From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web12.10738.1597134183337877726 for ; Tue, 11 Aug 2020 01:23:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=JzJIXzSl; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jian.j.wang@intel.com) IronPort-SDR: oQ9HgiW9ZGWhSsIc/brHL+Lp/oW8vRTbD8DS5lKAX0ZJNUjrlHRQ8DJANlU4Io5FsD/MB19g2z 9gTSTGXBVc0A== X-IronPort-AV: E=McAfee;i="6000,8403,9709"; a="141548660" X-IronPort-AV: E=Sophos;i="5.75,460,1589266800"; d="scan'208";a="141548660" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Aug 2020 01:23:02 -0700 IronPort-SDR: wbaTLwtcCkVlEoIWC2HQ2/FJ93JDBAu5vntQbHFM3YpE+LsGQdEI2KdKHUGeYeZTdcgE8CK2En Xa3r3BZWfVVg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,460,1589266800"; d="scan'208";a="308338189" Received: from orsmsx605-2.jf.intel.com (HELO ORSMSX605.amr.corp.intel.com) ([10.22.229.85]) by orsmga002.jf.intel.com with ESMTP; 11 Aug 2020 01:23:00 -0700 Received: from orsmsx605.amr.corp.intel.com (10.22.229.18) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 11 Aug 2020 01:23:00 -0700 Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by orsmsx605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 11 Aug 2020 01:23:00 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.172) by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 11 Aug 2020 01:22:55 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ifq64V5EHLoiV83nVWhrjW2L4dKFNn5UhkJIvN/tbpONv9TcwaQuH74Sxevr5qLe6YGR+wTkK5/48EfXR+xJ8Gox2SgXlL3oZ5+nJH4t9hPkvVAgPEGzUnRA3AqySQgIJQtawUW3hfu6HSUL2xwf3kKpoaHyeCl26jDMiWMG+U72FEyGLPvBaoTEppREu33TJCDQlB67Wgxx6fDlS3OrxX1y4YhACnkvQqnrENjbVVmR18cq5D5XfQYkHQ8gggcFgTLagONpdcYUYHqpdqea3NLrPME+mLrEMoBQw/N3O0Q12I5dSSCGUxo4yztTz4NsBfTq6F/JpUCAh3lG1T844w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RNWOHlYnxX2tRdd7Shuh2kroe0XcN+iVwi9euu4b+DU=; b=haz6R2mEWEkDRlrJcqVdkr6E6WUu08Zzr+is/zem7mFp8EZ3dghj2Ici1qr+A2Oq2vxjEUMxBhSqAy/ZyfCFZpF/wBMzw5chLI7vW+8l1LOkxqsMe/fzRy/vhl7h2vA6kRv37eBL/wDecG9gPMm+Q4K8AGKgo4tvs3K9Z+PAQjpU45DfX6xhrC05otSi/SFh2kmVo+CcbhzUT425C/IOb3/8U6ENVgBHH02Q1jmhRN/rDtRig2hdy1vyJvIItBPUDfGQQidpcivMzGTqO6HTlUgweVWVkv0MakdVIIhI0klsgDmJlnTMycyQo4pmvnUt0h8DqkrLihSx+f7tIS79Kg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RNWOHlYnxX2tRdd7Shuh2kroe0XcN+iVwi9euu4b+DU=; b=JzJIXzSlSFqR2HuNnqbOXq4Q2d1bS7yaM8ECsvhq5cJNXUObrdZ+pk5uSlIUh4J2l7d8hBgbc+mKpMxMGUvJQijjqNrnHqPc725mrzDL4d/tDdDu28I+7EiwnFN/qSSmuUnwAbnK5/Qv3aW45/qaOZNWuWOTH66xRWnpaZr77lk= Received: from SN6PR11MB3312.namprd11.prod.outlook.com (2603:10b6:805:c8::14) by SA0PR11MB4543.namprd11.prod.outlook.com (2603:10b6:806:99::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19; Tue, 11 Aug 2020 08:22:54 +0000 Received: from SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::bc48:4db0:9666:124e]) by SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::bc48:4db0:9666:124e%7]) with mapi id 15.20.3261.024; Tue, 11 Aug 2020 08:22:54 +0000 From: "Wang, Jian J" To: "Jiang, Guomin" , "devel@edk2.groups.io" CC: "Gao, Liming" Subject: Re: [edk2-wiki][PATCH v2] Update the Boot Guard TOCTOU wiki page. Thread-Topic: [edk2-wiki][PATCH v2] Update the Boot Guard TOCTOU wiki page. Thread-Index: AQHWb6EP7rCZTl/xVUm/n+DROmqycKkykJdg Date: Tue, 11 Aug 2020 08:22:54 +0000 Message-ID: References: <20200811053225.1277-1-guomin.jiang@intel.com> In-Reply-To: <20200811053225.1277-1-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZmU2OWM4ZDEtMDAwMi00ZDdlLWJjODItZmI5ZjhkOGM2MjE0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiK2d0SnNmTDJqUkdTU2dRMWVzVmFvWmQwNEU5bW9nMUh1WG1JUWVXMXY3dGFDTEMyN3h4Z2NVcENkbXRVV29VOCJ9 dlp-reaction: no-action dlp-version: 11.5.1.3 dlp-product: dlpe-windows x-ctpclassification: CTP_NT authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.203] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 36f6ca5c-c561-4dd4-bd81-08d83dcfbf12 x-ms-traffictypediagnostic: SA0PR11MB4543: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: FoYSjXMoiAcsicntHJ6bISHGSGqkv1vCZh8/g3Nw7ZGeEgezXypwa3eaZ05h5Jv2QP9COHEwV82UE+/aKIj4w9hsScj4KUu9Fk5SKUqrYZcne/QJ1Ge/WU+OA+ANiGUsXtFu/i4KXRov7rck396HRc2BIMYbP9u5YKvL95dHYTNPbMgojaPXAp5c5nQ4VszsN+InzbJN/Elnj3JK+CvzNoY8lws5B/NOWT2o+fBBwP7oB0dyh2wVTj8MYKh4pwaBSXjhhvaEfruNDPgKTBxN/OUEcDvnl4CivhIiMgnDboOdosxyHrMAq1AmcBavW65ehOmsNkzOhgyxbd3G5RJIkZQ86hTY7dpH0HvffHo9P4/q+7GmNzh4ik+QPHKDCXzxbt4Kz9bXfebp++phY3j+5A== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB3312.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(39860400002)(366004)(136003)(376002)(396003)(346002)(52536014)(66476007)(66556008)(66946007)(33656002)(66446008)(64756008)(15650500001)(71200400001)(8936002)(4326008)(478600001)(7696005)(76116006)(5660300002)(86362001)(110136005)(26005)(316002)(8676002)(107886003)(83380400001)(9686003)(53546011)(6506007)(2906002)(186003)(966005)(55016002)(19627235002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: 90ayTUWLtbMYA8i/6ETvrSLdJPKYym/rhoQ3dXqdmdA6s/fcEDWa6QeeujMIzr5Zf2wU99a8Zoph7OBozenwc244NM33SHDI1y3ln96aPt4EHBTF6yWACccvujHL9y6ACZFFIP8mEgW9EsACODKuDXzbdRFkQoQ18OcIAetF6rFaJHCUv1OYJAF/ERv6NVC5tbh7CQvYIEK0V7vJ7Xhik8JJsgPlyGmklmLExw85b8w6WqKASGkXA8f7GGREA9hYYj2uw86uayvHrxBu4DJvxB5CcFCQq/Otx/nCXuYwAxiSrwllCnAFBEbajj2pdHtbwg4RkKpZ0ibrG9/by+fLmVmRidLgpK7hv80ZjuzdYr8oH0RX9RRxqqABEG9U0S2JHiwMGQMFfv5GuG/OyVCi+asFNRN5nMMjWTw+jmDmQhYo1b3O5Mit8qXCV9fN+TiqcuBVRXgBMaR/2m4/B9sybdP8u6/ooIjQm3XRfCFkVXHZpmv7EpMDjRi5nT0h5XL0ioirnX0T3NLmbQn5ocM8QgQGqBLdurKCSpM/7pSwmePkqV//4pqEnhP84XABMY3fe0YIm+EQKZksk1pD6QiWov3FDcCHkOM+u/lyq+6N7uim8jRQXMS5lvCV0jeBlAjqYv1EfrFadxosN9CuFyJafw== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3312.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 36f6ca5c-c561-4dd4-bd81-08d83dcfbf12 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Aug 2020 08:22:54.3607 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: c/QSAqnNhmhry+LRY1109ZdrPGAzkpJ1l+tvRgppr1JyGfD7JhpVWg1Khmbvz9YcPMJMAybp86Euwb5WtCjK2Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR11MB4543 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Guomin, I'd suggest that you add a section to describe clearly the required steps t= o enable this feature in a platform. I just noticed that SecMigrationPei.inf = is not mentioned for doing this. Regards, Jian > -----Original Message----- > From: Jiang, Guomin > Sent: Tuesday, August 11, 2020 1:32 PM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Gao, Liming > Subject: [edk2-wiki][PATCH v2] Update the Boot Guard TOCTOU wiki page. >=20 > The Boot Guard TOCTOU have been migrated into edk2/master. > Update the document to meet the change. >=20 > Signed-off-by: Guomin Jiang > Cc: Jian J Wang > Cc: Liming Gao > Reviewed-by: Jian J Wang > --- > Boot-Guard-TOCTOU-Vulnerability-Mitigation.md | 28 ++++++------------- > 1 file changed, 8 insertions(+), 20 deletions(-) >=20 > diff --git a/Boot-Guard-TOCTOU-Vulnerability-Mitigation.md b/Boot-Guard- > TOCTOU-Vulnerability-Mitigation.md > index e59c7b1..64b9d66 100644 > --- a/Boot-Guard-TOCTOU-Vulnerability-Mitigation.md > +++ b/Boot-Guard-TOCTOU-Vulnerability-Mitigation.md > @@ -45,32 +45,20 @@ references must be updated. In this mitigation, the > process of performing these > The changes described in this mitigation are intended to simply integrat= e into > firmware solutions. For the changes to > function as intended, the platform firmware implementation should follow > these guidelines. >=20 > -The changes are currently being staged in the following EDK II fork for > additional validation before being > -sent to the EDK II mailing list: > https://github.com/makubacki/edk2/tree/btg_toctou_mitigation_staging > - > -The changes should not be considered final or production ready until the= y are > reviewed and pushed onto edk2/master. > - > -1. Always ensure PcdShadowPeimOnBoot and PcdShadowPeimOnS3Boot > - (if platform supports S3) are set to TRUE if Boot Guard is > - enabled and V=3D1 or M=3D1. > -2. Always ensure PcdMigrateTemporaryRamFirmwareVolumes is set to TRUE. > -3. Ensure that all PEIMs are relocatable. Relocation tables should > +1. Always ensure PcdMigrateTemporaryRamFirmwareVolumes is set to TRUE > + if Boot Guard is enabled and V=3D1 or M=3D1. > +2. Ensure that all PEIMs are relocatable. Relocation tables should > not be stripped. > -4. If an Intel® Firmware Support Package (FSP) binary solution is > +3. If an Intel® Firmware Support Package (FSP) binary solution is > used, the binary must have these mitigation changes integrated. > -5. Avoid maintaining pointers to pre-memory addresses inside embedded > +4. Avoid maintaining pointers to pre-memory addresses inside embedded > structures or other non-standard structures that the automatic > migration code introduced in this change cannot identify. > -6. Migrate the FIT table based on platform requirements for FIT > +5. Migrate the FIT table based on platform requirements for FIT > access in post-memory. >=20 > -**Very Important** > - > -7. Enable paging after memory initialization and mark the IBB range > - as Not Present (NP). > - > - This will cause a page fault on access to the IBB region. This CR2 re= gister can > be used to identify the address > - accessed and the IP. > +Notes: IBB will be set Not Present, you will see a page fault if any cod= e access > to the IBB region after migration. > + the address where the code access can be identified in the CR2 re= gister. >=20 > # High-Level Migration Required > Resources that must be migrated can be categorized as code or data. > -- > 2.25.1.windows.1