Acidanthera UEFI Development Kit based on EDK II edk2-stable202311
Go to file
Laszlo Ersek 9beac0d847 OvmfPkg: Sec: assert the build-time calculated end of the scratch buffer
The DecompressMemFvs() function in "OvmfPkg/Sec/SecMain.c" uses more
memory, temporarily, than what PEIFV and DXEFV will ultimately need.
First, it uses an output buffer for decompression, second, the
decompression itself needs a scratch buffer (and this scratch buffer is
the highest area that SEC uses).

DecompressMemFvs() used to be called on normal boots only (ie. not on S3
resume), which is why the decompression output buffer and the scratch
buffer were allowed to scribble over RAM. However, we'll soon start to
worry during S3 resume that the runtime OS might tamper with the
pre-decompressed PEIFV, and we'll decompress the firmware volumes on S3
resume too, from pristine flash. For this we'll need to know the end of
the scratch buffer in advance, so we can prepare a non-malicious OS for
it.

Calculate the end of the scratch buffer statically in the FDF files, and
assert in DecompressMemFvs() that the runtime decompression will match it.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19036 6f19259b-4bc3-4df7-8a09-765794883524
2015-11-30 18:41:20 +00:00
AppPkg AppPkg/Applications/Python/Python-2.7.10: Initial Checkin part 5/5. 2015-11-07 19:43:57 +00:00
ArmPkg ArmPkg/ArmSoftFloatLib: add support for RVCT 2015-11-30 08:57:03 +00:00
ArmPlatformPkg ArmPlatformPkg: remove ArmGlobalVariable PCD, GUID and PPI definitions 2015-11-27 17:10:28 +00:00
ArmVirtPkg ArmVirtPkg: add secure boot support to 32-bit ARM targets 2015-11-30 08:57:12 +00:00
BaseTools BaseTools/toolsetup.bat: fixed the error when the path contains space 2015-11-30 03:43:25 +00:00
BeagleBoardPkg BeagleBoardPkg: remove ArmPlatformGlobalVariableLib resolution 2015-11-27 17:05:24 +00:00
Conf EDK II: Add .gitignore 2014-10-14 16:08:15 +00:00
CorebootModulePkg CorebootModulePkg:Removing EFI_RESOURCE_ATTRIBUTE_TESTED 2015-08-18 16:08:22 +00:00
CorebootPayloadPkg CorebootPayloadPkg: Use SerialDxe in MdeModulePkg 2015-11-26 08:49:26 +00:00
CryptoPkg CryptoPkg/OpensslLib: add softfloat dependency for ARM 2015-11-30 08:57:26 +00:00
DuetPkg DuetPkg: exit pci function loops early if device is not multi-function 2015-10-06 20:55:36 +00:00
EdkCompatibilityPkg EdkCompatibilityPkg: Remove gZeroGuid def in FrameworkHiiOnUefiHiiThunk 2015-07-07 03:05:18 +00:00
EdkShellBinPkg */Contributions.txt: Update example email address 2015-02-03 17:29:14 +00:00
EdkShellPkg */Contributions.txt: Update example email address 2015-02-03 17:29:14 +00:00
EmbeddedPkg EmbeddedPkg/AndroidFastboot: drop bogus ArmGlobalVariable dependencies 2015-11-27 17:07:54 +00:00
EmulatorPkg EmulatorPkg: Use SerialDxe in MdeModulePkg instead of EmbeddedPkg 2015-11-26 08:48:38 +00:00
FatBinPkg FatBinPkg: Update EBC/IA32/X64/IPF binaries 2015-08-28 03:14:25 +00:00
IntelFrameworkModulePkg IntelFrameworkModulePkg BdsDxe: Use PcdSet##S to replace PcdSet## 2015-10-15 00:57:45 +00:00
IntelFrameworkPkg IntelFrameworkPkg: Update DEC and DSC version from 0.94 to 0.96 2015-08-20 08:45:45 +00:00
IntelFspPkg Handle extra module patchable PCD variable in Linux map. 2015-09-06 22:36:43 +00:00
IntelFspWrapperPkg Publish FspHob to PEI Hob by default. 2015-10-27 23:10:49 +00:00
MdeModulePkg MdeModulePkg:Replace unsafe string function with safe one. 2015-11-30 07:26:07 +00:00
MdePkg MdePkg SerialPortLib: Upstream Get(Set)Control/SetAttributes interfaces 2015-11-26 08:46:52 +00:00
NetworkPkg NetworkPkg: Fix a bug in HttpBootDriverBindingStop() when destroying child. 2015-11-30 01:41:50 +00:00
Nt32Pkg MdeModulePkg:Refine the UiApp 2015-11-23 09:37:24 +00:00
Omap35xxPkg Omap35xxPkg SerialPortLib: Implement Get(Set)Control/SetAttributes 2015-11-26 08:49:53 +00:00
OptionRomPkg OptionRomPkg: Remove redundant included header file defintion in Ax88772.h and Ax88772b.h files 2015-07-08 02:56:54 +00:00
OvmfPkg OvmfPkg: Sec: assert the build-time calculated end of the scratch buffer 2015-11-30 18:41:20 +00:00
PcAtChipsetPkg PcAtChipsetPkg SerialIoLib: Implement Get(Set)Control/SetAttributes 2015-11-26 08:47:15 +00:00
PerformancePkg PerformancePkg\Dp_App: Add NULL check to pointer returned from 'AllocateZeroPool'. 2015-11-26 01:47:14 +00:00
SecurityPkg Add error handling for TPM in S3 resume failure. 2015-11-10 02:03:40 +00:00
ShellBinPkg ShellBinPkg: Arm/AArch64 Shell binary update. 2015-11-23 19:34:40 +00:00
ShellPkg ShellPkg: Add NULL check to pointer returned from 'AllocateZeroPool'. 2015-11-26 01:51:52 +00:00
SourceLevelDebugPkg SourceLevelDebugPkg: DebugAgent: Set Local APIC SoftwareEnable 2015-10-30 17:53:53 +00:00
StdLib StdLib: remove mention of ARMGCC 2015-08-12 05:25:12 +00:00
StdLibPrivateInternalFiles */Contributions.txt: Update example email address 2015-02-03 17:29:14 +00:00
UefiCpuPkg UefiCpuPkg/PiSmmCpu: Update function call for 2 new APIs. 2015-11-27 13:48:12 +00:00
UnixPkg UnixPkg: Remove UnixPkg files (It is replaced by EmulatorPkg) 2013-07-29 21:09:55 +00:00
Vlv2DeviceRefCodePkg Vlv2TbltDevicePkg/Vlv2DeviceRefCodePkg: 2015-11-10 07:47:29 +00:00
Vlv2TbltDevicePkg Vlv2TbltDevicePkg: Sync the branch changes to Trunk, 2015-11-13 02:38:08 +00:00
.gitignore EDK II: Add .gitignore 2014-10-14 16:08:15 +00:00
BuildNotes2.txt Update to new SVN URL in readme.txt 2013-06-08 05:26:39 +00:00
Edk2Setup.bat BaseTools: Update Edk2Setup.bat to support multiple workspaces 2015-10-08 09:29:36 +00:00
Maintainers.txt edk2: Change BaseTools owner in Maintainers.txt 2015-09-14 05:52:36 +00:00
edksetup.bat BaseTools: Update edksetup.bat to support multiple workspaces 2015-10-08 09:29:09 +00:00
edksetup.sh BaseTools: Update edksetup.sh to support multiple workspaces 2015-10-08 09:29:56 +00:00