In the past, memory protection settings were configured via FixedAtBuild PCDs,
which resulted in a build-time configuration of memory mitigations. This
approach limited the flexibility of applying mitigations to the
system and made it difficult to update or adjust the settings post-build.

In a design, the configuration interface has been revised to allow for dynamic
configuration. This is achieved with HOBs that are published prior to invocation
of the HandoffToDxe() function.

OvmfPkg/PlatformPei/Platform.c contains an example of how to publish the HOB
for DXE and MM.

To check the memory protection settings after PEI, the HOB can be easily consumed,
sanity checked, and put into a global for access via the inclusion of the DXE
or MM HOB libraries.

This patch series also increases the memory protection level for OvmfPkg and
ArmVirtPkg.

Reference: https://github.com/tianocore/edk2/pull/4566

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Cc: Gua Guo <gua.guo@intel.com>

Taylor Beebe (14):
  MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions
  MdeModulePkg: Add MemoryProtectionHobLib Definitions and NULL Libs
  MdeModulePkg: Add Phase-Specific MemoryProtectionHobLib
    Implementations
  OvmfPkg: Create the memory protection settings HOB
  ArmVirtPkg: Create memory protection settings HOB
  ArmPkg: Update to use memory protection HOB
  EmulatorPkg: Update to use memory protection HOB
  MdeModulePkg: Update to use memory protection HOB
  OvmfPkg: Update to use memory protection HOB
  UefiCpuPkg: Update to use memory protection HOB
  UefiPayloadPkg: Update to use memory protection HOB
  OvmfPkg: Delete Memory Protection PCDs
  ArmVirtPkg: Delete Memory Protection PCDs
  MdeModulePkg: Delete Memory Protection PCDs

 ArmPkg/ArmPkg.dsc                             |   1 +
 ArmPkg/Drivers/CpuDxe/CpuDxe.c                |   5 +-
 ArmPkg/Drivers/CpuDxe/CpuDxe.inf              |   2 +-
 ArmVirtPkg/ArmVirt.dsc.inc                    |  24 +-
 ArmVirtPkg/ArmVirtCloudHv.dsc                 |   5 -
 ArmVirtPkg/ArmVirtQemu.dsc                    |   5 -
 ArmVirtPkg/MemoryInitPei/MemoryInitPeim.c     |  25 +-
 ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf   |   2 +
 EmulatorPkg/EmulatorPkg.dsc                   |   2 +-
 MdeModulePkg/Core/Dxe/DxeMain.h               |   1 +
 MdeModulePkg/Core/Dxe/DxeMain.inf             |   9 +-
 MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c       |   8 +-
 MdeModulePkg/Core/Dxe/Mem/HeapGuard.c         |  88 ++--
 MdeModulePkg/Core/Dxe/Mem/HeapGuard.h         |  24 +-
 MdeModulePkg/Core/Dxe/Mem/Page.c              |   4 +-
 MdeModulePkg/Core/Dxe/Mem/Pool.c              |   6 +-
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 338 +++++++-------
 MdeModulePkg/Core/DxeIplPeim/DxeHandoff.c     |   4 +-
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.h         |  15 +
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf       |  13 +-
 MdeModulePkg/Core/DxeIplPeim/DxeLoad.c        |  26 ++
 .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c        |  57 +--
 .../Core/DxeIplPeim/X64/DxeLoadFunc.c         |  20 +-
 .../Core/DxeIplPeim/X64/VirtualMemory.c       |  87 ++--
 .../Core/DxeIplPeim/X64/VirtualMemory.h       |  23 +-
 MdeModulePkg/Core/PiSmmCore/HeapGuard.c       |  60 +--
 MdeModulePkg/Core/PiSmmCore/HeapGuard.h       |  20 +-
 MdeModulePkg/Core/PiSmmCore/Page.c            |   6 +-
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.h       |   1 +
 MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf     |   4 +-
 MdeModulePkg/Core/PiSmmCore/Pool.c            |   9 +-
 .../Guid/DxeMemoryProtectionSettings.h        | 413 ++++++++++++++++++
 .../Include/Guid/MmMemoryProtectionSettings.h | 211 +++++++++
 .../Library/DxeMemoryProtectionHobLib.h       |  20 +
 .../Library/MmMemoryProtectionHobLib.h        |  20 +
 .../DxeMemoryProtectionHobLib.c               | 132 ++++++
 .../DxeMemoryProtectionHobLib.inf             |  34 ++
 .../MmCommonMemoryProtectionHobLib.c          |  89 ++++
 .../SmmMemoryProtectionHobLib.c               |  37 ++
 .../SmmMemoryProtectionHobLib.inf             |  35 ++
 .../StandaloneMmMemoryProtectionHobLib.c      |  37 ++
 .../StandaloneMmMemoryProtectionHobLib.inf    |  36 ++
 .../DxeMemoryProtectionHobLibNull.c           |  13 +
 .../DxeMemoryProtectionHobLibNull.inf         |  28 ++
 .../MmMemoryProtectionHobLibNull.c            |  13 +
 .../MmMemoryProtectionHobLibNull.inf          |  28 ++
 MdeModulePkg/MdeModulePkg.dec                 | 187 +-------
 MdeModulePkg/MdeModulePkg.dsc                 |  11 +
 MdeModulePkg/MdeModulePkg.uni                 | 153 -------
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |   5 +-
 OvmfPkg/Bhyve/BhyveX64.dsc                    |   5 +-
 OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf     |   1 -
 OvmfPkg/CloudHv/CloudHvX64.dsc                |   5 +-
 OvmfPkg/Fdt/HighMemDxe/HighMemDxe.c           |   5 +-
 OvmfPkg/Fdt/HighMemDxe/HighMemDxe.inf         |   4 +-
 .../Dsc/MemoryProtectionLibraries.dsc.inc     |  15 +
 OvmfPkg/Include/Library/PlatformInitLib.h     |  13 -
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |   5 +-
 OvmfPkg/Library/PeilessStartupLib/DxeLoad.c   |  25 +-
 .../PeilessStartupLib/PeilessStartup.c        |   3 -
 .../PeilessStartupLib/PeilessStartupLib.inf   |   5 +-
 .../PeilessStartupLib/X64/PageTables.h        |  23 +-
 .../PeilessStartupLib/X64/VirtualMemory.c     | 107 ++---
 OvmfPkg/Library/PlatformInitLib/Platform.c    |  15 -
 OvmfPkg/Microvm/MicrovmX64.dsc                |   5 +-
 OvmfPkg/OvmfPkgIa32.dsc                       |   5 +-
 OvmfPkg/OvmfPkgIa32X64.dsc                    |   5 +-
 OvmfPkg/OvmfPkgX64.dsc                        |   5 +-
 OvmfPkg/OvmfXen.dsc                           |   5 +-
 OvmfPkg/PlatformPei/IntelTdx.c                |   2 -
 OvmfPkg/PlatformPei/Platform.c                |  43 +-
 OvmfPkg/PlatformPei/PlatformPei.inf           |   3 +-
 OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf         |   2 +-
 OvmfPkg/QemuVideoDxe/VbeShim.c                |   5 +-
 OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc           |  13 -
 OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc           |   1 +
 OvmfPkg/TdxDxe/TdxDxe.c                       |   7 +-
 OvmfPkg/TdxDxe/TdxDxe.inf                     |   1 -
 UefiCpuPkg/CpuDxe/CpuDxe.c                    |   2 +-
 UefiCpuPkg/CpuDxe/CpuDxe.h                    |  11 +-
 UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   4 +-
 UefiCpuPkg/CpuDxe/CpuMp.c                     |   2 +-
 UefiCpuPkg/CpuDxeRiscV64/CpuDxeRiscV64.inf    |   3 -
 UefiCpuPkg/CpuMpPei/CpuMpPei.c                |   8 +-
 UefiCpuPkg/CpuMpPei/CpuMpPei.h                |   3 +-
 UefiCpuPkg/CpuMpPei/CpuMpPei.inf              |   1 -
 UefiCpuPkg/CpuMpPei/CpuPaging.c               |  14 +-
 .../DxeCpuExceptionHandlerLib.inf             |   1 -
 .../PeiCpuExceptionHandlerLib.inf             |   1 -
 .../SecPeiCpuExceptionHandlerLib.inf          |   1 -
 .../SmmCpuExceptionHandlerLib.inf             |   1 -
 .../UnitTest/CpuExceptionHandlerTest.h        |   3 +-
 .../UnitTest/CpuExceptionHandlerTestCommon.c  |  27 +-
 .../DxeCpuExceptionHandlerLibUnitTest.inf     |   2 +-
 .../PeiCpuExceptionHandlerLibUnitTest.inf     |   4 +-
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |   3 +-
 UefiCpuPkg/Library/MpInitLib/DxeMpLib.c       |   3 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c      |   2 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf  |   3 +-
 .../PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c   |  13 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c        |   2 +-
 .../PiSmmCpuDxeSmm/SmmProfileInternal.h       |  10 +-
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c       |   2 +-
 UefiCpuPkg/UefiCpuPkg.dec                     |   7 +-
 UefiCpuPkg/UefiCpuPkg.dsc                     |   2 +
 UefiCpuPkg/UefiCpuPkg.uni                     |  10 +-
 .../UefiPayloadEntry/Ia32/DxeLoadFunc.c       | 149 +------
 UefiPayloadPkg/UefiPayloadEntry/LoadDxeCore.c |  26 ++
 .../UefiPayloadEntry/UefiPayloadEntry.h       |  15 +
 .../UefiPayloadEntry/UefiPayloadEntry.inf     |   9 +-
 .../UniversalPayloadEntry.inf                 |   9 +-
 .../UefiPayloadEntry/X64/DxeLoadFunc.c        |  25 +-
 .../UefiPayloadEntry/X64/VirtualMemory.c      |  78 ++--
 .../UefiPayloadEntry/X64/VirtualMemory.h      |  23 +-
 UefiPayloadPkg/UefiPayloadPkg.dsc             |   1 +
 115 files changed, 1888 insertions(+), 1321 deletions(-)
 create mode 100644 MdeModulePkg/Include/Guid/DxeMemoryProtectionSettings.h
 create mode 100644 MdeModulePkg/Include/Guid/MmMemoryProtectionSettings.h
 create mode 100644 MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h
 create mode 100644 MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.c
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLib/DxeMemoryProtectionHobLib.inf
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLib/MmCommonMemoryProtectionHobLib.c
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib.c
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLib/SmmMemoryProtectionHobLib.inf
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtectionHobLib.c
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLib/StandaloneMmMemoryProtectionHobLib.inf
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c
 create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf
 create mode 100644 OvmfPkg/Include/Dsc/MemoryProtectionLibraries.dsc.inc

-- 
2.41.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106823): https://edk2.groups.io/g/devel/message/106823
Mute This Topic: https://groups.io/mt/100090629/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On Tue, Jul 11, 2023 at 04:52:37PM -0700, Taylor Beebe wrote:
> In the past, memory protection settings were configured via FixedAtBuild PCDs,
> which resulted in a build-time configuration of memory mitigations. This
> approach limited the flexibility of applying mitigations to the
> system and made it difficult to update or adjust the settings post-build.

Can we have both?

Being able to adjust settings at runtime is great.  But being able to
set them at compile time on the command line (via build --pcd), without
patching code, is very useful too.

I'd suggest to keep the PCDs, create a profile from PCD settings and use
that profile by default.  At least for the transition phase and while we
don't have good support (yet) to actually manage profiles.

Speaking of profile management: What is the longer-term vision here?

Have a configuration form in the uefi firmware setup (aka UiApp)?

Try adapt settings automatically, for example pick a less strict profile
in case an old/broken bootloader triggers a page fault due to using the
wrong memory type for allocations?

For virtual machine firmware it a good idea to allow picking up the
profile configuration from the host.  For qemu that can use fw_cfg,
similar to the PcdSetNxForStack option we have today.

> This patch series also increases the memory protection level for OvmfPkg and
> ArmVirtPkg.

Not a good idea, especially not using the 'debug' profile (which turns
on all guard bits) because that slows down firmware boot alot.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106853): https://edk2.groups.io/g/devel/message/106853
Mute This Topic: https://groups.io/mt/100090629/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On 7/12/2023 3:05 AM, Gerd Hoffmann wrote:
> On Tue, Jul 11, 2023 at 04:52:37PM -0700, Taylor Beebe wrote:
>> In the past, memory protection settings were configured via FixedAtBuild PCDs,
>> which resulted in a build-time configuration of memory mitigations. This
>> approach limited the flexibility of applying mitigations to the
>> system and made it difficult to update or adjust the settings post-build.
> 
> Can we have both?
> 
> Being able to adjust settings at runtime is great.  But being able to
> set them at compile time on the command line (via build --pcd), without
> patching code, is very useful too.
> 
> I'd suggest to keep the PCDs, create a profile from PCD settings and use
> that profile by default.  At least for the transition phase and while we
> don't have good support (yet) to actually manage profiles.
> 

Hey, Gerd.

The idea to keep PCDs around as another method of configuring 
protections is good, but I don't think there would be a way to tell if a 
zero-ed PCD value was an explicit setting or just the default without 
adding another PCD to indicate which value should be used. I think if 
the HOB is produced by the platform those settings should be used by 
default. Is that what you're envisioning as well?

The flow in this case would be: DxeIpl before handoff will search for 
the memory protection HOB entry. If it exists, do nothing. If the HOB 
was not produced, create a HOB entry using the PCD values.

I suppose we could also do some sort of hybrid where the logic always 
uses the PCD values if they are non-zero, but that may be confusing for 
platform developers.

> Speaking of profile management: What is the longer-term vision here?
> 
> Have a configuration form in the uefi firmware setup (aka UiApp)?
> 
> Try adapt settings automatically, for example pick a less strict profile
> in case an old/broken bootloader triggers a page fault due to using the
> wrong memory type for allocations?
> 

Overall, the idea is to empower platform developers with more 
configuration and compatibility options to encourage the use of memory 
protections in debug and production scenarios.

On Surface products, we've made certain memory protections a necessary 
feature of the trusted boot path with the ability to fall back to an 
unverified boot path if a page fault occurs. We also added a 
configuration feature to only allow the trusted boot path which can be 
managed via enterprise policy or through the UEFI menu.

There are lots of ways OEMs might want to configure their platform 
security and I think it's an open question what sorts of profile 
management tools would be useful to add to EDK2.

> For virtual machine firmware it a good idea to allow picking up the
> profile configuration from the host.  For qemu that can use fw_cfg,
> similar to the PcdSetNxForStack option we have today.

I don't have much experience using the fw_cfg so I'd need to look into 
the details, but would it make sense to expand the options which can be 
passed via fw_cfg to be the gamut of memory protection configuration 
settings? I can add it to the v2 if you think so.

>> This patch series also increases the memory protection level for OvmfPkg and
>> ArmVirtPkg.
> 
> Not a good idea, especially not using the 'debug' profile (which turns
> on all guard bits) because that slows down firmware boot alot.
> 

I haven't done performance testing, but I don't notice much slowdown. 
Isn't development the primary use case for these virtual platforms? Is 
there another profile you think would work better?

Thanks for your feedback :)

> take care,
>    Gerd
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106889): https://edk2.groups.io/g/devel/message/106889
Mute This Topic: https://groups.io/mt/100090629/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

  Hi,

> > Can we have both?
> > 
> > Being able to adjust settings at runtime is great.  But being able to
> > set them at compile time on the command line (via build --pcd), without
> > patching code, is very useful too.
> > 
> > I'd suggest to keep the PCDs, create a profile from PCD settings and use
> > that profile by default.  At least for the transition phase and while we
> > don't have good support (yet) to actually manage profiles.
> 
> Hey, Gerd.
> 
> The idea to keep PCDs around as another method of configuring protections is
> good, but I don't think there would be a way to tell if a zero-ed PCD value
> was an explicit setting or just the default without adding another PCD to
> indicate which value should be used. I think if the HOB is produced by the
> platform those settings should be used by default. Is that what you're
> envisioning as well?

See below, I'll come back to that in a moment.

> > Speaking of profile management: What is the longer-term vision here?

> There are lots of ways OEMs might want to configure their platform security
> and I think it's an open question what sorts of profile management tools
> would be useful to add to EDK2.

I think it makes sense to have the concept of named profiles in edk2.
Right now there are a bunch of #defines with profiles, I think it would
be nice to have names and descriptions attached to them.  Could be as
simple as an array in the library:

struct {
   CHAR16 *Name;
   CHAR16 *Description;
   DXE_MEMORY_PROTECTION_SETTINGS Settings;
} MemoryProtectionProfiles[] = {
   {
      .Name        = "debug",
      .Description = "development profile",
      .Settings    = DXE_MEMORY_PROTECTION_SETTINGS_DEBUG,
   },{
      /* ... */
   }
}

Platforms could just loop over the list and add the profiles to the
platform configuration menu in uefi firmware settings.  Maybe it makes
sense to have a MemoryProtectionConfigDxe instead so platforms can
easily share the Hii code for that.

One of the profiles could be created from PCDs:

    {
	.Name               = "pcd",
	.Description        = "legacy PCD based settings",
	.Settings.PoolGuard = PcdGetU32(PcdHeapGuardPoolType),
        /* ... */
    }

> > For virtual machine firmware it a good idea to allow picking up the
> > profile configuration from the host.  For qemu that can use fw_cfg,
> > similar to the PcdSetNxForStack option we have today.
> 
> I don't have much experience using the fw_cfg so I'd need to look into the
> details, but would it make sense to expand the options which can be passed
> via fw_cfg to be the gamut of memory protection configuration settings?

I think being able to select a named profile is good enough, for example
this way:

qemu -fw_cfg name=opt/org.tianocore/MemoryProtectionProfile,string=debug

> > > This patch series also increases the memory protection level for OvmfPkg and
> > > ArmVirtPkg.
> > 
> > Not a good idea, especially not using the 'debug' profile (which turns
> > on all guard bits) because that slows down firmware boot alot.
> 
> I haven't done performance testing, but I don't notice much slowdown.

Page guard isn't much of a problem.

Heap guard has significant overhead in both performance and memory
usage.

> Isn't development the primary use case for these virtual platforms?

Development is surely one important use case   Linux-based VM hosting
often runs OVMF in production though.

> Is there
> another profile you think would work better?

"pcd" (or "production") would IMHO be a better default.

thanks & take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106963): https://edk2.groups.io/g/devel/message/106963
Mute This Topic: https://groups.io/mt/100090629/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On Wed, Jul 12, 2023 at 12:53 AM Taylor Beebe <t@taylorbeebe.com> wrote:
>
> In the past, memory protection settings were configured via FixedAtBuild PCDs,
> which resulted in a build-time configuration of memory mitigations. This
> approach limited the flexibility of applying mitigations to the
> system and made it difficult to update or adjust the settings post-build.

How do you mitigate the possibility of an attack overwriting the
dynamic configuration data (the HOBs)?
It seems most dangerous to me to publish this sort of
security-sensitive configuration knobs dynamically such that an
attacker can change them.

-- 
Pedro


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106965): https://edk2.groups.io/g/devel/message/106965
Mute This Topic: https://groups.io/mt/100090629/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On Mon, 17 Jul 2023 at 18:15, Pedro Falcato <pedro.falcato@gmail.com> wrote:
>
> On Wed, Jul 12, 2023 at 12:53 AM Taylor Beebe <t@taylorbeebe.com> wrote:
> >
> > In the past, memory protection settings were configured via FixedAtBuild PCDs,
> > which resulted in a build-time configuration of memory mitigations. This
> > approach limited the flexibility of applying mitigations to the
> > system and made it difficult to update or adjust the settings post-build.
>
> How do you mitigate the possibility of an attack overwriting the
> dynamic configuration data (the HOBs)?
> It seems most dangerous to me to publish this sort of
> security-sensitive configuration knobs dynamically such that an
> attacker can change them.
>

That is a very good point. One of the things I have on my TODO list
for the memory attributes PEI work is to remap HOB memory read-only
before entering DXE. They are conceptually read-only anyway when PEI
completes, so they should never be modified afterwards.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106966): https://edk2.groups.io/g/devel/message/106966
Mute This Topic: https://groups.io/mt/100090629/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

> -----Original Message-----
> From: Ard Biesheuvel <ardb@kernel.org>
> Sent: Tuesday, July 18, 2023 12:26 AM
> To: Pedro Falcato <pedro.falcato@gmail.com>
> Cc: devel@edk2.groups.io; t@taylorbeebe.com; Wang, Jian J
> <jian.j.wang@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>; Bi,
> Dandan <dandan.bi@intel.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Yao, Jiewen <jiewen.yao@intel.com>; Justen,
> Jordan L <jordan.l.justen@intel.com>; Gerd Hoffmann <kraxel@redhat.com>;
> Leif Lindholm <quic_llindhol@quicinc.com>; Sami Mujawar
> <sami.mujawar@arm.com>; Andrew Fish <afish@apple.com>; Ni, Ray
> <ray.ni@intel.com>; Dong, Eric <eric.dong@intel.com>; Kumar, Rahul R
> <rahul.r.kumar@intel.com>; Dong, Guo <guo.dong@intel.com>; Rhodes, Sean
> <sean@starlabs.systems>; Lu, James <james.lu@intel.com>; Guo, Gua
> <gua.guo@intel.com>
> Subject: Re: [edk2-devel] [PATCH 00/14] Implement Dynamic Memory
> Protections
> 
> On Mon, 17 Jul 2023 at 18:15, Pedro Falcato <pedro.falcato@gmail.com>
> wrote:
> >
> > On Wed, Jul 12, 2023 at 12:53 AM Taylor Beebe <t@taylorbeebe.com>
> wrote:
> > >
> > > In the past, memory protection settings were configured via FixedAtBuild
> PCDs,
> > > which resulted in a build-time configuration of memory mitigations. This
> > > approach limited the flexibility of applying mitigations to the
> > > system and made it difficult to update or adjust the settings post-build.
> >
> > How do you mitigate the possibility of an attack overwriting the
> > dynamic configuration data (the HOBs)?
> > It seems most dangerous to me to publish this sort of
> > security-sensitive configuration knobs dynamically such that an
> > attacker can change them.
> >
> 
> That is a very good point. One of the things I have on my TODO list
> for the memory attributes PEI work is to remap HOB memory read-only
> before entering DXE. They are conceptually read-only anyway when PEI
> completes, so they should never be modified afterwards.

DXE Core migrates the HOB to a new location. So the protection needs to be re-done
after that.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106980): https://edk2.groups.io/g/devel/message/106980
Mute This Topic: https://groups.io/mt/100090629/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/xyzzy [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On Mon, Jul 17, 2023 at 5:26 PM Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Mon, 17 Jul 2023 at 18:15, Pedro Falcato <pedro.falcato@gmail.com> wrote:
> >
> > On Wed, Jul 12, 2023 at 12:53 AM Taylor Beebe <t@taylorbeebe.com> wrote:
> > >
> > > In the past, memory protection settings were configured via FixedAtBuild PCDs,
> > > which resulted in a build-time configuration of memory mitigations. This
> > > approach limited the flexibility of applying mitigations to the
> > > system and made it difficult to update or adjust the settings post-build.
> >
> > How do you mitigate the possibility of an attack overwriting the
> > dynamic configuration data (the HOBs)?
> > It seems most dangerous to me to publish this sort of
> > security-sensitive configuration knobs dynamically such that an
> > attacker can change them.
> >
>
> That is a very good point. One of the things I have on my TODO list
> for the memory attributes PEI work is to remap HOB memory read-only
> before entering DXE. They are conceptually read-only anyway when PEI
> completes, so they should never be modified afterwards.

I agree, but it also seems that this patch set needs some sort of
__ro_after_init capabilities. For example, in
https://github.com/tianocore/edk2/pull/4566/commits/e485459b6efb1e49591c6f3011d9da14746c52bc#diff-02c0ef19d024b43162043efdd9ed95e0eef1653bcb5bef1e2f2b77587aee2622R101
(DxeMemoryProtectionHobLibConstructor), a copy of this same HOB is
made onto .data, while it should be RO-protected as well.
With both the HOB list and this sort of __ro_after_init protected, the
only remaining exploits would be to DMA over those pages (addressed by
IOMMU, not in this scope), to remap those pages (requires ring 0
access, therefore irrelevant) or to toggle some sort of WP-like bit
(CR0.WP, other archs may have equivalents), which already bypasses
most of the memory protections and therefore isn't all that concerning
to me.

-- 
Pedro


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106967): https://edk2.groups.io/g/devel/message/106967
Mute This Topic: https://groups.io/mt/100090629/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On 7/17/23 9:49 AM, Pedro Falcato wrote:
> On Mon, Jul 17, 2023 at 5:26 PM Ard Biesheuvel <ardb@kernel.org> wrote:
>>
>> On Mon, 17 Jul 2023 at 18:15, Pedro Falcato <pedro.falcato@gmail.com> wrote:
>>>
>>> On Wed, Jul 12, 2023 at 12:53 AM Taylor Beebe <t@taylorbeebe.com> wrote:
>>>>
>>>> In the past, memory protection settings were configured via FixedAtBuild PCDs,
>>>> which resulted in a build-time configuration of memory mitigations. This
>>>> approach limited the flexibility of applying mitigations to the
>>>> system and made it difficult to update or adjust the settings post-build.
>>>
>>> How do you mitigate the possibility of an attack overwriting the
>>> dynamic configuration data (the HOBs)?
>>> It seems most dangerous to me to publish this sort of
>>> security-sensitive configuration knobs dynamically such that an
>>> attacker can change them.
>>>
>>
>> That is a very good point. One of the things I have on my TODO list
>> for the memory attributes PEI work is to remap HOB memory read-only
>> before entering DXE. They are conceptually read-only anyway when PEI
>> completes, so they should never be modified afterwards.
> 
> I agree, but it also seems that this patch set needs some sort of
> __ro_after_init capabilities. For example, in
> https://github.com/tianocore/edk2/pull/4566/commits/e485459b6efb1e49591c6f3011d9da14746c52bc#diff-02c0ef19d024b43162043efdd9ed95e0eef1653bcb5bef1e2f2b77587aee2622R101
> (DxeMemoryProtectionHobLibConstructor), a copy of this same HOB is
> made onto .data, while it should be RO-protected as well.
> With both the HOB list and this sort of __ro_after_init protected, the
> only remaining exploits would be to DMA over those pages (addressed by
> IOMMU, not in this scope), to remap those pages (requires ring 0
> access, therefore irrelevant) or to toggle some sort of WP-like bit
> (CR0.WP, other archs may have equivalents), which already bypasses
> most of the memory protections and therefore isn't all that concerning
> to me.
> 

Thank you both for you time and feedback.

Ard, do you think it's sufficient to use the Memory Attribute PPI to
mark HOB list memory as RO before handoff, or should the HOB list
memory be marked RO upon memory discovery and the PEI core
HOB logic be updated to manipulate protection attributes
with the PPI as it manipulates the HOB list?

-Taylor


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106976): https://edk2.groups.io/g/devel/message/106976
Mute This Topic: https://groups.io/mt/100090629/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-