From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web12.2143.1583833002292472358 for ; Tue, 10 Mar 2020 02:36:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YVZRIX3/; spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1583833001; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RVGfiAJmq3Hz4eUD0UwwBkShT+U8tF/aEOHK3lh5zEM=; b=YVZRIX3/z/bRp+/QQk8xtDXFlPWFN3svpO70W0rRdRgaqYEZwqkifZOGV8JENCeM1e+9mM beGrlwhfzI1keyvhJwSlGTpEMFC0gFriXP3XMz0DbmoQsqE8ZiZBZfTmyfE4RjfINBP1UP pNqiB0WvVXidMeaKA7FTYeWtCqrtFlw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-340-qePiIIQEM9ytSOj_fqbzBA-1; Tue, 10 Mar 2020 05:36:37 -0400 X-MC-Unique: qePiIIQEM9ytSOj_fqbzBA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AD04E184C81B; Tue, 10 Mar 2020 09:36:36 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-246.ams2.redhat.com [10.36.116.246]) by smtp.corp.redhat.com (Postfix) with ESMTP id 813E45C545; Tue, 10 Mar 2020 09:36:35 +0000 (UTC) To: Jiewen Yao Cc: edk2-devel-groups-io , Ray Ni From: "Laszlo Ersek" Subject: WSMT bits Message-ID: Date: Tue, 10 Mar 2020 10:36:34 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hi Jiewen, reading the following chapter: https://edk2-docs.gitbooks.io/a-tour-beyond-bios-memory-protection-in-uefi-bios/content/memory-protection-in-SMM.html I'm having trouble associating the protection features implemented in edk2 with the various bits in the WSMT (per "MdePkg/Include/IndustryStandard/WindowsSmmSecurityMitigationTable.h"). For example, it seems like the bits a platform sets in the WSMT *might* depend on "PcdCpuSmmRestrictedMemoryAccess". Can someone clarify these please? FWIW, in the edk2-platforms tree, the "Platform/Intel/Vlv2TbltDevicePkg/AcpiPlatform/AcpiPlatform.c" source file sets EFI_WSMT_PROTECTION_FLAGS_FIXED_COMM_BUFFERS and EFI_WSMT_PROTECTION_FLAGS_COMM_BUFFER_NESTED_PTR_PROTECTION. It does not set EFI_WSMT_PROTECTION_FLAGS_SYSTEM_RESOURCE_PROTECTION. Is this bitmask (from Vlv2TbltDevicePkg) the general pattern that other edk2 platforms with SMM support should expose too, as a starting point? Does Vlv2TbltDevicePkg perform some specific actions in order to claim these feature bits, or do they simply report guarantees that the core edk2 SMM infrastructure provides out of the box? This code was originally added to Vlv2TbltDevicePkg in edk2 (not edk2-platforms) commit 2c855d3aaf36d (preceding the movement of Vlv2TbltDevicePkg to edk2-platforms): commit 2c855d3aaf36da80f8c4f0ae12d31900a628b0a9 Author: Lu, ShifeiX A Date: Thu Jul 28 16:21:28 2016 +0800 Vlv2DeviceRefCodePkg&Vlv2DevicePkg:Add sample WSMT table. This is an sample WSMT table, which we only update BIT0 and BIT1 of Protections flags fields. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: lushifex Reviewed-by: David Wei Vlv2DeviceRefCodePkg/AcpiTablesPCAT/AcpiTables.inf | 3 ++- Vlv2DeviceRefCodePkg/AcpiTablesPCAT/Wsmt/Wsmt.aslc | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Vlv2TbltDevicePkg/AcpiPlatform/AcpiPlatform.c | 13 +++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) And that's not a lot of explanation, unfortunately. (Note: I have not read the WSMT spec.) Thanks, Laszlo