From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 4B54FD811AC for ; Thu, 25 Apr 2024 07:20:50 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=JleMs15taDrWZFIyRk9zqz1dN0vqNXJCe0j7OMq1Z4k=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20240206; t=1714029648; v=1; b=AHkR/rsWArT5SJuMcrRaoR2NZGWut78A8Atkf3CzUhFtiLL2nWwG1twKMRdV3ZOLEMf6Nky5 88BI/TjtMHDGfURg2CrLgL3GrHxlnmRJu5hQP83r2uMXD06VXrX/q8N5Rm0fHrZBl1jtolXTHCb 0VotkiLepb6rMC+Nyww0udPP+dLHNf/wGohhEX0mmOr9aVULNwUorhRBICP4Lv9FbNW48Tn/QZ1 YL4kSXwJa8v0s5ddd/div3gIgOUoKMi1Ys9hzNswvDzQF3Kn0q3zpuDf+Q1V+YgcCBld8AH7LC1 XWPmyIDNWOZRU5b3ru/ffwy82bnsGYHU/UUlQRtTqbiYw== X-Received: by 127.0.0.2 with SMTP id kg9UYY7687511x4m0J4Z1C4u; Thu, 25 Apr 2024 00:20:48 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web10.11390.1714029648238155576 for ; Thu, 25 Apr 2024 00:20:48 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-363-X-Lv_7-9MKm88eiiJvS-7Q-1; Thu, 25 Apr 2024 03:20:43 -0400 X-MC-Unique: X-Lv_7-9MKm88eiiJvS-7Q-1 X-Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 459C21005E22; Thu, 25 Apr 2024 07:20:43 +0000 (UTC) X-Received: from dobby.home.kraxel.org (unknown [10.39.192.160]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1549C5C5CC8; Thu, 25 Apr 2024 07:20:43 +0000 (UTC) X-Received: by dobby.home.kraxel.org (Postfix, from userid 1000) id AA59AF6B3C; Thu, 25 Apr 2024 09:20:41 +0200 (CEST) Date: Thu, 25 Apr 2024 09:20:41 +0200 From: "Gerd Hoffmann" To: "Wu, Jiaxin" Cc: "devel@edk2.groups.io" , Ard Biesheuvel , "Yao, Jiewen" , "Ni, Ray" Subject: Re: [edk2-devel] [PATCH v3 08/13] OvmfPkg/PlatformInitLib: Create gEfiSmmSmramMemoryGuid Message-ID: References: <20240418065556.5696-1-jiaxin.wu@intel.com> <20240418065556.5696-9-jiaxin.wu@intel.com> <74uoxthjxoztfpmnt552eysn2u2blko6tkllnk3a76ax46yf5d@y34m4b4h6t57> MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 25 Apr 2024 00:20:48 -0700 Resent-From: kraxel@redhat.com Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: hrZAdM5vjOLlnHyckc7afGUmx7686176AA= Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="AHkR/rsW"; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none) Hi, > Let me explain more why need this change: > > 1. The EFI_SMM_SMRAM_MEMORY_GUID HOB, as defined in the PI specification, is used to describe the SMRAM memory regions supported by the platform. This HOB should be produced during the memory detection phase to align with the PI spec. > > 2. In addition to the memory reserved for ACPI S3 resume, an increasing number of features require reserving SMRAM for specific purposes, such as SmmRelocation. Other advanced features in Intel platforms also necessitate this. The implementation of these features varies and is entirely dependent on the platform. This is why an increasing number of platforms are adopting the EFI_SMM_SMRAM_MEMORY_GUID HOB for SMRAM description. > > 3. It is crucial that the SMRAM information remains consistent when retrieved from the platform, whether through the SMM ACCESS PPI/Protocol or the EFI_SMM_SMRAM_MEMORY_GUID HOB. Inconsistencies can lead to unexpected issues, most commonly memory region conflicts. > > 4. The SMM ACCESS PPI/Protocol can be naturally implemented for general use. The common approach is to utilize the EFI_SMM_SMRAM_MEMORY_GUID HOB. For reference, see the existing implementation in the EDK2 repository at edk2/UefiPayloadPkg/SmmAccessDxe/SmmAccessDxe.inf and edk2-platforms/Silicon/Intel/IntelSiliconPkg/Feature/SmmAccess/Library/PeiSmmAccessLib/PeiSmmAccessLib.inf. > > For the reasons mentioned, we are moving the SMRAM memory regions to HOBs and allowing SMM access to consume these HOBs. > > I will add the above info into commit message. Thanks. Creating the EFI_SMM_SMRAM_MEMORY_GUID HOB should be moved to its own function. Also move over the comments from SmmAccess describing the regions please. Adding a reference to the PI spec section describing this would be good too. > > Storing anything SMM related outside SMRAM makes me nervous. > > I'd strongly suggest to avoid that. > > > > It might be that in this specific case it is not a problem. But it > > needs very careful review of the implications (which I have not done) > > and you have to hope you don't miss a possible attack vector, such as > > someone modifying the HOB and the firmware then storing SMM data + code > > outside SMRAM. > > Understand, but here is the case we can record the info in non-smram > since PI spec exposes that, there is no difference the info retrieved > from PPI/ non-smm Protocol or the non-smram. Good point. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118273): https://edk2.groups.io/g/devel/message/118273 Mute This Topic: https://groups.io/mt/105593577/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-