From: "Laszlo Ersek" <lersek@redhat.com>
To: Jiewen Yao <jiewen.yao@intel.com>
Cc: edk2-devel-groups-io <devel@edk2.groups.io>, Ray Ni <ray.ni@intel.com>
Subject: WSMT bits
Date: Tue, 10 Mar 2020 10:36:34 +0100 [thread overview]
Message-ID: <a5e71131-65dc-8b85-481a-d35011512987@redhat.com> (raw)
Hi Jiewen,
reading the following chapter:
https://edk2-docs.gitbooks.io/a-tour-beyond-bios-memory-protection-in-uefi-bios/content/memory-protection-in-SMM.html
I'm having trouble associating the protection features implemented in
edk2 with the various bits in the WSMT (per
"MdePkg/Include/IndustryStandard/WindowsSmmSecurityMitigationTable.h").
For example, it seems like the bits a platform sets in the WSMT *might*
depend on "PcdCpuSmmRestrictedMemoryAccess".
Can someone clarify these please?
FWIW, in the edk2-platforms tree, the
"Platform/Intel/Vlv2TbltDevicePkg/AcpiPlatform/AcpiPlatform.c" source
file sets EFI_WSMT_PROTECTION_FLAGS_FIXED_COMM_BUFFERS and
EFI_WSMT_PROTECTION_FLAGS_COMM_BUFFER_NESTED_PTR_PROTECTION. It does not
set EFI_WSMT_PROTECTION_FLAGS_SYSTEM_RESOURCE_PROTECTION.
Is this bitmask (from Vlv2TbltDevicePkg) the general pattern that other
edk2 platforms with SMM support should expose too, as a starting point?
Does Vlv2TbltDevicePkg perform some specific actions in order to claim
these feature bits, or do they simply report guarantees that the core
edk2 SMM infrastructure provides out of the box?
This code was originally added to Vlv2TbltDevicePkg in edk2 (not
edk2-platforms) commit 2c855d3aaf36d (preceding the movement of
Vlv2TbltDevicePkg to edk2-platforms):
commit 2c855d3aaf36da80f8c4f0ae12d31900a628b0a9
Author: Lu, ShifeiX A <shifeix.a.lu@intel.com>
Date: Thu Jul 28 16:21:28 2016 +0800
Vlv2DeviceRefCodePkg&Vlv2DevicePkg:Add sample WSMT table.
This is an sample WSMT table, which we only
update BIT0 and BIT1 of Protections flags fields.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: lushifex <shifeix.a.lu@intel.com>
Reviewed-by: David Wei <david.wei@intel.com>
Vlv2DeviceRefCodePkg/AcpiTablesPCAT/AcpiTables.inf | 3 ++-
Vlv2DeviceRefCodePkg/AcpiTablesPCAT/Wsmt/Wsmt.aslc | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Vlv2TbltDevicePkg/AcpiPlatform/AcpiPlatform.c | 13 +++++++++++++
3 files changed, 75 insertions(+), 1 deletion(-)
And that's not a lot of explanation, unfortunately.
(Note: I have not read the WSMT spec.)
Thanks,
Laszlo
next reply other threads:[~2020-03-10 9:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-10 9:36 Laszlo Ersek [this message]
2020-03-10 13:48 ` WSMT bits Laszlo Ersek
2020-03-11 2:01 ` Yao, Jiewen
2020-03-11 10:23 ` Laszlo Ersek
2020-03-11 12:00 ` Yao, Jiewen
2020-03-11 13:02 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a5e71131-65dc-8b85-481a-d35011512987@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox