Re: [edk2-devel] SecCore evacuation in PeiCore?

["Michael Kubacki" <mikuback@linux.microsoft.com>]

Hi Marvin,

I apologize for the delayed response, I missed this message earlier. The 
function was called from EvacuateTempRam() in the initial set of patches:
[PATCH 1/6] MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore 
(CVE-2019-11098) (groups.io) <https://edk2.groups.io/g/devel/message/61823>

I was not involved in the patch series on the mailing list (job role 
change at the time) but as a comment in that patch notes, there was an 
inconsistency observed in PE32 section alignment in SEC modules. I don't 
see where this was resolved other than the calls being removed later in 
the series. SecCore migration would not occur implicitly in the PeiCore 
flow but there is functionality for SEC data migration in 
UefiCpuPkg/SecMigrationPei.

Based on what I see now, I'd be happy to send a patch to remove 
MigrateSecModulesInFv().

Thanks,
Michael

On 8/7/2021 2:54 PM, Marvin Häuser wrote:
> Good day everyone,
> Good day Michael,
>
> The commit that introduced T-RAM evacuation [1] also introduced the 
> function "MigrateSecModulesInFv()". It also is explicitly mentioned as 
> part of the control flow in the commit message. As far as I can see, 
> since then till today this function has never been called anywhere. 
> Was this some draft function that accidentally made it into the patch, 
> or did the caller get lost somewhere? The description makes sense to 
> me and I'm not experienced enough with the PeiCore control flow to 
> tell whether the PEIM migration somehow covers SecCore implicitly. 
> Also I noticed it only supports SecCore in a PE/COFF section, not a TE 
> section. Is there a rationale for that?
>
> Thank you for your time!
>
> Best regards,
> Marvin
>
>
> [1] 
> https://github.com/tianocore/edk2/commit/9bedaec05b7b8ba9aee248361bb61a85a26726cb
>
>
> 
>