From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, taylor.d.beebe@gmail.com
Cc: "Ard Biesheuvel" <ardb+tianocore@kernel.org>,
"Jiewen Yao" <jiewen.yao@intel.com>,
"Jordan Justen" <jordan.l.justen@intel.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Rebecca Cran" <rebecca@bsdio.com>,
"Peter Grehan" <grehan@freebsd.org>,
"Corvin Köhne" <corvink@freebsd.org>,
"Jianyong Wu" <jianyong.wu@arm.com>,
"Anatol Belski" <anbelski@linux.microsoft.com>,
"Anthony Perard" <anthony.perard@citrix.com>,
"Julien Grall" <julien@xen.org>
Subject: Re: [edk2-devel] [PATCH v5 10/28] OvmfPkg: Add Memory Protection Library Definitions to Platforms
Date: Mon, 9 Oct 2023 09:47:50 +0200 [thread overview]
Message-ID: <d8090cc7-5bfa-cedc-2b4f-3c6ad552b36b@redhat.com> (raw)
In-Reply-To: <20231009000742.1792-11-taylor.d.beebe@gmail.com>
On 10/9/23 02:07, Taylor Beebe wrote:
> Add library classes for SetMemoryProtectionsLib and
> GetMemoryProtectionsLib to OvmfPkg platfomrs.
>
> Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Peter Grehan <grehan@freebsd.org>
> Cc: Corvin Köhne <corvink@freebsd.org>
> Cc: Jianyong Wu <jianyong.wu@arm.com>
> Cc: Anatol Belski <anbelski@linux.microsoft.com>
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Julien Grall <julien@xen.org>
> ---
> OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
> OvmfPkg/Bhyve/BhyveX64.dsc | 1 +
> OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
> OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc | 15 +++++++++++++++
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 ++
> OvmfPkg/Microvm/MicrovmX64.dsc | 2 ++
> OvmfPkg/OvmfPkgIa32.dsc | 1 +
> OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
> OvmfPkg/OvmfPkgX64.dsc | 1 +
> OvmfPkg/OvmfXen.dsc | 2 ++
> OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc | 2 ++
> 11 files changed, 29 insertions(+)
>
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
> index 302c90e7c2b4..b67b50b833b9 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> @@ -203,6 +203,7 @@ [LibraryClasses]
> S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
>
> !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
> index 6693342c5f6e..5af5831196f6 100644
> --- a/OvmfPkg/Bhyve/BhyveX64.dsc
> +++ b/OvmfPkg/Bhyve/BhyveX64.dsc
> @@ -229,6 +229,7 @@ [LibraryClasses]
> XenPlatformLib|OvmfPkg/Library/XenPlatformLib/XenPlatformLib.inf
>
> !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
> index 35942e02df93..c550ebcd659e 100644
> --- a/OvmfPkg/CloudHv/CloudHvX64.dsc
> +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
> @@ -239,6 +239,7 @@ [LibraryClasses]
> OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
>
> !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> diff --git a/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc b/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
> new file mode 100644
> index 000000000000..049fdef3f0c1
> --- /dev/null
> +++ b/OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
> @@ -0,0 +1,15 @@
> +##
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +##
> +
> +#
> +# Memory Protection Libraries
> +#
> +[LibraryClasses.common]
> + SetMemoryProtectionsLib|MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.inf
> +
> +[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE]
> + GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/MmGetMemoryProtectionsLib.inf
> +
> +[LibraryClasses.common.DXE_CORE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.UEFI_APPLICATION, LibraryClasses.common.UEFI_DRIVER]
> + GetMemoryProtectionsLib|MdeModulePkg/Library/GetMemoryProtectionsLib/DxeGetMemoryProtectionsLib.inf
> diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> index 182ec3705dd3..a3370f45940c 100644
> --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> @@ -211,6 +211,8 @@ [LibraryClasses]
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
> TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
>
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
> +
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
> diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
> index 0f26f2a9a97d..da5a4862bfdc 100644
> --- a/OvmfPkg/Microvm/MicrovmX64.dsc
> +++ b/OvmfPkg/Microvm/MicrovmX64.dsc
> @@ -238,6 +238,8 @@ [LibraryClasses]
> Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeTcg2PhysicalPresenceLib.inf
> TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
>
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
> +
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> CcExitLib|OvmfPkg/Library/CcExitLib/CcExitLib.inf
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index fcd3a3fda5f2..d4d14b69ef1d 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -246,6 +246,7 @@ [LibraryClasses]
> OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
>
> !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index d0ae0b996d66..674010323df1 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -251,6 +251,7 @@ [LibraryClasses]
> OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
>
> !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index a6811eee557e..08b70d76d292 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -267,6 +267,7 @@ [LibraryClasses]
> OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
>
> !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
>
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
> index ccd3a873c714..d80e20a151d7 100644
> --- a/OvmfPkg/OvmfXen.dsc
> +++ b/OvmfPkg/OvmfXen.dsc
> @@ -231,6 +231,8 @@ [LibraryClasses]
> DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
> !endif
>
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
> +
> [LibraryClasses.common]
> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf
> diff --git a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc b/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
> index 34b2037824f1..dd25a34796e5 100644
> --- a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
> +++ b/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
> @@ -112,6 +112,8 @@ [LibraryClasses.common]
> TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLibNull/PeiDxeTpmPlatformHierarchyLib.inf
> !endif
>
> +!include OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc
> +
> [LibraryClasses.common.DXE_DRIVER]
> AcpiPlatformLib|OvmfPkg/Library/AcpiPlatformLib/DxeAcpiPlatformLib.inf
> ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
I'm unconvinced that a new DSC include file buys us much in this case.
But, I'm not dead-set against it; if other reviewers like this approach,
then I'm fine.
However, the new file
"OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc" includes neither
a top-level @file comment (bad, but not critical), nor a Copyright
notice (which *is* critical).
In fact, none of the dsc.inc files under OvmfPkg/Include/Dsc have
copyright notices, and some of the fdf.inc files under
/OvmfPkg/Include/Fdf lack them too. That's a serious bug IMO that goes
back to the introduction of those include files.
At least don't perpetuate that mistake here, please.
The EccCheck CI plugin actually enforces copyright notices in metafiles.
We have at least two reasons why ECC has not been catching these
copyright notice problems:
- EccCheck is disabled for OvmfPkg (not surprisingly: ECC also makes a
lot of invalid / inane complaints)
- I *think* ECC does not recognize "*.dsc.inc", "*.fdf.inc", etc as
metafiles.
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109441): https://edk2.groups.io/g/devel/message/109441
Mute This Topic: https://groups.io/mt/101843352/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/xyzzy [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-10-09 7:48 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-09 0:07 [edk2-devel] [PATCH v5 00/28] Implement Dynamic Memory Protection Settings Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 01/28] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions Taylor Beebe
2023-11-03 5:52 ` Ni, Ray
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 02/28] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-10-09 7:52 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 03/28] MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 04/28] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 05/28] MdeModulePkg: Copy PEI PCD Database Into New Buffer Taylor Beebe
2023-10-09 6:47 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 06/28] MdeModulePkg: Apply Protections to the HOB List Taylor Beebe
2023-10-09 6:54 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 07/28] MdeModulePkg: Check Print Level Before Dumping GCD Memory Map Taylor Beebe
2023-10-09 7:10 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 08/28] UefiCpuPkg: Always Set Stack Guard in MpPei Init Taylor Beebe
2023-10-09 7:28 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 09/28] ArmVirtPkg: Add Memory Protection Library Definitions to Platforms Taylor Beebe
2023-10-09 7:30 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 10/28] OvmfPkg: " Taylor Beebe
2023-10-09 7:47 ` Laszlo Ersek [this message]
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 11/28] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-10-09 8:19 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 12/28] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 13/28] UefiPayloadPkg: Update DXE Handoff " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 14/28] MdeModulePkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 15/28] ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 16/28] EmulatorPkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 17/28] OvmfPkg: " Taylor Beebe
2023-10-09 8:29 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 18/28] UefiCpuPkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 19/28] MdeModulePkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 21/28] OvmfPkg: Add QemuFwCfgParseString to QemuFwCfgSimpleParserLib Taylor Beebe
2023-10-09 8:40 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 22/28] OvmfPkg: Add MemoryProtectionConfigLib Taylor Beebe
2023-10-09 9:17 ` Laszlo Ersek
2023-10-09 9:22 ` Laszlo Ersek
2023-10-09 9:34 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 23/28] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg Taylor Beebe
2023-10-09 9:53 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 24/28] ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-10-09 10:00 ` Laszlo Ersek
2023-10-10 11:48 ` Gerd Hoffmann
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 25/28] MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 26/28] OvmfPkg: Delete Memory Protection PCDs Taylor Beebe
2023-10-09 10:02 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 27/28] ArmVirtPkg: " Taylor Beebe
2023-10-09 10:02 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 28/28] MdeModulePkg: " Taylor Beebe
2023-10-09 10:03 ` Laszlo Ersek
2023-10-09 14:47 ` Taylor Beebe
2023-10-09 10:16 ` [edk2-devel] [PATCH v5 00/28] Implement Dynamic Memory Protection Settings Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d8090cc7-5bfa-cedc-2b4f-3c6ad552b36b@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox