From nobody Mon Sep 16 19:10:30 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+101121+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101121+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=kernel.org
ARC-Seal: i=1; a=rsa-sha256; t=1678727900; cv=none;
	d=zohomail.com; s=zohoarc;
	b=UQDq6szG0ocmwy2X0bxGVrfdV0nc+NOPpPqAX2LI/a43p18Q9pB3TIZNIexM61Yu1fIAW8+bx9spU22+F6zgEqltUvuYbP3AXUtWrRRQRYx7CTzft//5syGYSS/NsaXEyk35X05VPMxLUHecD3rZCLEUfczy8C4wt2dHbYUoEfk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1678727900;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=9KNKu+ob0p1FIHwVoMPGVoPyRQk/aPlWqtGY6aJqegM=;
	b=dxk5qI5XLdAcLxWy2lyjFryyMn4Cz9HRbjbxip+CjVDMrOLlEOgkdXPSJG/BxPF0M8LlThKubY+r7S/prkuub9wnXl/WpyIW9qXJqekUYyj51W+xq34x8SExJXZrPSV5XpinfYSIecxs0Q3PZDUtsJuAzWwnmMSuVA95GVn8QW4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101121+1787277+3901457@groups.io;
	dmarc=fail header.from=<ardb@kernel.org> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1678727900206530.6829769745241;
 Mon, 13 Mar 2023 10:18:20 -0700 (PDT)
Return-Path: <bounce+27952+101121+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id qQoPYY1788612xx27kJGFCEp;
 Mon, 13 Mar 2023 10:18:19 -0700
X-Received: from dfw.source.kernel.org (dfw.source.kernel.org
 [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web10.25806.1678727899217729365
 for <devel@edk2.groups.io>;
 Mon, 13 Mar 2023 10:18:19 -0700
X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id BB2AD6144F;
	Mon, 13 Mar 2023 17:18:18 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59695C4339E;
	Mon, 13 Mar 2023 17:18:16 +0000 (UTC)
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>
Subject: [edk2-devel] [PATCH v5 17/38] MdeModulePkg/DxeIpl: Avoid shadowing
 IPL PEIM by default
Date: Mon, 13 Mar 2023 18:16:53 +0100
Message-Id: <20230313171714.3866151-18-ardb@kernel.org>
In-Reply-To: <20230313171714.3866151-1-ardb@kernel.org>
References: <20230313171714.3866151-1-ardb@kernel.org>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
X-Gm-Message-State: OT2koeWm8t0OWCGEYqLOtwYLx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1678727899;
 bh=VOeFBSwfB7ucWdwipaHQHIfhW+4JoKb/+XOHAdWzLX0=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=esinNhj4AN4rMt79OLmVgjg+0RJh+oJwjVkBrPVuXORxvZxvN7TPddM/8Ce/vfXGm+W
 GycwAWBWHXAW5+AkrjviDNO8hADmAif2wrh157ipq1nGKEftGJ4VZvLxfSvw4HAxJedm2
 ZtWNDgfFiWQnIlsJRFnvJVIO9Ps1LjbPFws=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1678727902145100005
Content-Type: text/plain; charset="utf-8"

Currently, the DXE IPL relies on permanent memory being available, but
does not DEPEX on the associated PPI. Instead, it registers for PEIM
shadowing, and only proceeds when running shadowed, and this implies
that permanent memory has been installed.

While PEIM shadowing is typically good for performance, there are
reasons why we might prefer to avoid it, e.g., when running under
virtualization in a mode where the write protection of the ROM is an
advantage from a safety PoV, and where the performance is identical.

This is especially true when code executing from ordinary RAM needs some
additional work to be executable, like when enabling WXN on ARM, which
only permits execution from memory that is mapped read-only.

So permit DXE IPL to run unshadowed, based on the existing PCD that
decides whether or not shadowing is preferred. While making this
behavior depend on this PCD is strictly redundant (as the IPL PEIM will
be shadowed anyway, even if RegisterForShadow() is not called), let's
test it anyway to avoid modifying the behavior on existing platforms.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf |  5 +++-
 MdeModulePkg/Core/DxeIplPeim/DxeLoad.c  | 24 +++++++++++---------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx=
eIplPeim/DxeIpl.inf
index 052ea0ec1a6f..62821477d012 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -112,6 +112,9 @@ [FeaturePcd.X64]
 [FeaturePcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSupportUefiDecompress ## CONSUMES
=20
+[Pcd]
+  gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot            ## CONSUMES
+
 [Pcd.IA32,Pcd.X64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable                      ##=
 SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask    ##=
 CONSUMES
@@ -128,7 +131,7 @@ [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy       ## SOMETIM=
ES_CONSUMES
=20
 [Depex]
-  gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid
+  gEfiPeiLoadFilePpiGuid AND gEfiPeiMasterBootModePpiGuid AND gEfiPeiMemor=
yDiscoveredPpiGuid
=20
 #
 # [BootMode]
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c b/MdeModulePkg/Core/Dxe=
IplPeim/DxeLoad.c
index 2c19f1a507ba..228d39a618d3 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeLoad.c
@@ -77,18 +77,20 @@ PeimInitializeDxeIpl (
   BootMode =3D GetBootModeHob ();
=20
   if (BootMode !=3D BOOT_ON_S3_RESUME) {
-    Status =3D PeiServicesRegisterForShadow (FileHandle);
-    if (Status =3D=3D EFI_SUCCESS) {
-      //
-      // EFI_SUCESS means it is the first time to call register for shadow.
-      //
-      return Status;
-    }
+    if (PcdGetBool (PcdShadowPeimOnBoot)) {
+      Status =3D PeiServicesRegisterForShadow (FileHandle);
+      if (Status =3D=3D EFI_SUCCESS) {
+        //
+        // EFI_SUCESS means it is the first time to call register for shad=
ow.
+        //
+        return Status;
+      }
=20
-    //
-    // Ensure that DXE IPL is shadowed to permanent memory.
-    //
-    ASSERT (Status =3D=3D EFI_ALREADY_STARTED);
+      //
+      // Ensure that DXE IPL is shadowed to permanent memory.
+      //
+      ASSERT (Status =3D=3D EFI_ALREADY_STARTED);
+    }
=20
     //
     // DXE core load requires permanent memory.
--=20
2.39.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101121): https://edk2.groups.io/g/devel/message/101121
Mute This Topic: https://groups.io/mt/97586018/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-