From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by mx.groups.io with SMTP id smtpd.web10.6428.1611903738847194034
 for <devel@edk2.groups.io>;
 Thu, 28 Jan 2021 23:02:19 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=sWPftGiu;
 spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: ray.ni@intel.com)
IronPort-SDR: F1C9mxrt+Y+O0ZYQV5LdwMnLXHz8jRPnybDsEUbrQIWI+jndgxohijlMOaAqMfDA0s/zLUgGGF
 wJPn8bV+TCeQ==
X-IronPort-AV: E=McAfee;i="6000,8403,9878"; a="199219485"
X-IronPort-AV: E=Sophos;i="5.79,384,1602572400"; 
   d="scan'208";a="199219485"
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Jan 2021 23:02:17 -0800
IronPort-SDR: bq4b5/eHTA0IqmfU4TulOfhx/8hyjDbfnzGBMWr6a8IiLeM/lJpAlK4VE83TdXpPVEmztitLNQ
 A4+qv59MniJg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.79,384,1602572400"; 
   d="scan'208";a="575339169"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15])
  by fmsmga006.fm.intel.com with ESMTP; 28 Jan 2021 23:02:15 -0800
Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by
 ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2106.2; Thu, 28 Jan 2021 23:02:14 -0800
Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by
 ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2106.2; Thu, 28 Jan 2021 23:02:14 -0800
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2
 via Frontend Transport; Thu, 28 Jan 2021 23:02:14 -0800
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.168)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.1713.5; Thu, 28 Jan 2021 23:02:13 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=YRudLeZ4CZGtlfnrKdm90a/K/Mau2nNRXSneA6CNG69wUDvLEAICnozb91PN025jlaCphCgXAh7lixvcZKMV49A6r9UW3eZ4wrDj2IsaxiKQ5bJo4hP1I0IWBtNRR7IX1bzEwZce4qf4Znc1EgbZ6Lwj2ttgTzT6oQPOZG7d4HPb1lIqL355CmCy/yBn04OXGgTVdaXCYFb5CeJDkTqg9E9XQhD7z7Vp1Cnt7bL0bbcEnLi0tr8EU3W3bOViKfVQ1YFCdVA5rBqJt6/telWmoDtf6O1gybcgV+ZaM1zmdZR64PPm/N9mgKo5Cm1Mj+pjV2OYllgcBqmwCWmapkuHeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=H1Z0n0iDhuQilVCVqjcCHwuxvLosD2GW5NQqomdM2jQ=;
 b=VG94eEyYwbyVUB0OM1k3+irwXvtoZIn6aZEAEc34J1ai+t5gLFMW75dgInFXOr5esOQ7Y2vx+ON/ZRJVvHBYu4XeIU2GEGjFunFugnl485jfIIkMM7/Dj1kUbCCXH2FQ2RE/LLxkOU+c2fJIqOjF/aP002Y0RJn17i1syNIkmJxu/ZVXmMhPwFtv1rUUvIKdzqGC0ftGhHezo2XMV7aU78vvPhH554vqRZfJOWSfJVMDhbys+kZtG03YsGLLjIUVZvuNNTtnQw/o/UFvT+zj2ShEVvTrfybpxCY0VSwF02YbBORXGf6Qos/qWYPioVP36zK5LgRWIRdyRo2MC7UgIw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=H1Z0n0iDhuQilVCVqjcCHwuxvLosD2GW5NQqomdM2jQ=;
 b=sWPftGiun8ktmdoB1ia1q+1h+vpf22vhACElfO5CuLYYdteRV2cSczFO9Q6VMKOh3xYWAws1gtUb6VLKyqTmj0/VIjuKgaaMy2pU+OOOR0hMyW4bj2eOVry5ih9mjv3ocL+tDe7hHEy63DJbT1Ii99tt4gjqJy//M4V+Bvi3vPg=
Received: from CO1PR11MB4930.namprd11.prod.outlook.com (2603:10b6:303:9b::11)
 by CO1PR11MB4882.namprd11.prod.outlook.com (2603:10b6:303:97::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.16; Fri, 29 Jan
 2021 07:02:09 +0000
Received: from CO1PR11MB4930.namprd11.prod.outlook.com
 ([fe80::8d64:91ed:c259:e95]) by CO1PR11MB4930.namprd11.prod.outlook.com
 ([fe80::8d64:91ed:c259:e95%6]) with mapi id 15.20.3805.021; Fri, 29 Jan 2021
 07:02:09 +0000
From: "Ni, Ray" <ray.ni@intel.com>
To: "Jiang, Guomin" <guomin.jiang@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Dong, Eric" <eric.dong@intel.com>, Laszlo Ersek <lersek@redhat.com>,
	"Kumar, Rahul1" <rahul1.kumar@intel.com>, "De, Debkumar"
	<debkumar.de@intel.com>, "Han, Harry" <harry.han@intel.com>, "West,
 Catharine" <catharine.west@intel.com>
Subject: Re: [PATCH 1/1] UefiCpuPkg: Move MigrateGdt from DiscoverMemory to TempRamDone. (CVE-2019-11098)
Thread-Topic: [PATCH 1/1] UefiCpuPkg: Move MigrateGdt from DiscoverMemory to
 TempRamDone. (CVE-2019-11098)
Thread-Index: AQHW9gpTr22VH+4ph0+NNRHrYdO07qo+LKyg
Date: Fri, 29 Jan 2021 07:02:09 +0000
Message-ID: <CO1PR11MB49309649B52BC2CE7A0070658CB99@CO1PR11MB4930.namprd11.prod.outlook.com>
References: <20210129064444.599-1-guomin.jiang@intel.com>
In-Reply-To: <20210129064444.599-1-guomin.jiang@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.5.1.3
dlp-reaction: no-action
dlp-product: dlpe-windows
authentication-results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [192.198.147.198]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 16d97f04-9b89-40ef-4257-08d8c423cc05
x-ms-traffictypediagnostic: CO1PR11MB4882:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <CO1PR11MB4882B4C06D547AEDF7C61A018CB99@CO1PR11MB4882.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3826;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: izh/VTwA6k4OZvIKGMaM7LLZLHHdetbCqAzSMxXMf1dGyB0ZZkAsmyItPBFqjrt0q5GrE+cUG83TOe/OF+uZ6DpF8MaWI1JOjeNOYyQ5ET0zWLHrRedkLqfGXANNfqMex5Jyuws5IvK0XQpQOpuvJjPgBT79GBhSLqs80JCXuBOs2nMbbiYqcleduuduVvuhLj9BunSf0NYspgKUdh07XsHr2hwOXqSaOxnd+ApzRezMP8EcM4uiTMK3uMAH1pg2AVbhvglTKES1+cjIH1ba6Kv2mZfGJ8Vt9hXM/xD2vo1j461g3AhxoIcqmoSNxc/uIsausaHPpaJfZiwQLyAZrUPyaRbpWNmMOP66lbAXampCSt3tFtbX6tCkWNkSZ7ZVgX3B16m6kwGbtI19kB/503jmqlJ697Cq3+Gx/8kuYSXZmOBRAMUj+25O42Jjr7QL25eBVzn5E5RzHTb0/+uhTNus3yZq/4rNIPk+wA/ZvM20Dz21AWHCnFTESK1rLM9brzJxv/GJRCMto5XhUvErqor4GWw8vp0toh0gBuXmSMdPot9sX0kGdsKuNhQeslSyopcZpaxeyRXn9dRXjB46ZaJY+e36QmiP3sIHh5OOAEA=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4930.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(366004)(136003)(346002)(376002)(39860400002)(76116006)(66446008)(66476007)(5660300002)(83380400001)(66556008)(71200400001)(966005)(4326008)(64756008)(33656002)(52536014)(107886003)(478600001)(66946007)(9686003)(55016002)(53546011)(26005)(186003)(6506007)(54906003)(316002)(8676002)(86362001)(7696005)(8936002)(2906002)(110136005);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?Mm4NeryBreZ4ZrlpcR6mruAi3fzW9YcPDO3teF3yYcwCWOhNNBDxT9i7C3Lo?=
 =?us-ascii?Q?GaqBqvIJTOkIeB2UBPnSgAg9vdqGPB3qDFtYMciqoVnTE/TOfwSol16csJI1?=
 =?us-ascii?Q?T+e3Efzx6+L5UdmpIk4LV0/RM1aYceyNcCdiTbaueA2QzAZE9E/mlyWLCVlp?=
 =?us-ascii?Q?SJJdVPXY+Y0XaEbMKoA3c92q9gV9+5aPNDJ2DdQ/JhVA05VTo7TbZGEjrdTT?=
 =?us-ascii?Q?dtqoJatYpnPS0GHeDjXB9a4PGZvxiSNxfY2wpqQRg8L6XX2dj2cyC4xcBezR?=
 =?us-ascii?Q?eZ453e/Ti6UVfyLlOLn+wYDzvW7BEo8tm3kvjEvUN3xxnk/DEw3+o0xroT0A?=
 =?us-ascii?Q?EuFjHi+az23rXG7e9D5K/Ylorf48k6jmBDn0ZoqxRgxOydMz2j6uc6L7bftp?=
 =?us-ascii?Q?8QGtvj3IAZ7uK7j6xxF0tlZFCSv8Himya2EbB1lMhWOVoBQyLjtSN7egBPFb?=
 =?us-ascii?Q?otfNMXiDm/823T54zKsJx0IT2QUIxgQnYVAEjyAn0bQepWfU3y53CRp2S0sc?=
 =?us-ascii?Q?wmXMxxv9cA1oS9yT8xufWnwIXQS9PZpNvDBBXwM18rr5ACaVvt3rTfmZATIm?=
 =?us-ascii?Q?Cwdz1wKQwN1Kb+eP+Qh3WaDK1LHQvAwh7ocpX7ZgtZDlVYuBQmbzsersHmJc?=
 =?us-ascii?Q?FBJ292JFhuDX7LU6dR18Q+aiGDRIejc6GHYMaPdWhof89AGOoH8B6GoFvGEv?=
 =?us-ascii?Q?Imrcl08s1V/tQvXqc+9GTMoH0WZkemGwLswN+qphkzD/fTSjkIbBHyBaT3Yr?=
 =?us-ascii?Q?mfTBtR8awF+8QwDGCHbE88tI45BJC9vEjuSb61JLG+hLfeAr2CokBECmrlma?=
 =?us-ascii?Q?BmM3/LjupypJu5YuKWZXGzIvRsFqiAmyTKg7uCz519fTqlInEAakXPrFFHug?=
 =?us-ascii?Q?cP5gl+IhDxh8Ptt93+bhk4MnKka4dMAeSn6FA255wRO3MQwUjKv+MoeRBQ2w?=
 =?us-ascii?Q?dDoUA+Wq/2eNZixsJPcn1u5H4kDPkZOScfZWZdE+eqCHDbshlYRxeAyKgJny?=
 =?us-ascii?Q?TZ8S+dTn0c6sHN/AJhOdBTluG0Sq81U9G6x2CWmdQQ79tS5A29ui/3Z9pgvv?=
 =?us-ascii?Q?2vdxTvUU?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4930.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 16d97f04-9b89-40ef-4257-08d8c423cc05
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jan 2021 07:02:09.7646
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: K6+3CK6tTRBge/5fY6T8nmsyDM6HC1m8++Gm6nUZkuRsIn8UlfbkMGb3/G1OkfLQxhqy4bEyaJa2pRI4JEJEmA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB4882
Return-Path: ray.ni@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Guomin,
Now since CpuMpPei module doesn't consume the PcdMigrateTemporaryRamFirmwar=
eVolumes, can you remove the PCD reference from its INF?

Thanks,
Ray

> -----Original Message-----
> From: Guomin Jiang <guomin.jiang@intel.com>
> Sent: Friday, January 29, 2021 2:45 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Laszlo =
Ersek <lersek@redhat.com>; Kumar, Rahul1
> <rahul1.kumar@intel.com>; De, Debkumar <debkumar.de@intel.com>; Han, Harr=
y <harry.han@intel.com>; West, Catharine
> <catharine.west@intel.com>
> Subject: [PATCH 1/1] UefiCpuPkg: Move MigrateGdt from DiscoverMemory to T=
empRamDone. (CVE-2019-11098)
>=20
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3160
>=20
> The GDT still in flash with commit 60b12e69fb1c8c7180fdda92f008248b9ec83d=
b1
> after TempRamDone
>=20
> So move the action to TempRamDone event to avoid reading GDT from flash.
>=20
> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Debkumar De <debkumar.de@intel.com>
> Cc: Harry Han <harry.han@intel.com>
> Cc: Catharine West <catharine.west@intel.com>
> ---
>  UefiCpuPkg/SecCore/SecCore.inf  |  1 +
>  UefiCpuPkg/CpuMpPei/CpuMpPei.c  | 37 ---------------------------
>  UefiCpuPkg/CpuMpPei/CpuPaging.c |  8 ------
>  UefiCpuPkg/SecCore/SecMain.c    | 45 +++++++++++++++++++++++++++++++++
>  4 files changed, 46 insertions(+), 45 deletions(-)
>=20
> diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.=
inf
> index 545781d6b4b3..ded83beb5272 100644
> --- a/UefiCpuPkg/SecCore/SecCore.inf
> +++ b/UefiCpuPkg/SecCore/SecCore.inf
> @@ -77,6 +77,7 @@ [Guids]
>=20
>  [Pcd]
>    gUefiCpuPkgTokenSpaceGuid.PcdPeiTemporaryRamStackSize  ## CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes  =
## CONSUMES
>=20
>  [UserExtensions.TianoCore."ExtraFiles"]
>    SecCoreExtra.uni
> diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPe=
i.c
> index d07540cf7471..07ccbe7c6a91 100644
> --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
> +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
> @@ -429,43 +429,6 @@ GetGdtr (
>    AsmReadGdtr ((IA32_DESCRIPTOR *)Buffer);
>  }
>=20
> -/**
> -  Migrates the Global Descriptor Table (GDT) to permanent memory.
> -
> -  @retval   EFI_SUCCESS           The GDT was migrated successfully.
> -  @retval   EFI_OUT_OF_RESOURCES  The GDT could not be migrated due to l=
ack of available memory.
> -
> -**/
> -EFI_STATUS
> -MigrateGdt (
> -  VOID
> -  )
> -{
> -  EFI_STATUS          Status;
> -  UINTN               GdtBufferSize;
> -  IA32_DESCRIPTOR     Gdtr;
> -  VOID                *GdtBuffer;
> -
> -  AsmReadGdtr ((IA32_DESCRIPTOR *) &Gdtr);
> -  GdtBufferSize =3D sizeof (IA32_SEGMENT_DESCRIPTOR) -1 + Gdtr.Limit + 1=
;
> -
> -  Status =3D  PeiServicesAllocatePool (
> -              GdtBufferSize,
> -              &GdtBuffer
> -              );
> -  ASSERT (GdtBuffer !=3D NULL);
> -  if (EFI_ERROR (Status)) {
> -    return EFI_OUT_OF_RESOURCES;
> -  }
> -
> -  GdtBuffer =3D ALIGN_POINTER (GdtBuffer, sizeof (IA32_SEGMENT_DESCRIPTO=
R));
> -  CopyMem (GdtBuffer, (VOID *) Gdtr.Base, Gdtr.Limit + 1);
> -  Gdtr.Base =3D (UINTN) GdtBuffer;
> -  AsmWriteGdtr (&Gdtr);
> -
> -  return EFI_SUCCESS;
> -}
> -
>  /**
>    Initializes CPU exceptions handlers for the sake of stack switch requi=
rement.
>=20
> diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPag=
ing.c
> index 50ad4277af79..3e261d6657b3 100644
> --- a/UefiCpuPkg/CpuMpPei/CpuPaging.c
> +++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c
> @@ -605,17 +605,9 @@ MemoryDiscoveredPpiNotifyCallback (
>  {
>    EFI_STATUS              Status;
>    BOOLEAN                 InitStackGuard;
> -  BOOLEAN                 InterruptState;
>    EDKII_MIGRATED_FV_INFO  *MigratedFvInfo;
>    EFI_PEI_HOB_POINTERS    Hob;
>=20
> -  if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
> -    InterruptState =3D SaveAndDisableInterrupts ();
> -    Status =3D MigrateGdt ();
> -    ASSERT_EFI_ERROR (Status);
> -    SetInterruptState (InterruptState);
> -  }
> -
>    //
>    // Paging must be setup first. Otherwise the exception TSS setup durin=
g MP
>    // initialization later will not contain paging information and then f=
ail
> diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c
> index 155be49a6011..2416c4ce56b2 100644
> --- a/UefiCpuPkg/SecCore/SecMain.c
> +++ b/UefiCpuPkg/SecCore/SecMain.c
> @@ -35,6 +35,43 @@ EFI_PEI_PPI_DESCRIPTOR            mPeiSecPlatformInfor=
mationPpi[] =3D {
>    }
>  };
>=20
> +/**
> +  Migrates the Global Descriptor Table (GDT) to permanent memory.
> +
> +  @retval   EFI_SUCCESS           The GDT was migrated successfully.
> +  @retval   EFI_OUT_OF_RESOURCES  The GDT could not be migrated due to l=
ack of available memory.
> +
> +**/
> +EFI_STATUS
> +MigrateGdt (
> +  VOID
> +  )
> +{
> +  EFI_STATUS          Status;
> +  UINTN               GdtBufferSize;
> +  IA32_DESCRIPTOR     Gdtr;
> +  VOID                *GdtBuffer;
> +
> +  AsmReadGdtr ((IA32_DESCRIPTOR *) &Gdtr);
> +  GdtBufferSize =3D sizeof (IA32_SEGMENT_DESCRIPTOR) -1 + Gdtr.Limit + 1=
;
> +
> +  Status =3D  PeiServicesAllocatePool (
> +              GdtBufferSize,
> +              &GdtBuffer
> +              );
> +  ASSERT (GdtBuffer !=3D NULL);
> +  if (EFI_ERROR (Status)) {
> +    return EFI_OUT_OF_RESOURCES;
> +  }
> +
> +  GdtBuffer =3D ALIGN_POINTER (GdtBuffer, sizeof (IA32_SEGMENT_DESCRIPTO=
R));
> +  CopyMem (GdtBuffer, (VOID *) Gdtr.Base, Gdtr.Limit + 1);
> +  Gdtr.Base =3D (UINTN) GdtBuffer;
> +  AsmWriteGdtr (&Gdtr);
> +
> +  return EFI_SUCCESS;
> +}
> +
>  //
>  // These are IDT entries pointing to 10:FFFFFFE4h.
>  //
> @@ -409,6 +446,14 @@ SecTemporaryRamDone (
>    //
>    State =3D SaveAndDisableInterrupts ();
>=20
> +  //
> +  // Migrate GDT before NEM near down
> +  //
> +  if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
> +    Status =3D MigrateGdt ();
> +    ASSERT_EFI_ERROR (Status);
> +  }
> +
>    //
>    // Disable Temporary RAM after Stack and Heap have been migrated at th=
is point.
>    //
> --
> 2.25.1.windows.1