[edk2-devel] [PATCH v2 3/9] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)
From: Michael Kubacki REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 Adds a PEIM that republishes structures produced in SEC. This is done because SEC modules may not be shadowed in some platforms due to space constraints or special alignment requirements. The SecMigrationPei module locates interfaces that may be published in SEC and reinstalls the interface with permanent memory addresses. This is important if pre-memory address access is forbidden after memory initialization and data such as a PPI descriptor, PPI GUID, or PPI inteface reside in pre-memory. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Rahul Kumar Cc: Debkumar De Cc: Harry Han Cc: Catharine West Signed-off-by: Michael Kubacki --- UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ UefiCpuPkg/SecCore/SecCore.inf| 2 + UefiCpuPkg/SecCore/SecMain.c | 26 +- UefiCpuPkg/SecCore/SecMain.h | 1 + UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 372 ++ UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 170 .../SecMigrationPei/SecMigrationPei.inf | 64 +++ .../SecMigrationPei/SecMigrationPei.uni | 13 + UefiCpuPkg/UefiCpuPkg.dec | 4 + UefiCpuPkg/UefiCpuPkg.dsc | 1 + 10 files changed, 705 insertions(+), 2 deletions(-) create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni diff --git a/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h new file mode 100644 index ..6fb9f1b005b4 --- /dev/null +++ b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h @@ -0,0 +1,54 @@ +/** @file + This file declares Sec Platform Information PPI. + + This service is the primary handoff state into the PEI Foundation. + The Security (SEC) component creates the early, transitory memory + environment and also encapsulates knowledge of at least the + location of the Boot Firmware Volume (BFV). + + Copyright (c) 2020, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Revision Reference: + This PPI is introduced in PI Version 1.0. + +**/ + +#ifndef __REPUBLISH_SEC_PPI_H__ +#define __REPUBLISH_SEC_PPI_H__ + +#include + +#define REPUBLISH_SEC_PPI_PPI_GUID \ + { \ +0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0xd0, 0x92 } \ + } + +typedef struct _REPUBLISH_SEC_PPI_PPI REPUBLISH_SEC_PPI_PPI; + +/** + This interface re-installs PPIs installed in SecCore from a post-memory PEIM. + + This is to allow a platform that may not support relocation of SecCore to update the PPI instance to a post-memory + copy from a PEIM that has been shadowed to permanent memory. + + @retval EFI_SUCCESSThe SecCore PPIs were re-installed successfully. + @retval Others An error occurred re-installing the SecCore PPIs. + +**/ +typedef +EFI_STATUS +(EFIAPI *REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS)( + VOID + ); + +/// +/// +/// +struct _REPUBLISH_SEC_PPI_PPI { + REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS RepublishSecPpis; +}; + +extern EFI_GUID gRepublishSecPpiPpiGuid; + +#endif diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.inf index 0562820c95e0..545781d6b4b3 100644 --- a/UefiCpuPkg/SecCore/SecCore.inf +++ b/UefiCpuPkg/SecCore/SecCore.inf @@ -68,6 +68,8 @@ [Ppis] ## SOMETIMES_CONSUMES gPeiSecPerformancePpiGuid gEfiPeiCoreFvLocationPpiGuid + ## CONSUMES + gRepublishSecPpiPpiGuid [Guids] ## SOMETIMES_PRODUCES ## HOB diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c index 5d5e7f17dced..155be49a6011 100644 --- a/UefiCpuPkg/SecCore/SecMain.c +++ b/UefiCpuPkg/SecCore/SecMain.c @@ -370,13 +370,35 @@ SecTemporaryRamDone ( VOID ) { - BOOLEAN State; + EFI_STATUSStatus; + EFI_STATUSStatus2; + UINTN Index; + BOOLEAN State; + EFI_PEI_PPI_DESCRIPTOR*PeiPpiDescriptor; + REPUBLISH_SEC_PPI_PPI *RepublishSecPpiPpi; // // Republish Sec Platform Information(2) PPI // RepublishSecPlatformInformationPpi (); + // + // Re-install SEC PPIs using a PEIM produced service if published + // + for (Index = 0, Status = EFI_SUCCESS; Status == EFI_SUCCESS; Index++) { +Status = PeiServicesLocatePpi ( + &gRepublishSecPpiPpiGuid, + Index, + &PeiPpiDescriptor, + (VOID **) &RepublishSecPpiPpi + ); +if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "Calling RepublishSecPpi instance %d.\n", Index)); + Status2 = RepublishSecPpiPpi->RepublishSecPpis (); + ASSERT_EFI_ERROR (Status2); +} + } + /
Re: [edk2-devel] [PATCH v2 3/9] UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)
On 07/02/20 07:15, Guomin Jiang wrote: > From: Michael Kubacki > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 > > Adds a PEIM that republishes structures produced in SEC. This > is done because SEC modules may not be shadowed in some platforms > due to space constraints or special alignment requirements. The > SecMigrationPei module locates interfaces that may be published in > SEC and reinstalls the interface with permanent memory addresses. > > This is important if pre-memory address access is forbidden after > memory initialization and data such as a PPI descriptor, PPI GUID, > or PPI inteface reside in pre-memory. > > Cc: Eric Dong > Cc: Ray Ni > Cc: Laszlo Ersek > Cc: Rahul Kumar > Cc: Debkumar De > Cc: Harry Han > Cc: Catharine West > Signed-off-by: Michael Kubacki > --- > UefiCpuPkg/Include/Ppi/RepublishSecPpi.h | 54 +++ > UefiCpuPkg/SecCore/SecCore.inf| 2 + > UefiCpuPkg/SecCore/SecMain.c | 26 +- > UefiCpuPkg/SecCore/SecMain.h | 1 + > UefiCpuPkg/SecMigrationPei/SecMigrationPei.c | 372 ++ > UefiCpuPkg/SecMigrationPei/SecMigrationPei.h | 170 > .../SecMigrationPei/SecMigrationPei.inf | 64 +++ > .../SecMigrationPei/SecMigrationPei.uni | 13 + > UefiCpuPkg/UefiCpuPkg.dec | 4 + > UefiCpuPkg/UefiCpuPkg.dsc | 1 + > 10 files changed, 705 insertions(+), 2 deletions(-) > create mode 100644 UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.c > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.h > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf > create mode 100644 UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni So this patch introduces SecMigrationPei, and a new PPI. OVMF doesn't use those. The patch also changes the existent UefiCpuPkg/SecCore module. OVMF doesn't use that either. Because of the above, I defer to Eric and Ray on this patch. Thanks Laszlo > > diff --git a/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > new file mode 100644 > index ..6fb9f1b005b4 > --- /dev/null > +++ b/UefiCpuPkg/Include/Ppi/RepublishSecPpi.h > @@ -0,0 +1,54 @@ > +/** @file > + This file declares Sec Platform Information PPI. > + > + This service is the primary handoff state into the PEI Foundation. > + The Security (SEC) component creates the early, transitory memory > + environment and also encapsulates knowledge of at least the > + location of the Boot Firmware Volume (BFV). > + > + Copyright (c) 2020, Intel Corporation. All rights reserved. > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > + @par Revision Reference: > + This PPI is introduced in PI Version 1.0. > + > +**/ > + > +#ifndef __REPUBLISH_SEC_PPI_H__ > +#define __REPUBLISH_SEC_PPI_H__ > + > +#include > + > +#define REPUBLISH_SEC_PPI_PPI_GUID \ > + { \ > +0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0xd0, > 0x92 } \ > + } > + > +typedef struct _REPUBLISH_SEC_PPI_PPI REPUBLISH_SEC_PPI_PPI; > + > +/** > + This interface re-installs PPIs installed in SecCore from a post-memory > PEIM. > + > + This is to allow a platform that may not support relocation of SecCore to > update the PPI instance to a post-memory > + copy from a PEIM that has been shadowed to permanent memory. > + > + @retval EFI_SUCCESSThe SecCore PPIs were re-installed successfully. > + @retval Others An error occurred re-installing the SecCore PPIs. > + > +**/ > +typedef > +EFI_STATUS > +(EFIAPI *REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS)( > + VOID > + ); > + > +/// > +/// > +/// > +struct _REPUBLISH_SEC_PPI_PPI { > + REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS RepublishSecPpis; > +}; > + > +extern EFI_GUID gRepublishSecPpiPpiGuid; > + > +#endif > diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.inf > index 0562820c95e0..545781d6b4b3 100644 > --- a/UefiCpuPkg/SecCore/SecCore.inf > +++ b/UefiCpuPkg/SecCore/SecCore.inf > @@ -68,6 +68,8 @@ [Ppis] >## SOMETIMES_CONSUMES >gPeiSecPerformancePpiGuid >gEfiPeiCoreFvLocationPpiGuid > + ## CONSUMES > + gRepublishSecPpiPpiGuid > > [Guids] >## SOMETIMES_PRODUCES ## HOB > diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c > index 5d5e7f17dced..155be49a6011 100644 > --- a/UefiCpuPkg/SecCore/SecMain.c > +++ b/UefiCpuPkg/SecCore/SecMain.c > @@ -370,13 +370,35 @@ SecTemporaryRamDone ( >VOID >) > { > - BOOLEAN State; > + EFI_STATUSStatus; > + EFI_STATUSStatus2; > + UINTN Index; > + BOOLEAN State; > + EFI_PEI_PPI_DESCRIPTOR*PeiPpiDescriptor; > + REPUBLISH_SEC_PPI_PPI *RepublishSecPpiPpi; > >// >// Republish Sec Platform Information(2) PPI >// >RepublishSecPlatformInformationPpi (); > > + // >