[edk2-devel] [PATCH v2 3/9] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)

2020-07-01 Thread Guomin Jiang 
From: Michael Kubacki 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614

Adds a PEIM that republishes structures produced in SEC. This
is done because SEC modules may not be shadowed in some platforms
due to space constraints or special alignment requirements. The
SecMigrationPei module locates interfaces that may be published in
SEC and reinstalls the interface with permanent memory addresses.

This is important if pre-memory address access is forbidden after
memory initialization and data such as a PPI descriptor, PPI GUID,
or PPI inteface reside in pre-memory.

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Laszlo Ersek 
Cc: Rahul Kumar 
Cc: Debkumar De 
Cc: Harry Han 
Cc: Catharine West 
Signed-off-by: Michael Kubacki 
---
 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h  |  54 +++
 UefiCpuPkg/SecCore/SecCore.inf|   2 +
 UefiCpuPkg/SecCore/SecMain.c  |  26 +-
 UefiCpuPkg/SecCore/SecMain.h  |   1 +
 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c  | 372 ++
 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h  | 170 
 .../SecMigrationPei/SecMigrationPei.inf   |  64 +++
 .../SecMigrationPei/SecMigrationPei.uni   |  13 +
 UefiCpuPkg/UefiCpuPkg.dec |   4 +
 UefiCpuPkg/UefiCpuPkg.dsc |   1 +
 10 files changed, 705 insertions(+), 2 deletions(-)
 create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
 create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
 create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
 create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
 create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni

diff --git a/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h 
b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
new file mode 100644
index ..6fb9f1b005b4
--- /dev/null
+++ b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
@@ -0,0 +1,54 @@
+/** @file
+  This file declares Sec Platform Information PPI.
+
+  This service is the primary handoff state into the PEI Foundation.
+  The Security (SEC) component creates the early, transitory memory
+  environment and also encapsulates knowledge of at least the
+  location of the Boot Firmware Volume (BFV).
+
+  Copyright (c) 2020, Intel Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  @par Revision Reference:
+  This PPI is introduced in PI Version 1.0.
+
+**/
+
+#ifndef __REPUBLISH_SEC_PPI_H__
+#define __REPUBLISH_SEC_PPI_H__
+
+#include 
+
+#define REPUBLISH_SEC_PPI_PPI_GUID \
+  { \
+0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0xd0, 
0x92 } \
+  }
+
+typedef struct _REPUBLISH_SEC_PPI_PPI REPUBLISH_SEC_PPI_PPI;
+
+/**
+  This interface re-installs PPIs installed in SecCore from a post-memory PEIM.
+
+  This is to allow a platform that may not support relocation of SecCore to 
update the PPI instance to a post-memory
+  copy from a PEIM that has been shadowed to permanent memory.
+
+  @retval EFI_SUCCESSThe SecCore PPIs were re-installed successfully.
+  @retval Others An error occurred re-installing the SecCore PPIs.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS)(
+  VOID
+  );
+
+///
+///
+///
+struct _REPUBLISH_SEC_PPI_PPI {
+  REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS  RepublishSecPpis;
+};
+
+extern EFI_GUID gRepublishSecPpiPpiGuid;
+
+#endif
diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.inf
index 0562820c95e0..545781d6b4b3 100644
--- a/UefiCpuPkg/SecCore/SecCore.inf
+++ b/UefiCpuPkg/SecCore/SecCore.inf
@@ -68,6 +68,8 @@ [Ppis]
   ## SOMETIMES_CONSUMES
   gPeiSecPerformancePpiGuid
   gEfiPeiCoreFvLocationPpiGuid
+  ## CONSUMES
+  gRepublishSecPpiPpiGuid
 
 [Guids]
   ## SOMETIMES_PRODUCES   ## HOB
diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c
index 5d5e7f17dced..155be49a6011 100644
--- a/UefiCpuPkg/SecCore/SecMain.c
+++ b/UefiCpuPkg/SecCore/SecMain.c
@@ -370,13 +370,35 @@ SecTemporaryRamDone (
   VOID
   )
 {
-  BOOLEAN  State;
+  EFI_STATUSStatus;
+  EFI_STATUSStatus2;
+  UINTN Index;
+  BOOLEAN   State;
+  EFI_PEI_PPI_DESCRIPTOR*PeiPpiDescriptor;
+  REPUBLISH_SEC_PPI_PPI *RepublishSecPpiPpi;
 
   //
   // Republish Sec Platform Information(2) PPI
   //
   RepublishSecPlatformInformationPpi ();
 
+  //
+  // Re-install SEC PPIs using a PEIM produced service if published
+  //
+  for (Index = 0, Status = EFI_SUCCESS; Status == EFI_SUCCESS; Index++) {
+Status = PeiServicesLocatePpi (
+   &gRepublishSecPpiPpiGuid,
+   Index,
+   &PeiPpiDescriptor,
+   (VOID **) &RepublishSecPpiPpi
+   );
+if (!EFI_ERROR (Status)) {
+  DEBUG ((DEBUG_INFO, "Calling RepublishSecPpi instance %d.\n", Index));
+  Status2 = RepublishSecPpiPpi->RepublishSecPpis ();
+  ASSERT_EFI_ERROR (Status2);
+}
+  }
+
   /

Re: [edk2-devel] [PATCH v2 3/9] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)

2020-07-03 Thread Laszlo Ersek 
On 07/02/20 07:15, Guomin Jiang wrote:
> From: Michael Kubacki 
> 
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614
> 
> Adds a PEIM that republishes structures produced in SEC. This
> is done because SEC modules may not be shadowed in some platforms
> due to space constraints or special alignment requirements. The
> SecMigrationPei module locates interfaces that may be published in
> SEC and reinstalls the interface with permanent memory addresses.
> 
> This is important if pre-memory address access is forbidden after
> memory initialization and data such as a PPI descriptor, PPI GUID,
> or PPI inteface reside in pre-memory.
> 
> Cc: Eric Dong 
> Cc: Ray Ni 
> Cc: Laszlo Ersek 
> Cc: Rahul Kumar 
> Cc: Debkumar De 
> Cc: Harry Han 
> Cc: Catharine West 
> Signed-off-by: Michael Kubacki 
> ---
>  UefiCpuPkg/Include/Ppi/RepublishSecPpi.h  |  54 +++
>  UefiCpuPkg/SecCore/SecCore.inf|   2 +
>  UefiCpuPkg/SecCore/SecMain.c  |  26 +-
>  UefiCpuPkg/SecCore/SecMain.h  |   1 +
>  UefiCpuPkg/SecMigrationPei/SecMigrationPei.c  | 372 ++
>  UefiCpuPkg/SecMigrationPei/SecMigrationPei.h  | 170 
>  .../SecMigrationPei/SecMigrationPei.inf   |  64 +++
>  .../SecMigrationPei/SecMigrationPei.uni   |  13 +
>  UefiCpuPkg/UefiCpuPkg.dec |   4 +
>  UefiCpuPkg/UefiCpuPkg.dsc |   1 +
>  10 files changed, 705 insertions(+), 2 deletions(-)
>  create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
>  create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni

So this patch introduces SecMigrationPei, and a new PPI. OVMF doesn't
use those.

The patch also changes the existent UefiCpuPkg/SecCore module. OVMF
doesn't use that either.

Because of the above, I defer to Eric and Ray on this patch.

Thanks
Laszlo

> 
> diff --git a/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h 
> b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
> new file mode 100644
> index ..6fb9f1b005b4
> --- /dev/null
> +++ b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h
> @@ -0,0 +1,54 @@
> +/** @file
> +  This file declares Sec Platform Information PPI.
> +
> +  This service is the primary handoff state into the PEI Foundation.
> +  The Security (SEC) component creates the early, transitory memory
> +  environment and also encapsulates knowledge of at least the
> +  location of the Boot Firmware Volume (BFV).
> +
> +  Copyright (c) 2020, Intel Corporation. All rights reserved.
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +  @par Revision Reference:
> +  This PPI is introduced in PI Version 1.0.
> +
> +**/
> +
> +#ifndef __REPUBLISH_SEC_PPI_H__
> +#define __REPUBLISH_SEC_PPI_H__
> +
> +#include 
> +
> +#define REPUBLISH_SEC_PPI_PPI_GUID \
> +  { \
> +0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0xd0, 
> 0x92 } \
> +  }
> +
> +typedef struct _REPUBLISH_SEC_PPI_PPI REPUBLISH_SEC_PPI_PPI;
> +
> +/**
> +  This interface re-installs PPIs installed in SecCore from a post-memory 
> PEIM.
> +
> +  This is to allow a platform that may not support relocation of SecCore to 
> update the PPI instance to a post-memory
> +  copy from a PEIM that has been shadowed to permanent memory.
> +
> +  @retval EFI_SUCCESSThe SecCore PPIs were re-installed successfully.
> +  @retval Others An error occurred re-installing the SecCore PPIs.
> +
> +**/
> +typedef
> +EFI_STATUS
> +(EFIAPI *REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS)(
> +  VOID
> +  );
> +
> +///
> +///
> +///
> +struct _REPUBLISH_SEC_PPI_PPI {
> +  REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS  RepublishSecPpis;
> +};
> +
> +extern EFI_GUID gRepublishSecPpiPpiGuid;
> +
> +#endif
> diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.inf
> index 0562820c95e0..545781d6b4b3 100644
> --- a/UefiCpuPkg/SecCore/SecCore.inf
> +++ b/UefiCpuPkg/SecCore/SecCore.inf
> @@ -68,6 +68,8 @@ [Ppis]
>## SOMETIMES_CONSUMES
>gPeiSecPerformancePpiGuid
>gEfiPeiCoreFvLocationPpiGuid
> +  ## CONSUMES
> +  gRepublishSecPpiPpiGuid
>  
>  [Guids]
>## SOMETIMES_PRODUCES   ## HOB
> diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c
> index 5d5e7f17dced..155be49a6011 100644
> --- a/UefiCpuPkg/SecCore/SecMain.c
> +++ b/UefiCpuPkg/SecCore/SecMain.c
> @@ -370,13 +370,35 @@ SecTemporaryRamDone (
>VOID
>)
>  {
> -  BOOLEAN  State;
> +  EFI_STATUSStatus;
> +  EFI_STATUSStatus2;
> +  UINTN Index;
> +  BOOLEAN   State;
> +  EFI_PEI_PPI_DESCRIPTOR*PeiPpiDescriptor;
> +  REPUBLISH_SEC_PPI_PPI *RepublishSecPpiPpi;
>  
>//
>// Republish Sec Platform Information(2) PPI
>//
>RepublishSecPlatformInformationPpi ();
>  
> +  //
>