From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=eric.dong@intel.com; receiver=edk2-devel@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9ABC62118D948 for ; Tue, 13 Nov 2018 16:11:37 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Nov 2018 16:11:36 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,230,1539673200"; d="scan'208";a="96083500" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by FMSMGA003.fm.intel.com with ESMTP; 13 Nov 2018 16:11:37 -0800 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 13 Nov 2018 16:11:36 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.84]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.117]) with mapi id 14.03.0415.000; Wed, 14 Nov 2018 08:11:34 +0800 From: "Dong, Eric" To: "Ni, Ruiyu" , "edk2-devel@lists.01.org" , "'Andrew Fish (afish@apple.com)'" , Leif Lindholm , "Kinney, Michael D" , Laszlo Ersek Thread-Topic: [edk2] [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock Thread-Index: AQHUeyNOIHz1/NbYS0eeySjO85q3oaVMzJ8AgAGZsPA= Date: Wed, 14 Nov 2018 00:11:34 +0000 Message-ID: References: <20181113073510.31208-1-ruiyu.ni@intel.com> <734D49CCEBEEF84792F5B80ED585239D5BF03AF8@SHSMSX104.ccr.corp.intel.com> In-Reply-To: <734D49CCEBEEF84792F5B80ED585239D5BF03AF8@SHSMSX104.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2018 00:11:37 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Eric Dong > -----Original Message----- > From: Ni, Ruiyu > Sent: Tuesday, November 13, 2018 3:43 PM > To: edk2-devel@lists.01.org; 'Andrew Fish (afish@apple.com)' > ; Leif Lindholm ; Kinney, > Michael D ; Laszlo Ersek > Cc: Dong, Eric > Subject: RE: [edk2] [PATCH] UefiCpuPkg/CommonFeature: Always set > FEATURE_CONTROL.Lock >=20 > All Tianocore stewards, > I'd like to include the below patch (a revert patch) in this stable tag r= elease. >=20 > It's to fix a potential security hole when platform mis-configures the > PcdCpuFeaturesUserConfiguration. >=20 > Thanks/Ray >=20 > > -----Original Message----- > > From: edk2-devel On Behalf Of Ruiyu > > Ni > > Sent: Tuesday, November 13, 2018 3:35 PM > > To: edk2-devel@lists.01.org > > Cc: Kinney, Michael D ; Laszlo Ersek > > ; Dong, Eric > > Subject: [edk2] [PATCH] UefiCpuPkg/CommonFeature: Always set > > FEATURE_CONTROL.Lock > > > > The patch reverts commit 1ed6498c4a0210204bf4b95cc0c0cd6623ad6a0b > > * UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled > > > > FEATURE_CONTROL.Lock bit is controlled by feature > > CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649 > fixes a > > bug that when the feature is disabled, the Lock bit is cleared. > > But it's a security hole if the bit is cleared when booting OS. > > We can argue that platform needs to make sure the value of > > PcdCpuFeaturesUserConfiguration should be set properly to make sure > > feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled. > > > > But it's better to guarantee this in the generic core code. > > > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Ruiyu Ni > > Cc: Eric Dong > > Cc: Laszlo Ersek > > Cc: Andrew Fish > > Cc: Leif Lindholm > > Cc: Michael D Kinney > > --- > > UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c | 11 > > +-------- > > -- > > 1 file changed, 1 insertion(+), 10 deletions(-) > > > > diff --git a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c > > b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c > > index 631c836857..8c1eb5eb4f 100644 > > --- a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c > > +++ b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c > > @@ -1,7 +1,7 @@ > > /** @file > > Features in MSR_IA32_FEATURE_CONTROL register. > > > > - Copyright (c) 2017 - 2018, Intel Corporation. All rights > > reserved.
> > + Copyright (c) 2017, Intel Corporation. All rights reserved.
> > This program and the accompanying materials > > are licensed and made available under the terms and conditions of > > the BSD License > > which accompanies this distribution. The full text of the license > > may be found at @@ -184,15 +184,6 @@ > > LockFeatureControlRegisterInitialize ( { > > MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister; > > > > - // > > - // When Lock Feature Control Register feature is disabled, > > - // just skip the MSR lock bit setting. > > - // The MSR lock bit is cleared by default and write-once in a boot. > > - // > > - if (!State) { > > - return RETURN_SUCCESS; > > - } > > - > > // > > // The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for > > // below processor type, only program MSR_IA32_FEATURE_CONTROL > for > > thread 0 in each > > -- > > 2.16.1.windows.1 > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel