Hi Laszlo, Thanks for the comments, I will take the first one. But I can't find service to unregister protocol notify in EFI_SMM_SYSTEM_TABLE2. Do you now how the unregister it in SMM driver?
Thanks Zhiguang > -----Original Message----- > From: Laszlo Ersek <ler...@redhat.com> > Sent: Tuesday, June 16, 2020 11:07 PM > To: devel@edk2.groups.io; Liu, Zhiguang <zhiguang....@intel.com> > Cc: Dong, Eric <eric.d...@intel.com>; Ni, Ray <ray...@intel.com>; Kumar, > Rahul1 <rahul1.ku...@intel.com> > Subject: Re: [edk2-devel] [PATCH 5/5] UefiCpuPkg: Uninstall > EFI_SMM_CONFIGURATION_PROTOCOL at end of Dxe. > > On 06/16/20 11:04, Zhiguang Liu wrote: > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2317 > > To avoid leaking information from SMM, uninstall > > EFI_SMM_CONFIGURATION_PROTOCOL at end of Dxe. > > > > Cc: Eric Dong <eric.d...@intel.com> > > Cc: Ray Ni <ray...@intel.com> > > Cc: Laszlo Ersek <ler...@redhat.com> > > Cc: Rahul Kumar <rahul1.ku...@intel.com> > > Signed-off-by: Zhiguang Liu <zhiguang....@intel.com> > > --- > > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 37 > +++++++++++++++++++++++++++++++++++++ > > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 1 + > > 2 files changed, 38 insertions(+) > > > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > > b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > > index db68e1316e..a1b209e125 100644 > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > > @@ -520,6 +520,33 @@ SmmReadyToLockEventNotify ( > > return EFI_SUCCESS; > > } > > > > +/** > > + SMM End of Dxe event notification handler. > > + > > + To avoid leaking information from SMM, uninstall > > + EFI_SMM_CONFIGURATION_PROTOCOL at end of Dxe. > > + > > + @param[in] Protocol Points to the protocol's unique identifier. > > + @param[in] Interface Points to the interface instance. > > + @param[in] Handle The handle on which the interface was installed. > > + > > + @retval EFI_SUCCESS Notification handler runs successfully. > > + **/ > > +EFI_STATUS > > +EFIAPI > > +SmmEndOfDxeNotify ( > > + IN CONST EFI_GUID *Protocol, > > + IN VOID *Interface, > > + IN EFI_HANDLE Handle > > + ) > > +{ > > + gBS->UninstallProtocolInterface ( > > + gSmmCpuPrivate->SmmCpuHandle, > > + &gEfiSmmConfigurationProtocolGuid, &gSmmCpuPrivate- > >SmmConfiguration > > + ); > > + return EFI_SUCCESS; > > +} > > (1) I suggest setting "gSmmCpuPrivate->SmmCpuHandle" to NULL here. > > (2) I also suggest de-registering the gEfiSmmEndOfDxeProtocolGuid > notification. > > Thanks > Laszlo > > > + > > /** > > The module Entry Point of the CPU SMM driver. > > > > @@ -1038,6 +1065,16 @@ PiCpuSmmEntry ( > > ); > > ASSERT_EFI_ERROR (Status); > > > > + // > > + // register SMM End of Dxe notification // Status = > > + gSmst->SmmRegisterProtocolNotify ( > > + &gEfiSmmEndOfDxeProtocolGuid, > > + SmmEndOfDxeNotify, > > + &Registration > > + ); > > + ASSERT_EFI_ERROR (Status); > > + > > // > > // Initialize SMM Profile feature > > // > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf > > b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf > > index 76b1462996..bb994814d6 100644 > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf > > @@ -105,6 +105,7 @@ > > gEfiSmmConfigurationProtocolGuid ## PRODUCES > > gEfiSmmCpuProtocolGuid ## PRODUCES > > gEfiSmmReadyToLockProtocolGuid ## NOTIFY > > + gEfiSmmEndOfDxeProtocolGuid ## NOTIFY > > gEfiSmmCpuServiceProtocolGuid ## PRODUCES > > gEdkiiSmmMemoryAttributeProtocolGuid ## PRODUCES > > gEfiMmMpProtocolGuid ## PRODUCES > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#61374): https://edk2.groups.io/g/devel/message/61374 Mute This Topic: https://groups.io/mt/74912556/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
