From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Sughosh Ganu <sughosh.ganu@arm.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>,
Supreeth Venkatesh <supreeth.venkatesh@arm.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [PATCH v2 7/7] ArmPkg: Extra action to update permissions for S-ELO MM Image
Date: Fri, 24 Aug 2018 15:55:29 +0100 [thread overview]
Message-ID: <CAKv+Gu-zgpMSxs3C1CGvuo4Fe0kWYQ64CwNVBJnOH=dxzJ5cDw@mail.gmail.com> (raw)
In-Reply-To: <20180821065047.GA17216@arm.com>
On 21 August 2018 at 07:50, Sughosh Ganu <sughosh.ganu@arm.com> wrote:
> hi Ard,
>
> On Tue July 23, 2018 at 11:03PM +0530, Supreeth Venkatesh wrote:
>>
>> On Sat, 2018-07-21 at 20:06 +0900, Ard Biesheuvel wrote:
>> > On 20 July 2018 at 21:38, Sughosh Ganu <sughosh.ganu@arm.com> wrote:
>> > >
>> > > From: Achin Gupta <achin.gupta@arm.com>
>> > >
>> > > The Standalone MM drivers runs in S-EL0 in AArch64 on ARM Standard
>> > > Platforms and is deployed during SEC phase. The memory allocated to
>> > > the Standalone MM drivers should be marked as RO+X.
>> > >
>> > > During PE/COFF Image section parsing, this patch implements extra
>> > > action "UpdatePeCoffPermissions" to request the privileged firmware
>> > > in
>> > > EL3 to update the permissions.
>> > >
>> > > Contributed-under: TianoCore Contribution Agreement 1.1
>> > > Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
>> > Apologies for bringing this up only now, but I don't think I was ever
>> > cc'ed on these patches.
>> >
>> Apologies if you have missed it. But I am pretty sure it was part of
>> earlier large patch-set on which you and leif were copied, as it was
>> part of ArmPkg.
>> >
>> > We are relying on a debug hook in the PE/COFF loader to ensure that
>> > we
>> > don't end up with memory that is both writable and executable in the
>> > secure world. Do we really think that is a good idea?
>> >
>> > (I know this code was derived from a proof of concept that I did
>> > years
>> > ago, but that was just a PoC)
>> I think we need a little bit more details on what is your suggestion?
>>
>> A little bit background here: This code runs in S-EL0 and Request gets
>> sent to secure world SPM to ensure that the region permissions are
>> updated correctly via the "ArmMmuStandaloneMmCoreLib" SVC -
>> ARM_SVC_ID_SP_SET_MEM_ATTRIBUTES_AARCH64.
>>
>> DebugPeCoffExtraActionLib is just used to extract image region
>> information, but the region permission
>> update request is sent to secure world for validation.
>>
>> With the above explanation, can you provide an insight into what was
>> your thinking?
>> Do you want us to create a separate library and call it
>> as PeCoffExtraActionLib to avoid the "Debug" word though it is a hook
>> to PeCoffExtraActionLib in MdePkg or do we want to create this library
>> in a separate package (may be in MdePkg?) or something totally
>> different.
>
> Supreeth had replied to your comments on the patch. Can you please
> check this. If you feel that this needs to be implemented differently,
> can you please suggest it to us. Thanks.
>
My point is that such a fundamental action that needs to occur while
loading the PE/COFF image should not be hooked into the loader this
way.
next prev parent reply other threads:[~2018-08-24 14:55 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-20 12:38 [PATCH v2 0/7] ArmPkg related changes for StandaloneMM package Sughosh Ganu
2018-07-20 12:38 ` [PATCH v2 1/7] ArmPkg: Add PCDs needed for MM communication driver Sughosh Ganu
2018-07-20 12:38 ` [PATCH v2 2/7] ArmPkg/Drivers: Add EFI_MM_COMMUNICATION_PROTOCOL DXE driver Sughosh Ganu
2018-07-20 12:38 ` [PATCH v2 3/7] ArmPkg/Include: Fix the SPM version SVC ID Sughosh Ganu
2018-07-20 12:38 ` [PATCH v2 4/7] ArmPkg/Include: Add MM interface SVC return codes Sughosh Ganu
2018-07-20 12:38 ` [PATCH v2 5/7] ArmPkg/ArmMmuLib: Add MMU Library suitable for use in S-EL0 Sughosh Ganu
2018-07-20 12:38 ` [PATCH v2 6/7] ArmPkg/ArmMmuLib: Add MMU library inf file " Sughosh Ganu
2018-07-20 12:38 ` [PATCH v2 7/7] ArmPkg: Extra action to update permissions for S-ELO MM Image Sughosh Ganu
2018-07-21 11:06 ` Ard Biesheuvel
2018-07-23 17:33 ` Supreeth Venkatesh
[not found] ` <CAHxXkBfPzG5Z+oWmQeV_zKu7a0nOEW54jmPd1uJT_XkUZAmb-g@mail.gmail.com>
2018-08-21 6:50 ` Sughosh Ganu
2018-08-24 14:55 ` Ard Biesheuvel [this message]
2018-08-28 14:30 ` Achin Gupta
2018-10-24 8:22 ` Achin Gupta
2018-10-24 11:05 ` Ard Biesheuvel
2018-11-09 13:27 ` Achin Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKv+Gu-zgpMSxs3C1CGvuo4Fe0kWYQ64CwNVBJnOH=dxzJ5cDw@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox