From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::533; helo=mail-ed1-x533.google.com; envelope-from=ujja2016@gmail.com; receiver=edk2-devel@lists.01.org Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 817A2211982C0 for ; Mon, 10 Dec 2018 21:28:41 -0800 (PST) Received: by mail-ed1-x533.google.com with SMTP id j6so11437241edp.9 for ; Mon, 10 Dec 2018 21:28:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=KDkLq1FuULAuWGg2Z6UymGSyRmcfirO4gibRFFXnr9A=; b=DRpv6yGtKVShjuR4FcTfNet6sXKvmsnh3C7Yhv1Cfzd/6LRXLFDzWhv83fNoEQ9vWp eug1eXIkRlDJM0USV04xdelmjCBgru5USu7jIi4+MHNyfDnvZ1YnNBGlM1Y16Va8BUJT RjPCjabZeWk7GN9Nth5aKZElK6wVWReJtdf58lkPJgV+l2DQYfXATVBcUaYt2YyaXIxs UCUd708sFwHMPmxE8gqMurDsyEq9ubEbQ0vsEIst3BaFHHuCTIS+itVh95bGIqtO0ylt emnseZPbkDUUYJZW//qLeo6sENJFRO7rz/Xxbi8aDk+i8eAHAXMGXmG3C45ZDj3Q3bfW ULGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=KDkLq1FuULAuWGg2Z6UymGSyRmcfirO4gibRFFXnr9A=; b=pcpy4HL6OMAsH71WYrbZRrtD/ll/ya8Aultt/8o1zsqCBbLjuo+g5MuvFg11s0d1BU JHoyho0mmQZ6aiORqDOOI/sS9quofMb7vblKvEp+wXwd1+tsaLhBP4lRMTxWvDTL74Lj OQYhk0WKObQsKr41OXxFDWUYrU7vzAxIZFvDpqPsNl/SXs7jDO5F8AQk02FAdI1ysuOP /tqioBYqqGXO20/etEDIdBJ9n6UW/JjkM9Aoil0xWychzC6QhdwlIXWoxHcjYs5hTm8V gLmbU/4cW9rBwpiTCvqya0LdPTGU6jO6AD3Fw2ti6zwM/rJGfdnzydyIeXlKkURFX6cp MOTw== X-Gm-Message-State: AA+aEWZ+uuPC0Q7eNxhzwuGswqgi+CZhLP4Qxj3IX03/Xzejph42o7EN fDVoEizPJnmSxckk4RD9FubDq2fgP4I7Rk4UNis= X-Google-Smtp-Source: AFSGD/Ui5BYzmNJq6AJY+NfcpDUI9oyMBf0QdZtUMK+oznMUBkZdyvrpAnQtM0K+lulSmC1y+VD1ML7XuKOJXBZAOk0= X-Received: by 2002:a17:906:cb2:: with SMTP id k18-v6mr11628877ejh.129.1544506119204; Mon, 10 Dec 2018 21:28:39 -0800 (PST) MIME-Version: 1.0 References: <1543397709-31847-1-git-send-email-jagadeesh.ujja@arm.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14E380CE6@SHSMSX104.ccr.corp.intel.com> In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E380CE6@SHSMSX104.ccr.corp.intel.com> From: jagadeesh ujja Date: Tue, 11 Dec 2018 10:58:28 +0530 Message-ID: To: liming.gao@intel.com Cc: edk2-devel@lists.01.org, chao.b.zhang@intel.com, leif.lindholm@linaro.org, ard.biesheuvel@linaro.org Subject: Re: [RFC PATCH v3 00/11] Extend secure variable service to be usable from Standalone MM X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 05:28:42 -0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Liming, On Thu, Nov 29, 2018 at 9:27 PM Gao, Liming wrote: > > My comment is below. > > 1. Please don't update MemoryFence() implementation. It will impact all c= onsumer code. AsmLfence() is X86 specific API. You can implement the intern= al function in the arch specific source file to call AsmLfence() for X86 an= d call MemoryFence() for ARM. This internal function will be called in the = common logic. > 2. On StandaloneMmServicesTableLib.h, I suggest to add it into MdePkg, an= d add StandaloneMmRuntimeDxe library into MdePkg. This library sets gMmst i= s NULL, and always return FALSE in InMm(). > 3. On PcdStandaloneMmEnable, I also suggest to add it into MdePkg. It can= be used to control the driver logic in the different packages. > > With 2 & 3, other edk2 packages don't need to depend on StandaloneMmPkg/S= tandaloneMmPkg.dec Thank you for your comments. All your comments have been addressed and the next version of this patchset will include appropriate changes based on your comments. Regards, Jagadeesh. > > > -----Original Message----- > > From: Jagadeesh Ujja [mailto:jagadeesh.ujja@arm.com] > > Sent: Wednesday, November 28, 2018 5:35 PM > > To: edk2-devel@lists.01.org; Gao, Liming ; Zhang,= Chao B ; leif.lindholm@linaro.org; > > ard.biesheuvel@linaro.org > > Subject: [RFC PATCH v3 00/11] Extend secure variable service to be usab= le from Standalone MM > > > > Changes since v2: > > - Added 'Contributed-under' tag, removed Change-ID tag and > > maintained a single signed-off-by for the all the patches. > > > > Changes since v1: > > - Addressed all the comments from Liming Gao > > - Removed the use of #ifdef/#else/#endif and used a Pcd instead to > > select between MM and non-MM paths. > > - Removed all dependencies on edk2-platforms. > > - Dropped the use of mMmst and used gSmst instead. > > - Added a dummy implementation UefiRuntimeServiceTableLib for > > MM_STANDALONE usage > > - Replaced all uses of AsmLfence with MemoryFence from variable > > service code. > > - Add a new StandaloneMmRuntimeDxe library to for use by non-MM code. > > > > This RFC patch series extends the existing secure variable service supp= ort for > > use with Standalone MM. This is applicable to paltforms that use Standa= lone > > Management Mode to protect access to non-volatile memory (NOR flash in = case > > of these patches) used to store the secure EFI variables. > > > > The first patch pulls in additional libraries from the staging branch o= f > > StandaloneMmPkg into the edk2's StandaloneMmPkg. The existing secure va= riable > > service implementation supports only the traditional MM mode and so the= rest > > of the patches extends the existing secure variable service support to = be > > useable with Standalone MM mode as well. > > > > This patch series is being posted as an RFC to get feedback on the appr= oach taken > > in these patches. > > > > Jagadeesh Ujja (11): > > MdeModulePkg/Variable: replace all uses of AsmLfence with MemoryFence > > StandaloneMmPkg: Pull in additonal libraries from staging branch > > MdeModulePkg/Library: Add StandaloneMmRuntimeDxe library > > ArmPlatformPkg/NorFlashDxe: allow reusability as a MM driver > > MdeModulePkg/FaultTolerantWriteDxe: allow reusability as a MM driver > > MdeModulePkg/Variable/RuntimeDxe: adapt for usability with MM > > Standalone > > MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver > > SecurityPkg/AuthVariableLib: allow MM_STANDALONE drivers to use this > > library > > MdeModulePkg/VarCheckLib: allow MM_STANDALONE drivers to use this > > library > > CryptoPkg/BaseCryptLib: allow MM_STANDALONE drivers to use this > > library > > CryptoPkg/BaseCryptLib: Hack to get time in MM Standalone mode > > > > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf > > | 3 + > > ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashDxe.inf =3D> NorFlashStand= aloneMm.inf} > > | 28 +- > > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > | 8 +- > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > | 5 + > > MdeModulePkg/Library/{VarCheckLib/VarCheckLib.inf =3D> StandaloneMmRun= timeDxe/StandaloneMmRuntimeDxe.inf} > > | 22 +- > > MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf > > | 5 +- > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf > > | 2 + > > MdeModulePkg/Universal/FaultTolerantWriteDxe/{FaultTolerantWriteDxe.in= f =3D> FaultTolerantWriteStandaloneMm.inf} | > > 53 +- > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > > | 2 + > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf > > | 4 + > > MdeModulePkg/Universal/Variable/RuntimeDxe/{VariableRuntimeDxe.inf =3D= > VariableStandaloneMm.inf} > > | 107 ++- > > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > > | 5 +- > > StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.= inf > > | 2 +- > > StandaloneMmPkg/Library/{StandaloneMmCoreHobLib/StandaloneMmCoreHobLib= .inf =3D> > > StandaloneMmHobLib/StandaloneMmHobLib.inf} | 11 +- > > StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMe= moryAllocationLib.inf > > | 45 ++ > > StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServi= cesTableLib.inf > > | 36 + > > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.h > > | 5 +- > > MdeModulePkg/Include/Library/StandaloneMmRuntimeDxe.h > > | 39 + > > StandaloneMmPkg/Include/Library/StandaloneMmServicesTableLib.h > > | 47 ++ > > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashBlockIoDxe.c > > | 2 +- > > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.c > > | 211 ++++- > > ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvbDxe.c > > | 88 ++- > > CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c > > | 27 +- > > MdeModulePkg/Library/StandaloneMmRuntimeDxe/StandaloneMmRuntimeDxe.c > > | 36 + > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c > > | 207 +++-- > > MdeModulePkg/Universal/FaultTolerantWriteDxe/UpdateWorkingBlock.c > > | 27 +- > > MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c > > | 2 +- > > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > > | 37 +- > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > > | 201 ++++- > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c > > | 31 +- > > MdePkg/Library/BaseLib/X86MemoryFence.c > > | 2 +- > > StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/StandaloneMmCoreHob= LibInternal.c > > | 64 ++ > > StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.c > > | 655 ++++++++++++++++ > > StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMe= moryAllocationLib.c > > | 824 ++++++++++++++++++++ > > StandaloneMmPkg/Library/StandaloneMmServicesTableLib/StandaloneMmServi= cesTableLib.c > > | 64 ++ > > 35 files changed, 2564 insertions(+), 343 deletions(-) > > copy ArmPlatformPkg/Drivers/NorFlashDxe/{NorFlashDxe.inf =3D> NorFlash= StandaloneMm.inf} (71%) > > copy MdeModulePkg/Library/{VarCheckLib/VarCheckLib.inf =3D> Standalone= MmRuntimeDxe/StandaloneMmRuntimeDxe.inf} (51%) > > copy MdeModulePkg/Universal/FaultTolerantWriteDxe/{FaultTolerantWriteD= xe.inf =3D> FaultTolerantWriteStandaloneMm.inf} (54%) > > copy MdeModulePkg/Universal/Variable/RuntimeDxe/{VariableRuntimeDxe.in= f =3D> VariableStandaloneMm.inf} (54%) > > copy StandaloneMmPkg/Library/{StandaloneMmCoreHobLib/StandaloneMmCoreH= obLib.inf =3D> > > StandaloneMmHobLib/StandaloneMmHobLib.inf} (79%) > > create mode 100644 StandaloneMmPkg/Library/StandaloneMmMemoryAllocatio= nLib/StandaloneMmMemoryAllocationLib.inf > > create mode 100644 StandaloneMmPkg/Library/StandaloneMmServicesTableLi= b/StandaloneMmServicesTableLib.inf > > create mode 100644 MdeModulePkg/Include/Library/StandaloneMmRuntimeDxe= .h > > create mode 100644 StandaloneMmPkg/Include/Library/StandaloneMmService= sTableLib.h > > create mode 100644 MdeModulePkg/Library/StandaloneMmRuntimeDxe/Standal= oneMmRuntimeDxe.c > > create mode 100644 StandaloneMmPkg/Library/StandaloneMmHobLib/AArch64/= StandaloneMmCoreHobLibInternal.c > > create mode 100644 StandaloneMmPkg/Library/StandaloneMmHobLib/Standalo= neMmHobLib.c > > create mode 100644 StandaloneMmPkg/Library/StandaloneMmMemoryAllocatio= nLib/StandaloneMmMemoryAllocationLib.c > > create mode 100644 StandaloneMmPkg/Library/StandaloneMmServicesTableLi= b/StandaloneMmServicesTableLib.c > > > > -- > > 2.7.4 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel