217 > --- /dev/null > +++ b/UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni > @@ -0,0 +1,13 @@ > +// /** @file > +// Migrates SEC structures after permanent memory is installed. > +// > +// Copyright (c) 2019, Intel Corporation. All rights reserved.
> +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "Migrates SEC structure= s > after permanent memory is installed" > + > +#string STR_MODULE_DESCRIPTION #language en-US "Migrates SEC > structures after permanent memory is installed." > + > -- > 2.25.1.windows.1 >=20 >=20 >=20