From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web12.453.1593667299496046059 for ; Wed, 01 Jul 2020 22:21:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=osOKKmDH; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: guomin.jiang@intel.com) IronPort-SDR: xl+tJk/0myCvFG/sOlg2sceHYLxf7AtbLbJtPpdJszK0vXePyDN9P37omshECxi8/xUG6FHuYz OoO9kBykLnAA== X-IronPort-AV: E=McAfee;i="6000,8403,9669"; a="164852715" X-IronPort-AV: E=Sophos;i="5.75,302,1589266800"; d="scan'208";a="164852715" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jul 2020 22:21:33 -0700 IronPort-SDR: 3aSKinz+eASy8QZ+VA4+NQlYhAMlDMmlO82hhlMhOvpwvMDWfdjQ4LWHLxIlxSuXa4MgEWo5EY YSGrHPvZVaaQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,302,1589266800"; d="scan'208";a="314009079" Received: from orsmsx105.amr.corp.intel.com ([10.22.225.132]) by fmsmga002.fm.intel.com with ESMTP; 01 Jul 2020 22:21:33 -0700 Received: from orsmsx153.amr.corp.intel.com (10.22.226.247) by ORSMSX105.amr.corp.intel.com (10.22.225.132) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 1 Jul 2020 22:21:33 -0700 Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by ORSMSX153.amr.corp.intel.com (10.22.226.247) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 1 Jul 2020 22:21:33 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.106) by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 1 Jul 2020 22:21:33 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jqkd7y7CzBf+1M1RtZvKnpzFyQYNiLG/FTVub95NWXjASmr27GqNRHr32YUyPUUU2QULFhIQdRTPuqYIBA1GXAyjkdAKP4G0Imf2yrxgN47Rtz4UQyitV+e16AsHqrzRTVQQkhGVDajCqEopKZCgLCWRj5OM3wRuQFiEyh5LYXOfr8kCx6zsu1mTHLKekSbz/zLySIyEQIdPTLdUL90ssQfQ+SLI4rOa21j5zGwiE6Harfc3zmjSnP7G0BMptGdAwAgPKS7ZPYCbdGueTR+oPnUjDjXhHEiuCLqdGMnjFYxNLmT+QdfCFY3zbaH9qmMoy0fakSUB5qL08AHsuSzo2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VUGTVpKb66LpYGkdYLWfYTzhH9Z3/L3boUnOxUYOtmE=; b=T0MsCz8mYyHAm1/+h6P6qKYVP+kNpGUB5InFincvLk1EcUnxil+KiPG3mf1wS6eNfLnWy/PcOPZg/1di3Nz3e/dIzlXffSsI1hY4Xghogh0KKSJLUWFUyDAlz3HJQo+MJY4Odgu2xOS7UfkK2/OtWPrpuW/SHZIkUv9RVdzofOmEUatRrMybKTpdwsbsFEB75lvKt7wDUGaVvVCVa0hBPIU5+ikTGxXv/95Hb/9TDoN+NqM1YaqJN6Ahe3wN/tt+2UkoE5HVsUTU8a58VBar93thbCQV3RZmxmdOiEnho1Fqo1UWZ7mrgDU6tjWdedi7d6qC8FJxwZQ3BG2T92Modw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VUGTVpKb66LpYGkdYLWfYTzhH9Z3/L3boUnOxUYOtmE=; b=osOKKmDHVc7q/lbjAJviRiLt3vc5DcQd/0tPw/9GhN8Q7JLDSTWHeam9Dt/BmIPcc2zKXm5rmZ3BlMTaMNIMGlHxDnOnGsJNLC/3MeVWYiiFAc/uQm7ukCpG1HzmWisydkuuhXZFTgmSdwNhn9mZXO49fXKtok1PHtlh98DI6hQ= Received: from DM6PR11MB2955.namprd11.prod.outlook.com (2603:10b6:5:65::31) by DM6PR11MB4364.namprd11.prod.outlook.com (2603:10b6:5:201::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.23; Thu, 2 Jul 2020 05:21:31 +0000 Received: from DM6PR11MB2955.namprd11.prod.outlook.com ([fe80::e916:c766:fc41:b51d]) by DM6PR11MB2955.namprd11.prod.outlook.com ([fe80::e916:c766:fc41:b51d%5]) with mapi id 15.20.3153.024; Thu, 2 Jul 2020 05:21:31 +0000 From: "Guomin Jiang" To: "devel@edk2.groups.io" , "Jiang, Guomin" CC: "Wang, Jian J" , "Wu, Hao A" , "Bi, Dandan" , "Gao, Liming" , "De, Debkumar" , "Han, Harry" , "West, Catharine" , "Dong, Eric" , "Ni, Ray" , Laszlo Ersek , "Kumar, Rahul1" , "Yao, Jiewen" , "Zhang, Chao B" , "Zhang, Qi1" Subject: Re: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098) Thread-Topic: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to permanent memory (CVE-2019-11098) Thread-Index: AQHWUC/i1TJbg6hW/0Kh6jro12S37ajzwAXQ Date: Thu, 2 Jul 2020 05:21:31 +0000 Message-ID: References: <161DD7A1BBA5A0CB.10798@groups.io> In-Reply-To: <161DD7A1BBA5A0CB.10798@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.102.204.45] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f9798bc8-62da-4e98-cb0c-08d81e47c7ea x-ms-traffictypediagnostic: DM6PR11MB4364: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0452022BE1 x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: qbWRcm4vP/nSIWE47krG0rxRc61iublYiSgoIgqIVnq4b7zbyCNMtDNpOtj+Lq7upJRw9A0sPMRwUHwRDXDStmzVnllIe4gHw4Ae0jp+XE0ucmsQrjF4hgZKPwSPDuPZVwvBNyRf+fP078ly7uoBWW0Ji2NJRx1rCWJab9UNog0C8UUIETMADaix2NZAr5HuVGrWup97N/k0YxN3j/6hZUEXp6ruQ2bWCIYngQwQ+KeG64hTJEwXFZU9O7ql/aT47QyqyWemQ1dbnsIm7dQ1hgIh1RoRGGNW56Kaftx6uEr6KpKAkSX+PYpZa5FzlFbIv3Zhw6YDnLLEFKt44ae0DCUvlgamdEiGeMD7Y8ZLMVgcbA4cAvWKtDUnH91OhyXC9vUa4PvGRxQ0fgODyCEn0w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR11MB2955.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(366004)(376002)(346002)(39860400002)(396003)(136003)(966005)(7696005)(83380400001)(478600001)(4326008)(52536014)(53546011)(19627235002)(6506007)(9686003)(2906002)(71200400001)(55016002)(186003)(107886003)(66556008)(66946007)(66446008)(64756008)(5660300002)(33656002)(26005)(54906003)(110136005)(8676002)(316002)(8936002)(86362001)(76116006)(66476007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: WcpvusqLuX0nl3w3fhgjgWuikOhKJOvZZE0b/U2yDpXO+Ydz8FF2f4++SO65nUdRCl+BbqNZgjC9SqbdKyDW8kz4iOwV5c8bX40cgluEQjjgZ0YmV8b0JxjV9K/hjYcl1MIBoTatZcTRNYSMChzosAMTS2mRMTIfpQTUF+2e9nw4thXell7rgtoar9Lv4z91u9uMnUiKjeSX0jhCE2Hc/pe+1YLmPQe4aavcRKgdNDxBcOBXF1YR0vfnUvr5IJl+/yozwTO/x8pfoQ2PTMaZVn0kQfpGVmN7NmzCYWL6PGQPURU7ln2NtAfRs65pAbzUJs3L2uZ3E/JPnik/o4Nt/52Ymn44738+Dob9Ate1jW6+CfZOWV8XUffOm2yh8+LszbX773pxmkYWmY3CV47bxkxE86grPN98H5a+Rg9k/dc4rxvBLCJpTU9ooAvIifuBaJk7uxN8l2gmoLtSgvVQPx5LiC/VHy+0kLpVhfNVID3/VfMzaVGus9p3IefS1hGG MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB2955.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f9798bc8-62da-4e98-cb0c-08d81e47c7ea X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jul 2020 05:21:31.7190 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RStYUGa/Xic0QY7YTv4m3U16nJLFqkiC5N03ABvPfzZr8Lh0XGBFlVg+njsb/jqExZCzRCGMD5rBSslvGOstlg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4364 Return-Path: guomin.jiang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi everybody, I am sorry for bothering you, I just want to reminder you that I want catc= h those change up next stable tag. So I hope that you can give me some comments or reviewed-by. Appreciate it. > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Guomin > Jiang > Sent: Thursday, July 2, 2020 1:15 PM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Wu, Hao A > ; Bi, Dandan ; Gao, Liming > ; De, Debkumar ; Han, > Harry ; West, Catharine ; > Dong, Eric ; Ni, Ray ; Laszlo Ers= ek > ; Kumar, Rahul1 ; Yao, > Jiewen ; Zhang, Chao B ; > Zhang, Qi1 > Subject: [edk2-devel] [PATCH v2 0/9] Migrate Pointer from flash to > permanent memory (CVE-2019-11098) >=20 > The TOCTOU vulnerability allow that the physical present person to repla= ce > the code with the normal BootGuard check and PCR0 value. > The issue occur when BootGuard measure IBB and access flash code after > NEM disable. > the reason why we access the flash code is that we have some pointer to > flash. > To avoid this vulnerability, we need to convert those pointers, the patc= h > series do this work and make sure that no code will access flash address= . >=20 > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Dandan Bi > Cc: Liming Gao > Cc: Debkumar De > Cc: Harry Han > Cc: Catharine West > Cc: Eric Dong > Cc: Ray Ni > Cc: Laszlo Ersek > Cc: Rahul Kumar > Cc: Jiewen Yao > Cc: Chao Zhang > Cc: Qi Zhang >=20 > Guomin Jiang (5): > MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash > (CVE-2019-11098) > SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash > (CVE-2019-11098) > MdeModulePkg/Core: Add switch to enable or disable TOCTOU feature > (CVE-2019-11098) > UefiCpuPkg/SecMigrationPei: Add switch to control if produce PPI > (CVE-2019-11098) > UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU > (CVE-2019-11098) >=20 > Jian J Wang (1): > MdeModulePkg/DxeIplPeim: Register for shadow on S3 shadowed boot > (CVE-2019-11098) >=20 > Michael Kubacki (3): > MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore > (CVE-2019-11098) > UefiCpuPkg/CpuMpPei: Add GDT and IDT migration support > (CVE-2019-11098) > UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) >=20 > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + > MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 2 +- > MdeModulePkg/Core/Pei/Dispatcher/Dispatcher.c | 417 > ++++++++++++++++++ > MdeModulePkg/Core/Pei/Image/Image.c | 115 +++++ > MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 82 ++++ > MdeModulePkg/Core/Pei/PeiMain.h | 169 +++++++ > MdeModulePkg/Core/Pei/PeiMain.inf | 3 + > MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 17 + > MdeModulePkg/Core/Pei/Ppi/Ppi.c | 287 ++++++++++++ > MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 + > MdeModulePkg/MdeModulePkg.dec | 8 + > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 +- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + > UefiCpuPkg/CpuMpPei/CpuMpPei.c | 40 +- > UefiCpuPkg/CpuMpPei/CpuMpPei.h | 13 + > UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 3 + > UefiCpuPkg/CpuMpPei/CpuPaging.c | 31 +- > UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ > .../Ia32/ArchExceptionHandler.c | 4 +- > .../SecPeiCpuException.c | 2 +- > UefiCpuPkg/SecCore/SecCore.inf | 2 + > UefiCpuPkg/SecCore/SecMain.c | 26 +- > UefiCpuPkg/SecCore/SecMain.h | 1 + > UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 374 ++++++++++++++++ > UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 170 +++++++ > .../SecMigrationPei/SecMigrationPei.inf | 68 +++ > .../SecMigrationPei/SecMigrationPei.uni | 13 + > UefiCpuPkg/UefiCpuPkg.dec | 4 + > UefiCpuPkg/UefiCpuPkg.dsc | 1 + > 29 files changed, 1947 insertions(+), 16 deletions(-) create mode 1006= 44 > MdeModulePkg/Include/Guid/MigratedFvInfo.h > create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni >=20 > -- > 2.25.1.windows.1 >=20 >=20 >=20