From nobody Fri Apr 26 15:04:34 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+101541+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101541+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1679450804; cv=none;
	d=zohomail.com; s=zohoarc;
	b=kNqHr5tuFdW6OrxXkQevQMXAehEtkCEsC6OX/fbQMJPlpPG6sDI8JhVX//la5/Dahjfzm5qefwXLKTJBCmQTtd/TT/Jf+mpU7eGfUCGwNTEvja8ToGyNewFwQoQUQjvWILio7tAjeGgKnCJiBPuILDhKpCas+8I+zU4uxWpyEAo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1679450804;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=rCLuPA67lkfM+b2WgvgDXWmjzGR6CBs0ai8tlaUrQTc=;
	b=J2n8IAeX/GWj07tTYHhls5zi76keRgaLXHJFijzRaKMbWQgkB9vLpWnlQsBma1fwkiu3EIC6E+vqPoV/SRaGyruciJ8roHF09fiDFgQUYF37OpJrp0rhIlQtsEavPOngkuC6uh1p6V/+ygvH5xVcOLt6udNQ3OmF5yy5FCeqv9Y=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101541+1787277+3901457@groups.io;
	dmarc=fail header.from=<michael.d.kinney@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1679450804645196.71296866140938;
 Tue, 21 Mar 2023 19:06:44 -0700 (PDT)
Return-Path: <bounce+27952+101541+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id yV8DYY1788612xIovIrw681T;
 Tue, 21 Mar 2023 19:06:44 -0700
X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web11.33155.1679450803170909254
 for <devel@edk2.groups.io>;
 Tue, 21 Mar 2023 19:06:43 -0700
X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="401676647"
X-IronPort-AV: E=Sophos;i="5.98,280,1673942400";
   d="scan'208";a="401676647"
X-Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 Mar 2023 19:06:34 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="746123986"
X-IronPort-AV: E=Sophos;i="5.98,280,1673942400";
   d="scan'208";a="746123986"
X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.241.98.35])
  by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 Mar 2023 19:06:34 -0700
From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: devel@edk2.groups.io
Cc: Umang Patel <umang.patel@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>
Subject: [edk2-devel] [Patch 1/2] MdeModulePkg/Include/Ppi: Add
 FirmwareVolumeShadowPpi
Date: Tue, 21 Mar 2023 19:06:25 -0700
Message-Id: <20230322020626.441-2-michael.d.kinney@intel.com>
In-Reply-To: <20230322020626.441-1-michael.d.kinney@intel.com>
References: <20230322020626.441-1-michael.d.kinney@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com
X-Gm-Message-State: OtGpAKXIXABJQCTvbVmoMU5Ix1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1679450804;
 bh=OzCZ/mskvO3SeWPCUPulu8jRD48ciR2ZbTMgKM0Gk8c=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=ZTJrj0weavAcxN+ToM9JOXKpGGwcJWYBAzwfXWAtv9401A6LT9n4IXYogedBbkjY7U3
 p5fA1MJXAqTemi1xClBN+pGQFHpdOWe6GCYrUy0xde4FG9KXfDTSfnrA/TAa3Suk+jooF
 3rijZ2v+SUNuruMmanvsZrXPVIcsjKnQtfg=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1679450806303100005
Content-Type: text/plain; charset="utf-8"

From: Umang Patel <umang.patel@intel.com>

Add FirmwareVolumeShadow PPI to shadow an FV to memory.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Patel Umang <umang.patel@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
---
 .../Include/Ppi/FirmwareVolumeShadowPpi.h     | 61 +++++++++++++++++++
 MdeModulePkg/MdeModulePkg.dec                 |  3 +
 2 files changed, 64 insertions(+)
 create mode 100644 MdeModulePkg/Include/Ppi/FirmwareVolumeShadowPpi.h

diff --git a/MdeModulePkg/Include/Ppi/FirmwareVolumeShadowPpi.h b/MdeModule=
Pkg/Include/Ppi/FirmwareVolumeShadowPpi.h
new file mode 100644
index 000000000000..a2756cb0ab1e
--- /dev/null
+++ b/MdeModulePkg/Include/Ppi/FirmwareVolumeShadowPpi.h
@@ -0,0 +1,61 @@
+/** @file
+  Define PPI to shadow Firmware Volume from flash to Permanent Memory.
+
+Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef PEI_FIRMWARE_VOLUME_SHADOW_PPI_H_
+#define PEI_FIRMWARE_VOLUME_SHADOW_PPI_H_
+
+//
+// Firmware Volume Shadow PPI GUID value
+//
+#define EDKII_FIRMWARE_VOLUME_SHADOW_PPI_GUID \
+  { \
+    0x7dfe756c, 0xed8d, 0x4d77, { 0x9e, 0xc4, 0x39, 0x9a, 0x8a, 0x81, 0x51=
, 0x16 } \
+  }
+
+/**
+  Copy FV to Destination.  Length of copy is FV length from FV Header.
+
+  @param[in]  FirmwareVolumeBase  Base address of FV to shadow. Length of =
FV
+                                  is in FV Header.
+  @param[in]  Destination         Pointer to the Buffer in system memory to
+                                  shadow FV.
+  @param[in]  DestinationLength   Size of Destination buffer in bytes.
+
+  @retval EFI_SUCCESS            Shadow complete
+  @retval EFI_INVALID_PARAMETER  Destination is NULL
+  @retval EFI_INVALID_PARAMETER  DestinationLength =3D 0.
+  @retval EFI_INVALID_PARAMETER  FV does not have valid FV Header.
+  @retval EFI_INVALID_PARAMETER  FV overlaps Destination.
+  @retval EFI_INVALID_PARAMETER  Destination + DestinationLength rolls ove=
r 4GB
+                                 for 32-bit or 64-bit rollover.
+  @retval EFI_BUFFER_TOO_SMALL   DestinationLength less than FV length fro=
m FV
+                                 Header.
+  @retval EFI_UNSUPPORTED        FirmwareVolumeBase to FVBase + FVLength d=
oes
+                                 not support shadow.  Caller should fallba=
ck to
+                                 CopyMem().
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_PEI_FIRMWARE_VOLUME_SHADOW)(
+  IN EFI_PHYSICAL_ADDRESS  FirmwareVolumeBase,
+  IN VOID                  *Destination,
+  IN UINTN                 DestinationLength
+  );
+
+///
+/// This PPI provides a service to shadow a FV from one location to another
+///
+typedef struct {
+  EDKII_PEI_FIRMWARE_VOLUME_SHADOW    FirmwareVolumeShadow;
+} EDKII_PEI_FIRMWARE_VOLUME_SHADOW_PPI;
+
+extern EFI_GUID  gEdkiiPeiFirmwareVolumeShadowPpiGuid;
+
+#endif
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index e8058c8bfaec..3eb4a79bf7a0 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -442,6 +442,9 @@ [Guids]
   gBootDiscoveryPolicyMgrFormsetGuid =3D { 0x5b6f7107, 0xbb3c, 0x4660, { 0=
x92, 0xcd, 0x54, 0x26, 0x90, 0x28, 0x0b, 0xbd } }
=20
 [Ppis]
+  ## Include/Ppi/FirmwareVolumeShadowPpi.h
+  gEdkiiPeiFirmwareVolumeShadowPpiGuid =3D { 0x7dfe756c, 0xed8d, 0x4d77, {=
0x9e, 0xc4, 0x39, 0x9a, 0x8a, 0x81, 0x51, 0x16 } }
+
   ## Include/Ppi/AtaController.h
   gPeiAtaControllerPpiGuid       =3D { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0,=
 0x7a, 0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}
=20
--=20
2.39.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101541): https://edk2.groups.io/g/devel/message/101541
Mute This Topic: https://groups.io/mt/97770068/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076=
/xyzzy [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Fri Apr 26 15:04:34 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+101542+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101542+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1679450805; cv=none;
	d=zohomail.com; s=zohoarc;
	b=amny2QsRwuXrGGXBtzJw9XPHd7KBcHtNkzMNiuwxkMnbz6EQWhRdPnjBwlm/mDZfbw896Oo0bnIy+kImwY4762B9JVi6nwTrnZdEao9G1fjA3Q5AcRSvwo69UxjtF913f+i8X5zb7qClFN/N8UzHHX+k8D7d1MHBXMkvWuzgZmo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1679450805;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=DCGBwhnDLLGZrC5NkyWpcctzO3chXYhq6GHf6FPd0JY=;
	b=L6WPd9AtiOVWZVLnF1OV6HmLYmg2TY32lAMsoMfYe1fI0NXJnXZ9UVeJ7SO5qOS034DrAM6SWqfSl2FoLWS91TOZTpBgAgRjyTpwzgqJruLXY9Du80Yi/TKSgM2AR1Q6CKB7HKB/mNrB/DKOG/CHbrvMcpDxS9mgU/SOZ0eMeeQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+101542+1787277+3901457@groups.io;
	dmarc=fail header.from=<michael.d.kinney@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1679450805011590.0158745326627;
 Tue, 21 Mar 2023 19:06:45 -0700 (PDT)
Return-Path: <bounce+27952+101542+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id bCymYY1788612xg9Eww2RS2B;
 Tue, 21 Mar 2023 19:06:44 -0700
X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web11.33155.1679450803170909254
 for <devel@edk2.groups.io>;
 Tue, 21 Mar 2023 19:06:43 -0700
X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="401676653"
X-IronPort-AV: E=Sophos;i="5.98,280,1673942400";
   d="scan'208";a="401676653"
X-Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 Mar 2023 19:06:34 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="746123994"
X-IronPort-AV: E=Sophos;i="5.98,280,1673942400";
   d="scan'208";a="746123994"
X-Received: from mdkinney-mobl2.amr.corp.intel.com ([10.241.98.35])
  by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 Mar 2023 19:06:34 -0700
From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: devel@edk2.groups.io
Cc: Umang Patel <umang.patel@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>
Subject: [edk2-devel] [Patch 2/2] SecurityPkg/FvReportPei: Use
 FirmwareVolumeShadowPpi
Date: Tue, 21 Mar 2023 19:06:26 -0700
Message-Id: <20230322020626.441-3-michael.d.kinney@intel.com>
In-Reply-To: <20230322020626.441-1-michael.d.kinney@intel.com>
References: <20230322020626.441-1-michael.d.kinney@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,michael.d.kinney@intel.com
X-Gm-Message-State: IWx9DBzLC8oGTgseVsCzhmVZx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1679450804;
 bh=1AntzJYLHaJwcy5ajHte89VPjKHPNBLQEt24yW0JeqY=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=kX50naN8+9f607+EmCryCg2xQqLdCYtoJxXx54eKqY9TylwwAMVyYS4TYPAvFw9M+uI
 WgwnLDkgPQF5z9ZfEQWJIWxglrOiI0NONgQOLGeC+N9JVAXxMKP/+btVytF1mT468myfo
 WLED4IvH7QzTXWGEIKDZbwR8m5zEHWAu40o=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1679450806313100006
Content-Type: text/plain; charset="utf-8"

From: Umang Patel <umang.patel@intel.com>

If FirmwareVolumeShadow PPI is available, then use it to
shadow FVs to memory.  Otherwise fallback to CopyMem().

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Patel Umang <umang.patel@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
---
 SecurityPkg/FvReportPei/FvReportPei.c   | 37 ++++++++++++++++++++-----
 SecurityPkg/FvReportPei/FvReportPei.h   |  1 +
 SecurityPkg/FvReportPei/FvReportPei.inf |  1 +
 3 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvReportPe=
i/FvReportPei.c
index 846605cda1e4..6288dde16b2a 100644
--- a/SecurityPkg/FvReportPei/FvReportPei.c
+++ b/SecurityPkg/FvReportPei/FvReportPei.c
@@ -114,12 +114,13 @@ VerifyHashedFv (
   IN EFI_BOOT_MODE   BootMode
   )
 {
-  UINTN                FvIndex;
-  CONST HASH_ALG_INFO  *AlgInfo;
-  UINT8                *HashValue;
-  UINT8                *FvHashValue;
-  VOID                 *FvBuffer;
-  EFI_STATUS           Status;
+  UINTN                                 FvIndex;
+  CONST HASH_ALG_INFO                   *AlgInfo;
+  UINT8                                 *HashValue;
+  UINT8                                 *FvHashValue;
+  VOID                                  *FvBuffer;
+  EDKII_PEI_FIRMWARE_VOLUME_SHADOW_PPI  *FvShadowPpi;
+  EFI_STATUS                            Status;
=20
   if ((HashInfo =3D=3D NULL) ||
       (HashInfo->HashSize =3D=3D 0) ||
@@ -191,8 +192,30 @@ VerifyHashedFv (
     // Copy FV to permanent memory to avoid potential TOC/TOU.
     //
     FvBuffer =3D AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].=
Length));
+
     ASSERT (FvBuffer !=3D NULL);
-    CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)F=
vInfo[FvIndex].Length);
+    Status =3D PeiServicesLocatePpi (
+               &gEdkiiPeiFirmwareVolumeShadowPpiGuid,
+               0,
+               NULL,
+               (VOID **)&FvShadowPpi
+               );
+
+    if (!EFI_ERROR (Status)) {
+      Status =3D FvShadowPpi->FirmwareVolumeShadow (
+                              (EFI_PHYSICAL_ADDRESS)FvInfo[FvIndex].Base,
+                              FvBuffer,
+                              (UINTN)FvInfo[FvIndex].Length
+                              );
+    }
+
+    if (EFI_ERROR (Status)) {
+      CopyMem (
+        FvBuffer,
+        (CONST VOID *)(UINTN)FvInfo[FvIndex].Base,
+        (UINTN)FvInfo[FvIndex].Length
+        );
+    }
=20
     if (!AlgInfo->HashAll (FvBuffer, (UINTN)FvInfo[FvIndex].Length, FvHash=
Value)) {
       Status =3D EFI_ABORTED;
diff --git a/SecurityPkg/FvReportPei/FvReportPei.h b/SecurityPkg/FvReportPe=
i/FvReportPei.h
index 92504a3c51e1..07ffb2f5768c 100644
--- a/SecurityPkg/FvReportPei/FvReportPei.h
+++ b/SecurityPkg/FvReportPei/FvReportPei.h
@@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <IndustryStandard/Tpm20.h>
=20
 #include <Ppi/FirmwareVolumeInfoStoredHashFv.h>
+#include <Ppi/FirmwareVolumeShadowPpi.h>
=20
 #include <Library/PeiServicesLib.h>
 #include <Library/PcdLib.h>
diff --git a/SecurityPkg/FvReportPei/FvReportPei.inf b/SecurityPkg/FvReport=
Pei/FvReportPei.inf
index 408406889765..4246fb75ebaa 100644
--- a/SecurityPkg/FvReportPei/FvReportPei.inf
+++ b/SecurityPkg/FvReportPei/FvReportPei.inf
@@ -46,6 +46,7 @@ [LibraryClasses]
 [Ppis]
   gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid   ## PRODUCES
   gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid  ## CONSUMES
+  gEdkiiPeiFirmwareVolumeShadowPpiGuid            ## CONSUMES
=20
 [Pcd]
   gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass
--=20
2.39.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101542): https://edk2.groups.io/g/devel/message/101542
Mute This Topic: https://groups.io/mt/97770069/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076=
/xyzzy [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-