From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web12.39233.1628873513528715398 for ; Fri, 13 Aug 2021 09:51:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=OL7Vb9vF; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from [10.0.0.120] (c-73-27-179-174.hsd1.fl.comcast.net [73.27.179.174]) by linux.microsoft.com (Postfix) with ESMTPSA id 6050420A597B; Fri, 13 Aug 2021 09:51:52 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 6050420A597B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1628873512; bh=v9emL6H5MjsBTbPMs9DQOOYE0aV632rnbkL5VVS+m1Q=; h=Subject:To:References:From:Date:In-Reply-To:From; b=OL7Vb9vFdC0f2AP27DspFH+eNJ/+W9pthtG2DzGCg1AayKCRHqWIJLljXxzTBVy0b WqTrL82JxVfCXtNU+4iFny5xPlOmj96AJq9CBRBefLzVECpqjNp4VKprsRKHB49/gy mRH2rDExzA0S/rbspPtzbKwTnlBODOkxhD4Op0Pw= Subject: Re: [edk2-devel] SecCore evacuation in PeiCore? To: devel@edk2.groups.io, mhaeuser@posteo.de References: From: "Michael Kubacki" Message-ID: Date: Fri, 13 Aug 2021 12:51:51 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi Marvin, I apologize for the delayed response, I missed this message earlier. The=20 function was called from EvacuateTempRam() in the initial set of patches: [PATCH 1/6] MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore=20 (CVE-2019-11098) (groups.io) I was not involved in the patch series on the mailing list (job role=20 change at the time) but as a comment in that patch notes, there was an=20 inconsistency observed in PE32 section alignment in SEC modules. I don't=20 see where this was resolved other than the calls being removed later in=20 the series. SecCore migration would not occur implicitly in the PeiCore=20 flow but there is functionality for SEC data migration in=20 UefiCpuPkg/SecMigrationPei. Based on what I see now, I'd be happy to send a patch to remove=20 MigrateSecModulesInFv(). Thanks, Michael On 8/7/2021 2:54 PM, Marvin H=C3=A4user wrote: > Good day everyone, > Good day Michael, > > The commit that introduced T-RAM evacuation [1] also introduced the=20 > function "MigrateSecModulesInFv()". It also is explicitly mentioned as=20 > part of the control flow in the commit message. As far as I can see,=20 > since then till today this function has never been called anywhere.=20 > Was this some draft function that accidentally made it into the patch,=20 > or did the caller get lost somewhere? The description makes sense to=20 > me and I'm not experienced enough with the PeiCore control flow to=20 > tell whether the PEIM migration somehow covers SecCore implicitly.=20 > Also I noticed it only supports SecCore in a PE/COFF section, not a TE=20 > section. Is there a rationale for that? > > Thank you for your time! > > Best regards, > Marvin > > > [1]=20 > https://github.com/tianocore/edk2/commit/9bedaec05b7b8ba9aee248361bb61a85= a26726cb > > >=20 >