From nobody Sat Feb 7 08:43:50 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+100091+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+100091+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1676301524; cv=none; d=zohomail.com; s=zohoarc; b=GIgm4cg35Aq2OS7KxLw7H/5qEHTDysNqj+OzlNqkAVuok6K3fTzhis9ADSQTcta43R9Pwp0+ZJ7pRC7KiedNWOTJTn3uUro6yBjCcBzDsgDt0j807y+b06z4GSuV5mVkvuAJegvKlrUdLDn0WO50ev09moWxXcXbR7yl1X1Nfys= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1676301524; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=LIVcMZPhHuC2LUPKSi4eKF99gPOnpQpORh5lntjAGRg=; b=eiZ5YKvVH5qQYaEn7gJBmKpqQgR9RQdVsu4ERSf5IDC3p32GnekY+MZ6EVxBvhGvHnad+o8ZFvWH9/75WamTdrYUXRLWV0OUlFyk6O1LtyiCyoK6i/y1NpkGuXZHIe0aVI+MTZapWMhWHBPG9sI7TSuFc0O/Ps0HPYlHhwnBPCg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+100091+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1676301524076438.6744587430743; Mon, 13 Feb 2023 07:18:44 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 96tMYY1788612xrg3fpp2YaU; Mon, 13 Feb 2023 07:18:43 -0800 X-Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.16809.1676301522615212840 for ; Mon, 13 Feb 2023 07:18:43 -0800 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 0AC9BB8122D; Mon, 13 Feb 2023 15:18:41 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2F159C433A1; Mon, 13 Feb 2023 15:18:37 +0000 (UTC) From: "Ard Biesheuvel" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Michael Kinney , Liming Gao , Jiewen Yao , Michael Kubacki , Sean Brogan , Rebecca Cran , Leif Lindholm , Sami Mujawar , Taylor Beebe , Matthew Garrett , Peter Jones , Kees Cook Subject: [edk2-devel] [RFC 04/13] MdeModulePkg/DxeIpl: Avoid shadowing IPL PEIM by default Date: Mon, 13 Feb 2023 16:18:01 +0100 Message-Id: <20230213151810.2301480-5-ardb@kernel.org> In-Reply-To: <20230213151810.2301480-1-ardb@kernel.org> References: <20230213151810.2301480-1-ardb@kernel.org> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org X-Gm-Message-State: uuOf1mBBwCAhF6Q5UepzCXT0x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1676301523; bh=Pwp6qQbxFI6dU9YryP5Hb+NDrYM+wtj+ok6jTLpV4cU=; h=Cc:Date:From:Reply-To:Subject:To; b=OXM9w079QGeyFa8JP+b00mD5JjkMNhoCwD9ABjuwBMdK9dD4ZWRF0+BTF+na54rsuYN TniGs9c90eLZ3n7wuVCX6mpgRRZAlXP8RYwg5ikYINF8ksQbeE8kU9DzxkFHKL1/rXuDn ZH4ehkmLFJCRNboyUjb6lqd3XYqq8SwyHsU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1676301525663100002 Content-Type: text/plain; charset="utf-8" Currently, the DXE IPL relies on permanent memory being available, but does not DEPEX on the associated PPI. Instead, it registers for PEIM shadowing, and only proceeds when running shadowed, and this implies that permanent memory has been installed. While PEIM shadowing is typically good for performance, there are reasons why we might prefer to avoid it, e.g., when running under virtualization in a mode where the write protection of the ROM is an advantage from a safety PoV, and where the performance is identical. This is especially true when code executing from ordinary RAM needs some additional work to be executable, like when enabling WXN on ARM, which only permits execution from memory that is mapped read-only. So permit DXE IPL to run unshadowed, based on the existing PCD that decides whether or not shadowing is preferred. While making this behavior depend on this PCD is strictly redundant (as the IPL PEIM will be shadowed anyway, even if RegisterForShadow() is not called), let's test it anyway to avoid modifying the behavior on existing platforms. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 +++- MdeModulePkg/Core/DxeIplPeim/DxeLoad.c | 24 +++++++++++--------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index 052ea0ec1a6f..62821477d012 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -112,6 +112,9 @@ [FeaturePcd.X64] [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUMES =20 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot ## CONSUMES + [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ##= SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ##= CONSUMES @@ -128,7 +131,7 @@ [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## SOMETIM= ES_CONSUMES =20 [Depex] - gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid + gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid AND gEfiPeiMemor= yDiscoveredPpiGuid =20 # # [BootMode] diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c b/MdeModulePkg/Core/Dxe= IplPeim/DxeLoad.c index 2c19f1a507ba..228d39a618d3 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c +++ b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c @@ -77,18 +77,20 @@ PeimInitializeDxeIpl ( BootMode =3D GetBootModeHob (); =20 if (BootMode !=3D BOOT_ON_S3_RESUME) { - Status =3D PeiServicesRegisterForShadow (FileHandle); - if (Status =3D=3D EFI_SUCCESS) { - // - // EFI_SUCESS means it is the first time to call register for shadow. - // - return Status; - } + if (PcdGetBool (PcdShadowPeimOnBoot)) { + Status =3D PeiServicesRegisterForShadow (FileHandle); + if (Status =3D=3D EFI_SUCCESS) { + // + // EFI_SUCESS means it is the first time to call register for shad= ow. + // + return Status; + } =20 - // - // Ensure that DXE IPL is shadowed to permanent memory. - // - ASSERT (Status =3D=3D EFI_ALREADY_STARTED); + // + // Ensure that DXE IPL is shadowed to permanent memory. + // + ASSERT (Status =3D=3D EFI_ALREADY_STARTED); + } =20 // // DXE core load requires permanent memory. --=20 2.39.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#100091): https://edk2.groups.io/g/devel/message/100091 Mute This Topic: https://groups.io/mt/96937478/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-