From nobody Tue Feb 10 23:52:59 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+105988+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105988+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1686342394; cv=none; d=zohomail.com; s=zohoarc; b=AiuETWOkBVqMOts74mzlA4Av61g7t59MSaj0U93esfMPbXMN38CiY4AG2Ovx3lDu8Os+R9rDeTPN22glEeHtXcXjMgyUEO/47lZniv3qvWwZt5+zxBeaN7EEiVOGQTS56mbZnWEUjnO/qFjd2ZtVkIDwXIoRJPi2AZ2jNzEjiTs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1686342394; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=KuPyODJ+nkZOsm7kFg1+RtF7hQc14Z+83pKfMqFNKKo=; b=HHpfCKxOr3CEDokouaxIJSdLvrchOzNdySJxkf08qZWihukr9pjpc5+L3BZbsZ0tmtGUyDqhlNnqcpzycvQJq+Q5iBXQ0waQbcECjTErEh4S7VIyP9b+p4TsnNMVBPFIUJ0cXm+2Ax8smTyRVCbNNeS0rOYfm9n7BE/IiriUKzY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+105988+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1686342394980894.0782927027001; Fri, 9 Jun 2023 13:26:34 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xk2KYY1788612xpvjMehsodZ; Fri, 09 Jun 2023 13:26:34 -0700 X-Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web10.4852.1686342393938174145 for ; Fri, 09 Jun 2023 13:26:34 -0700 X-Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1b075e13a5eso11321615ad.3 for ; Fri, 09 Jun 2023 13:26:33 -0700 (PDT) X-Gm-Message-State: mNtHNDBI354zCQCSsigUh17cx1787277AA= X-Google-Smtp-Source: ACHHUZ6aIccLH5NGUDk1Esq3+aYZxPasmqz/kMlBI4zY0gvE7ThHYt0coTaiV/plS1ZJValq8vrqTA== X-Received: by 2002:a17:903:1109:b0:1b0:2d08:eb51 with SMTP id n9-20020a170903110900b001b02d08eb51mr2543481plh.12.1686342393295; Fri, 09 Jun 2023 13:26:33 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.230.135]) by smtp.gmail.com with ESMTPSA id a7-20020a170902ecc700b001a69c1c78e7sm3689500plh.71.2023.06.09.13.26.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 09 Jun 2023 13:26:33 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Taylor Beebe , Jian J Wang , Liming Gao , Dandan Bi Subject: [edk2-devel] [PATCH v1 2/3] MdeModulePkg: Add MemoryProtectionHobLib Definitions and NULL Libs Date: Fri, 9 Jun 2023 13:26:00 -0700 Message-Id: <20230609202601.1153-3-t@taylorbeebe.com> In-Reply-To: <20230609202601.1153-1-t@taylorbeebe.com> References: <20230609202601.1153-1-t@taylorbeebe.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,t@taylorbeebe.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1686342394; bh=HWS4Raynmk87nZxVZjy8FqAzPFoFfotEosDwBD+zxFg=; h=Cc:Date:From:Reply-To:Subject:To; b=o5jsV258gLw4DKL5dv0jAowZu3/io15oUTZ1yRxXJtDRknChX6Iv/66/ZPaydwrCFzN nteCqAfFzF0dkqSNDTauyVez45UQ0iddY4RsJ8U6+a2S2t7KCNqRfIslppS6yU2//C69U LovMY/QSVKeHIHPtJMMeBNnAV0HKXs4QLAY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1686342395984100001 Content-Type: text/plain; charset="utf-8" DxeMemoryProtectionHobLib and MmMemoryProtectionHobLib will fetch the memory protection settings HOB entry for their respective phase, validate the settings, and populate a global for access. Memory protection settings are currently dictated via FixedAtBuild PCDs where the settings needed to be masked. A future patch series will replace instances of checking the PCDs with checks to the memory protection globals populated by MemoryProtectionHobLib. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi --- MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibN= ull.c | 33 ++++++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNu= ll.c | 33 ++++++++++++++++++ MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h = | 36 ++++++++++++++++++++ MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h = | 36 ++++++++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibN= ull.inf | 25 ++++++++++++++ MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNu= ll.inf | 26 ++++++++++++++ MdeModulePkg/MdeModulePkg.dec = | 8 +++++ MdeModulePkg/MdeModulePkg.dsc = | 8 +++++ 8 files changed, 205 insertions(+) diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProte= ctionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemo= ryProtectionHobLibNull.c new file mode 100644 index 000000000000..4f0191d04974 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHo= bLibNull.c @@ -0,0 +1,33 @@ +/** @file +Library defines the gDxeMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include + +// According to the C Specification, a global variable +// which is uninitialized will be zero. The net effect +// is memory protections will be OFF. +DXE_MEMORY_PROTECTION_SETTINGS gDxeMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPE= S bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GU= ARD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_G= UARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetDxeMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ) +{ + return FALSE; +} diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtec= tionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemory= ProtectionHobLibNull.c new file mode 100644 index 000000000000..c62c9d772063 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHob= LibNull.c @@ -0,0 +1,33 @@ +/** @file +Library defines the gMmMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include + +// According to the C Specification, a global variable +// which is uninitialized will be zero. The net effect +// is memory protections will be OFF. +MM_MEMORY_PROTECTION_SETTINGS gMmMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES= bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUA= RD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GU= ARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetMmMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ) +{ + return FALSE; +} diff --git a/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h b/Mde= ModulePkg/Include/Library/DxeMemoryProtectionHobLib.h new file mode 100644 index 000000000000..4f49a00a8683 --- /dev/null +++ b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h @@ -0,0 +1,36 @@ +/** @file + +Library for controlling hob-backed memory protection settings + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ +#define DXE_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ + +#include + +// +// The global used to access current Memory Protection Settings +// +extern DXE_MEMORY_PROTECTION_SETTINGS gDxeMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input DXE_HEAP_GUARD_MEMORY_TYPE= S bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType DXE_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given DXE_HEAP_GU= ARD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given DXE_HEAP_G= UARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetDxeMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN DXE_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ); + +#endif diff --git a/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h b/MdeM= odulePkg/Include/Library/MmMemoryProtectionHobLib.h new file mode 100644 index 000000000000..efeaa9fd55aa --- /dev/null +++ b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h @@ -0,0 +1,36 @@ +/** @file + +Library for controlling hob-backed memory protection settings + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ +#define MM_MEMORY_PROTECTION_HOB_HELPER_LIB_H_ + +#include + +// +// The global used to access current Memory Protection Settings +// +extern MM_MEMORY_PROTECTION_SETTINGS gMmMps; + +/** + Gets the input EFI_MEMORY_TYPE from the input MM_HEAP_GUARD_MEMORY_TYPES= bitfield + + @param[in] MemoryType Memory type to check. + @param[in] HeapGuardMemoryType MM_HEAP_GUARD_MEMORY_TYPES bitfield + + @return TRUE The given EFI_MEMORY_TYPE is TRUE in the given MM_HEAP_GUA= RD_MEMORY_TYPES + @return FALSE The given EFI_MEMORY_TYPE is FALSE in the given MM_HEAP_GU= ARD_MEMORY_TYPES +**/ +BOOLEAN +EFIAPI +GetMmMemoryTypeSettingFromBitfield ( + IN EFI_MEMORY_TYPE MemoryType, + IN MM_HEAP_GUARD_MEMORY_TYPES HeapGuardMemoryType + ); + +#endif diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProte= ctionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMe= moryProtectionHobLibNull.inf new file mode 100644 index 000000000000..6a3166a23b46 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHo= bLibNull.inf @@ -0,0 +1,25 @@ +## @file +# NULL library which defines gDxeMps +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D DxeMemoryProtectionHobLibNull + FILE_GUID =3D a35c1dc1-0769-421b-a8bc-9db69fae4334 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D DxeMemoryProtectionHobLib + +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# + +[Sources] + DxeMemoryProtectionHobLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtec= tionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemo= ryProtectionHobLibNull.inf new file mode 100644 index 000000000000..61f50921ee04 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHob= LibNull.inf @@ -0,0 +1,26 @@ +## @file +# NULL library which defines gMmMps +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D MmMemoryProtectionHobLibNull + FILE_GUID =3D 4e3f6fd9-4ab5-4911-b80b-009d3338b4b2 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D MmMemoryProtectionHobLib + +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# + +[Sources] + MmMemoryProtectionHobLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 89001f217ed1..50dae9180d2b 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -164,6 +164,14 @@ [LibraryClasses] # VariableFlashInfoLib|Include/Library/VariableFlashInfoLib.h =20 + ## @libraryclass Provides a way to toggle DXE memory protection settings + # + DxeMemoryProtectionHobLib|Include/Library/DxeMemoryProtectionHobLib.h + + ## @libraryclass Provides a way to toggle SMM memory protection settings + # + MmMemoryProtectionHobLib|Include/Library/MmMemoryProtectionHobLib.h + [Guids] ## MdeModule package token space guid # Include/Guid/MdeModulePkgTokenSpace.h diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 5b1f50e9c084..ab6848dc934b 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -107,6 +107,12 @@ [LibraryClasses] VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseV= ariableFlashInfoLib.inf IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiComma= ndLibNull.inf =20 +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, Library= Classes.common.UEFI_APPLICATION] + DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNul= l/DxeMemoryProtectionHobLibNull.inf + +[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, Lib= raryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE] + MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull= /MmMemoryProtectionHobLibNull.inf + [LibraryClasses.EBC.PEIM] IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf =20 @@ -231,6 +237,8 @@ [Components] MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLi= bNull.inf + MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLib= Null.inf MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTa= bleLib.inf MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf --=20 2.36.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105988): https://edk2.groups.io/g/devel/message/105988 Mute This Topic: https://groups.io/mt/99437080/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-