From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web12.3017.1595899538901991836 for ; Mon, 27 Jul 2020 18:25:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=mWO/XbvF; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: liming.gao@intel.com) IronPort-SDR: O2IJsy/u0JXIFqOn+VxUAPeiOG+hgPQb3iCKM+uKYAfCEjYRZmMfZDBayPwNxBtBqVq9FVdOTh aPJ02YXG/uHg== X-IronPort-AV: E=McAfee;i="6000,8403,9695"; a="138651950" X-IronPort-AV: E=Sophos;i="5.75,404,1589266800"; d="scan'208";a="138651950" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jul 2020 18:25:37 -0700 IronPort-SDR: VFHl4b1YWx+RDnc6CJg8mpaS6rPoIQzlv8aDd78k8ovh1vfr23NkSXJvO4eoWxQE9KQpYLQfZJ th1mPYFDFVeg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,404,1589266800"; d="scan'208";a="364322654" Received: from orsmsx110.amr.corp.intel.com ([10.22.240.8]) by orsmga001.jf.intel.com with ESMTP; 27 Jul 2020 18:25:37 -0700 Received: from orsmsx162.amr.corp.intel.com (10.22.240.85) by ORSMSX110.amr.corp.intel.com (10.22.240.8) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 27 Jul 2020 18:25:37 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by ORSMSX162.amr.corp.intel.com (10.22.240.85) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 27 Jul 2020 18:25:37 -0700 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.101) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 27 Jul 2020 18:25:36 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lSZHgUDCcBZK6tt2x5AujmXdljS/WVppOsiXWWGTcGJAz8zRtYEozAlQTha3DKt9NsUrniBbG/nYD2b8bXo5OsrNQUaK46uql2CyEdALNIsfjg3iUeQ2pDuZ6OgRurZ8laaAVJ3xaTITPZ/NszMgauA5z7ZOngzGWtQtlXYM3f77vYOzvANTSJV8uCRWtFhP32HJcikq7fSyb4auCH+jy+u84Kr1z+ypuG3/LINbsDKyK1HmnZpXCGfcmcKBSPydxpESKX7IXFIcRKn3jAIHctaEepD3zN8EeklLM6Dzijsr24+F8vz7Jwcjs1RKtRe2ijpHMTl0+v9zDKQ9kncKAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/j4whBXmpPyIWWlZYrET87pFE+SBNQdNhvbOYo9OeyI=; b=B4YaZ2MBb2klbMe8SfuY1AR5mQE9acU4punsZ7f1u6FEawTBUttXTfbVG2mYb5MTs1yffxqhloy+MbWYFoLkWIHHUCXKHcL3NSkgTMaN85Op1NAS2z4MZfM7ur/sqjQoiVFT+rJ2GMv+tUR3kBU4j+G6xeVcxxsUwuYwUZJk+AJCMlKmTDu2nz3WGEBC/L65qDsGJKwRzrlMM7b7Vq+dAeAYNVBkepCidSCnDmBtTMv58VzZxkWL+iKsnhfk0NWcBV70PtvWvC09q47RswKoXQeS0FalCknzPTEdYWO/Fk2ODr73oieDqCW9y2hF6q54epWCa4v1Z+u4crGAv8rPdw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/j4whBXmpPyIWWlZYrET87pFE+SBNQdNhvbOYo9OeyI=; b=mWO/XbvF6ZlNQpd7McJ4HQrIHF/ifmKNyT6l2DrZsPt+kKTMo+QW7OPToIrt6zM16I4FPkB1sVCc/3zHQ68Sm6/coP4NCHtZHrHpBnkDwIpn5o7t6teL+19H66/anZKab/sJEduKXw9cxeM8bPIhHZ+3pIbyxAkCIn7A9cIrCeo= Received: from MWHPR11MB1630.namprd11.prod.outlook.com (2603:10b6:301:e::7) by MW3PR11MB4602.namprd11.prod.outlook.com (2603:10b6:303:52::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.24; Tue, 28 Jul 2020 01:25:35 +0000 Received: from MWHPR11MB1630.namprd11.prod.outlook.com ([fe80::7847:b564:1b55:b67e]) by MWHPR11MB1630.namprd11.prod.outlook.com ([fe80::7847:b564:1b55:b67e%6]) with mapi id 15.20.3216.033; Tue, 28 Jul 2020 01:25:35 +0000 From: "Liming Gao" To: "devel@edk2.groups.io" , "Gao, Liming" , "Jiang, Guomin" Subject: Re: [edk2-devel] [PATCH v8 0/9] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098) Thread-Topic: [edk2-devel] [PATCH v8 0/9] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098) Thread-Index: AQHWYaCCOXdsiypOaUaN12zGSFxzb6ka0BIwgAFomeA= Date: Tue, 28 Jul 2020 01:25:35 +0000 Message-ID: References: <20200724095446.598-1-guomin.jiang@intel.com> <16257FBE49F7E3E5.11956@groups.io> In-Reply-To: <16257FBE49F7E3E5.11956@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.194] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0a871ebb-f37c-4167-5861-08d8329520e4 x-ms-traffictypediagnostic: MW3PR11MB4602: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: FoB/PdU2JONN7ygGa6hZsUNA8OetaMVRJAYd1J0+RZRWTc1CbxxWBfjTxkWARbbOEoSnqkM3BiXCiqSzqO+lvi0wpr+QozO3bPjXISn+4+S8xTr9gJm/XGWZKd5UTYyBgiufJHBh1V85soB9RWHSlueXIh14q0gOXVxeIa9Al12F4hrQhuoY1WwbUeR4HxNwfbYoTAPKthISS7KT9uimQBYjF+sSV3lGC/snv7J4y1WRXTlW1yvikRhr5kGDVPVy4E9YHJFE6vzw+vBN3uvSE2ruknd0AtKUkJVq7ac7C/odo9ge5gBptgDvf8nVHwTiok3ltq/NhetqY5heui32bdtqUmNWeqwaXgR84WAx21ZUyvR8pBANaToHiHSDpmasK80MHoJKg50V0srx+aEnUQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR11MB1630.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(39860400002)(366004)(136003)(396003)(376002)(346002)(33656002)(6506007)(55016002)(8936002)(52536014)(9686003)(66476007)(53546011)(66446008)(66556008)(64756008)(2906002)(26005)(66946007)(478600001)(76116006)(86362001)(5660300002)(6636002)(71200400001)(8676002)(966005)(7696005)(83380400001)(186003)(110136005)(316002)(19627235002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: FXTljUhtE08610swEqggXBmbTc9vRaejmQSQ22KfiBlrHrK7dJUgZjrGlQSOvPCItFgCFjeoBTwTePiN06/3OMaGPkhcwQw3jjK5GDqk9GlsbUdIDVweGPF2qkYqdAiHING/DPNHLBwRA6ak4fZdyV4jtd4Pi93dtBBei0WdI6gyYJKbzLE/I5J1uvBZIzsiqCyoVu9P9ILalZXQd4TJCGT0Yr8c1fTZKHRxUu4X1+KLqpCbdrsler9MetiVwMMk3OiHx8BRIaw07Rj+penW9q5k92dsQlRLRlESBUWFn1gvMvumJtVgGiGQu/e6R3olgwr/t9uWf6Vt60WPTN30pPyY7BlDQ6/Eyr5AnxZxD/2wRdJ9Ts+ZoiD/Ac9j+ERP/XbGr/SS+87P+tCoE+y518s5AvIlkwij7S/ZXecIxeBjlTD9bT6Rprxp45GPjnkK1WqpOmOIW4FG+J0K0VnfgnT+iYPmIoolXE833LZaDdld1L8N/D9jg+2tpqzyxwt6 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1630.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0a871ebb-f37c-4167-5861-08d8329520e4 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jul 2020 01:25:35.3987 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: uDgI+LMkT/sOnzas5zKaFCu0isfuhS8t0H+WMP9GgtJBA9zudLLkbapoKZ8P2I0gI1BO3K8Z5p5KR6wq1t6D+w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4602 Return-Path: liming.gao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable PR https://github.com/tianocore/edk2/pull/830 is created for this patch set= .=20 -----Original Message----- From: devel@edk2.groups.io On Behalf Of Liming Gao Sent: 2020=1B$BG/=1B(B7=1B$B7n=1B(B27=1B$BF|=1B(B 11:55 To: devel@edk2.groups.io; Jiang, Guomin Subject: Re: [edk2-devel] [PATCH v8 0/9] Add new feature that evacuate tem= porary to permanent memory (CVE-2019-11098) Reviewed-by: Liming Gao for this patch set.=20 -----Original Message----- From: devel@edk2.groups.io On Behalf Of Guomin Jian= g Sent: 2020=1B$BG/=1B(B7=1B$B7n=1B(B24=1B$BF|=1B(B 17:55 To: devel@edk2.groups.io Subject: [edk2-devel] [PATCH v8 0/9] Add new feature that evacuate tempora= ry to permanent memory (CVE-2019-11098) The TOCTOU vulnerability allow that the physical present person to replace= the code with the normal BootGuard check and PCR0 value. The issue occur when BootGuard measure IBB and access flash code after NEM= disable. The reason why we access the flash code is that we have some pointer to fl= ash. To avoid this vulnerability, we need to convert those pointers, the patch = series do this work and make sure that no code will access flash address. v2: Create gEdkiiMigratedFvInfoGuid HOB and add PcdMigrateTemporaryRamFirmware= Volumes to control whole feature. v3: Remove changes which is not related with the feature and disable the featu= re in virtual platform. v4: Disable the feature as default, Copy the Tcg2Pei behavior to TcgPei v5: Initialize local variable Shadow and return EFI_ABORTED when RepublishSecP= pi not installed. v6: Avoid redundant shadow PEIM when enable Migrated PCD. v7: Change patch 10/10 to enhance the logic. v8: Drop the patch#10 added in v6 and v7, the optimization will be considered = future. Guomin Jiang (6): MdeModulePkg: Add new PCD to control the evacuate temporary memory feature (CVE-2019-11098) MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash (CVE-2019-11098) SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU (CVE-2019-11098) UefiCpuPkg: Correct some typos. SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Michael Kubacki (3): MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore (CVE-2019-11098) UefiCpuPkg/CpuMpPei: Add GDT migration support (CVE-2019-11098) UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) MdeModulePkg/MdeModulePkg.dec | 12 + UefiCpuPkg/UefiCpuPkg.dec | 3 + UefiCpuPkg/UefiCpuPkg.dsc | 1 + MdeModulePkg/Core/Pei/PeiMain.inf | 3 + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 + UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 4 + UefiCpuPkg/SecCore/SecCore.inf | 2 + .../SecMigrationPei/SecMigrationPei.inf | 68 +++ MdeModulePkg/Core/Pei/PeiMain.h | 170 +++++++ MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 + UefiCpuPkg/CpuMpPei/CpuMpPei.h | 14 +- UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ .../CpuExceptionCommon.h | 4 +- UefiCpuPkg/SecCore/SecMain.h | 1 + UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 158 +++++++ MdeModulePkg= /Core/Pei/Dispatcher/Dispatcher.c | 445 +++++++++++++++++- MdeModulePkg/Core/Pei/Image/Image.c | 130 ++++- MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 82 ++++ MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 22 +- MdeModulePkg/Core/Pei/Ppi/Ppi.c | 286 +++++++++++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 +- SecurityPkg/Tcg/TcgPei/TcgPei.c | 29 +- UefiCpuPkg/CpuMpPei/CpuMpPei.c | 37 ++ UefiCpuPkg/CpuMpPei/CpuPaging.c | 42 +- .../Ia32/ArchExceptionHandler.c | 4 +- .../SecPeiCpuException.c | 2 +- .../X64/ArchExceptionHandler.c | 4 +- UefiCpuPkg/SecCore/SecMain.c | 26 +- UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 385 +++++++++++++++ MdeModulePkg/MdeModulePkg.uni | 6 + .../SecMigrationPei/SecMigrationPei.uni | 13 + 32 files changed, 2032 insertions(+), 30 deletions(-) create mode 100644= UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf create mode 100644 MdeModulePkg/Include/Guid/MigratedFvInfo.h create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni -- 2.25.1.windows.1