* [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too @ 2020-09-24 10:21 jacek.kukiello 2020-09-24 10:21 ` [PATCH v2 2/2] MdeModulePkg/Core/Dxe: expose SP and CRYPTO capabilities in UEFI memmap Malgorzata Kukiello ` (3 more replies) 0 siblings, 4 replies; 11+ messages in thread From: jacek.kukiello @ 2020-09-24 10:21 UTC (permalink / raw) To: devel Cc: Malgorzata Kukiello, Michael D Kinney, Jian J Wang, Hao A Wu, Dandan Bi, Liming Gao, Zhiguang Liu, Oleksiy Yakovlev, Ard Biesheuvel REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 The workaround in the UEFI memmap construction, near the end of the function CoreGetMemoryMap() [MdeModulePkg/Core/Dxe/Mem/Page.c] should not clear the SP and CRYPTO bits, because OSes do (apparently) correctly interpret SP and CRYPTO as capabilities, and not as currently set attributes (upon which the OSes should set their page tables). For this reason, the SP and CRYPTO bits should be separated from the bitmask that we use for hiding the page-access attributes, in the workaround Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Dandan Bi <dandan.bi@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Oleksiy Yakovlev <oleksiyy@ami.com> Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ MdePkg/Include/Uefi/UefiSpec.h | 3 ++- 2 files changed, 8 insertions(+), 7 deletions(-) --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 | Kapita zakadowy 200.000 PLN. Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited. ^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 2/2] MdeModulePkg/Core/Dxe: expose SP and CRYPTO capabilities in UEFI memmap 2020-09-24 10:21 [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too jacek.kukiello @ 2020-09-24 10:21 ` Malgorzata Kukiello 2020-09-24 10:21 ` [PATCH v2 1/2] MdePkg/UefiSpec: separate page access bitmask from SP and CRYPTO caps Malgorzata Kukiello ` (2 subsequent siblings) 3 siblings, 0 replies; 11+ messages in thread From: Malgorzata Kukiello @ 2020-09-24 10:21 UTC (permalink / raw) To: devel Cc: Malgorzata Kukiello, Jian J Wang, Hao A Wu, Dandan Bi, Liming Gao, Oleksiy Yakovlev, Ard Biesheuvel OSs are now capable of treating SP and CRYPTO memory as true capabilities and therefore these should be exposed. This requires usage of a separate ACCESS_MASK to hide all page-access permission capabilities. Change in masking and hiding of SP and CRYPTO was introduced in 3bd5c994c879f78e8e3d5346dc3b627f199291aa Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Cc: Dandan Bi <dandan.bi@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Oleksiy Yakovlev <oleksiyy@ami.com> Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> --- MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c index 2c2c9cd6c3..731bf08bc9 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -1924,16 +1924,16 @@ CoreGetMemoryMap ( // set attributes and change memory paging attribute accordingly. // But current EFI_MEMORY_DESCRIPTOR.Attribute is assigned by // value from Capabilities in GCD memory map. This might cause - // boot problems. Clearing all paging related capabilities can - // workaround it. Following code is supposed to be removed once - // the usage of EFI_MEMORY_DESCRIPTOR.Attribute is clarified in - // UEFI spec and adopted by both EDK-II Core and all supported - // OSs. + // boot problems. Clearing all page-access permission related + // capabilities can workaround it. Following code is supposed to + // be removed once the usage of EFI_MEMORY_DESCRIPTOR.Attribute + // is clarified in UEFI spec and adopted by both EDK-II Core and + // all supported OSs. // MemoryMapEnd = MemoryMap; MemoryMap = MemoryMapStart; while (MemoryMap < MemoryMapEnd) { - MemoryMap->Attribute &= ~(UINT64)EFI_MEMORY_ATTRIBUTE_MASK; + MemoryMap->Attribute &= ~(UINT64)EFI_MEMORY_ACCESS_MASK; MemoryMap = NEXT_MEMORY_DESCRIPTOR (MemoryMap, Size); } MergeMemoryMap (MemoryMapStart, &BufferSize, Size); -- 2.18.0.windows.1 --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 | Kapita zakadowy 200.000 PLN. Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited. ^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 1/2] MdePkg/UefiSpec: separate page access bitmask from SP and CRYPTO caps 2020-09-24 10:21 [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too jacek.kukiello 2020-09-24 10:21 ` [PATCH v2 2/2] MdeModulePkg/Core/Dxe: expose SP and CRYPTO capabilities in UEFI memmap Malgorzata Kukiello @ 2020-09-24 10:21 ` Malgorzata Kukiello 2020-09-24 13:04 ` [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too Laszlo Ersek 2020-09-25 8:54 ` 回复: " gaoliming 3 siblings, 0 replies; 11+ messages in thread From: Malgorzata Kukiello @ 2020-09-24 10:21 UTC (permalink / raw) To: devel Cc: Malgorzata Kukiello, Michael D Kinney, Liming Gao, Zhiguang Liu, Oleksiy Yakovlev, Ard Biesheuvel REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 Operating systems are capable of treating SP and CRYPTO memory capabilities and not as attributes. This means that these capabilites cannot be hidden from OSs. For this reason, the SP and CRYPTO bits should be separated from the bitmask that we use for hiding the page-access attributes. Common mask for ATTRIBUTES was introduced in 3bd5c994c879f78e8e3d5346dc3b627f199291aa Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Oleksiy Yakovlev <oleksiyy@ami.com> Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> --- MdePkg/Include/Uefi/UefiSpec.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/MdePkg/Include/Uefi/UefiSpec.h b/MdePkg/Include/Uefi/UefiSpec.h index 05b82e0be1..2b1b72d862 100644 --- a/MdePkg/Include/Uefi/UefiSpec.h +++ b/MdePkg/Include/Uefi/UefiSpec.h @@ -113,7 +113,8 @@ typedef enum { // Attributes bitmasks, grouped by type // #define EFI_CACHE_ATTRIBUTE_MASK (EFI_MEMORY_UC | EFI_MEMORY_WC | EFI_MEMORY_WT | EFI_MEMORY_WB | EFI_MEMORY_UCE | EFI_MEMORY_WP) -#define EFI_MEMORY_ATTRIBUTE_MASK (EFI_MEMORY_RP | EFI_MEMORY_XP | EFI_MEMORY_RO | EFI_MEMORY_SP | EFI_MEMORY_CPU_CRYPTO) +#define EFI_MEMORY_ACCESS_MASK (EFI_MEMORY_RP | EFI_MEMORY_XP | EFI_MEMORY_RO) +#define EFI_MEMORY_ATTRIBUTE_MASK (EFI_MEMORY_ACCESS_MASK | EFI_MEMORY_SP | EFI_MEMORY_CPU_CRYPTO) /// /// Memory descriptor version number. -- 2.18.0.windows.1 --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 | Kapita zakadowy 200.000 PLN. Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited. ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too 2020-09-24 10:21 [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too jacek.kukiello 2020-09-24 10:21 ` [PATCH v2 2/2] MdeModulePkg/Core/Dxe: expose SP and CRYPTO capabilities in UEFI memmap Malgorzata Kukiello 2020-09-24 10:21 ` [PATCH v2 1/2] MdePkg/UefiSpec: separate page access bitmask from SP and CRYPTO caps Malgorzata Kukiello @ 2020-09-24 13:04 ` Laszlo Ersek 2020-09-25 8:54 ` 回复: " gaoliming 3 siblings, 0 replies; 11+ messages in thread From: Laszlo Ersek @ 2020-09-24 13:04 UTC (permalink / raw) To: devel, jacek.kukiello Cc: Michael D Kinney, Jian J Wang, Hao A Wu, Dandan Bi, Liming Gao, Zhiguang Liu, Oleksiy Yakovlev, Ard Biesheuvel On 09/24/20 12:21, Malgorzata Kukiello wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 > > The workaround in the UEFI memmap construction, near the end of the > function CoreGetMemoryMap() [MdeModulePkg/Core/Dxe/Mem/Page.c] should > not clear the SP and CRYPTO bits, because OSes do (apparently) correctly > interpret SP and CRYPTO as capabilities, and not as currently set > attributes (upon which the OSes should set their page tables). For this > reason, the SP and CRYPTO bits should be separated from the bitmask that > we use for hiding the page-access attributes, in the workaround > > Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Hao A Wu <hao.a.wu@intel.com> > Cc: Dandan Bi <dandan.bi@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > Cc: Oleksiy Yakovlev <oleksiyy@ami.com> > Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> > > MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ > MdePkg/Include/Uefi/UefiSpec.h | 3 ++- > 2 files changed, 8 insertions(+), 7 deletions(-) series Reviewed-by: Laszlo Ersek <lersek@redhat.com> ^ permalink raw reply [flat|nested] 11+ messages in thread
* 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too 2020-09-24 10:21 [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too jacek.kukiello ` (2 preceding siblings ...) 2020-09-24 13:04 ` [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too Laszlo Ersek @ 2020-09-25 8:54 ` gaoliming 2020-09-28 15:39 ` Malgorzata Kukiello 3 siblings, 1 reply; 11+ messages in thread From: gaoliming @ 2020-09-25 8:54 UTC (permalink / raw) To: devel, jacek.kukiello Cc: 'Michael D Kinney', 'Jian J Wang', 'Hao A Wu', 'Dandan Bi', 'Zhiguang Liu', 'Oleksiy Yakovlev', 'Ard Biesheuvel' Malgorzata: How do know OS (Windows or Linux) behavior for SP and CRYPTO attribute? Is there the public document to describe this behavior? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+65566+4905953+8761045@groups.io > <bounce+27952+65566+4905953+8761045@groups.io> 代表 Malgorzata > Kukiello > 发送时间: 2020年9月24日 18:22 > 收件人: devel@edk2.groups.io > 抄送: Malgorzata Kukiello <jacek.kukiello@intel.com>; Michael D Kinney > <michael.d.kinney@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A > Wu <hao.a.wu@intel.com>; Dandan Bi <dandan.bi@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; > Oleksiy Yakovlev <oleksiyy@ami.com>; Ard Biesheuvel > <ard.biesheuvel@arm.com> > 主题: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > page-access caps from OSes hides SP and CRYPTO caps too > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 > > The workaround in the UEFI memmap construction, near the end of the > function CoreGetMemoryMap() [MdeModulePkg/Core/Dxe/Mem/Page.c] > should > not clear the SP and CRYPTO bits, because OSes do (apparently) correctly > interpret SP and CRYPTO as capabilities, and not as currently set > attributes (upon which the OSes should set their page tables). For this > reason, the SP and CRYPTO bits should be separated from the bitmask that > we use for hiding the page-access attributes, in the workaround > > Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Hao A Wu <hao.a.wu@intel.com> > Cc: Dandan Bi <dandan.bi@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > Cc: Oleksiy Yakovlev <oleksiyy@ami.com> > Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> > > MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ > MdePkg/Include/Uefi/UefiSpec.h | 3 ++- > 2 files changed, 8 insertions(+), 7 deletions(-) > --------------------------------------------------------------------- > Intel Technology Poland sp. z o.o. > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia > Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 > | Kapita zakadowy 200.000 PLN. > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i > moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > This e-mail and any attachments may contain confidential material for the > sole use of the intended recipient(s). If you are not the intended recipient, > please contact the sender and delete all copies; any review or distribution by > others is strictly prohibited. > > > > > > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too 2020-09-25 8:54 ` 回复: " gaoliming @ 2020-09-28 15:39 ` Malgorzata Kukiello 2020-09-29 1:13 ` 回复: " gaoliming 0 siblings, 1 reply; 11+ messages in thread From: Malgorzata Kukiello @ 2020-09-28 15:39 UTC (permalink / raw) To: devel@edk2.groups.io, gaoliming@byosoft.com.cn Cc: Kinney, Michael D, Wang, Jian J, Wu, Hao A, Bi, Dandan, Liu, Zhiguang, 'Oleksiy Yakovlev', 'Ard Biesheuvel' Liming, As for mktme there is a change commited: https://patchwork.kernel.org/patch/10935909/ As for SP I can't find anything specific. Thanks Meg -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming Sent: Friday, September 25, 2020 10:55 AM To: devel@edk2.groups.io; Kukiello, Malgorzata <jacek.kukiello@intel.com> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too Malgorzata: How do know OS (Windows or Linux) behavior for SP and CRYPTO attribute? Is there the public document to describe this behavior? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+65566+4905953+8761045@groups.io > <bounce+27952+65566+4905953+8761045@groups.io> 代表 Malgorzata Kukiello > 发送时间: 2020年9月24日 18:22 > 收件人: devel@edk2.groups.io > 抄送: Malgorzata Kukiello <jacek.kukiello@intel.com>; Michael D Kinney > <michael.d.kinney@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao > A Wu <hao.a.wu@intel.com>; Dandan Bi <dandan.bi@intel.com>; Liming Gao > <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; > Oleksiy Yakovlev <oleksiyy@ami.com>; Ard Biesheuvel > <ard.biesheuvel@arm.com> > 主题: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > page-access caps from OSes hides SP and CRYPTO caps too > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 > > The workaround in the UEFI memmap construction, near the end of the > function CoreGetMemoryMap() [MdeModulePkg/Core/Dxe/Mem/Page.c] > should > not clear the SP and CRYPTO bits, because OSes do (apparently) > correctly interpret SP and CRYPTO as capabilities, and not as > currently set attributes (upon which the OSes should set their page > tables). For this reason, the SP and CRYPTO bits should be separated > from the bitmask that we use for hiding the page-access attributes, in > the workaround > > Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Hao A Wu <hao.a.wu@intel.com> > Cc: Dandan Bi <dandan.bi@intel.com> > Cc: Liming Gao <gaoliming@byosoft.com.cn> > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > Cc: Oleksiy Yakovlev <oleksiyy@ami.com> > Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> > > MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ > MdePkg/Include/Uefi/UefiSpec.h | 3 ++- > 2 files changed, 8 insertions(+), 7 deletions(-) > --------------------------------------------------------------------- > Intel Technology Poland sp. z o.o. > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > 957-07-52-316 > | Kapita zakadowy 200.000 PLN. > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata > i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > This e-mail and any attachments may contain confidential material for > the sole use of the intended recipient(s). If you are not the intended recipient, > please contact the sender and delete all copies; any review or distribution by > others is strictly prohibited. > > > > > > --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 | Kapita zakadowy 200.000 PLN. Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited. ^ permalink raw reply [flat|nested] 11+ messages in thread
* 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too 2020-09-28 15:39 ` Malgorzata Kukiello @ 2020-09-29 1:13 ` gaoliming 2020-10-02 12:52 ` Malgorzata Kukiello [not found] ` <163A2DF5FC986A3A.27356@groups.io> 0 siblings, 2 replies; 11+ messages in thread From: gaoliming @ 2020-09-29 1:13 UTC (permalink / raw) To: devel, jacek.kukiello, michael.a.rothman Cc: 'Kinney, Michael D', 'Wang, Jian J', 'Wu, Hao A', 'Bi, Dandan', 'Liu, Zhiguang', 'Oleksiy Yakovlev', 'Ard Biesheuvel' Meg: What real problem do you meet with? What purpose is for this change? And, I also include UEFI Arch Rothman. Rothman: Can you help clarify what OS (Windows or Linux) behavior is expected for UEFI SP and CRYPTO memory attribute? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+65683+4905953+8761045@groups.io > <bounce+27952+65683+4905953+8761045@groups.io> 代表 Malgorzata > Kukiello > 发送时间: 2020年9月28日 23:39 > 收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn > 抄送: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy > Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> > 主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > page-access caps from OSes hides SP and CRYPTO caps too > > Liming, > As for mktme there is a change commited: > https://patchwork.kernel.org/patch/10935909/ > As for SP I can't find anything specific. > Thanks > Meg > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming > Sent: Friday, September 25, 2020 10:55 AM > To: devel@edk2.groups.io; Kukiello, Malgorzata <jacek.kukiello@intel.com> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy > Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> > Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > hiding page-access caps from OSes hides SP and CRYPTO caps too > > Malgorzata: > How do know OS (Windows or Linux) behavior for SP and CRYPTO attribute? > Is there the public document to describe this behavior? > > Thanks > Liming > > -----邮件原件----- > > 发件人: bounce+27952+65566+4905953+8761045@groups.io > > <bounce+27952+65566+4905953+8761045@groups.io> 代表 Malgorzata > Kukiello > > 发送时间: 2020年9月24日 18:22 > > 收件人: devel@edk2.groups.io > > 抄送: Malgorzata Kukiello <jacek.kukiello@intel.com>; Michael D Kinney > > <michael.d.kinney@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao > > A Wu <hao.a.wu@intel.com>; Dandan Bi <dandan.bi@intel.com>; Liming Gao > > <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; > > Oleksiy Yakovlev <oleksiyy@ami.com>; Ard Biesheuvel > > <ard.biesheuvel@arm.com> > > 主题: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > > page-access caps from OSes hides SP and CRYPTO caps too > > > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 > > > > The workaround in the UEFI memmap construction, near the end of the > > function CoreGetMemoryMap() [MdeModulePkg/Core/Dxe/Mem/Page.c] > > should > > not clear the SP and CRYPTO bits, because OSes do (apparently) > > correctly interpret SP and CRYPTO as capabilities, and not as > > currently set attributes (upon which the OSes should set their page > > tables). For this reason, the SP and CRYPTO bits should be separated > > from the bitmask that we use for hiding the page-access attributes, in > > the workaround > > > > Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Hao A Wu <hao.a.wu@intel.com> > > Cc: Dandan Bi <dandan.bi@intel.com> > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > > Cc: Oleksiy Yakovlev <oleksiyy@ami.com> > > Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> > > > > MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ > > MdePkg/Include/Uefi/UefiSpec.h | 3 ++- > > 2 files changed, 8 insertions(+), 7 deletions(-) > > --------------------------------------------------------------------- > > Intel Technology Poland sp. z o.o. > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > > 957-07-52-316 > > | Kapita zakadowy 200.000 PLN. > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata > > i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > > This e-mail and any attachments may contain confidential material for > > the sole use of the intended recipient(s). If you are not the intended > recipient, > > please contact the sender and delete all copies; any review or > distribution by > > others is strictly prohibited. > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > Intel Technology Poland sp. z o.o. > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia > Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 | > Kapita zakadowy 200.000 PLN. > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe > zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci, > prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek > przegldanie lub rozpowszechnianie jest zabronione. > This e-mail and any attachments may contain confidential material for the sole > use of the intended recipient(s). If you are not the intended recipient, please > contact the sender and delete all copies; any review or distribution by others is > strictly prohibited. > > > > > ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too 2020-09-29 1:13 ` 回复: " gaoliming @ 2020-10-02 12:52 ` Malgorzata Kukiello [not found] ` <163A2DF5FC986A3A.27356@groups.io> 1 sibling, 0 replies; 11+ messages in thread From: Malgorzata Kukiello @ 2020-10-02 12:52 UTC (permalink / raw) To: devel@edk2.groups.io, gaoliming@byosoft.com.cn, Rothman, Michael A Cc: Kinney, Michael D, Wang, Jian J, Wu, Hao A, Bi, Dandan, Liu, Zhiguang, 'Oleksiy Yakovlev', 'Ard Biesheuvel' Liming, I am trying to enable a crypto technology, that requires handling on the OS side (implemented in the kernel.org patch), generally speaking I mark in memory map all regions that can be encrypted using the before mentioned tech. Then OS checks that attribute and decides whether or not to enable that. So the real problem is that currently all my attributes are overwritten and cleared. Thanks Meg -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming Sent: Tuesday, September 29, 2020 3:13 AM To: devel@edk2.groups.io; Kukiello, Malgorzata <jacek.kukiello@intel.com>; Rothman, Michael A <michael.a.rothman@intel.com> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too Meg: What real problem do you meet with? What purpose is for this change? And, I also include UEFI Arch Rothman. Rothman: Can you help clarify what OS (Windows or Linux) behavior is expected for UEFI SP and CRYPTO memory attribute? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+65683+4905953+8761045@groups.io > <bounce+27952+65683+4905953+8761045@groups.io> 代表 Malgorzata Kukiello > 发送时间: 2020年9月28日 23:39 > 收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn > 抄送: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > <ard.biesheuvel@arm.com> > 主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > page-access caps from OSes hides SP and CRYPTO caps too > > Liming, > As for mktme there is a change commited: > https://patchwork.kernel.org/patch/10935909/ > As for SP I can't find anything specific. > Thanks > Meg > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > gaoliming > Sent: Friday, September 25, 2020 10:55 AM > To: devel@edk2.groups.io; Kukiello, Malgorzata > <jacek.kukiello@intel.com> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > <ard.biesheuvel@arm.com> > Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > hiding page-access caps from OSes hides SP and CRYPTO caps too > > Malgorzata: > How do know OS (Windows or Linux) behavior for SP and CRYPTO attribute? > Is there the public document to describe this behavior? > > Thanks > Liming > > -----邮件原件----- > > 发件人: bounce+27952+65566+4905953+8761045@groups.io > > <bounce+27952+65566+4905953+8761045@groups.io> 代表 Malgorzata > Kukiello > > 发送时间: 2020年9月24日 18:22 > > 收件人: devel@edk2.groups.io > > 抄送: Malgorzata Kukiello <jacek.kukiello@intel.com>; Michael D Kinney > > <michael.d.kinney@intel.com>; Jian J Wang <jian.j.wang@intel.com>; > > Hao A Wu <hao.a.wu@intel.com>; Dandan Bi <dandan.bi@intel.com>; > > Liming Gao <gaoliming@byosoft.com.cn>; Zhiguang Liu > > <zhiguang.liu@intel.com>; Oleksiy Yakovlev <oleksiyy@ami.com>; Ard > > Biesheuvel <ard.biesheuvel@arm.com> > > 主题: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > > page-access caps from OSes hides SP and CRYPTO caps too > > > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 > > > > The workaround in the UEFI memmap construction, near the end of the > > function CoreGetMemoryMap() [MdeModulePkg/Core/Dxe/Mem/Page.c] > > should > > not clear the SP and CRYPTO bits, because OSes do (apparently) > > correctly interpret SP and CRYPTO as capabilities, and not as > > currently set attributes (upon which the OSes should set their page > > tables). For this reason, the SP and CRYPTO bits should be separated > > from the bitmask that we use for hiding the page-access attributes, > > in the workaround > > > > Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Hao A Wu <hao.a.wu@intel.com> > > Cc: Dandan Bi <dandan.bi@intel.com> > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > > Cc: Oleksiy Yakovlev <oleksiyy@ami.com> > > Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> > > > > MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ > > MdePkg/Include/Uefi/UefiSpec.h | 3 ++- > > 2 files changed, 8 insertions(+), 7 deletions(-) > > -------------------------------------------------------------------- > > - > > Intel Technology Poland sp. z o.o. > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > > 957-07-52-316 > > | Kapita zakadowy 200.000 PLN. > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego > > adresata i moe zawiera informacje poufne. W razie przypadkowego > > otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae > > jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > > This e-mail and any attachments may contain confidential material > > for the sole use of the intended recipient(s). If you are not the > > intended > recipient, > > please contact the sender and delete all copies; any review or > distribution by > > others is strictly prohibited. > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > Intel Technology Poland sp. z o.o. > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > 957-07-52-316 | Kapita zakadowy 200.000 PLN. > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata > i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > This e-mail and any attachments may contain confidential material for > the sole use of the intended recipient(s). If you are not the intended > recipient, please contact the sender and delete all copies; any review > or distribution by others is strictly prohibited. > > > > > --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 | Kapita zakadowy 200.000 PLN. Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited. ^ permalink raw reply [flat|nested] 11+ messages in thread
[parent not found: <163A2DF5FC986A3A.27356@groups.io>]
* Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too [not found] ` <163A2DF5FC986A3A.27356@groups.io> @ 2020-10-09 6:01 ` Malgorzata Kukiello 2020-10-09 9:30 ` 回复: " gaoliming [not found] ` <163C48FE4529CC02.8231@groups.io> 0 siblings, 2 replies; 11+ messages in thread From: Malgorzata Kukiello @ 2020-10-09 6:01 UTC (permalink / raw) To: devel@edk2.groups.io, Kukiello, Malgorzata, gaoliming@byosoft.com.cn, Rothman, Michael A Cc: Kinney, Michael D, Wang, Jian J, Wu, Hao A, Bi, Dandan, Liu, Zhiguang, 'Oleksiy Yakovlev', 'Ard Biesheuvel' Liming, Any update/comment? It's pretty urgent from my perspective. Thanks Meg -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Malgorzata Kukiello Sent: Friday, October 2, 2020 2:52 PM To: devel@edk2.groups.io; gaoliming@byosoft.com.cn; Rothman, Michael A <michael.a.rothman@intel.com> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> Subject: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too Liming, I am trying to enable a crypto technology, that requires handling on the OS side (implemented in the kernel.org patch), generally speaking I mark in memory map all regions that can be encrypted using the before mentioned tech. Then OS checks that attribute and decides whether or not to enable that. So the real problem is that currently all my attributes are overwritten and cleared. Thanks Meg -----Original Message----- From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming Sent: Tuesday, September 29, 2020 3:13 AM To: devel@edk2.groups.io; Kukiello, Malgorzata <jacek.kukiello@intel.com>; Rothman, Michael A <michael.a.rothman@intel.com> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too Meg: What real problem do you meet with? What purpose is for this change? And, I also include UEFI Arch Rothman. Rothman: Can you help clarify what OS (Windows or Linux) behavior is expected for UEFI SP and CRYPTO memory attribute? Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+65683+4905953+8761045@groups.io > <bounce+27952+65683+4905953+8761045@groups.io> 代表 Malgorzata Kukiello > 发送时间: 2020年9月28日 23:39 > 收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn > 抄送: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > <ard.biesheuvel@arm.com> > 主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > page-access caps from OSes hides SP and CRYPTO caps too > > Liming, > As for mktme there is a change commited: > https://patchwork.kernel.org/patch/10935909/ > As for SP I can't find anything specific. > Thanks > Meg > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > gaoliming > Sent: Friday, September 25, 2020 10:55 AM > To: devel@edk2.groups.io; Kukiello, Malgorzata > <jacek.kukiello@intel.com> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > <ard.biesheuvel@arm.com> > Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > hiding page-access caps from OSes hides SP and CRYPTO caps too > > Malgorzata: > How do know OS (Windows or Linux) behavior for SP and CRYPTO attribute? > Is there the public document to describe this behavior? > > Thanks > Liming > > -----邮件原件----- > > 发件人: bounce+27952+65566+4905953+8761045@groups.io > > <bounce+27952+65566+4905953+8761045@groups.io> 代表 Malgorzata > Kukiello > > 发送时间: 2020年9月24日 18:22 > > 收件人: devel@edk2.groups.io > > 抄送: Malgorzata Kukiello <jacek.kukiello@intel.com>; Michael D Kinney > > <michael.d.kinney@intel.com>; Jian J Wang <jian.j.wang@intel.com>; > > Hao A Wu <hao.a.wu@intel.com>; Dandan Bi <dandan.bi@intel.com>; > > Liming Gao <gaoliming@byosoft.com.cn>; Zhiguang Liu > > <zhiguang.liu@intel.com>; Oleksiy Yakovlev <oleksiyy@ami.com>; Ard > > Biesheuvel <ard.biesheuvel@arm.com> > > 主题: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > > page-access caps from OSes hides SP and CRYPTO caps too > > > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 > > > > The workaround in the UEFI memmap construction, near the end of the > > function CoreGetMemoryMap() [MdeModulePkg/Core/Dxe/Mem/Page.c] > > should > > not clear the SP and CRYPTO bits, because OSes do (apparently) > > correctly interpret SP and CRYPTO as capabilities, and not as > > currently set attributes (upon which the OSes should set their page > > tables). For this reason, the SP and CRYPTO bits should be separated > > from the bitmask that we use for hiding the page-access attributes, > > in the workaround > > > > Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Hao A Wu <hao.a.wu@intel.com> > > Cc: Dandan Bi <dandan.bi@intel.com> > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > > Cc: Oleksiy Yakovlev <oleksiyy@ami.com> > > Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> > > > > MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ > > MdePkg/Include/Uefi/UefiSpec.h | 3 ++- > > 2 files changed, 8 insertions(+), 7 deletions(-) > > -------------------------------------------------------------------- > > - > > Intel Technology Poland sp. z o.o. > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > > 957-07-52-316 > > | Kapita zakadowy 200.000 PLN. > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego > > adresata i moe zawiera informacje poufne. W razie przypadkowego > > otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae > > jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > > This e-mail and any attachments may contain confidential material > > for the sole use of the intended recipient(s). If you are not the > > intended > recipient, > > please contact the sender and delete all copies; any review or > distribution by > > others is strictly prohibited. > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > Intel Technology Poland sp. z o.o. > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > 957-07-52-316 | Kapita zakadowy 200.000 PLN. > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata > i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > This e-mail and any attachments may contain confidential material for > the sole use of the intended recipient(s). If you are not the intended > recipient, please contact the sender and delete all copies; any review > or distribution by others is strictly prohibited. > > > > > --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 | Kapita zakadowy 200.000 PLN. Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited. --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 | Kapita zakadowy 200.000 PLN. Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited. ^ permalink raw reply [flat|nested] 11+ messages in thread
* 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too 2020-10-09 6:01 ` Malgorzata Kukiello @ 2020-10-09 9:30 ` gaoliming [not found] ` <163C48FE4529CC02.8231@groups.io> 1 sibling, 0 replies; 11+ messages in thread From: gaoliming @ 2020-10-09 9:30 UTC (permalink / raw) To: devel, jacek.kukiello, 'Rothman, Michael A' Cc: 'Kinney, Michael D', 'Wang, Jian J', 'Wu, Hao A', 'Bi, Dandan', 'Liu, Zhiguang', 'Oleksiy Yakovlev', 'Ard Biesheuvel' Meg: Thanks for your detail information. I understand this problem now. I agree your patch to revert the change introduced by previous 3bd5c994c879f78e8e3d5346dc3b627f199291aa. Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> If no other comments, I will merge this patch set tomorrow. Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+66053+4905953+8761045@groups.io > <bounce+27952+66053+4905953+8761045@groups.io> 代表 Malgorzata > Kukiello > 发送时间: 2020年10月9日 14:01 > 收件人: devel@edk2.groups.io; Kukiello, Malgorzata > <jacek.kukiello@intel.com>; gaoliming@byosoft.com.cn; Rothman, Michael A > <michael.a.rothman@intel.com> > 抄送: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy > Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> > 主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > page-access caps from OSes hides SP and CRYPTO caps too > > Liming, > Any update/comment? It's pretty urgent from my perspective. > Thanks > Meg > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > Malgorzata Kukiello > Sent: Friday, October 2, 2020 2:52 PM > To: devel@edk2.groups.io; gaoliming@byosoft.com.cn; Rothman, Michael A > <michael.a.rothman@intel.com> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy > Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> > Subject: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > hiding page-access caps from OSes hides SP and CRYPTO caps too > > Liming, > I am trying to enable a crypto technology, that requires handling on the OS > side (implemented in the kernel.org patch), generally speaking I mark in > memory map all regions that can be encrypted using the before mentioned > tech. Then OS checks that attribute and decides whether or not to enable > that. > So the real problem is that currently all my attributes are overwritten and > cleared. > Thanks > Meg > > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming > Sent: Tuesday, September 29, 2020 3:13 AM > To: devel@edk2.groups.io; Kukiello, Malgorzata <jacek.kukiello@intel.com>; > Rothman, Michael A <michael.a.rothman@intel.com> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy > Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> > Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > hiding page-access caps from OSes hides SP and CRYPTO caps too > > Meg: > What real problem do you meet with? What purpose is for this change? And, > I also include UEFI Arch Rothman. > > Rothman: > Can you help clarify what OS (Windows or Linux) behavior is expected for > UEFI SP and CRYPTO memory attribute? > > Thanks > Liming > > -----邮件原件----- > > 发件人: bounce+27952+65683+4905953+8761045@groups.io > > <bounce+27952+65683+4905953+8761045@groups.io> 代表 Malgorzata > Kukiello > > 发送时间: 2020年9月28日 23:39 > > 收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn > > 抄送: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > > 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > > <ard.biesheuvel@arm.com> > > 主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > hiding > > page-access caps from OSes hides SP and CRYPTO caps too > > > > Liming, > > As for mktme there is a change commited: > > https://patchwork.kernel.org/patch/10935909/ > > As for SP I can't find anything specific. > > Thanks > > Meg > > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > > gaoliming > > Sent: Friday, September 25, 2020 10:55 AM > > To: devel@edk2.groups.io; Kukiello, Malgorzata > > <jacek.kukiello@intel.com> > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > > 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > > <ard.biesheuvel@arm.com> > > Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > > hiding page-access caps from OSes hides SP and CRYPTO caps too > > > > Malgorzata: > > How do know OS (Windows or Linux) behavior for SP and CRYPTO > attribute? > > Is there the public document to describe this behavior? > > > > Thanks > > Liming > > > -----邮件原件----- > > > 发件人: bounce+27952+65566+4905953+8761045@groups.io > > > <bounce+27952+65566+4905953+8761045@groups.io> 代表 > Malgorzata > > Kukiello > > > 发送时间: 2020年9月24日 18:22 > > > 收件人: devel@edk2.groups.io > > > 抄送: Malgorzata Kukiello <jacek.kukiello@intel.com>; Michael D Kinney > > > <michael.d.kinney@intel.com>; Jian J Wang <jian.j.wang@intel.com>; > > > Hao A Wu <hao.a.wu@intel.com>; Dandan Bi <dandan.bi@intel.com>; > > > Liming Gao <gaoliming@byosoft.com.cn>; Zhiguang Liu > > > <zhiguang.liu@intel.com>; Oleksiy Yakovlev <oleksiyy@ami.com>; Ard > > > Biesheuvel <ard.biesheuvel@arm.com> > > > 主题: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding > > > page-access caps from OSes hides SP and CRYPTO caps too > > > > > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 > > > > > > The workaround in the UEFI memmap construction, near the end of the > > > function CoreGetMemoryMap() [MdeModulePkg/Core/Dxe/Mem/Page.c] > > > should > > > not clear the SP and CRYPTO bits, because OSes do (apparently) > > > correctly interpret SP and CRYPTO as capabilities, and not as > > > currently set attributes (upon which the OSes should set their page > > > tables). For this reason, the SP and CRYPTO bits should be separated > > > from the bitmask that we use for hiding the page-access attributes, > > > in the workaround > > > > > > Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> > > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > > Cc: Jian J Wang <jian.j.wang@intel.com> > > > Cc: Hao A Wu <hao.a.wu@intel.com> > > > Cc: Dandan Bi <dandan.bi@intel.com> > > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > > > Cc: Oleksiy Yakovlev <oleksiyy@ami.com> > > > Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> > > > > > > MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ > > > MdePkg/Include/Uefi/UefiSpec.h | 3 ++- > > > 2 files changed, 8 insertions(+), 7 deletions(-) > > > -------------------------------------------------------------------- > > > - > > > Intel Technology Poland sp. z o.o. > > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > > > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > > > 957-07-52-316 > > > | Kapita zakadowy 200.000 PLN. > > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego > > > adresata i moe zawiera informacje poufne. W razie przypadkowego > > > otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz trwae > > > jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest > zabronione. > > > This e-mail and any attachments may contain confidential material > > > for the sole use of the intended recipient(s). If you are not the > > > intended > > recipient, > > > please contact the sender and delete all copies; any review or > > distribution by > > > others is strictly prohibited. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > Intel Technology Poland sp. z o.o. > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > > 957-07-52-316 | Kapita zakadowy 200.000 PLN. > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata > > i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > > This e-mail and any attachments may contain confidential material for > > the sole use of the intended recipient(s). If you are not the intended > > recipient, please contact the sender and delete all copies; any review > > or distribution by others is strictly prohibited. > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > Intel Technology Poland sp. z o.o. > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia > Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 > | Kapita zakadowy 200.000 PLN. > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i > moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > This e-mail and any attachments may contain confidential material for the > sole use of the intended recipient(s). If you are not the intended recipient, > please contact the sender and delete all copies; any review or distribution by > others is strictly prohibited. > > > > > > > --------------------------------------------------------------------- > Intel Technology Poland sp. z o.o. > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia > Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP 957-07-52-316 > | Kapita zakadowy 200.000 PLN. > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i > moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > This e-mail and any attachments may contain confidential material for the > sole use of the intended recipient(s). If you are not the intended recipient, > please contact the sender and delete all copies; any review or distribution by > others is strictly prohibited. > > > > > ^ permalink raw reply [flat|nested] 11+ messages in thread
[parent not found: <163C48FE4529CC02.8231@groups.io>]
* 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too [not found] ` <163C48FE4529CC02.8231@groups.io> @ 2020-10-10 3:35 ` gaoliming 0 siblings, 0 replies; 11+ messages in thread From: gaoliming @ 2020-10-10 3:35 UTC (permalink / raw) To: devel, gaoliming, jacek.kukiello, 'Rothman, Michael A' Cc: 'Kinney, Michael D', 'Wang, Jian J', 'Wu, Hao A', 'Bi, Dandan', 'Liu, Zhiguang', 'Oleksiy Yakovlev', 'Ard Biesheuvel' Meg: Pull Request is created https://github.com/tianocore/edk2/pull/999 Thanks Liming > -----邮件原件----- > 发件人: bounce+27952+66058+4905953+8761045@groups.io > <bounce+27952+66058+4905953+8761045@groups.io> 代表 gaoliming > 发送时间: 2020年10月9日 17:30 > 收件人: devel@edk2.groups.io; jacek.kukiello@intel.com; 'Rothman, Michael > A' <michael.a.rothman@intel.com> > 抄送: 'Kinney, Michael D' <michael.d.kinney@intel.com>; 'Wang, Jian J' > <jian.j.wang@intel.com>; 'Wu, Hao A' <hao.a.wu@intel.com>; 'Bi, Dandan' > <dandan.bi@intel.com>; 'Liu, Zhiguang' <zhiguang.liu@intel.com>; 'Oleksiy > Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' <ard.biesheuvel@arm.com> > 主题: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > hiding page-access caps from OSes hides SP and CRYPTO caps too > > Meg: > Thanks for your detail information. I understand this problem now. > I agree your patch to revert the change introduced by previous > 3bd5c994c879f78e8e3d5346dc3b627f199291aa. > > Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn> > > If no other comments, I will merge this patch set tomorrow. > > Thanks > Liming > > -----邮件原件----- > > 发件人: bounce+27952+66053+4905953+8761045@groups.io > > <bounce+27952+66053+4905953+8761045@groups.io> 代表 Malgorzata > > Kukiello > > 发送时间: 2020年10月9日 14:01 > > 收件人: devel@edk2.groups.io; Kukiello, Malgorzata > > <jacek.kukiello@intel.com>; gaoliming@byosoft.com.cn; Rothman, Michael > A > > <michael.a.rothman@intel.com> > > 抄送: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy > > Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > <ard.biesheuvel@arm.com> > > 主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > hiding > > page-access caps from OSes hides SP and CRYPTO caps too > > > > Liming, > > Any update/comment? It's pretty urgent from my perspective. > > Thanks > > Meg > > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > > Malgorzata Kukiello > > Sent: Friday, October 2, 2020 2:52 PM > > To: devel@edk2.groups.io; gaoliming@byosoft.com.cn; Rothman, Michael A > > <michael.a.rothman@intel.com> > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy > > Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > <ard.biesheuvel@arm.com> > > Subject: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > > hiding page-access caps from OSes hides SP and CRYPTO caps too > > > > Liming, > > I am trying to enable a crypto technology, that requires handling on the OS > > side (implemented in the kernel.org patch), generally speaking I mark in > > memory map all regions that can be encrypted using the before mentioned > > tech. Then OS checks that attribute and decides whether or not to enable > > that. > > So the real problem is that currently all my attributes are overwritten and > > cleared. > > Thanks > > Meg > > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > gaoliming > > Sent: Tuesday, September 29, 2020 3:13 AM > > To: devel@edk2.groups.io; Kukiello, Malgorzata <jacek.kukiello@intel.com>; > > Rothman, Michael A <michael.a.rothman@intel.com> > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; 'Oleksiy > > Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > <ard.biesheuvel@arm.com> > > Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > > hiding page-access caps from OSes hides SP and CRYPTO caps too > > > > Meg: > > What real problem do you meet with? What purpose is for this change? > And, > > I also include UEFI Arch Rothman. > > > > Rothman: > > Can you help clarify what OS (Windows or Linux) behavior is expected for > > UEFI SP and CRYPTO memory attribute? > > > > Thanks > > Liming > > > -----邮件原件----- > > > 发件人: bounce+27952+65683+4905953+8761045@groups.io > > > <bounce+27952+65683+4905953+8761045@groups.io> 代表 > Malgorzata > > Kukiello > > > 发送时间: 2020年9月28日 23:39 > > > 收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn > > > 抄送: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > > > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > > > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > > > 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > > > <ard.biesheuvel@arm.com> > > > 主题: Re: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > > hiding > > > page-access caps from OSes hides SP and CRYPTO caps too > > > > > > Liming, > > > As for mktme there is a change commited: > > > https://patchwork.kernel.org/patch/10935909/ > > > As for SP I can't find anything specific. > > > Thanks > > > Meg > > > > > > -----Original Message----- > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of > > > gaoliming > > > Sent: Friday, September 25, 2020 10:55 AM > > > To: devel@edk2.groups.io; Kukiello, Malgorzata > > > <jacek.kukiello@intel.com> > > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Wang, Jian J > > > <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Bi, Dandan > > > <dandan.bi@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; > > > 'Oleksiy Yakovlev' <oleksiyy@ami.com>; 'Ard Biesheuvel' > > > <ard.biesheuvel@arm.com> > > > Subject: 回复: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround > for > > > hiding page-access caps from OSes hides SP and CRYPTO caps too > > > > > > Malgorzata: > > > How do know OS (Windows or Linux) behavior for SP and CRYPTO > > attribute? > > > Is there the public document to describe this behavior? > > > > > > Thanks > > > Liming > > > > -----邮件原件----- > > > > 发件人: bounce+27952+65566+4905953+8761045@groups.io > > > > <bounce+27952+65566+4905953+8761045@groups.io> 代表 > > Malgorzata > > > Kukiello > > > > 发送时间: 2020年9月24日 18:22 > > > > 收件人: devel@edk2.groups.io > > > > 抄送: Malgorzata Kukiello <jacek.kukiello@intel.com>; Michael D > Kinney > > > > <michael.d.kinney@intel.com>; Jian J Wang <jian.j.wang@intel.com>; > > > > Hao A Wu <hao.a.wu@intel.com>; Dandan Bi <dandan.bi@intel.com>; > > > > Liming Gao <gaoliming@byosoft.com.cn>; Zhiguang Liu > > > > <zhiguang.liu@intel.com>; Oleksiy Yakovlev <oleksiyy@ami.com>; Ard > > > > Biesheuvel <ard.biesheuvel@arm.com> > > > > 主题: [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for > hiding > > > > page-access caps from OSes hides SP and CRYPTO caps too > > > > > > > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2982 > > > > > > > > The workaround in the UEFI memmap construction, near the end of the > > > > function CoreGetMemoryMap() > [MdeModulePkg/Core/Dxe/Mem/Page.c] > > > > should > > > > not clear the SP and CRYPTO bits, because OSes do (apparently) > > > > correctly interpret SP and CRYPTO as capabilities, and not as > > > > currently set attributes (upon which the OSes should set their page > > > > tables). For this reason, the SP and CRYPTO bits should be separated > > > > from the bitmask that we use for hiding the page-access attributes, > > > > in the workaround > > > > > > > > Signed-off-by: Malgorzata Kukiello <jacek.kukiello@intel.com> > > > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > > > Cc: Jian J Wang <jian.j.wang@intel.com> > > > > Cc: Hao A Wu <hao.a.wu@intel.com> > > > > Cc: Dandan Bi <dandan.bi@intel.com> > > > > Cc: Liming Gao <gaoliming@byosoft.com.cn> > > > > Cc: Zhiguang Liu <zhiguang.liu@intel.com> > > > > Cc: Oleksiy Yakovlev <oleksiyy@ami.com> > > > > Cc: Ard Biesheuvel (ARM address) <ard.biesheuvel@arm.com> > > > > > > > > MdeModulePkg/Core/Dxe/Mem/Page.c | 12 ++++++------ > > > > MdePkg/Include/Uefi/UefiSpec.h | 3 ++- > > > > 2 files changed, 8 insertions(+), 7 deletions(-) > > > > -------------------------------------------------------------------- > > > > - > > > > Intel Technology Poland sp. z o.o. > > > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > > > > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > > > > 957-07-52-316 > > > > | Kapita zakadowy 200.000 PLN. > > > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego > > > > adresata i moe zawiera informacje poufne. W razie przypadkowego > > > > otrzymania tej wiadomoci, prosimy o powiadomienie nadawcy oraz > trwae > > > > jej usunicie; jakiekolwiek przegldanie lub rozpowszechnianie jest > > zabronione. > > > > This e-mail and any attachments may contain confidential material > > > > for the sole use of the intended recipient(s). If you are not the > > > > intended > > > recipient, > > > > please contact the sender and delete all copies; any review or > > > distribution by > > > > others is strictly prohibited. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > Intel Technology Poland sp. z o.o. > > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII > > > Wydzia Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > > > 957-07-52-316 | Kapita zakadowy 200.000 PLN. > > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata > > > i moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > > > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > > > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > > > This e-mail and any attachments may contain confidential material for > > > the sole use of the intended recipient(s). If you are not the intended > > > recipient, please contact the sender and delete all copies; any review > > > or distribution by others is strictly prohibited. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > Intel Technology Poland sp. z o.o. > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia > > Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > 957-07-52-316 > > | Kapita zakadowy 200.000 PLN. > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i > > moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > > This e-mail and any attachments may contain confidential material for the > > sole use of the intended recipient(s). If you are not the intended recipient, > > please contact the sender and delete all copies; any review or distribution > by > > others is strictly prohibited. > > > > > > > > > > > > > > --------------------------------------------------------------------- > > Intel Technology Poland sp. z o.o. > > ul. Sowackiego 173 | 80-298 Gdask | Sd Rejonowy Gdask Pnoc | VII Wydzia > > Gospodarczy Krajowego Rejestru Sdowego - KRS 101882 | NIP > 957-07-52-316 > > | Kapita zakadowy 200.000 PLN. > > Ta wiadomo wraz z zacznikami jest przeznaczona dla okrelonego adresata i > > moe zawiera informacje poufne. W razie przypadkowego otrzymania tej > > wiadomoci, prosimy o powiadomienie nadawcy oraz trwae jej usunicie; > > jakiekolwiek przegldanie lub rozpowszechnianie jest zabronione. > > This e-mail and any attachments may contain confidential material for the > > sole use of the intended recipient(s). If you are not the intended recipient, > > please contact the sender and delete all copies; any review or distribution > by > > others is strictly prohibited. > > > > > > > > > > > > > > > > > ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2020-10-10 3:35 UTC | newest] Thread overview: 11+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-09-24 10:21 [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too jacek.kukiello 2020-09-24 10:21 ` [PATCH v2 2/2] MdeModulePkg/Core/Dxe: expose SP and CRYPTO capabilities in UEFI memmap Malgorzata Kukiello 2020-09-24 10:21 ` [PATCH v2 1/2] MdePkg/UefiSpec: separate page access bitmask from SP and CRYPTO caps Malgorzata Kukiello 2020-09-24 13:04 ` [edk2-devel] [PATCH v2 0/2] UEFI memmap workaround for hiding page-access caps from OSes hides SP and CRYPTO caps too Laszlo Ersek 2020-09-25 8:54 ` 回复: " gaoliming 2020-09-28 15:39 ` Malgorzata Kukiello 2020-09-29 1:13 ` 回复: " gaoliming 2020-10-02 12:52 ` Malgorzata Kukiello [not found] ` <163A2DF5FC986A3A.27356@groups.io> 2020-10-09 6:01 ` Malgorzata Kukiello 2020-10-09 9:30 ` 回复: " gaoliming [not found] ` <163C48FE4529CC02.8231@groups.io> 2020-10-10 3:35 ` gaoliming
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox