From patchwork Wed Jan 16 20:22:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 155759 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1097309jaa; Wed, 16 Jan 2019 12:23:25 -0800 (PST) X-Google-Smtp-Source: ALg8bN6IY/1BK5PkslMcRQc0f2fncvzd88p2vBYf88xjhXq9TPALjEe9teJ/jeogycs9U00tj/Nv X-Received: by 2002:a81:f00c:: with SMTP id p12mr9442657ywm.55.1547670205523; Wed, 16 Jan 2019 12:23:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547670205; cv=none; d=google.com; s=arc-20160816; b=x+hMWZ6R2A5lBV++qdOlHGxMoctWPQ1LKTs9mZxo/cuSgjwqXf/6a59BZ6LXX66rrI w+XEjp5V5yzMsymul3KgNwprFxD6KGQ1AOASdVXwSzAQBsdJ9Aia3pNAWB/0z8MDlEdl 543UHYcHqdlQBgU2976r6FrNO0Rvqqt1PKSYYjRyLMhxxIlBMFjTpJ/DCGbS6VyNMdqc gBX9btML/eDugkmyX7RG4fGgoMZqkIG93eFGv+6t3Zj3AhWQhVb/SWsd1wq55jis00nN 4KI4LxVGeTVievU06wlknw/te+Sz48JNycX99V62cxGeoHjLXoWXVdk5gyIiAVPCSqac 9AAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=XuDfeKsYdyuPf3aaZ9G+nT/P8YWgUS+euUCbPWTXqV8=; b=VmC8w9Piz8QyEqGl5gukMTRmmdJLYFyYuZKTgMO+514QiNcYYE8/3zqgAc2iVqMWLL QCGDzZLWliAUiqIfEl8emQH/84kVDOhISie5G8FD68ZB9S04mg+osEfSPCb7EEEDdA4X Idn5tzO3J0+i0AF785Q3WMnR3IT4BHEOGMha4ZTXgjhPVmVuDd5XfOY0ZVFGgXxr2lJW YSQwMgg9IPdxxbbY9uVN7meyBEvQHODBDlnm2ElBGX8FNdo+ejg9Ij0YVyiQuyZR8xq6 fGc09asdlHQVnibCSuBN1BIkSznwP/WDvQL/XBxtnN6WXOca75b5GPmJr13JCkjXR2rU KjJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=Lbe0SkMp; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1]) by mx.google.com with ESMTPS id q188si4729462ywb.161.2019.01.16.12.23.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Jan 2019 12:23:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) client-ip=2001:19d0:306:5::1; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=Lbe0SkMp; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 7D949211B81B9; Wed, 16 Jan 2019 12:23:02 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::342; helo=mail-wm1-x342.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 83B94211B81B4 for ; Wed, 16 Jan 2019 12:23:00 -0800 (PST) Received: by mail-wm1-x342.google.com with SMTP id y8so3424040wmi.4 for ; Wed, 16 Jan 2019 12:23:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=NdToInAw2cZXALleMn5c4+Ws8R7KnoGPV8oJYfl2cO8=; b=Lbe0SkMpoEVivzFJIwxMsRucVlAnaaQMRmoz29QqWpvzpGHb6EkHY9TlPFRqSIIyWi MPkqxpvATsXHeUUCsx2v5MK+fKplY0PZ+fmkmi62EljWXNNTf10yjIP5nIpX55CwQECu JmL0lOHbE7VJqqisFauG2lcZoyWMhRcUdi2z4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=NdToInAw2cZXALleMn5c4+Ws8R7KnoGPV8oJYfl2cO8=; b=Pl0AoRt1doXKX3G0khQ+5yw4dHg2Um3oxE/DEZAi2KdtwVbdDxDcjy5N6Y6NWsdkfS 0L1Otr3n1wRY1UHPuNd4YdyZn4VPuOltjkJCYeXdYkxu/KxpTA/76/1dDXieIj34N/Bg flcBtBdBBeOnsFeeobeBpJ+S6slSIEgayaw7exWNRt1rW9vlcKkzOMf4TGuxOcBJFIth QLGjytkI8XpmSYTPBdLqC39qRVNh+QQLL7YezUHHET+ZEIXc8PurAjKtYjffqAU3K7a+ WHmvyZLqctAXtQtk7bbqDezEKE1mNKSLr+rplztVlCJm6o2N/NLn9/G6MCZJA8Ibm9cm vgjg== X-Gm-Message-State: AJcUukf5Bbldi5vmSBILZeusI9WMZyhRJ9IzJeQ2E2UnFLpFc7XRYUU4 eGLoMPy4wVFyJshV/RpMV2+CcLQRYyHOcg== X-Received: by 2002:a1c:7511:: with SMTP id o17mr8810843wmc.42.1547670178702; Wed, 16 Jan 2019 12:22:58 -0800 (PST) Received: from dogfood.home ([2a01:cb1d:112:6f00:28df:207d:542c:1451]) by smtp.gmail.com with ESMTPSA id p139sm70901316wmd.31.2019.01.16.12.22.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Jan 2019 12:22:57 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Wed, 16 Jan 2019 21:22:36 +0100 Message-Id: <20190116202236.6977-12-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190116202236.6977-1-ard.biesheuvel@linaro.org> References: <20190116202236.6977-1-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH v2 11/11] StandaloneMmPkg/Core: permit encapsulated firmware volumes X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Standalone MM requires 4 KB section alignment for all images, so that strict permissions can be applied. Unfortunately, this results in a lot of wasted space, which is usually costly in the secure world environment that standalone MM is expected to operate in. So let's permit the standalone MM drivers (but not the core) to be delivered in a compressed firmware volume. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- StandaloneMmPkg/Core/FwVol.c | 99 ++++++++++++++++++-- StandaloneMmPkg/Core/StandaloneMmCore.inf | 1 + StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/StandaloneMmCoreEntryPoint.c | 5 + StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf | 3 + 4 files changed, 99 insertions(+), 9 deletions(-) -- 2.17.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/StandaloneMmPkg/Core/FwVol.c b/StandaloneMmPkg/Core/FwVol.c index 5abf98c24797..8eb827dda5c4 100644 --- a/StandaloneMmPkg/Core/FwVol.c +++ b/StandaloneMmPkg/Core/FwVol.c @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "StandaloneMmCore.h" #include +#include // // List of file types supported by dispatcher @@ -65,15 +66,25 @@ Returns: --*/ { - EFI_STATUS Status; - EFI_STATUS DepexStatus; - EFI_FFS_FILE_HEADER *FileHeader; - EFI_FV_FILETYPE FileType; - VOID *Pe32Data; - UINTN Pe32DataSize; - VOID *Depex; - UINTN DepexSize; - UINTN Index; + EFI_STATUS Status; + EFI_STATUS DepexStatus; + EFI_FFS_FILE_HEADER *FileHeader; + EFI_FV_FILETYPE FileType; + VOID *Pe32Data; + UINTN Pe32DataSize; + VOID *Depex; + UINTN DepexSize; + UINTN Index; + EFI_COMMON_SECTION_HEADER *Section; + VOID *SectionData; + UINTN SectionDataSize; + UINT32 DstBufferSize; + VOID *ScratchBuffer; + UINT32 ScratchBufferSize; + VOID *DstBuffer; + UINT16 SectionAttribute; + UINT32 AuthenticationStatus; + EFI_FIRMWARE_VOLUME_HEADER *InnerFvHeader; DEBUG ((DEBUG_INFO, "MmCoreFfsFindMmDriver - 0x%x\n", FwVolHeader)); @@ -83,6 +94,71 @@ Returns: FvIsBeingProcesssed (FwVolHeader); + // + // First check for encapsulated compressed firmware volumes + // + FileHeader = NULL; + do { + Status = FfsFindNextFile (EFI_FV_FILETYPE_FIRMWARE_VOLUME_IMAGE, + FwVolHeader, &FileHeader); + if (EFI_ERROR (Status)) { + break; + } + Status = FfsFindSectionData (EFI_SECTION_GUID_DEFINED, FileHeader, + &SectionData, &SectionDataSize); + if (EFI_ERROR (Status)) { + break; + } + Section = (EFI_COMMON_SECTION_HEADER *)(FileHeader + 1); + Status = ExtractGuidedSectionGetInfo (Section, &DstBufferSize, + &ScratchBufferSize, &SectionAttribute); + if (EFI_ERROR (Status)) { + break; + } + + // + // Allocate scratch buffer + // + ScratchBuffer = (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (ScratchBufferSize)); + if (ScratchBuffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Allocate destination buffer + // + DstBuffer = (VOID *)(UINTN)AllocatePages (EFI_SIZE_TO_PAGES (DstBufferSize)); + if (DstBuffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Call decompress function + // + Status = ExtractGuidedSectionDecode (Section, &DstBuffer, ScratchBuffer, + &AuthenticationStatus); + FreePages (ScratchBuffer, EFI_SIZE_TO_PAGES (ScratchBufferSize)); + if (EFI_ERROR (Status)) { + goto FreeDstBuffer; + } + + DEBUG ((DEBUG_INFO, + "Processing compressed firmware volume (AuthenticationStatus == %x)\n", + AuthenticationStatus)); + + Status = FindFfsSectionInSections (DstBuffer, DstBufferSize, + EFI_SECTION_FIRMWARE_VOLUME_IMAGE, &Section); + if (EFI_ERROR (Status)) { + goto FreeDstBuffer; + } + + InnerFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(Section + 1); + Status = MmCoreFfsFindMmDriver (InnerFvHeader); + if (EFI_ERROR (Status)) { + goto FreeDstBuffer; + } + } while (TRUE); + for (Index = 0; Index < sizeof (mMmFileTypes) / sizeof (mMmFileTypes[0]); Index++) { DEBUG ((DEBUG_INFO, "Check MmFileTypes - 0x%x\n", mMmFileTypes[Index])); FileType = mMmFileTypes[Index]; @@ -100,5 +176,10 @@ Returns: } while (!EFI_ERROR (Status)); } + return EFI_SUCCESS; + +FreeDstBuffer: + FreePages (DstBuffer, EFI_SIZE_TO_PAGES (DstBufferSize)); + return Status; } diff --git a/StandaloneMmPkg/Core/StandaloneMmCore.inf b/StandaloneMmPkg/Core/StandaloneMmCore.inf index ff2b8b9cef03..83d31e2d92c5 100644 --- a/StandaloneMmPkg/Core/StandaloneMmCore.inf +++ b/StandaloneMmPkg/Core/StandaloneMmCore.inf @@ -49,6 +49,7 @@ [LibraryClasses] BaseMemoryLib CacheMaintenanceLib DebugLib + ExtractGuidedSectionLib FvLib HobLib MemoryAllocationLib diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/StandaloneMmCoreEntryPoint.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/StandaloneMmCoreEntryPoint.c index 5cca532456fd..67ff9112d5c0 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/StandaloneMmCoreEntryPoint.c +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/StandaloneMmCoreEntryPoint.c @@ -205,6 +205,8 @@ GetSpmVersion (VOID) return Status; } +STATIC UINT64 mExtractGuidedSectionHandlerInfo[64]; + /** The entry point of Standalone MM Foundation. @@ -285,6 +287,9 @@ _ModuleEntryPoint ( goto finish; } + PcdSet64 (PcdGuidedExtractHandlerTableAddress, + (UINT64)mExtractGuidedSectionHandlerInfo); + // // Create Hoblist based upon boot information passed by privileged software // diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf index 769eaeeefbea..55d769fa77e4 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf @@ -54,3 +54,6 @@ [Guids] gEfiMmPeiMmramMemoryReserveGuid gEfiStandaloneMmNonSecureBufferGuid gEfiArmTfCpuDriverEpDescriptorGuid + +[PatchPcd] + gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress