Reviewed-by: Jian J Wang <jian.j.w...@intel.com> Regards, Jian
> -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Guomin > Jiang > Sent: Monday, July 20, 2020 7:30 PM > To: devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.w...@intel.com>; Wu, Hao A <hao.a...@intel.com>; > Laszlo Ersek <ler...@redhat.com> > Subject: [edk2-devel] [PATCH v6 01/10] MdeModulePkg: Add new PCD to > control the evacuate temporary memory feature (CVE-2019-11098) > > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 > > The security researcher found that we can get control after NEM disable. > > The reason is that the flash content reside in NEM at startup and the > code will get the content from flash directly after disable NEM. > > To avoid this vulnerability, the feature will copy the PEIMs from > temporary memory to permanent memory and only execute the code in > permanent memory. > > The vulnerability is exist in physical platform and haven't report in > virtual platform, so the virtual can disable the feature currently. > > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Hao A Wu <hao.a...@intel.com> > Signed-off-by: Guomin Jiang <guomin.ji...@intel.com> > Acked-by: Laszlo Ersek <ler...@redhat.com> > Reviewed-by: Jian J Wang <jian.j.w...@intel.com> > --- > MdeModulePkg/MdeModulePkg.dec | 8 ++++++++ > MdeModulePkg/MdeModulePkg.uni | 6 ++++++ > 2 files changed, 14 insertions(+) > > diff --git a/MdeModulePkg/MdeModulePkg.dec > b/MdeModulePkg/MdeModulePkg.dec > index 843e963ad34b..e88f22756d7f 100644 > --- a/MdeModulePkg/MdeModulePkg.dec > +++ b/MdeModulePkg/MdeModulePkg.dec > @@ -1220,6 +1220,14 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] > # @Prompt Shadow Peim and PeiCore on boot > > gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot|TRUE|BOOLEAN| > 0x30001029 > > + ## Enable the feature that evacuate temporary memory to permanent > memory or not > + # Set FALSE as default, if the developer need this feature to avoid this > vulnerability, please > + # enable it in dsc file. > + # TRUE - Evacuate temporary memory, the actions include copy memory, > convert PPI pointers and so on. > + # FALSE - Do nothing, for example, no copy memory, no convert PPI pointers > and so on. > + # @Prompt Evacuate temporary memory to permanent memory > + > gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolum > es|FALSE|BOOLEAN|0x3000102A > + > ## The mask is used to control memory profile behavior.<BR><BR> > # BIT0 - Enable UEFI memory profile.<BR> > # BIT1 - Enable SMRAM profile.<BR> > diff --git a/MdeModulePkg/MdeModulePkg.uni > b/MdeModulePkg/MdeModulePkg.uni > index 2007e0596c4f..5235dee561ad 100644 > --- a/MdeModulePkg/MdeModulePkg.uni > +++ b/MdeModulePkg/MdeModulePkg.uni > @@ -214,6 +214,12 @@ > > "TRUE - Shadow PEIM on S3 > boot path after memory is ready.<BR>\n" > > "FALSE - Not shadow PEIM on > S3 boot path after memory is ready.<BR>" > > +#string > STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMigrateTemporaryRamFirmwareV > olumes_HELP #language en-US "Enable the feature that evacuate temporary > memory to permanent memory or not.<BR><BR>\n" > + > "It will allocate page to > save the temporary PEIMs resided in NEM(or CAR) to the permanent memory > and change all pointers pointed to the NEM(or CAR) to permanent > memory.<BR><BR>\n" > + > "After then, there are > no pointer pointed to NEM(or CAR) and TOCTOU volnerability can be > avoid.<BR><BR>\n" > + > +#string > STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMigrateTemporaryRamFirmwareV > olumes_PROMPT #language en-US "Enable the feature that evacuate temporary > memory to permanent memory or not" > + > #string > STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiDefaultOemId_PROMPT > #language en-US "Default OEM ID for ACPI table creation" > > #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiDefaultOemId_HELP > #language en-US "Default OEM ID for ACPI table creation, its length must be > 0x6 > bytes to follow ACPI specification." > -- > 2.25.1.windows.1 > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63050): https://edk2.groups.io/g/devel/message/63050 Mute This Topic: https://groups.io/mt/75679700/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
