[edk2-devel] [RFC PATCH 00/10] Add PPI to manage PEI phase memory attributes

Ard Biesheuvel Thu, 25 May 2023 07:31:05 -0700

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4468


This is a proof-of-concept RFC that implements a PEI phase PPI to manage
memory permission attributes, and wires it up to the PEI image loader so
that shadowed PEIMs as well as the DXE core are remapped with the
appropriate, restricted memory permission attributes before execution.

This means that neither shadowed PEIMs nor the DXE core will ever
execute with writable code regions. It also removes the need on the part
of PEI for memory to be mapped with both writable and executable
permissions by default out of reset. Similar work still needs to be done
to address the early DXE phase (before the CPU arch protocol becomes
available), but once that is out of the way as well, platforms should be
able to map all memory non-executable from the beginning.

This by itself is a major improvement in terms of robustness. It is also
a prerequisite for enabling the WXN MMU control on AArch64, which makes
all writable memory mappings non-executable regardless of the non-exec
page table attribute.

Patches #1 to #4 are prepatory work.
Patch #5 proposes the memory attribute PPI protocol interface.
Patch #6 implements it for ARM and AARCH64.
Patch #7 wires it up into the PEI image loader.
Patches #8 to #10 update the DxeIpl to use this PPI on ARM/AARCH64 for
mapping the stack NX.
instead of an explicit reference to ArmMmuLib. Other architectures
(except IA32/X64) will seamlessly inherit this once they implement the
PPI as well.

Cc: Ray Ni <ray...@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Taylor Beebe <t...@taylorbeebe.com>
Cc: Oliver Smith-Denny <o...@smith-denny.com>
Cc: Dandan Bi <dandan...@intel.com>
Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: "Kinney, Michael D" <michael.d.kin...@intel.com>
Cc: Leif Lindholm <quic_llind...@quicinc.com>
Cc: Sunil V L <suni...@ventanamicro.com> 
Cc: Andrei Warkentin <andrei.warken...@intel.com> 

Ard Biesheuvel (10):
  ArmPkg/ArmMmuLib: Extend API to manage memory permissions better
  ArmPkg/CpuDxe: Simplify memory attributes protocol implementation
  ArmPkg/CpuPei: Drop bogus DEPEX on PEI permanent memory
  OvmfPkg/RiscVVirt: Remove unimplemented NxForStack configuration
  MdeModulePkg: Define memory attribute PPI
  ArmPkg/CpuPei: Implement the memory attributes PPI
  MdeModulePkg/PeiCore: Apply restricted permissions in image loader
  MdeModulePkg/DxeIpl: Merge EBC, RISCV64 and LOONGARCH code
  MdeModulePkg/DxeIpl: Use memory attribute PPI to remap the stack NX
  MdeModulePkg/DxeIpl ARM AARCH64: Switch to generic handoff code

 ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c                             |   2 +-
 ArmPkg/Drivers/CpuDxe/MemoryAttribute.c                          |  50 +-----
 ArmPkg/Drivers/CpuPei/CpuPei.c                                   |  78 
+++++++++-
 ArmPkg/Drivers/CpuPei/CpuPei.inf                                 |   7 +-
 ArmPkg/Include/Library/ArmMmuLib.h                               |  36 ++++-
 ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c                 |  52 ++++++-
 ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c                   |  88 
+++++++++--
 ArmPkg/Library/OpteeLib/Optee.c                                  |   2 +-
 MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c                   |  71 
---------
 MdeModulePkg/Core/DxeIplPeim/{Ebc/DxeLoadFunc.c => DxeHandoff.c} |  31 +++-
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf                          |  24 +--
 MdeModulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c           |  63 --------
 MdeModulePkg/Core/DxeIplPeim/RiscV64/DxeLoadFunc.c               |  75 
---------
 MdeModulePkg/Core/Pei/Image/Image.c                              | 160 
++++++++++++++++++++
 MdeModulePkg/Core/Pei/PeiMain.h                                  |   6 +
 MdeModulePkg/Core/Pei/PeiMain.inf                                |   1 +
 MdeModulePkg/Include/Ppi/MemoryAttribute.h                       |  78 
++++++++++
 MdeModulePkg/MdeModulePkg.dec                                    |   3 +
 OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc                              |   6 -
 19 files changed, 523 insertions(+), 310 deletions(-)
 delete mode 100644 MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c
 rename MdeModulePkg/Core/DxeIplPeim/{Ebc/DxeLoadFunc.c => DxeHandoff.c} (62%)
 delete mode 100644 MdeModulePkg/Core/DxeIplPeim/LoongArch64/DxeLoadFunc.c
 delete mode 100644 MdeModulePkg/Core/DxeIplPeim/RiscV64/DxeLoadFunc.c
 create mode 100644 MdeModulePkg/Include/Ppi/MemoryAttribute.h

-- 
2.39.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105300): https://edk2.groups.io/g/devel/message/105300
Mute This Topic: https://groups.io/mt/99131172/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH 00/10] Add PPI to manage PEI phase memory attributes

Reply via email to