Re: [edk2-devel] [PATCH 3/3] MdeModulePkg/BdsDxe: Set RuntimeServicesSupported variable

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Wang, Sunny (HPS SW)" <sunnywang@hpe.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	"zhichao.gao@intel.com" <zhichao.gao@intel.com>,
	"Ni, Ray" <ray.ni@intel.com>, Jeff Brasen <jbrasen@nvidia.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Gao, Liming" <liming.gao@intel.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	"Wu, Hao A" <hao.a.wu@intel.com>,
	"Spottswood, Jason" <jason.spottswood@hpe.com>,
	"Wang, Sunny (HPS SW)" <sunnywang@hpe.com>
Subject: Re: [edk2-devel] [PATCH 3/3] MdeModulePkg/BdsDxe: Set RuntimeServicesSupported variable
Date: Thu, 21 Nov 2019 11:26:42 +0000	[thread overview]
Message-ID: <DF4PR8401MB096993B9B4347AE86B168ADBA84E0@DF4PR8401MB0969.NAMPRD84.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <3CE959C139B4C44DBEA1810E3AA6F9000B8793B4@SHSMSX101.ccr.corp.intel.com>

Hi Ray, 

May I know why we need to put this PCD to [PcdsFixedAtBuild, PcdsPatchableInModule] section only? If the reason is the security concern, Locking the variable (value of PCD) at the EndOfDxe should be secure enough. For the platforms that want to make it more secure (don't want the PCD to be modified), they can override the PCD type in their .dsc file. 
I can imagine that there are still some use cases that need to modify the PCD during boot. Can we put this PCD in [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] to make it more flexible? 

Regards,
Sunny Wang

-----Original Message-----
From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Gao, Zhichao
Sent: Thursday, November 21, 2019 2:12 PM
To: Ni, Ray <ray.ni@intel.com>; Jeff Brasen <jbrasen@nvidia.com>; edk2-devel@lists.01.org; devel@edk2.groups.io
Cc: Gao, Liming <liming.gao@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Wu, Hao A <hao.a.wu@intel.com>
Subject: Re: [edk2-devel] [PATCH 3/3] MdeModulePkg/BdsDxe: Set RuntimeServicesSupported variable

Agree with Ray, and we should update the uni file at the same time when add the new pcd.

Thanks,
Zhichao

> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Thursday, November 21, 2019 11:13 AM
> To: Jeff Brasen <jbrasen@nvidia.com>; edk2-devel@lists.01.org; 
> devel@edk2.groups.io
> Cc: Gao, Liming <liming.gao@intel.com>; Kinney, Michael D 
> <michael.d.kinney@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Gao, 
> Zhichao <zhichao.gao@intel.com>
> Subject: RE: [PATCH 3/3] MdeModulePkg/BdsDxe: Set 
> RuntimeServicesSupported variable
> 
> Jeff,
> I suggest you add the PCD definition to MdePkg.dec because this PCD 
> just maps to the spec defined variable RuntimeServicesSupported.
> 
> And can you put this PCD to [PcdsFixedAtBuild, PcdsPatchableInModule] 
> section only?
> 
> Thanks,
> Ray
> 
> > -----Original Message-----
> > From: Jeff Brasen <jbrasen@nvidia.com>
> > Sent: Saturday, November 16, 2019 1:43 AM
> > To: edk2-devel@lists.01.org; devel@edk2.groups.io
> > Cc: Jeff Brasen <jbrasen@nvidia.com>; Gao, Liming 
> > <liming.gao@intel.com>; Kinney, Michael D 
> > <michael.d.kinney@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Ni, 
> > Ray <ray.ni@intel.com>; Gao, Zhichao <zhichao.gao@intel.com>
> > Subject: [PATCH 3/3] MdeModulePkg/BdsDxe: Set 
> > RuntimeServicesSupported variable
> >
> > Add support for initializing and setting the UEFI 2.8 global 
> > variable RuntimeServicesSupported based on the value of a PCD.
> >
> > Signed-off-by: Jeff Brasen <jbrasen@nvidia.com>
> > ---
> >  MdeModulePkg/MdeModulePkg.dec            | 18 ++++++++++++++++
> >  MdeModulePkg/Universal/BdsDxe/BdsDxe.inf |  1 + 
> > MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 35
> > +++++++++++++++++++++++++++++++-
> >  3 files changed, 53 insertions(+), 1 deletion(-)
> >
> > diff --git a/MdeModulePkg/MdeModulePkg.dec 
> > b/MdeModulePkg/MdeModulePkg.dec index 41b9e70..a1767e4 100644
> > --- a/MdeModulePkg/MdeModulePkg.dec
> > +++ b/MdeModulePkg/MdeModulePkg.dec
> > @@ -2003,6 +2003,24 @@
> >    # @Prompt Capsule On Disk relocation device path.
> >
> > gEfiMdeModulePkgTokenSpaceGuid.PcdCodRelocationDevPath|{0xFF}|VOI
> > D*|0x0000002f
> >
> > +  ## Bitmask of supported runtime services<BR>  #  BIT0  - GetTime
> > + #
> > + BIT1  - SetTime  #  BIT2  - GetWakeupTime  #  BIT3  - 
> > + SetWakeupTime #
> > + BIT4  - GetVariable  #  BIT5  - GetNextVariableName  #  BIT6  - 
> > + SetVariable  #  BIT7  - SetVirtualAddressMap  #  BIT8  - 
> > + ConvertPointer  #  BIT9  - GetNextHighMonotonicCount  #  BIT10 - 
> > + ResetSystem  #  BIT11 - UpdateCapsule  #  BIT12 - 
> > + QueryCapsuleCapabilites  #  BIT13 - QueryVariableInfo  # @Prompt 
> > + Supported Runtime services bitmask.
> > +
> > +
> > gEfiMdeModulePkgTokenSpaceGuid.PcdRuntimeServicesSupported|0x3FFF
> > |UINT
> > + 16|0x00000030
> > +
> >  [PcdsPatchableInModule]
> >    ## Specify memory size with page number for PEI code when
> >    #  Loading Module at Fixed Address feature is enabled.
> > diff --git a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> > b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> > index 9310b4d..e4ba9be 100644
> > --- a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> > +++ b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> > @@ -97,6 +97,7 @@
> >    gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed                       ##
> > CONSUMES
> >    gEfiMdeModulePkgTokenSpaceGuid.PcdCapsuleOnDiskSupport              ##
> > CONSUMES
> >    gEfiMdeModulePkgTokenSpaceGuid.PcdPlatformRecoverySupport           ##
> > CONSUMES
> > +  gEfiMdeModulePkgTokenSpaceGuid.PcdRuntimeServicesSupported
> > ## CONSUMES
> >
> >  [Depex]
> >    TRUE
> > diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> > b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> > index d387dbe..16bc593 100644
> > --- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> > +++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> > @@ -40,7 +40,8 @@ CHAR16  *mReadOnlyVariables[] = {
> >    EFI_LANG_CODES_VARIABLE_NAME,
> >    EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME,
> >    EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME,
> > -  EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME
> > +  EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME,
> > +  EFI_RUNTIME_SERVICES_SUPPORTED_VARIABLE_NAME
> >    };
> >
> >  CHAR16 *mBdsLoadOptionName[] = {
> > @@ -626,6 +627,33 @@ BdsFormalizeOSIndicationVariable (
> >
> >  /**
> >
> > +  Formalize RuntimeServicesSupported variable.
> > +
> > +**/
> > +VOID
> > +BdsFormalizeRuntimeServicesSupportedVariable (
> > +  VOID
> > +  )
> > +{
> > +  EFI_STATUS                      Status;
> > +  UINT16                          RuntimeServicesSupported;
> > +
> > +  RuntimeServicesSupported = PcdGet16 
> > + (PcdRuntimeServicesSupported); Status = gRT->SetVariable (
> > +                  EFI_RUNTIME_SERVICES_SUPPORTED_VARIABLE_NAME,
> > +                  &gEfiGlobalVariableGuid,
> > +                  EFI_VARIABLE_BOOTSERVICE_ACCESS |
> > EFI_VARIABLE_RUNTIME_ACCESS,
> > +                  sizeof(RuntimeServicesSupported),
> > +                  &RuntimeServicesSupported
> > +                  );
> > +  //
> > +  // Platform needs to make sure setting volatile variable before 
> > + calling 3rd
> > party code shouldn't fail.
> > +  //
> > +  ASSERT_EFI_ERROR (Status);
> > +}
> > +
> > +/**
> > +
> >    Validate variables.
> >
> >  **/
> > @@ -645,6 +673,11 @@ BdsFormalizeEfiGlobalVariable (
> >    // Validate OSIndication related variable.
> >    //
> >    BdsFormalizeOSIndicationVariable ();
> > +
> > +  //
> > +  // Validate Runtime Services Supported variable.
> > +  //
> > +  BdsFormalizeRuntimeServicesSupportedVariable ();
> >  }
> >
> >  /**
> > --
> > 2.7.4

next prev parent reply	other threads:[~2019-11-21 11:26 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-15 17:42 [PATCH 0/3] Support for RuntimeServicesSupported global variable Jeff Brasen
2019-11-15 17:42 ` [PATCH 1/3] MdePkg-UefiSpec.h: Add UEFI 2.8 RuntimeServicesSuppported definations Jeff Brasen
2019-11-21  5:44   ` Ni, Ray
2019-11-15 17:42 ` [PATCH 2/3] MdePkg/MdeModule: Add support for RuntimeServicesSupported variable Jeff Brasen
2019-11-21  5:45   ` Ni, Ray
2019-11-21  6:24     ` Zeng, Star
2019-11-15 17:42 ` [PATCH 3/3] MdeModulePkg/BdsDxe: Set " Jeff Brasen
2019-11-21  5:42   ` Ni, Ray
2019-11-21  6:12     ` Gao, Zhichao
2019-11-21 11:26       ` Wang, Sunny (HPS SW) [this message]
2019-11-21 11:51         ` [edk2-devel] " Ni, Ray
2019-11-22  8:10           ` Wang, Sunny (HPS SW)
2019-11-19 14:19 ` [PATCH 0/3] Support for RuntimeServicesSupported global variable Liming Gao
2019-11-19 18:50   ` Jeff Brasen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DF4PR8401MB096993B9B4347AE86B168ADBA84E0@DF4PR8401MB0969.NAMPRD84.PROD.OUTLOOK.COM \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox