tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-04-08 17:05:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)

Browse Source 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614

Adds a PEIM that republishes structures produced in SEC. This
is done because SEC modules may not be shadowed in some platforms
due to space constraints or special alignment requirements. The
SecMigrationPei module locates interfaces that may be published in
SEC and reinstalls the interface with permanent memory addresses.

This is important if pre-memory address access is forbidden after
memory initialization and data such as a PPI descriptor, PPI GUID,
or PPI inteface reside in pre-memory.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Signed-off-by: Michael Kubacki <michael.a.kubacki@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Michael Kubacki 2019-04-21 14:21:55 -07:00 committed by mergify[bot]
parent 60b12e69fb
commit 479613bd06
10 changed files with 709 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
UefiCpuPkg/Include/Ppi/RepublishSecPpi.h Normal file
View File

@ -0,0 +1,54 @@
/** @file
This file declares Sec Platform Information PPI.
This service is the primary handoff state into the PEI Foundation.
The Security (SEC) component creates the early, transitory memory
environment and also encapsulates knowledge of at least the
location of the Boot Firmware Volume (BFV).
Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Revision Reference:
This PPI is introduced in PI Version 1.0.
**/
#ifndef __REPUBLISH_SEC_PPI_H__
#define __REPUBLISH_SEC_PPI_H__
#include <Pi/PiPeiCis.h>
#define REPUBLISH_SEC_PPI_PPI_GUID \
{ \
0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0xd0, 0x92 } \
}
typedef struct _REPUBLISH_SEC_PPI_PPI REPUBLISH_SEC_PPI_PPI;
/**
This interface re-installs PPIs installed in SecCore from a post-memory PEIM.
This is to allow a platform that may not support relocation of SecCore to update the PPI instance to a post-memory
copy from a PEIM that has been shadowed to permanent memory.
@retval EFI_SUCCESS The SecCore PPIs were re-installed successfully.
@retval Others An error occurred re-installing the SecCore PPIs.
**/
typedef
EFI_STATUS
(EFIAPI *REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS)(
VOID
);
///
/// Republish SEC PPIs
///
struct _REPUBLISH_SEC_PPI_PPI {
REPUBLISH_SEC_PPI_REPUBLISH_SEC_PPIS RepublishSecPpis;
};
extern EFI_GUID gRepublishSecPpiPpiGuid;
#endif

2
UefiCpuPkg/SecCore/SecCore.inf
View File

@ -68,6 +68,8 @@
## SOMETIMES_CONSUMES
gPeiSecPerformancePpiGuid
gEfiPeiCoreFvLocationPpiGuid
## CONSUMES
gRepublishSecPpiPpiGuid
[Guids]
## SOMETIMES_PRODUCES ## HOB

26
UefiCpuPkg/SecCore/SecMain.c
View File

@ -370,13 +370,35 @@ SecTemporaryRamDone (
VOID
)
{
BOOLEAN State;
EFI_STATUS Status;
EFI_STATUS Status2;
UINTN Index;
BOOLEAN State;
EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor;
REPUBLISH_SEC_PPI_PPI *RepublishSecPpiPpi;
//
// Republish Sec Platform Information(2) PPI
//
RepublishSecPlatformInformationPpi ();
//
// Re-install SEC PPIs using a PEIM produced service if published
//
for (Index = 0, Status = EFI_SUCCESS; Status == EFI_SUCCESS; Index++) {
Status = PeiServicesLocatePpi (
&gRepublishSecPpiPpiGuid,
Index,
&PeiPpiDescriptor,
(VOID **) &RepublishSecPpiPpi
);
if (!EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "Calling RepublishSecPpi instance %d.\n", Index));
Status2 = RepublishSecPpiPpi->RepublishSecPpis ();
ASSERT_EFI_ERROR (Status2);
}
}
//
// Migrate DebugAgentContext.
//
@ -385,7 +407,7 @@ SecTemporaryRamDone (
//
// Disable interrupts and save current interrupt state
//
State = SaveAndDisableInterrupts();
State = SaveAndDisableInterrupts ();
//
// Disable Temporary RAM after Stack and Heap have been migrated at this point.

1
UefiCpuPkg/SecCore/SecMain.h
View File

@ -15,6 +15,7 @@
#include <Ppi/TemporaryRamDone.h>
#include <Ppi/SecPerformance.h>
#include <Ppi/PeiCoreFvLocation.h>
#include <Ppi/RepublishSecPpi.h>
#include <Guid/FirmwarePerformance.h>

385
UefiCpuPkg/SecMigrationPei/SecMigrationPei.c Normal file
View File

@ -0,0 +1,385 @@
/** @file
Migrates SEC structures after permanent memory is installed.
Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Base.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <Library/HobLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/PeiServicesLib.h>
#include <Library/PeiServicesTablePointerLib.h>
#include "SecMigrationPei.h"
STATIC REPUBLISH_SEC_PPI_PPI mEdkiiRepublishSecPpiPpi = {
RepublishSecPpis
};
GLOBAL_REMOVE_IF_UNREFERENCED EFI_SEC_PLATFORM_INFORMATION_PPI mSecPlatformInformationPostMemoryPpi = {
SecPlatformInformationPostMemory
};
GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_TEMPORARY_RAM_DONE_PPI mSecTemporaryRamDonePostMemoryPpi = {
SecTemporaryRamDonePostMemory
};
GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI mSecTemporaryRamSupportPostMemoryPpi = {
SecTemporaryRamSupportPostMemory
};
GLOBAL_REMOVE_IF_UNREFERENCED PEI_SEC_PERFORMANCE_PPI mSecPerformancePpi = {
GetPerformancePostMemory
};
STATIC EFI_PEI_PPI_DESCRIPTOR mEdkiiRepublishSecPpiDescriptor = {
(EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gRepublishSecPpiPpiGuid,
&mEdkiiRepublishSecPpiPpi
};
GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR mSecPlatformInformationPostMemoryDescriptor = {
(EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEfiSecPlatformInformationPpiGuid,
&mSecPlatformInformationPostMemoryPpi
};
GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR mSecTemporaryRamDonePostMemoryDescriptor = {
(EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEfiTemporaryRamDonePpiGuid,
&mSecTemporaryRamDonePostMemoryPpi
};
GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR mSecTemporaryRamSupportPostMemoryDescriptor = {
(EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEfiTemporaryRamSupportPpiGuid,
&mSecTemporaryRamSupportPostMemoryPpi
};
GLOBAL_REMOVE_IF_UNREFERENCED EFI_PEI_PPI_DESCRIPTOR mSecPerformancePpiDescriptor = {
(EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gPeiSecPerformancePpiGuid,
&mSecPerformancePpi
};
/**
Disables the use of Temporary RAM.
If present, this service is invoked by the PEI Foundation after
the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed.
@retval EFI_SUCCESS Dummy function, alway return this value.
**/
EFI_STATUS
EFIAPI
SecTemporaryRamDonePostMemory (
VOID
)
{
//
// Temporary RAM Done is already done in post-memory
// install a stub function that is located in permanent memory
//
return EFI_SUCCESS;
}
/**
This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates temporary RAM into
permanent memory.
@param PeiServices Pointer to the PEI Services Table.
@param TemporaryMemoryBase Source Address in temporary memory from which the SEC or PEIM will copy the
Temporary RAM contents.
@param PermanentMemoryBase Destination Address in permanent memory into which the SEC or PEIM will copy the
Temporary RAM contents.
@param CopySize Amount of memory to migrate from temporary to permanent memory.
@retval EFI_SUCCESS The data was successfully returned.
@retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > TemporaryMemoryBase when
TemporaryMemoryBase > PermanentMemoryBase.
**/
EFI_STATUS
EFIAPI
SecTemporaryRamSupportPostMemory (
IN CONST EFI_PEI_SERVICES **PeiServices,
IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase,
IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase,
IN UINTN CopySize
)
{
//
// Temporary RAM Support is already done in post-memory
// install a stub function that is located in permanent memory
//
return EFI_SUCCESS;
}
/**
This interface conveys performance information out of the Security (SEC) phase into PEI.
This service is published by the SEC phase. The SEC phase handoff has an optional
EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is passed from SEC into the
PEI Foundation. As such, if the platform supports collecting performance data in SEC,
this information is encapsulated into the data structure abstracted by this service.
This information is collected for the boot-strap processor (BSP) on IA-32.
@param[in] PeiServices The pointer to the PEI Services Table.
@param[in] This The pointer to this instance of the PEI_SEC_PERFORMANCE_PPI.
@param[out] Performance The pointer to performance data collected in SEC phase.
@retval EFI_SUCCESS The performance data was successfully returned.
@retval EFI_INVALID_PARAMETER The This or Performance is NULL.
@retval EFI_NOT_FOUND Can't found the HOB created by the SecMigrationPei component.
**/
EFI_STATUS
EFIAPI
GetPerformancePostMemory (
IN CONST EFI_PEI_SERVICES **PeiServices,
IN PEI_SEC_PERFORMANCE_PPI *This,
OUT FIRMWARE_SEC_PERFORMANCE *Performance
)
{
SEC_PLATFORM_INFORMATION_CONTEXT_HOB *SecPlatformInformationContexHob;
if (This == NULL || Performance == NULL) {
return EFI_INVALID_PARAMETER;
}
SecPlatformInformationContexHob = GetFirstGuidHob (&gEfiCallerIdGuid);
if (SecPlatformInformationContexHob == NULL) {
return EFI_NOT_FOUND;
}
Performance->ResetEnd = SecPlatformInformationContexHob->FirmwareSecPerformance.ResetEnd;
return EFI_SUCCESS;
}
/**
This interface conveys state information out of the Security (SEC) phase into PEI.
@param[in] PeiServices Pointer to the PEI Services Table.
@param[in,out] StructureSize Pointer to the variable describing size of the input buffer.
@param[out] PlatformInformationRecord Pointer to the EFI_SEC_PLATFORM_INFORMATION_RECORD.
@retval EFI_SUCCESS The data was successfully returned.
@retval EFI_NOT_FOUND Can't found the HOB created by SecMigrationPei component.
@retval EFI_BUFFER_TOO_SMALL The size of buffer pointed by StructureSize is too small and will return
the minimal required size in the buffer pointed by StructureSize.
@retval EFI_INVALID_PARAMETER The StructureSize is NULL or PlatformInformationRecord is NULL.
**/
EFI_STATUS
EFIAPI
SecPlatformInformationPostMemory (
IN CONST EFI_PEI_SERVICES **PeiServices,
IN OUT UINT64 *StructureSize,
OUT EFI_SEC_PLATFORM_INFORMATION_RECORD *PlatformInformationRecord
)
{
SEC_PLATFORM_INFORMATION_CONTEXT_HOB *SecPlatformInformationContexHob;
if (StructureSize == NULL) {
return EFI_INVALID_PARAMETER;
}
SecPlatformInformationContexHob = GetFirstGuidHob (&gEfiCallerIdGuid);
if (SecPlatformInformationContexHob == NULL) {
return EFI_NOT_FOUND;
}
if (*StructureSize < SecPlatformInformationContexHob->Context.StructureSize) {
*StructureSize = SecPlatformInformationContexHob->Context.StructureSize;
return EFI_BUFFER_TOO_SMALL;
}
if (PlatformInformationRecord == NULL) {
return EFI_INVALID_PARAMETER;
}
*StructureSize = SecPlatformInformationContexHob->Context.StructureSize;
CopyMem (
(VOID *) PlatformInformationRecord,
(VOID *) SecPlatformInformationContexHob->Context.PlatformInformationRecord,
(UINTN) SecPlatformInformationContexHob->Context.StructureSize
);
return EFI_SUCCESS;
}
/**
This interface re-installs PPIs installed in SecCore from a post-memory PEIM.
This is to allow a platform that may not support relocation of SecCore to update the PPI instance to a post-memory
copy from a PEIM that has been shadowed to permanent memory.
@retval EFI_SUCCESS The SecCore PPIs were re-installed successfully.
@retval Others An error occurred re-installing the SecCore PPIs.
**/
EFI_STATUS
EFIAPI
RepublishSecPpis (
VOID
)
{
EFI_STATUS Status;
EFI_PEI_PPI_DESCRIPTOR *PeiPpiDescriptor;
VOID *PeiPpi;
SEC_PLATFORM_INFORMATION_CONTEXT_HOB *SecPlatformInformationContextHob;
EFI_SEC_PLATFORM_INFORMATION_RECORD *SecPlatformInformationPtr;
UINT64 SecStructureSize;
SecPlatformInformationPtr = NULL;
SecStructureSize = 0;
Status = PeiServicesLocatePpi (
&gEfiTemporaryRamDonePpiGuid,
0,
&PeiPpiDescriptor,
(VOID **) &PeiPpi
);
if (!EFI_ERROR (Status)) {
Status = PeiServicesReInstallPpi (
PeiPpiDescriptor,
&mSecTemporaryRamDonePostMemoryDescriptor
);
ASSERT_EFI_ERROR (Status);
}
Status = PeiServicesLocatePpi (
&gEfiTemporaryRamSupportPpiGuid,
0,
&PeiPpiDescriptor,
(VOID **) &PeiPpi
);
if (!EFI_ERROR (Status)) {
Status = PeiServicesReInstallPpi (
PeiPpiDescriptor,
&mSecTemporaryRamSupportPostMemoryDescriptor
);
ASSERT_EFI_ERROR (Status);
}
Status = PeiServicesCreateHob (
EFI_HOB_TYPE_GUID_EXTENSION,
sizeof (SEC_PLATFORM_INFORMATION_CONTEXT_HOB),
(VOID **) &SecPlatformInformationContextHob
);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "SecPlatformInformation Context HOB could not be created.\n"));
return Status;
}
SecPlatformInformationContextHob->Header.Name = gEfiCallerIdGuid;
SecPlatformInformationContextHob->Revision = 1;
Status = PeiServicesLocatePpi (
&gPeiSecPerformancePpiGuid,
0,
&PeiPpiDescriptor,
(VOID **) &PeiPpi
);
if (!EFI_ERROR (Status)) {
Status = ((PEI_SEC_PERFORMANCE_PPI *) PeiPpi)->GetPerformance (
GetPeiServicesTablePointer (),
(PEI_SEC_PERFORMANCE_PPI *) PeiPpi,
&SecPlatformInformationContextHob->FirmwareSecPerformance
);
ASSERT_EFI_ERROR (Status);
if (!EFI_ERROR (Status)) {
Status = PeiServicesReInstallPpi (
PeiPpiDescriptor,
&mSecPerformancePpiDescriptor
);
ASSERT_EFI_ERROR (Status);
}
}
Status = PeiServicesLocatePpi (
&gEfiSecPlatformInformationPpiGuid,
0,
&PeiPpiDescriptor,
(VOID **) &PeiPpi
);
if (!EFI_ERROR (Status)) {
Status = ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)->PlatformInformation (
GetPeiServicesTablePointer (),
&SecStructureSize,
SecPlatformInformationPtr
);
ASSERT (Status == EFI_BUFFER_TOO_SMALL);
if (Status != EFI_BUFFER_TOO_SMALL) {
return EFI_NOT_FOUND;
}
ZeroMem ((VOID *) &(SecPlatformInformationContextHob->Context), sizeof (SEC_PLATFORM_INFORMATION_CONTEXT));
SecPlatformInformationContextHob->Context.PlatformInformationRecord = AllocatePool ((UINTN) SecStructureSize);
ASSERT (SecPlatformInformationContextHob->Context.PlatformInformationRecord != NULL);
if (SecPlatformInformationContextHob->Context.PlatformInformationRecord == NULL) {
return EFI_OUT_OF_RESOURCES;
}
SecPlatformInformationContextHob->Context.StructureSize = SecStructureSize;
Status = ((EFI_SEC_PLATFORM_INFORMATION_PPI *) PeiPpi)->PlatformInformation (
GetPeiServicesTablePointer (),
&(SecPlatformInformationContextHob->Context.StructureSize),
SecPlatformInformationContextHob->Context.PlatformInformationRecord
);
ASSERT_EFI_ERROR (Status);
if (!EFI_ERROR (Status)) {
Status = PeiServicesReInstallPpi (
PeiPpiDescriptor,
&mSecPlatformInformationPostMemoryDescriptor
);
ASSERT_EFI_ERROR (Status);
}
}
return EFI_SUCCESS;
}
/**
This function is the entry point which installs an instance of REPUBLISH_SEC_PPI_PPI.
It install the RepublishSecPpi depent on PcdMigrateTemporaryRamFirmwareVolumes, install
the PPI when the PcdMigrateTemporaryRamFirmwareVolumes enabled.
@param[in] FileHandle Pointer to image file handle.
@param[in] PeiServices Pointer to PEI Services Table
@retval EFI_ABORTED Disable evacuate temporary memory feature by disable
PcdMigrateTemporaryRamFirmwareVolumes.
@retval EFI_SUCCESS An instance of REPUBLISH_SEC_PPI_PPI was installed successfully.
@retval Others An error occurred installing and instance of REPUBLISH_SEC_PPI_PPI.
**/
EFI_STATUS
EFIAPI
SecMigrationPeiInitialize (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
Status = EFI_ABORTED;
if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
Status = PeiServicesInstallPpi (&mEdkiiRepublishSecPpiDescriptor);
ASSERT_EFI_ERROR (Status);
}
return Status;
}

158
UefiCpuPkg/SecMigrationPei/SecMigrationPei.h Normal file
View File

@ -0,0 +1,158 @@
/** @file
Migrates SEC structures after permanent memory is installed.
Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef __SEC_MIGRATION_H__
#define __SEC_MIGRATION_H__
#include <Base.h>
#include <Pi/PiPeiCis.h>
#include <Ppi/RepublishSecPpi.h>
#include <Ppi/SecPerformance.h>
#include <Ppi/SecPlatformInformation.h>
#include <Ppi/SecPlatformInformation2.h>
#include <Ppi/TemporaryRamDone.h>
#include <Ppi/TemporaryRamSupport.h>
/**
This interface conveys state information out of the Security (SEC) phase into PEI.
@param[in] PeiServices Pointer to the PEI Services Table.
@param[in,out] StructureSize Pointer to the variable describing size of the input buffer.
@param[out] PlatformInformationRecord Pointer to the EFI_SEC_PLATFORM_INFORMATION_RECORD.
@retval EFI_SUCCESS The data was successfully returned.
@retval EFI_NOT_FOUND Can't found the HOB created by SecMigrationPei component.
@retval EFI_BUFFER_TOO_SMALL The size of buffer pointed by StructureSize is too small and will return
the minimal required size in the buffer pointed by StructureSize.
@retval EFI_INVALID_PARAMETER The StructureSize is NULL or PlatformInformationRecord is NULL.
**/
EFI_STATUS
EFIAPI
SecPlatformInformationPostMemory (
IN CONST EFI_PEI_SERVICES **PeiServices,
IN OUT UINT64 *StructureSize,
OUT EFI_SEC_PLATFORM_INFORMATION_RECORD *PlatformInformationRecord
);
/**
Re-installs the SEC Platform Information PPIs to implementation in this module to support post-memory.
@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
@param[in] NotifyDescriptor Address of the notification descriptor data structure.
@param[in] Ppi Address of the PPI that was installed.
@retval EFI_SUCCESS The SEC Platform Information PPI could not be re-installed.
@return Others An error occurred during PPI re-install.
**/
EFI_STATUS
EFIAPI
SecPlatformInformationPpiNotifyCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
);
/**
This interface re-installs PPIs installed in SecCore from a post-memory PEIM.
This is to allow a platform that may not support relocation of SecCore to update the PPI instance to a post-memory
copy from a PEIM that has been shadowed to permanent memory.
@retval EFI_SUCCESS The SecCore PPIs were re-installed successfully.
@retval Others An error occurred re-installing the SecCore PPIs.
**/
EFI_STATUS
EFIAPI
RepublishSecPpis (
VOID
);
/**
Disables the use of Temporary RAM.
If present, this service is invoked by the PEI Foundation after
the EFI_PEI_PERMANANT_MEMORY_INSTALLED_PPI is installed.
@retval EFI_SUCCESS Dummy function, alway return this value.
**/
EFI_STATUS
EFIAPI
SecTemporaryRamDonePostMemory (
VOID
);
/**
This service of the EFI_PEI_TEMPORARY_RAM_SUPPORT_PPI that migrates temporary RAM into
permanent memory.
@param PeiServices Pointer to the PEI Services Table.
@param TemporaryMemoryBase Source Address in temporary memory from which the SEC or PEIM will copy the
Temporary RAM contents.
@param PermanentMemoryBase Destination Address in permanent memory into which the SEC or PEIM will copy the
Temporary RAM contents.
@param CopySize Amount of memory to migrate from temporary to permanent memory.
@retval EFI_SUCCESS The data was successfully returned.
@retval EFI_INVALID_PARAMETER PermanentMemoryBase + CopySize > TemporaryMemoryBase when
TemporaryMemoryBase > PermanentMemoryBase.
**/
EFI_STATUS
EFIAPI
SecTemporaryRamSupportPostMemory (
IN CONST EFI_PEI_SERVICES **PeiServices,
IN EFI_PHYSICAL_ADDRESS TemporaryMemoryBase,
IN EFI_PHYSICAL_ADDRESS PermanentMemoryBase,
IN UINTN CopySize
);
/**
This interface conveys performance information out of the Security (SEC) phase into PEI.
This service is published by the SEC phase. The SEC phase handoff has an optional
EFI_PEI_PPI_DESCRIPTOR list as its final argument when control is passed from SEC into the
PEI Foundation. As such, if the platform supports collecting performance data in SEC,
this information is encapsulated into the data structure abstracted by this service.
This information is collected for the boot-strap processor (BSP) on IA-32.
@param[in] PeiServices The pointer to the PEI Services Table.
@param[in] This The pointer to this instance of the PEI_SEC_PERFORMANCE_PPI.
@param[out] Performance The pointer to performance data collected in SEC phase.
@retval EFI_SUCCESS The performance data was successfully returned.
@retval EFI_INVALID_PARAMETER The This or Performance is NULL.
@retval EFI_NOT_FOUND Can't found the HOB created by the SecMigrationPei component.
**/
EFI_STATUS
EFIAPI
GetPerformancePostMemory (
IN CONST EFI_PEI_SERVICES **PeiServices,
IN PEI_SEC_PERFORMANCE_PPI *This,
OUT FIRMWARE_SEC_PERFORMANCE *Performance
);
typedef struct {
UINT64 StructureSize;
EFI_SEC_PLATFORM_INFORMATION_RECORD *PlatformInformationRecord;
} SEC_PLATFORM_INFORMATION_CONTEXT;
typedef struct {
EFI_HOB_GUID_TYPE Header;
UINT8 Revision;
UINT8 Reserved[3];
FIRMWARE_SEC_PERFORMANCE FirmwareSecPerformance;
SEC_PLATFORM_INFORMATION_CONTEXT Context;
} SEC_PLATFORM_INFORMATION_CONTEXT_HOB;
#endif

68
UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf Normal file
View File

@ -0,0 +1,68 @@
## @file
# Migrates SEC structures after permanent memory is installed.
#
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SecMigrationPei
MODULE_UNI_FILE = SecMigrationPei.uni
FILE_GUID = 58B35361-8922-41BC-B313-EF7ED9ADFDF7
MODULE_TYPE = PEIM
VERSION_STRING = 1.0
ENTRY_POINT = SecMigrationPeiInitialize
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 EBC
#
[Sources]
SecMigrationPei.c
SecMigrationPei.h
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
UefiCpuPkg/UefiCpuPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
HobLib
MemoryAllocationLib
PeimEntryPoint
PeiServicesLib
PeiServicesTablePointerLib
[Ppis]
## PRODUCES
gRepublishSecPpiPpiGuid
## SOMETIMES_PRODUCES
gEfiTemporaryRamDonePpiGuid
## SOMETIME_PRODUCES
gEfiTemporaryRamSupportPpiGuid
## SOMETIMES_PRODUCES
gPeiSecPerformancePpiGuid
## SOMETIMES_CONSUMES
## PRODUCES
gEfiSecPlatformInformationPpiGuid
## SOMETIMES_CONSUMES
## SOMETIMES_PRODUCES
gEfiSecPlatformInformation2PpiGuid
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes ## CONSUMES
[Depex]
TRUE

13
UefiCpuPkg/SecMigrationPei/SecMigrationPei.uni Normal file
View File

@ -0,0 +1,13 @@
// /** @file
// Migrates SEC structures after permanent memory is installed.
//
// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
// SPDX-License-Identifier: BSD-2-Clause-Patent
//
// **/
#string STR_MODULE_ABSTRACT #language en-US "Migrates SEC structures after permanent memory is installed"
#string STR_MODULE_DESCRIPTION #language en-US "Migrates SEC structures after permanent memory is installed."

3
UefiCpuPkg/UefiCpuPkg.dec
View File

@ -84,6 +84,9 @@
## Include/Ppi/ShadowMicrocode.h
gEdkiiPeiShadowMicrocodePpiGuid = { 0x430f6965, 0x9a69, 0x41c5, { 0x93, 0xed, 0x8b, 0xf0, 0x64, 0x35, 0xc1, 0xc6 }}
## Include/Ppi/RepublishSecPpi.h
gRepublishSecPpiPpiGuid = { 0x27a71b1e, 0x73ee, 0x43d6, { 0xac, 0xe3, 0x52, 0x1a, 0x2d, 0xc5, 0xd0, 0x92 }}
[PcdsFeatureFlag]
## Indicates if SMM Profile will be enabled.
# If enabled, instruction executions in and data accesses to memory outside of SMRAM will be logged.

1
UefiCpuPkg/UefiCpuPkg.dsc
View File

@ -146,6 +146,7 @@
UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
UefiCpuPkg/SecCore/SecCore.inf
UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf {
<Defines>