From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: eric.dong@intel.com)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by groups.io with SMTP; Mon, 26 Aug 2019 18:43:18 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Aug 2019 18:43:18 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,435,1559545200"; 
   d="scan'208";a="180060965"
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
  by fmsmga008.fm.intel.com with ESMTP; 26 Aug 2019 18:43:18 -0700
Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 26 Aug 2019 18:43:18 -0700
Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by
 FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 26 Aug 2019 18:43:17 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.19]) by
 SHSMSX107.ccr.corp.intel.com ([169.254.9.65]) with mapi id 14.03.0439.000;
 Tue, 27 Aug 2019 09:43:16 +0800
From: "Dong, Eric" <eric.dong@intel.com>
To: "Ni, Ray" <ray.ni@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Yao, Jiewen" <jiewen.yao@intel.com>, Laszlo Ersek <lersek@redhat.com>
Subject: Re: [PATCH 1/5] UefiCpuPkg: Add PcdCpuSmmRestrictedMemoryAccess
Thread-Topic: [PATCH 1/5] UefiCpuPkg: Add PcdCpuSmmRestrictedMemoryAccess
Thread-Index: AQHVW5bwBGsLp2mCPEONJEGBnyGj46cOOkjw
Date: Tue, 27 Aug 2019 01:43:15 +0000
Message-ID: <ED077930C258884BBCB450DB737E662259EC6AB7@shsmsx102.ccr.corp.intel.com>
References: <20190825224513.171572-1-ray.ni@intel.com>
 <20190825224513.171572-2-ray.ni@intel.com>
In-Reply-To: <20190825224513.171572-2-ray.ni@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: eric.dong@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Eric Dong <eric.dong@intel.com>

> -----Original Message-----
> From: Ni, Ray
> Sent: Monday, August 26, 2019 6:45 AM
> To: devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Laszlo Ersek <lersek@redhat.com>
> Subject: [PATCH 1/5] UefiCpuPkg: Add PcdCpuSmmRestrictedMemoryAccess
>=20
> The patch adds a new X64 only PCD PcdCpuSmmRestrictedMemoryAccess.
> The PCD indicates access to non-SMRAM memory is restricted to reserved,
> runtime and ACPI NVS type after SmmReadyToLock.
> MMIO access is always allowed regardless of the value of this PCD.
> Loose of such restriction is only required by RAS components in X64 platf=
orms.
> The PCD value is considered as constantly TRUE in IA32 platforms.
> When the PCD value is TRUE, page table is initialized to cover all memory
> spaces and the memory occupied by page table is protected by page table
> itself as read-only.
>=20
> Signed-off-by: Ray Ni <ray.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> ---
>  UefiCpuPkg/UefiCpuPkg.dec | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
>=20
> diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index
> 86ad61f64b..83acd33612 100644
> --- a/UefiCpuPkg/UefiCpuPkg.dec
> +++ b/UefiCpuPkg/UefiCpuPkg.dec
> @@ -278,6 +278,18 @@ [PcdsFixedAtBuild, PcdsPatchableInModule,
> PcdsDynamic, PcdsDynamicEx]
>    # @Prompt Current boot is a power-on reset.
>=20
> gUefiCpuPkgTokenSpaceGuid.PcdIsPowerOnReset|FALSE|BOOLEAN|0x000000
> 1B
>=20
> +[PcdsFixedAtBuild.X64, PcdsPatchableInModule.X64, PcdsDynamic.X64,
> +PcdsDynamicEx.X64]
> +  ## Indicate access to non-SMRAM memory is restricted to reserved,
> runtime and ACPI NVS type after SmmReadyToLock.
> +  #  MMIO access is always allowed regardless of the value of this PCD.
> +  #  Loose of such restriction is only required by RAS components in X64
> platforms.
> +  #  The PCD value is considered as constantly TRUE in IA32 platforms.
> +  #  When the PCD value is TRUE, page table is initialized to cover all
> +memory spaces
> +  #  and the memory occupied by page table is protected by page table it=
self
> as read-only.
> +  #   TRUE  - Access to non-SMRAM memory is restricted to reserved, runt=
ime
> and ACPI NVS type after SmmReadyToLock.<BR>
> +  #   FALSE - Access to any type of non-SMRAM memory after
> SmmReadyToLock is allowed.<BR>
> +  # @Prompt Access to non-SMRAM memory is restricted to reserved,
> runtime and ACPI NVS type after SmmReadyToLock.
> +
> +gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmRestrictedMemoryAccess|TRUE|B
> OOLEAN|
> +0x3213210F
> +
>  [PcdsDynamic, PcdsDynamicEx]
>    ## Contains the pointer to a CPU S3 data buffer of structure ACPI_CPU_=
DATA.
>    # @Prompt The pointer to a CPU S3 data buffer.
> --
> 2.21.0.windows.1