MdeModulePkg: Added PROTECT_IF_ALIGNED_ELSE_DISALLOW option for PcdImageProtectionPolicy.

MdeModulePkg/Core/Dxe/DxeMain.inf

@@ -190,7 +190,8 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask                   ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard                           ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth           ## CONSUMES
-
+  gEfiMdePkgTokenSpaceGuid.PcdDebugRaisePropertyMask                        ## CONSUMES
+  
 # [Hob]
 # RESOURCE_DESCRIPTOR   ## CONSUMES
 # MEMORY_ALLOCATION     ## CONSUMES

MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c

@@ -49,8 +49,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 //
 // Protection policy bit definition
 //
-#define DO_NOT_PROTECT                 0x00000000
+#define DO_NOT_PROTECT                    0x00000000
-#define PROTECT_IF_ALIGNED_ELSE_ALLOW  0x00000001
+#define PROTECT_IF_ALIGNED_ELSE_ALLOW     0x00000001
+#define PROTECT_IF_ALIGNED_ELSE_DISALLOW  0x00000002
 
 #define MEMORY_TYPE_OS_RESERVED_MIN   0x80000000
 #define MEMORY_TYPE_OEM_RESERVED_MIN  0x70000000
@@ -78,11 +79,15 @@ GetProtectionPolicyFromImageType (
 {
   ASSERT (ImageIsFromFv == FALSE || ImageIsFromFv == TRUE);
 
+  if ((mImageProtectionPolicy & 4U) != 0) {
+    return PROTECT_IF_ALIGNED_ELSE_DISALLOW;
+  }
+
   if (((ImageIsFromFv + 1) & mImageProtectionPolicy) == 0) {
     return DO_NOT_PROTECT;
-  } else {
-    return PROTECT_IF_ALIGNED_ELSE_ALLOW;
   }
+
+  return PROTECT_IF_ALIGNED_ELSE_ALLOW;
 }
 
 /**
@@ -233,13 +238,13 @@ ProtectUefiImage (
   UEFI_IMAGE_LOADER_IMAGE_CONTEXT  *ImageContext
   )
 {
-  RETURN_STATUS               PdbStatus;
+  RETURN_STATUS      PdbStatus;
-  UINT32                                SectionAlignment;
+  UINT32             SectionAlignment;
-  UEFI_IMAGE_RECORD                    *ImageRecord;
+  UEFI_IMAGE_RECORD  *ImageRecord;
-  CONST CHAR8                          *PdbPointer;
+  CONST CHAR8        *PdbPointer;
-  UINT32                               PdbSize;
+  UINT32             PdbSize;
-  BOOLEAN                               IsAligned;
+  BOOLEAN            IsAligned;
-  UINT32                                ProtectionPolicy;
+  UINT32             ProtectionPolicy;
 
   DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage));
   DEBUG ((DEBUG_INFO, "  - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize));
@@ -250,8 +255,10 @@ ProtectUefiImage (
       return;
     case PROTECT_IF_ALIGNED_ELSE_ALLOW:
       break;
+    case PROTECT_IF_ALIGNED_ELSE_DISALLOW:
+      break;
     default:
-      ASSERT (FALSE);
+      DEBUG_RAISE ();
       return;
   }
 
@@ -275,6 +282,11 @@ ProtectUefiImage (
       DEBUG ((DEBUG_VERBOSE, "!!!!!!!!  Image - %a  !!!!!!!!\n", PdbPointer));
     }
 
+    if (ProtectionPolicy == PROTECT_IF_ALIGNED_ELSE_DISALLOW) {
+      DEBUG_RAISE ();
+      return;
+    }
+
     goto Finish;
   }
 

MdeModulePkg/MdeModulePkg.dec

@@ -1367,11 +1367,13 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath|{0x0}|VOID*|0x00001043
 
   ## Set image protection policy. The policy is bitwise.
-  #  If a bit is set, the image will be protected by DxeCore if it is aligned.
+  #  If a bit is set, the image will be protected by DxeCore if it is aligned,
   #   The code section becomes read-only, and the data section becomes non-executable.
-  #  If a bit is clear, nothing will be done to image code/data sections.<BR><BR>
+  #  If a bit is clear, nothing will be done to image code/data sections.
+  #  If BIT2 is set unaligned images will stop boot process regardless of their origin.<BR><BR>
   #    BIT0       - Image from unknown device. <BR>
   #    BIT1       - Image from firmware volume.<BR>
+  #    BIT2       - Forbid loading of unaligned images.<BR>
   #  <BR>
   #  Note: If a bit is cleared, the data section could be still non-executable if
   #  PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData