From patchwork Wed Apr 27 19:20:49 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laszlo Ersek <lersek@redhat.com>
X-Patchwork-Id: 66831
Delivered-To: patch@linaro.org
Received: by 10.140.93.198 with SMTP id d64csp2366761qge;
 Wed, 27 Apr 2016 12:21:07 -0700 (PDT)
X-Received: by 10.98.29.16 with SMTP id d16mr14316027pfd.142.1461784863946; 
 Wed, 27 Apr 2016 12:21:03 -0700 (PDT)
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1])
 by mx.google.com with ESMTPS id
 d27si5496743pfj.14.2016.04.27.12.21.03
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 27 Apr 2016 12:21:03 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1
 as permitted sender) client-ip=2001:19d0:306:5::1; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1
 as permitted sender)
 smtp.mailfrom=edk2-devel-bounces@lists.01.org
Received: from [127.0.0.1] (localhost [IPv6:::1])
 by ml01.01.org (Postfix) with ESMTP id 8C3711A1F2E;
 Wed, 27 Apr 2016 12:21:03 -0700 (PDT)
X-Original-To: edk2-devel@ml01.01.org
Delivered-To: edk2-devel@ml01.01.org
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 074FD1A1F2E
 for <edk2-devel@ml01.01.org>; Wed, 27 Apr 2016 12:21:02 -0700 (PDT)
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
 (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 9240046291;
 Wed, 27 Apr 2016 19:21:01 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-86.phx2.redhat.com
 [10.3.113.86])
 by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
 ESMTP id u3RJKqTe023137; Wed, 27 Apr 2016 15:21:00 -0400
From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel-01 <edk2-devel@ml01.01.org>
Date: Wed, 27 Apr 2016 21:20:49 +0200
Message-Id: <1461784849-30809-4-git-send-email-lersek@redhat.com>
In-Reply-To: <1461784849-30809-1-git-send-email-lersek@redhat.com>
References: <1461784849-30809-1-git-send-email-lersek@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
Subject: [edk2] [PATCH 3/3] OvmfPkg: PlatformBdsLib: lock down SMM
 regardless of S3
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>, Jordan Justen <jordan.l.justen@intel.com>, 
 Feng Tian <feng.tian@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Star Zeng <star.zeng@intel.com>
MIME-Version: 1.0
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>

At the moment, the EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL is only installed if
S3 is enabled -- at the end of SaveS3BootScript().

While a runtime OS is never booted with SMM unlocked (because the SMM IPL
locks down SMM as a last resort:

> SMM IPL!  DXE SMM Ready To Lock Protocol not installed before Ready To
> Boot signal
> SmmInstallProtocolInterface: [EfiSmmReadyToLockProtocol] 0
> Patch page table start ...
> Patch page table done!
> SMM IPL locked SMRAM window

), we shouldn't allow UEFI drivers and applications either to mess with
SMM just because S3 is disabled. So install
EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL in PlatformBdsInit() unconditionally.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c | 29 +++++++++++---------
 1 file changed, 16 insertions(+), 13 deletions(-)

-- 
1.8.3.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

diff --git a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
index b22f2a74a9d8..8354f31ac2fe 100644
--- a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -122,12 +122,15 @@ Arguments:
 Returns:
 
   None.
 
 --*/
 {
+  EFI_HANDLE Handle;
+  EFI_STATUS Status;
+
   DEBUG ((EFI_D_INFO, "PlatformBdsInit\n"));
   InstallDevicePathCallback ();
 
   VisitAllInstancesOfProtocol (&gEfiPciRootBridgeIoProtocolGuid,
     ConnectRootBridge, NULL);
 
@@ -144,17 +147,26 @@ Returns:
   // earlier, hence we can't signal End-of-Dxe earlier.
   //
   EfiEventGroupSignal (&gEfiEndOfDxeEventGroupGuid);
 
   if (QemuFwCfgS3Enabled ()) {
     //
-    // Save the boot script too. Note that this requires/includes emitting the
-    // DxeSmmReadyToLock event, which in turn locks down SMM.
+    // Save the boot script too. Note that this will require us to emit the
+    // DxeSmmReadyToLock event just below, which in turn locks down SMM.
     //
     SaveS3BootScript ();
   }
+
+  //
+  // Prevent further changes to LockBoxes or SMRAM.
+  //
+  Handle = NULL;
+  Status = gBS->InstallProtocolInterface (&Handle,
+                  &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE,
+                  NULL);
+  ASSERT_EFI_ERROR (Status);
 }
 
 
 EFI_STATUS
 EFIAPI
 ConnectRootBridge (
@@ -1203,26 +1215,23 @@ Returns:
 }
 
 
 /**
   Save the S3 boot script.
 
-  Note that we trigger DxeSmmReadyToLock here -- otherwise the script wouldn't
-  be saved actually. Triggering this protocol installation event in turn locks
-  down SMM, so no further changes to LockBoxes or SMRAM are possible
-  afterwards.
+  Note that DxeSmmReadyToLock must be signaled after this function returns;
+  otherwise the script wouldn't be saved actually.
 **/
 STATIC
 VOID
 SaveS3BootScript (
   VOID
   )
 {
   EFI_STATUS                 Status;
   EFI_S3_SAVE_STATE_PROTOCOL *BootScript;
-  EFI_HANDLE                 Handle;
   STATIC CONST UINT8         Info[] = { 0xDE, 0xAD, 0xBE, 0xEF };
 
   Status = gBS->LocateProtocol (&gEfiS3SaveStateProtocolGuid, NULL,
                   (VOID **) &BootScript);
   ASSERT_EFI_ERROR (Status);
 
@@ -1232,18 +1241,12 @@ SaveS3BootScript (
   // than storing just a pointer to runtime or NVS storage.
   //
   Status = BootScript->Write(BootScript, EFI_BOOT_SCRIPT_INFORMATION_OPCODE,
                          (UINT32) sizeof Info,
                          (EFI_PHYSICAL_ADDRESS)(UINTN) &Info);
   ASSERT_EFI_ERROR (Status);
-
-  Handle = NULL;
-  Status = gBS->InstallProtocolInterface (&Handle,
-                  &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE,
-                  NULL);
-  ASSERT_EFI_ERROR (Status);
 }
 
 
 VOID
 EFIAPI
 PlatformBdsPolicyBehavior (