From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: eric.dong@intel.com) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by groups.io with SMTP; Mon, 26 Aug 2019 18:47:45 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Aug 2019 18:47:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,435,1559545200"; d="scan'208";a="180061727" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga008.fm.intel.com with ESMTP; 26 Aug 2019 18:47:44 -0700 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 26 Aug 2019 18:47:44 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 26 Aug 2019 18:47:43 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.19]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.139]) with mapi id 14.03.0439.000; Tue, 27 Aug 2019 09:47:42 +0800 From: "Dong, Eric" To: "Ni, Ray" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , Laszlo Ersek Subject: Re: [PATCH 4/5] UefiCpuPkg: Explain relationship between several SMM PCDs Thread-Topic: [PATCH 4/5] UefiCpuPkg: Explain relationship between several SMM PCDs Thread-Index: AQHVW5bvONiSZQ2wv0Weo3eS/+Lhz6cOO6HA Date: Tue, 27 Aug 2019 01:47:41 +0000 Message-ID: References: <20190825224513.171572-1-ray.ni@intel.com> <20190825224513.171572-5-ray.ni@intel.com> In-Reply-To: <20190825224513.171572-5-ray.ni@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: eric.dong@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Eric Dong > -----Original Message----- > From: Ni, Ray > Sent: Monday, August 26, 2019 6:45 AM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Yao, Jiewen ; > Laszlo Ersek > Subject: [PATCH 4/5] UefiCpuPkg: Explain relationship between several SMM > PCDs >=20 > There are three PCDs that may impact the behavior of each other in SMM > environment: > PcdCpuSmmProfileEnable > PcdHeapGuardPropertyMask in MdeModulePkg > PcdCpuSmmRestrictedMemoryAccess >=20 > The patch updates the comments in DEC file to document it. >=20 > Signed-off-by: Ray Ni > Cc: Eric Dong > Cc: Jiewen Yao > Cc: Laszlo Ersek > --- > UefiCpuPkg/UefiCpuPkg.dec | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) >=20 > diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index > 83acd33612..9a03bdd716 100644 > --- a/UefiCpuPkg/UefiCpuPkg.dec > +++ b/UefiCpuPkg/UefiCpuPkg.dec > @@ -81,7 +81,8 @@ [Ppis] > [PcdsFeatureFlag] > ## Indicates if SMM Profile will be enabled. > # If enabled, instruction executions in and data accesses to memory o= utside > of SMRAM will be logged. > - # It could not be enabled at the same time with SMM static page table > feature (PcdCpuSmmStaticPageTable). > + # In X64 build, it could not be enabled when > PcdCpuSmmRestrictedMemoryAccess is TRUE. > + # In IA32 build, the page table memory is not marked as read-only whe= n it is > enabled. > # This PCD is only for validation purpose. It should be set to false = in > production.

> # TRUE - SMM Profile will be enabled.
> # FALSE - SMM Profile will be disabled.
> @@ -285,6 +286,11 @@ [PcdsFixedAtBuild.X64, PcdsPatchableInModule.X64, > PcdsDynamic.X64, PcdsDynamicEx > # The PCD value is considered as constantly TRUE in IA32 platforms. > # When the PCD value is TRUE, page table is initialized to cover all = memory > spaces > # and the memory occupied by page table is protected by page table it= self as > read-only. > + # In X64 build, it cannot be enabled at the same time with SMM profil= e > feature (PcdCpuSmmProfileEnable). > + # In X64 build, it could not be enabled also at the same time with > + heap guard feature for SMM # (PcdHeapGuardPropertyMask in > MdeModulePkg). > + # In IA32 build, page table memory is not marked as read-only when > + either SMM profile feature (PcdCpuSmmProfileEnable) # or heap guard > feature for SMM (PcdHeapGuardPropertyMask in MdeModulePkg) is enabled. > # TRUE - Access to non-SMRAM memory is restricted to reserved, runt= ime > and ACPI NVS type after SmmReadyToLock.
> # FALSE - Access to any type of non-SMRAM memory after > SmmReadyToLock is allowed.
> # @Prompt Access to non-SMRAM memory is restricted to reserved, runtim= e > and ACPI NVS type after SmmReadyToLock. > -- > 2.21.0.windows.1