Issue description: 1. PeiCore only migrates Fsp-M in dispatch mode and doesn't migrate Fsp-T and Fsp-M in Api mode. 2. Fsp-T and Fsp-M will be measured in post-mem PEI and the measurement uses original addresses. RootCause: PeiCore only migrates installed FVs and Fsp-T/M may not be installed.
Defect in implementation: In MdeModulePkg/Core/Pei/PeiMain/PeiMain.c line 450: EvacuateTempRam will migrate installed content from Temporary RAM to Permanent RAM because of BootGuard TOCTOU vulnerability(https://bugzilla.tianocore.org/show_bug.cgi?id=1614). In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 220: FspmWrapperInit will install Fspm in dispatch mode or directly call PeiFspMemoryInit function in api mode. ==> Api mode: Fsp-T and Fsp-M are not migrated because they are not installed. Dispatch mode: Fsp-T is not migrated because it is not installed. In IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c line 291, 300: TcgPpiNotify transmits original addresses(PcdFsptBaseAddress, PcdFspmBaseAddress) to MeasureFspFirmwareBlob which will trigger HashLogExtendEvent. In SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c line 966: TcgPpi will be installed in PeimEntryMP which will be called when the PEI Foundation discovers permanent memory(line 1059 mImageInMemory = TRUE). ==> Original addresses of Fsp-T and Fsp-M will be used for measurement after permanent memory is ready and installed FVs are migrated. Solution: MdeModulePkg: PeiCore Installs MigrateTempRamPpi if PcdMigrateTemporaryRamFirmwareVolumes is True. IntelFsp2WrapperPkg : 1. MigrateTempRamPpi nitification in FspmWrapperPeim migrates FspT/M binary to permanent memory and build MigatedFvInfoHob. 2. TCG notification checks MigatedFvInfoHob and transmits DRAM address for measurement. BR, Zhihao -----Original Message----- From: gaoliming <gaolim...@byosoft.com.cn> Sent: Tuesday, May 28, 2024 5:44 PM To: Li, Zhihao <zhihao...@intel.com>; devel@edk2.groups.io Cc: Chiu, Chasel <chasel.c...@intel.com>; Desimone, Nathaniel L <nathaniel.l.desim...@intel.com>; Duggapu, Chinni B <chinni.b.dugg...@intel.com>; Chen, Gang C <gang.c.c...@intel.com> Subject: 回复: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi Zhihao: Could you explain the situation that FSP-T/M is not migrated by PeiCore? Thanks Liming > -----邮件原件----- > 发件人: Zhihao Li <zhihao...@intel.com> > 发送时间: 2024年4月29日 11:20 > 收件人: devel@edk2.groups.io > 抄送: Chasel Chiu <chasel.c...@intel.com>; Nate DeSimone > <nathaniel.l.desim...@intel.com>; Duggapu Chinni B > <chinni.b.dugg...@intel.com>; Chen Gang C <gang.c.c...@intel.com>; > Liming Gao <gaolim...@byosoft.com.cn> > 主题: [PATCH v1 1/2] MdeModulePkg/Core/Pei: Install MigrateTempRamPpi > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4716 > > Migrate FSP-T/M binary from temporary RAM to permanent RAM before NEM > tear down. Tcg module will use permanent address of FSP-T/M for > measurement. > 1. PeiCore installs mMigrateTempRamPpi if > PcdMigrateTemporaryRamFirmwareVolumes is True 2. FspmWrapperPeim > migrate FspT/M binary to permanent memory and build MigatedFvInfoHob > 3. TCG notification checks MigatedFvInfoHob and transmits DRAM address > for measurement > > Cc: Chasel Chiu <chasel.c...@intel.com> > Cc: Nate DeSimone <nathaniel.l.desim...@intel.com> > Cc: Duggapu Chinni B <chinni.b.dugg...@intel.com> > Cc: Chen Gang C <gang.c.c...@intel.com> > Cc: Liming Gao <gaolim...@byosoft.com.cn> > > Signed-off-by: Zhihao Li <zhihao...@intel.com> > --- > MdeModulePkg/Core/Pei/PeiMain/PeiMain.c | 10 ++++++++- > MdeModulePkg/Core/Pei/PeiMain.h | 3 ++- > MdeModulePkg/Core/Pei/PeiMain.inf | 3 ++- > MdeModulePkg/Include/Guid/MigratedFvInfo.h | 4 ++-- > MdeModulePkg/Include/Ppi/MigrateTempRam.h | 23 > ++++++++++++++++++++ > MdeModulePkg/MdeModulePkg.dec | 5 ++++- > 6 files changed, 42 insertions(+), 6 deletions(-) > > diff --git a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > index bf1719d7941a..0e3d9a843816 100644 > --- a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > +++ b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c > @@ -1,7 +1,7 @@ > /** @file > Pei Core Main Entry Point > > -Copyright (c) 2006 - 2019, Intel Corporation. All rights > reserved.<BR> > +Copyright (c) 2006 - 2024, Intel Corporation. All rights > +reserved.<BR> > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -13,6 +13,11 @@ EFI_PEI_PPI_DESCRIPTOR mMemoryDiscoveredPpi = { > &gEfiPeiMemoryDiscoveredPpiGuid, > NULL > }; > +EFI_PEI_PPI_DESCRIPTOR mMigrateTempRamPpi = { > + (EFI_PEI_PPI_DESCRIPTOR_PPI | > EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), > + &gEdkiiPeiMigrateTempRamPpiGuid, > + NULL > +}; > > /// > /// Pei service instance > @@ -449,6 +454,9 @@ PeiCore ( > // > EvacuateTempRam (&PrivateData, SecCoreData); > > + Status = PeiServicesInstallPpi (&mMigrateTempRamPpi); > + ASSERT_EFI_ERROR (Status); > + > DEBUG ((DEBUG_VERBOSE, "PPI lists after temporary RAM > evacuation:\n")); > DumpPpiList (&PrivateData); > } > diff --git a/MdeModulePkg/Core/Pei/PeiMain.h > b/MdeModulePkg/Core/Pei/PeiMain.h index 46b6c23014a3..8df0c2d561f7 > 100644 > --- a/MdeModulePkg/Core/Pei/PeiMain.h > +++ b/MdeModulePkg/Core/Pei/PeiMain.h > @@ -1,7 +1,7 @@ > /** @file > Definition of Pei Core Structures and Services > > -Copyright (c) 2006 - 2019, Intel Corporation. All rights > reserved.<BR> > +Copyright (c) 2006 - 2024, Intel Corporation. All rights > +reserved.<BR> > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -26,6 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include <Ppi/TemporaryRamDone.h> #include <Ppi/SecHobData.h> > #include <Ppi/PeiCoreFvLocation.h> > +#include <Ppi/MigrateTempRam.h> > #include <Library/DebugLib.h> > #include <Library/PeiCoreEntryPoint.h> #include <Library/BaseLib.h> > diff --git a/MdeModulePkg/Core/Pei/PeiMain.inf > b/MdeModulePkg/Core/Pei/PeiMain.inf > index 893bdc052798..4e545ddab2ab 100644 > --- a/MdeModulePkg/Core/Pei/PeiMain.inf > +++ b/MdeModulePkg/Core/Pei/PeiMain.inf > @@ -6,7 +6,7 @@ > # 2) Dispatch PEIM from discovered FV. > # 3) Handoff control to DxeIpl to load DXE core and enter DXE phase. > # > -# Copyright (c) 2006 - 2019, Intel Corporation. All rights > reserved.<BR> > +# Copyright (c) 2006 - 2024, Intel Corporation. All rights > +reserved.<BR> > # > # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -101,6 +101,7 > @@ > gEfiPeiReset2PpiGuid ## > SOMETIMES_CONSUMES > gEfiSecHobDataPpiGuid ## > SOMETIMES_CONSUMES > gEfiPeiCoreFvLocationPpiGuid ## > SOMETIMES_CONSUMES > + gEdkiiPeiMigrateTempRamPpiGuid ## PRODUCES > > [Pcd] > gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxPeiStackSize > ## CONSUMES > diff --git a/MdeModulePkg/Include/Guid/MigratedFvInfo.h > b/MdeModulePkg/Include/Guid/MigratedFvInfo.h > index 1c8b0dfefc49..255e278235b1 100644 > --- a/MdeModulePkg/Include/Guid/MigratedFvInfo.h > +++ b/MdeModulePkg/Include/Guid/MigratedFvInfo.h > @@ -1,7 +1,7 @@ > /** @file > Migrated FV information > > -Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > +Copyright (c) 2020 - 2024, Intel Corporation. All rights > +reserved.<BR> > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -50,7 +50,7 @@ typedef struct { > > typedef struct { > UINT32 FvOrgBase; // original FV address > - UINT32 FvNewBase; // new FV address > + UINT32 FvNewBase; // new FV address, 0 means rebased data > is not copied > UINT32 FvDataBase; // original FV data, 0 means raw data is not > copied > UINT32 FvLength; // Fv Length > } EDKII_MIGRATED_FV_INFO; > diff --git a/MdeModulePkg/Include/Ppi/MigrateTempRam.h > b/MdeModulePkg/Include/Ppi/MigrateTempRam.h > new file mode 100644 > index 000000000000..9bbb55d5cf86 > --- /dev/null > +++ b/MdeModulePkg/Include/Ppi/MigrateTempRam.h > @@ -0,0 +1,23 @@ > +/** @file > + This file declares Migrate Temporary Memory PPI. > + > + This PPI is published by the PEI Foundation when temporary RAM > + needs to > evacuate. > + Its purpose is to be used as a signal for other PEIMs who can > + register for a > + notification on its installation. > + > + Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef PEI_MIGRATE_TEMP_RAM_PPI_H_ > +#define PEI_MIGRATE_TEMP_RAM_PPI_H_ > + > +#define EFI_PEI_MIGRATE_TEMP_RAM_PPI_GUID \ > + { \ > + 0xc79dc53b, 0xafcd, 0x4a6a, {0xad, 0x94, 0xa7, 0x6a, 0x3f, 0xa9, 0xe9, > 0xc2 } \ > + } > + > +extern EFI_GUID gEdkiiPeiMigrateTempRamPpiGuid; > + > +#endif > diff --git a/MdeModulePkg/MdeModulePkg.dec > b/MdeModulePkg/MdeModulePkg.dec index 3a239a1687ea..43e92c68ca20 > 100644 > --- a/MdeModulePkg/MdeModulePkg.dec > +++ b/MdeModulePkg/MdeModulePkg.dec > @@ -4,7 +4,7 @@ > # and libraries instances, which are used for those modules. > # > # Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved. > -# Copyright (c) 2007 - 2021, Intel Corporation. All rights > reserved.<BR> > +# Copyright (c) 2007 - 2024, Intel Corporation. All rights > +reserved.<BR> > # Copyright (c) 2016, Linaro Ltd. All rights reserved.<BR> # (C) > Copyright 2016 - 2019 Hewlett Packard Enterprise Development LP<BR> # > Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR> @@ > -546,6 +546,9 @@ > ## Include/Ppi/MemoryAttribute.h > gEdkiiMemoryAttributePpiGuid = { 0x1be840de, 0x2d92, > 0x41ec, { 0xb6, 0xd3, 0x19, 0x64, 0x13, 0x50, 0x51, 0xfb } } > > + ## Include/Ppi/MigrateTempRam.h > + gEdkiiPeiMigrateTempRamPpiGuid = { 0xc79dc53b, 0xafcd, > 0x4a6a, { 0xad, 0x94, 0xa7, 0x6a, 0x3f, 0xa9, 0xe9, 0xc2 } } > + > [Protocols] > ## Load File protocol provides capability to load and unload EFI > image into > memory and execute it. > # Include/Protocol/LoadPe32Image.h > -- > 2.44.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119313): https://edk2.groups.io/g/devel/message/119313 Mute This Topic: https://groups.io/mt/106363204/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
