From patchwork Fri Jan 4 11:03:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 154762 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp495750ljp; Fri, 4 Jan 2019 03:03:49 -0800 (PST) X-Google-Smtp-Source: ALg8bN4FhwCvrfT2MQbtO0btFfoIZK7V+KeP+Hh5mUpWtYKkb1nBTEp+U+VLjh7/Esl3RY/B9Af4 X-Received: by 2002:a63:4187:: with SMTP id o129mr1150583pga.370.1546599829817; Fri, 04 Jan 2019 03:03:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546599829; cv=none; d=google.com; s=arc-20160816; b=k5817efTENZRA2qSP0PU8NTmU2TN9/++TBJ8Rq6HPnvA6n3p0UPe+Bv/aB68texkEJ bB8Xanu3W8XAEY8MmGTsACt1FMjkngto065QezvufdoDKF+4kJeYVHstao5ylWmrMvvn qdqjynGI2Tt94ZTgQhzyBgJ+m/hmPP2RNQqC8uhknjTqT/bLCLa8d3ZnQvlZ4DDHNlDB Wj+lLydbYI6hI+gMSEUXzeCbqGsoAVQXt/8nbGkDfS8+M1LIjjkc6X64NW4kKNC/iQi1 8qDUeiAUbmCn20zwZXfjAvyl1GNJXNL65+Kz/lN9w4GG8YCDgNTbmHSXh3EDK++OtN+f pFLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=Y5bhNZ2NgQRcGPlpYRl7AM9qWtKkWncB1FoAhuEH1HU=; b=BDl4MQswdaE8xecnhTBRhrINOPJtOW44nu39rFTJh83oK8MJMDSyg2DsMnS9wc4rrC 4zb9jXT8a0b2mtct6GXlAt8Uu5IqL132J/O8llK8/dt/fdKzxiVInqedgWHN0u6GfvHC Kmg2KKzzhDgyM15baikkv5nGvVDbIgqTicHWaVtWPm7IQZiHWfDDYF+jJQt3NWhmFCCb F6pktb8pekIbJPjD0yoVNzAj/I+6TI14pGwiYddS4tIdikoZigyr7/sPqDov7RXTLX94 5uOeQUsvna8qnUNDCDr4Fr/9PUYffJ1FKV0ppHFpSaZVF0UO3Qio4WTl7kpi/sbpqtbY 5J7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=TSAXFnk7; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id 18si3128152pgo.331.2019.01.04.03.03.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Jan 2019 03:03:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=TSAXFnk7; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6D7A7211AE8C9; Fri, 4 Jan 2019 03:03:37 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::544; helo=mail-ed1-x544.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-ed1-x544.google.com (mail-ed1-x544.google.com [IPv6:2a00:1450:4864:20::544]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 24DE8211AE8BA for ; Fri, 4 Jan 2019 03:03:35 -0800 (PST) Received: by mail-ed1-x544.google.com with SMTP id a20so24672291edc.8 for ; Fri, 04 Jan 2019 03:03:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Hli/q0XoE/UtzHjDRSUIMt2BcGy9QJBwUJV8lE4bcak=; b=TSAXFnk7eF4QjKPhYPI9fwrVH+A2F8w2sTQsfXCE2/YawoQlpgdo27BkXwxmK/dZDP CbbxyHdJOhchNY1U403fvFTm+lNLp/NvXcsQML2jVOyOAqN7QRZ+k60DwQcSpaOLaEHP 768OMqbKNHPlg44knqszJvLybvdNRwd7cMGcQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Hli/q0XoE/UtzHjDRSUIMt2BcGy9QJBwUJV8lE4bcak=; b=WQ9RHky+7gV8UByispJCfT4DQaE5CCHj25+8tsEhRyOsucQA9BlAI+LI/pNrYYCMIO 38UuETgNtlBUdA+qzvk637AqY8GLDZv9jXofTtlo1lk0EL6LZDS+td1CbXMoKC7GhBVu RhBKZTNEpZTumT0gX7qKziqVkB5FCU+y/2A17hNgMpoc3iUb7DUcg16fsfF/9vFP7FvP 6kU8MtzRsSo64+dIiLpQUPabpV1te34RCMZgeewCJOdcvwsbhNdhPEDnshipH0SJocuz 1aeb+MTwoQNFVfoa9aHWGbMmGwnDUSWyRiWddvwOxDou3GbR+10NqHA2L/2vcDvfPNK6 dm0w== X-Gm-Message-State: AA+aEWYFdY0Htc2oczApL68Z2KWBoX08RropPbusvxJFF9uWlw8lDOHr L/RaXPvGnVRPSELM5OdupGyPoQZAILqC4Q== X-Received: by 2002:a17:906:1c5b:: with SMTP id l27-v6mr38823170ejg.118.1546599813415; Fri, 04 Jan 2019 03:03:33 -0800 (PST) Received: from dogfood.home ([2a01:cb1d:112:6f00:704e:c241:dc88:597d]) by smtp.gmail.com with ESMTPSA id n11sm26650578edn.14.2019.01.04.03.03.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Jan 2019 03:03:32 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Fri, 4 Jan 2019 12:03:14 +0100 Message-Id: <20190104110315.18339-8-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190104110315.18339-1-ard.biesheuvel@linaro.org> References: <20190104110315.18339-1-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH 7/8] StandaloneMmPkg/StandaloneMmCoreEntryPoint: permit the use of TE images X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" TE images take up less space when using 4 KB section alignment, since the FFS/FV generation code optimizes away the redundant, nested padding. This saves 4 KB of space, which is a worthwhile improvement for code that executes in place in secure context. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c | 107 +++++++++----------- 1 file changed, 46 insertions(+), 61 deletions(-) -- 2.17.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c index 3ca7f6660f47..90299ebbafb6 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c @@ -143,9 +143,12 @@ LocateStandaloneMmCorePeCoffData ( Status = FfsFindSectionData (EFI_SECTION_PE32, FileHeader, TeData, TeDataSize); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - 0x%x\n", - Status)); - return Status; + Status = FfsFindSectionData (EFI_SECTION_TE, FileHeader, TeData, TeDataSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - %r\n", + Status)); + return Status; + } } DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", *TeData)); @@ -155,10 +158,9 @@ LocateStandaloneMmCorePeCoffData ( STATIC EFI_STATUS GetPeCoffSectionInformation ( - IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, - IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *TmpContext, - IN OUT UINT32 *SectionHeaderOffset, - IN OUT UINT16 *NumberOfSections + IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, + OUT UINT32 *SectionHeaderOffset, + OUT UINT16 *NumberOfSections ) { RETURN_STATUS Status; @@ -168,44 +170,29 @@ GetPeCoffSectionInformation ( UINTN ReadSize; ASSERT (ImageContext != NULL); - ASSERT (TmpContext != NULL); ASSERT (SectionHeaderOffset != NULL); ASSERT (NumberOfSections != NULL); - // - // We need to copy ImageContext since PeCoffLoaderGetImageInfo () - // will mangle the ImageAddress field - // - CopyMem (TmpContext, ImageContext, sizeof (*TmpContext)); - - if (TmpContext->PeCoffHeaderOffset == 0) { - Status = PeCoffLoaderGetImageInfo (TmpContext); - if (RETURN_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, - "%a: PeCoffLoaderGetImageInfo () failed (Status = %r)\n", - __FUNCTION__, Status)); - return Status; - } - } - - if (TmpContext->IsTeImage && - TmpContext->ImageAddress == ImageContext->ImageAddress) { - DEBUG ((DEBUG_INFO, "%a: ignoring XIP TE image at 0x%lx\n", __FUNCTION__, - ImageContext->ImageAddress)); - return RETURN_UNSUPPORTED; + Status = PeCoffLoaderGetImageInfo (ImageContext); + if (RETURN_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, + "%a: PeCoffLoaderGetImageInfo () failed (Status == %r)\n", + __FUNCTION__, Status)); + return Status; } - if (TmpContext->SectionAlignment < EFI_PAGE_SIZE) { + if (ImageContext->SectionAlignment < EFI_PAGE_SIZE) { // // The sections need to be at least 4 KB aligned, since that is the // granularity at which we can tighten permissions. // - if (!TmpContext->IsTeImage) { + if (!ImageContext->IsTeImage) { DEBUG ((DEBUG_WARN, "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n", - __FUNCTION__, ImageContext->ImageAddress, TmpContext->SectionAlignment)); + __FUNCTION__, ImageContext->ImageAddress, ImageContext->SectionAlignment)); + return RETURN_UNSUPPORTED; } - return RETURN_UNSUPPORTED; + ImageContext->SectionAlignment = EFI_PAGE_SIZE; } // @@ -217,9 +204,9 @@ GetPeCoffSectionInformation ( Hdr.Union = &HdrData; Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION); ReadSize = Size; - Status = TmpContext->ImageRead ( - TmpContext->Handle, - TmpContext->PeCoffHeaderOffset, + Status = ImageContext->ImageRead ( + ImageContext->Handle, + ImageContext->PeCoffHeaderOffset, &Size, Hdr.Pe32 ); @@ -231,23 +218,28 @@ GetPeCoffSectionInformation ( return Status; } - ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE); - - *SectionHeaderOffset = TmpContext->PeCoffHeaderOffset + sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER); - *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections; - - switch (Hdr.Pe32->OptionalHeader.Magic) { - case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: - *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader; - break; - case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: - *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader; - break; - default: - ASSERT (FALSE); + if (!ImageContext->IsTeImage) { + ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE); + + *SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER); + *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections; + + switch (Hdr.Pe32->OptionalHeader.Magic) { + case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: + *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader; + break; + case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: + *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader; + break; + default: + ASSERT (FALSE); + } + } else { + *SectionHeaderOffset = (UINTN)(sizeof (EFI_TE_IMAGE_HEADER)); + *NumberOfSections = Hdr.Te->NumberOfSections; + ImageContext->ImageAddress -= (UINT32)Hdr.Te->StrippedSize - sizeof (EFI_TE_IMAGE_HEADER); } - return RETURN_SUCCESS; } @@ -261,7 +253,6 @@ GetStandaloneMmCorePeCoffSections ( ) { EFI_STATUS Status; - PE_COFF_LOADER_IMAGE_CONTEXT TmpContext; // Initialize the Image Context ZeroMem (ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT)); @@ -270,15 +261,9 @@ GetStandaloneMmCorePeCoffSections ( DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData)); - Status = PeCoffLoaderGetImageInfo (ImageContext); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Image information - 0x%x\n", Status)); - return Status; - } - - Status = GetPeCoffSectionInformation (ImageContext, &TmpContext, SectionHeaderOffset, NumberOfSections); + Status = GetPeCoffSectionInformation (ImageContext, SectionHeaderOffset, NumberOfSections); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - 0x%x\n", Status)); + DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - %r\n", Status)); return Status; }