Ring3: Initialized DxeRing3 with Supervisor privileges.

2025-04-07 19:45:07 +02:00 · 2024-05-17 13:50:08 +03:00 · 2024-05-17 13:50:08 +03:00 · d1fa366ba2
commit d1fa366ba2
parent 6dc6cd62d4
3 changed files with 58 additions and 0 deletions
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@ -2635,6 +2635,20 @@ UnprotectUefiImage (
  IN EFI_DEVICE_PATH_PROTOCOL   *LoadedImageDevicePath
  );

+/**
+  Change UEFI image owner: Supervisor / Privileged or User / Unprivileged.
+
+  @param[in]  LoadedImage              The loaded image protocol
+  @param[in]  LoadedImageDevicePath    The loaded image device path protocol
+  @param[in]  IsUser                   Whether UEFI image record is User Image.
+**/
+VOID
+ChangeUefiImageRing (
+  IN EFI_LOADED_IMAGE_PROTOCOL  *LoadedImage,
+  IN EFI_DEVICE_PATH_PROTOCOL   *LoadedImageDevicePath,
+  IN BOOLEAN                    IsUser
+  );
+
 /**
  ExitBootServices Callback function for memory protection.
 **/
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@ -294,6 +294,44 @@ UnprotectUefiImage (
  }
 }

+/**
+  Change UEFI image owner: Supervisor / Privileged or User / Unprivileged.
+
+  @param[in]  LoadedImage              The loaded image protocol
+  @param[in]  LoadedImageDevicePath    The loaded image device path protocol
+  @param[in]  IsUser                   Whether UEFI image record is User Image.
+**/
+VOID
+ChangeUefiImageRing (
+  IN EFI_LOADED_IMAGE_PROTOCOL  *LoadedImage,
+  IN EFI_DEVICE_PATH_PROTOCOL   *LoadedImageDevicePath,
+  IN BOOLEAN                    IsUser
+  )
+{
+  UEFI_IMAGE_RECORD          *ImageRecord;
+  LIST_ENTRY                 *ImageRecordLink;
+
+  for (ImageRecordLink = mProtectedImageRecordList.ForwardLink;
+        ImageRecordLink != &mProtectedImageRecordList;
+        ImageRecordLink = ImageRecordLink->ForwardLink)
+    {
+    ImageRecord = CR (
+                    ImageRecordLink,
+                    UEFI_IMAGE_RECORD,
+                    Link,
+                    UEFI_IMAGE_RECORD_SIGNATURE
+                    );
+
+    if (ImageRecord->StartAddress == (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->ImageBase) {
+      ASSERT (gCpu != NULL);
+
+      SetUefiImageProtectionAttributes (ImageRecord, IsUser);
+
+      return;
+    }
+  }
+}
+
 /**
  Return the EFI memory permission attribute associated with memory
  type 'MemoryType' under the configured DXE memory protection policy.
--- a/MdeModulePkg/Core/Dxe/SysCall/Initialization.c
+++ b/MdeModulePkg/Core/Dxe/SysCall/Initialization.c
@ -50,9 +50,15 @@ InitializeRing3 (
  gRing3Data = (RING3_DATA *)(UINTN)Physical;

  CopyMem ((VOID *)gRing3Data, (VOID *)Image->Info.SystemTable, sizeof (EFI_SYSTEM_TABLE));
+  //
+  // Initialize DxeRing3 with Supervisor privileges.
+  //
+  ChangeUefiImageRing (&Image->Info, Image->LoadedImageDevicePath, FALSE);

  Status = Image->EntryPoint (ImageHandle, (EFI_SYSTEM_TABLE *)gRing3Data);

+  ChangeUefiImageRing (&Image->Info, Image->LoadedImageDevicePath, TRUE);
+
  gRing3EntryPoint = gRing3Data->EntryPoint;

  gRing3Data->SystemTable.BootServices    = gRing3Data->BootServices;