From patchwork Tue Mar 5 13:32:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 159658 Delivered-To: patch@linaro.org Received: by 2002:a02:5cc1:0:0:0:0:0 with SMTP id w62csp4975068jad; Tue, 5 Mar 2019 05:33:19 -0800 (PST) X-Google-Smtp-Source: APXvYqwOtmhSEyrOOVh93uO6w/7z3g2VwH/PVHHxzuDJ6nhxg8SI1hxHqqDIcNe4UjU2LtRBMXJM X-Received: by 2002:a17:902:b609:: with SMTP id b9mr1265554pls.134.1551792799260; Tue, 05 Mar 2019 05:33:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551792799; cv=none; d=google.com; s=arc-20160816; b=YB4h2kS9p6VG4DKkOV0SwnuqlwHMPgK3mcbs17fa7uQQsGL4/e8TOmj4fcBOn+RRxc b90uevni05lEHMEp/hR27yqjB2BsSgKd3xpXNGcq3/81ASAYch05CnFbcUaBbt0D0PJg KofcbOG8gwKPzCjeFZDgvg2dqHCfu+ZvdHsp6DuxUqRIY6NPrQFbmScNBzzVH6q7HT0T 1UkUH/LNuQcngjpz1WdTVsIEc58WsI0gcZmTbJlp+MDrr6s+7AZkeZhyJJoXgx0vDUCf rD95TFDx3VlIKMDUX+RH5anP13c19VUdceHn56PgxXIp7EmiWHgHrUa4A5nOuf+LNZoh oEZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=m1+IZenHKPZAj7o0OXsxIyJvRsClGnl7pGn8ah7j/nU=; b=X6o4EtXro7xe+r4lZktXJ06j+jYT+COMR/70yDQW9gc3nlFF35cnBxN+tr2b/Y4p0K 4z62+p87q1GFZYXIedZ2hQ7zCaYlWwyVbdZGSKWfLQujWc8locEcFL/tYjdxt1rDgkeb IF6HlPyHyQhrwgz/qw00IhN3qmCMLMnJlzv1XYVFBdXbB+u+wLTDjNR9SEZCYRsCgt9g x+zGfYAfjnIId7vKrNBKwwrU1+2gzInHVPxiX3MCAR9Ur5yZkWw/+2slhrMCMB2WZGCn Ekq9rV+bLOqhzEJ7qojGRLp+/WuHVX4uNFvEMJvNQEMqrhkhEtYxOQ+qTlBNoJEihw1E 5+WA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b="e/yLKxmz"; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id 42si1339389pld.383.2019.03.05.05.33.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Mar 2019 05:33:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b="e/yLKxmz"; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 0C38D211D5064; Tue, 5 Mar 2019 05:33:07 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::441; helo=mail-wr1-x441.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 61EC4211D5061 for ; Tue, 5 Mar 2019 05:33:05 -0800 (PST) Received: by mail-wr1-x441.google.com with SMTP id r5so9471943wrg.9 for ; Tue, 05 Mar 2019 05:33:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rky618Avva4UqzStzvPcrQ3U6Des/fM8Ep0IpBc6i0M=; b=e/yLKxmz5ed1SDWrhWOg0Ho/KUVLPq57ODT+5lyK7VW7xqBG4A0HHChQBzCTXH7xRh dg0aO+qyha4+qpUPf45PUUfijTsrZ5YRECPkh+9OGn6ECk3IiaUuBWWdPAsvVrr2DQeg VVrBILzH3nS7RxR6RaS7nV0+KFiA8Lb+hW4Ekzxe54cbAo1nGV0H5xNR/N8R7+frxUts +cpNEtAL2jwo/1pfzin6UxiD4otZautSmNQaQTxDsM4p2C/yUr9yGNPgcmOi0H9guS2d DRZKMSY+iYctzwiVkthdVotY/zuWaN+hWoLiA3eDZ7ysLaw6y20FeiH6wa/OOHdYsDyp 526w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rky618Avva4UqzStzvPcrQ3U6Des/fM8Ep0IpBc6i0M=; b=bcZ8Dnwuo9z13Ji3jKJwUHjrCOlV2E7SNEG38YUA6TNRAssbp5pm7XYgHMcgXRyQHn WsmctlzvNgJ5pC4pC0iilr3FZk4srNzRMRipgoZ4CQbXYl2pUlqwBzpDA1ykOIf/PoKW Y6ZmG3+4bi3CfMmxhfWNHYWxODuVq3XoSLDleNP6gOj/ftam6eutULnKNBp98Ry2GyD3 ikgbb940AKUD7YhuOmMqzoyCq75+AJn8EqbUcMcfvmUDg145O5inA+z+9bTQIckuxscb UcC2DLiT9SEkm7rbN18AgJlfH/ct6LfZROBdNJBlH/RYyEwoQMvJiD2tT6KnpT8x4/PX C8Ew== X-Gm-Message-State: APjAAAUhuyJPJiLdXug79xjXgPCbTZDJnRScvbxffkhtJyVNLXIJWPJ8 Sb4g76ixY8LxYKXZ5aZ58WBSsCkEoBQ= X-Received: by 2002:adf:e48a:: with SMTP id i10mr17300232wrm.257.1551792783667; Tue, 05 Mar 2019 05:33:03 -0800 (PST) Received: from localhost.localdomain (aputeaux-684-1-18-114.w90-86.abo.wanadoo.fr. [90.86.221.114]) by smtp.gmail.com with ESMTPSA id i4sm8370097wrw.19.2019.03.05.05.33.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Mar 2019 05:33:02 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Tue, 5 Mar 2019 14:32:44 +0100 Message-Id: <20190305133248.4828-7-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190305133248.4828-1-ard.biesheuvel@linaro.org> References: <20190305133248.4828-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Subject: [edk2] [PATCH 06/10] StandaloneMmPkg/Core: permit encapsulated firmware volumes X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Standalone MM requires 4 KB section alignment for all images, so that strict permissions can be applied. Unfortunately, this results in a lot of wasted space, which is usually costly in the secure world environment that standalone MM is expected to operate in. So let's permit the standalone MM drivers (but not the core) to be delivered in a compressed firmware volume. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- StandaloneMmPkg/Core/StandaloneMmCore.inf | 1 + StandaloneMmPkg/Core/FwVol.c | 99 ++++++++++++++++++-- 2 files changed, 91 insertions(+), 9 deletions(-) -- 2.20.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel Reviewed-by: jiewen.yao@intel.com Reviewed-by: achin.gupta@arm.com diff --git a/StandaloneMmPkg/Core/StandaloneMmCore.inf b/StandaloneMmPkg/Core/StandaloneMmCore.inf index ff2b8b9cef03..83d31e2d92c5 100644 --- a/StandaloneMmPkg/Core/StandaloneMmCore.inf +++ b/StandaloneMmPkg/Core/StandaloneMmCore.inf @@ -49,6 +49,7 @@ [LibraryClasses] BaseMemoryLib CacheMaintenanceLib DebugLib + ExtractGuidedSectionLib FvLib HobLib MemoryAllocationLib diff --git a/StandaloneMmPkg/Core/FwVol.c b/StandaloneMmPkg/Core/FwVol.c index 5abf98c24797..d95491f252f9 100644 --- a/StandaloneMmPkg/Core/FwVol.c +++ b/StandaloneMmPkg/Core/FwVol.c @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "StandaloneMmCore.h" #include +#include // // List of file types supported by dispatcher @@ -65,15 +66,25 @@ Returns: --*/ { - EFI_STATUS Status; - EFI_STATUS DepexStatus; - EFI_FFS_FILE_HEADER *FileHeader; - EFI_FV_FILETYPE FileType; - VOID *Pe32Data; - UINTN Pe32DataSize; - VOID *Depex; - UINTN DepexSize; - UINTN Index; + EFI_STATUS Status; + EFI_STATUS DepexStatus; + EFI_FFS_FILE_HEADER *FileHeader; + EFI_FV_FILETYPE FileType; + VOID *Pe32Data; + UINTN Pe32DataSize; + VOID *Depex; + UINTN DepexSize; + UINTN Index; + EFI_COMMON_SECTION_HEADER *Section; + VOID *SectionData; + UINTN SectionDataSize; + UINT32 DstBufferSize; + VOID *ScratchBuffer; + UINT32 ScratchBufferSize; + VOID *DstBuffer; + UINT16 SectionAttribute; + UINT32 AuthenticationStatus; + EFI_FIRMWARE_VOLUME_HEADER *InnerFvHeader; DEBUG ((DEBUG_INFO, "MmCoreFfsFindMmDriver - 0x%x\n", FwVolHeader)); @@ -83,6 +94,71 @@ Returns: FvIsBeingProcesssed (FwVolHeader); + // + // First check for encapsulated compressed firmware volumes + // + FileHeader = NULL; + do { + Status = FfsFindNextFile (EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE, + FwVolHeader, &FileHeader); + if (EFI_ERROR (Status)) { + break; + } + Status = FfsFindSectionData (EFI_SECTION_GUID_DEFINED, FileHeader, + &SectionData, &SectionDataSize); + if (EFI_ERROR (Status)) { + break; + } + Section = (EFI_COMMON_SECTION_HEADER *)(FileHeader + 1); + Status = ExtractGuidedSectionGetInfo (Section, &DstBufferSize, + &ScratchBufferSize, &SectionAttribute); + if (EFI_ERROR (Status)) { + break; + } + + // + // Allocate scratch buffer + // + ScratchBuffer = (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (ScratchBufferSize)); + if (ScratchBuffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Allocate destination buffer, extra one page for adjustment + // + DstBuffer = (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (DstBufferSize)); + if (DstBuffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Call decompress function + // + Status = ExtractGuidedSectionDecode (Section, &DstBuffer, ScratchBuffer, + &AuthenticationStatus); + FreePages (ScratchBuffer, EFI_SIZE_TO_PAGES (ScratchBufferSize)); + if (EFI_ERROR (Status)) { + goto FreeDstBuffer; + } + + DEBUG ((DEBUG_INFO, + "Processing compressed firmware volume (AuthenticationStatus == %x)\n", + AuthenticationStatus)); + + Status = FindFfsSectionInSections (DstBuffer, DstBufferSize, + EFI_SECTION_FIRMWARE_VOLUME_IMAGE, &Section); + if (EFI_ERROR (Status)) { + goto FreeDstBuffer; + } + + InnerFvHeader = (VOID *)(Section + 1); + Status = MmCoreFfsFindMmDriver (InnerFvHeader); + if (EFI_ERROR (Status)) { + goto FreeDstBuffer; + } + } while (TRUE); + for (Index = 0; Index < sizeof (mMmFileTypes) / sizeof (mMmFileTypes[0]); Index++) { DEBUG ((DEBUG_INFO, "Check MmFileTypes - 0x%x\n", mMmFileTypes[Index])); FileType = mMmFileTypes[Index]; @@ -100,5 +176,10 @@ Returns: } while (!EFI_ERROR (Status)); } + return EFI_SUCCESS; + +FreeDstBuffer: + FreePages (DstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize)); + return Status; }