From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web10.48583.1595822097908846500 for ; Sun, 26 Jul 2020 20:54:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=FZZF54mw; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: liming.gao@intel.com) IronPort-SDR: z1CEa8zTtNaQACYvrmypDzBW7AWrctqz1v7syWKer9sqfjcWX6FPcCI3lvx8FG3inKZ5F9+uJT 1edbv+AqHRlA== X-IronPort-AV: E=McAfee;i="6000,8403,9694"; a="138461907" X-IronPort-AV: E=Sophos;i="5.75,401,1589266800"; d="scan'208";a="138461907" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jul 2020 20:54:57 -0700 IronPort-SDR: y/xSqmz/Blb6U1qdbNLlHXR78erLw+Ic2hqq+waTXgMQ3O1IBBXuHSgEdILtCCLHY+oPT80esv t6CSzCebCYXg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,401,1589266800"; d="scan'208";a="271888142" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmsmga007.fm.intel.com with ESMTP; 26 Jul 2020 20:54:57 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Sun, 26 Jul 2020 20:54:56 -0700 Received: from FMSEDG001.ED.cps.intel.com (10.1.192.133) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Sun, 26 Jul 2020 20:54:56 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.100) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sun, 26 Jul 2020 20:54:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EFuiCOSZCCHE7RjdxGD4kGbDE27ao+WCb4V6CYIY/un037lBpSWfDn778GYE0EBCssl5K8i1X7830n3JrO/iJsz03uSup1YxxCBXqBIMYkTDKRKAgwi+8FXxExK/+NQ05qGqNq6Cmem4hUJeST9WMgH3GEZJ5ao9DVDS9H2gNmjjEdJDhUnbV+aXDoe+JEytjloKrDz6Zsm0QGYdS+ZI3M41AyVBQWgGOcm1jl9U65te6MLH8K603az3H16NbNHTWllOqRnDVjNIx+/SD/1lhlZ2gyIbGkwNgRt30In+5mZPVl61nxRpdXk3OUgYoxoXHdDgQOUoCDSw70VCc6RY/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gP0XD6PDBQRYoZrgjaXFb+Rd6violR3I4aoGufShbv8=; b=TohI9I6TJ6Hlpsi7i5QGVm54jA89oupwfCYUlrVG5SivXRWWt9GP/6GRXxxyl+sZ5fc2gm/+O0p7dTgV47humt5YWEjyzU1D59AphxgxAsxplumGgP2bbv86h7RuTEL4sqHdEv4eXwtDsqeaV5hCHcLlcMK/nvz4FWrVoNPDKLeIIL6Z7CJe5ZkoBsdhRrD23kDlCVU2oEdBck3AJLsYsMbbJYyvG92MidqS3j23RMS4OQO/a6YEKxEdInw1DMbrtICvcMYdPoan/dcMdRS96FqoKLXBHmW/eqqJUazbmPinmcoXWAXAxqNai3WzZyUCJ/NBf1QMvaHlbrs4veex7g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gP0XD6PDBQRYoZrgjaXFb+Rd6violR3I4aoGufShbv8=; b=FZZF54mwMKJPbKdfBq8sK2GKCKtqVYmTl/ejGOVa3R5UaOQ5pIYtKFfUMzSasnpHWR0aENDi3Gr5cEWT3RMJmoUsEPGHWmH7ZaP5583u0fgF/2Zdc7sKtyYD3JFsSkDQJxlf97thvTBWO+zRJGA0Tjf2fJMI1uL/KUW/S662DSg= Received: from MWHPR11MB1630.namprd11.prod.outlook.com (2603:10b6:301:e::7) by MWHPR11MB1856.namprd11.prod.outlook.com (2603:10b6:300:10f::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.24; Mon, 27 Jul 2020 03:54:54 +0000 Received: from MWHPR11MB1630.namprd11.prod.outlook.com ([fe80::7847:b564:1b55:b67e]) by MWHPR11MB1630.namprd11.prod.outlook.com ([fe80::7847:b564:1b55:b67e%6]) with mapi id 15.20.3216.031; Mon, 27 Jul 2020 03:54:54 +0000 From: "Liming Gao" To: "devel@edk2.groups.io" , "Jiang, Guomin" Subject: Re: [edk2-devel] [PATCH v8 0/9] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098) Thread-Topic: [edk2-devel] [PATCH v8 0/9] Add new feature that evacuate temporary to permanent memory (CVE-2019-11098) Thread-Index: AQHWYaCCOXdsiypOaUaN12zGSFxzb6ka0BIw Date: Mon, 27 Jul 2020 03:54:54 +0000 Message-ID: References: <20200724095446.598-1-guomin.jiang@intel.com> In-Reply-To: <20200724095446.598-1-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.194] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 75bf993a-65f6-40f3-3d18-08d831e0d28b x-ms-traffictypediagnostic: MWHPR11MB1856: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 6vweHIOgG3EGEVmbeohBizCR1VzoykVHl0TIBx37mBxn/LLrVpsrW05LIN018zI/XjR6bNsd9zlhQiRt6gewuOPyNd3W1FDSM4O4Ud961RUKjTe3ULvtsebdhciMrD1rSUBK+UB+oK+M8u0KiPiian4Wxb2UTKf8dbqk92T//Mthy5+ze2AoM9SukauguUEEvQ8yhWFnsWA2AseMnx6AW7g4AwYgCEAviBVkBOWnPEhwUxuSWlibn4kCgSyA+7aiDASumBEV8pYVcxLqo+BnDucGs+K+Ve+GK1Rs6MsoScE3VDpwYxeJXsgXb2fNYup1LfQNErdbnkznnckzCyvRIYWrFpGp5Afd08RSsyMK3VGpnvbpZeyo27MCuMlA1wVTyCoYDgIUDMP5+03T+EgCpg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR11MB1630.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(366004)(376002)(396003)(346002)(39860400002)(136003)(966005)(53546011)(6506007)(66556008)(66446008)(2906002)(7696005)(186003)(19627235002)(26005)(86362001)(66476007)(64756008)(478600001)(52536014)(76116006)(66946007)(9686003)(316002)(55016002)(5660300002)(8676002)(8936002)(110136005)(71200400001)(6636002)(33656002)(83380400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: bIZyZg6O2DlgMtgHc4WjptkYXpWEgTamTCu53q4lR4gvoEGYiwfNnJX7sRQr2bWdVpIAmRGmWAlfyfNdJV4J6Q/bNP26LEykgwQUO82eAGrmvO4KllGIpdH1MeRtvN4d4I7Q9fGGxZo7Ci8evLaYOs/pOP4ccMNbbZrDXHdMVaC6NemXEk3pxbOP+TSWzl/Y40q//uvmbk3Ptvm2iElxi/GhvfV9ztg79qXLd+8Tc2EAdte/QFNaCUMJWOBzmE48ueLP2JcUP0ELz7reFUnHCCG5tMqFGBVciOINWxi2+UECD9hzyM772zLXwVYZIlaAjEIno3cfUWdSKvbJut+tfipwqrGJPWNOd45F7XZo1e6wuFi1PigWC8CYPIn0lMkXxAcCqqbbXlD1Sq3tPblHA7ag0iw7Icn/kbcc02R7Kq2C+zrnoxi7eVEihiDF8wqT9rscYML0Cx7GwRX1tWcCFCO1MUv3MRlR11xDXVo+xEPXPiX2TL8iHufLStbFZu3L MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1630.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 75bf993a-65f6-40f3-3d18-08d831e0d28b X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jul 2020 03:54:54.1533 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: yj/FEsrl2A7MnGu/znNlaDKq0jt5yUGSLs5OKbmIpT9ZvJox1+MO+vXxXyc7dsJNp8cvIYG2lA1HJvoZ0z23jw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1856 Return-Path: liming.gao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable Reviewed-by: Liming Gao for this patch set.=20 -----Original Message----- From: devel@edk2.groups.io On Behalf Of Guomin Jian= g Sent: 2020=1B$BG/=1B(B7=1B$B7n=1B(B24=1B$BF|=1B(B 17:55 To: devel@edk2.groups.io Subject: [edk2-devel] [PATCH v8 0/9] Add new feature that evacuate tempora= ry to permanent memory (CVE-2019-11098) The TOCTOU vulnerability allow that the physical present person to replace= the code with the normal BootGuard check and PCR0 value. The issue occur when BootGuard measure IBB and access flash code after NEM= disable. The reason why we access the flash code is that we have some pointer to fl= ash. To avoid this vulnerability, we need to convert those pointers, the patch = series do this work and make sure that no code will access flash address. v2: Create gEdkiiMigratedFvInfoGuid HOB and add PcdMigrateTemporaryRamFirmware= Volumes to control whole feature. v3: Remove changes which is not related with the feature and disable the featu= re in virtual platform. v4: Disable the feature as default, Copy the Tcg2Pei behavior to TcgPei v5: Initialize local variable Shadow and return EFI_ABORTED when RepublishSecP= pi not installed. v6: Avoid redundant shadow PEIM when enable Migrated PCD. v7: Change patch 10/10 to enhance the logic. v8: Drop the patch#10 added in v6 and v7, the optimization will be considered = future. Guomin Jiang (6): MdeModulePkg: Add new PCD to control the evacuate temporary memory feature (CVE-2019-11098) MdeModulePkg/Core: Create Migrated FV Info Hob for calculating hash (CVE-2019-11098) SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU (CVE-2019-11098) UefiCpuPkg: Correct some typos. SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Michael Kubacki (3): MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore (CVE-2019-11098) UefiCpuPkg/CpuMpPei: Add GDT migration support (CVE-2019-11098) UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098) MdeModulePkg/MdeModulePkg.dec | 12 + UefiCpuPkg/UefiCpuPkg.dec | 3 + UefiCpuPkg/UefiCpuPkg.dsc | 1 + MdeModulePkg/Core/Pei/PeiMain.inf | 3 + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 + UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 4 + UefiCpuPkg/SecCore/SecCore.inf | 2 + .../SecMigrationPei/SecMigrationPei.inf | 68 +++ MdeModulePkg/Core/Pei/PeiMain.h | 170 +++++++ MdeModulePkg/Include/Guid/MigratedFvInfo.h | 22 + UefiCpuPkg/CpuMpPei/CpuMpPei.h | 14 +- UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ .../CpuExceptionCommon.h | 4 +- UefiCpuPkg/SecCore/SecMain.h | 1 + UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 158 +++++++ MdeModulePkg= /Core/Pei/Dispatcher/Dispatcher.c | 445 +++++++++++++++++- MdeModulePkg/Core/Pei/Image/Image.c | 130 ++++- MdeModulePkg/Core/Pei/Memory/MemoryServices.c | 82 ++++ MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 22 +- MdeModulePkg/Core/Pei/Ppi/Ppi.c | 286 +++++++++++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 +- SecurityPkg/Tcg/TcgPei/TcgPei.c | 29 +- UefiCpuPkg/CpuMpPei/CpuMpPei.c | 37 ++ UefiCpuPkg/CpuMpPei/CpuPaging.c | 42 +- .../Ia32/ArchExceptionHandler.c | 4 +- .../SecPeiCpuException.c | 2 +- .../X64/ArchExceptionHandler.c | 4 +- UefiCpuPkg/SecCore/SecMain.c | 26 +- UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 385 +++++++++++++++ MdeModulePkg/MdeModulePkg.uni | 6 + .../SecMigrationPei/SecMigrationPei.uni | 13 + 32 files changed, 2032 insertions(+), 30 deletions(-) create mode 100644= UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf create mode 100644 MdeModulePkg/Include/Guid/MigratedFvInfo.h create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni -- 2.25.1.windows.1