From: Taylor Beebe <tabe...@microsoft.com> DxeMemoryProtectionHobLib and MmMemoryProtectionHobLib will fetch the memory protection settings HOB entry for their respective phase, validate the settings, and populate a global for access.
Memory protection settings are currently dictated via FixedAtBuild PCDs where the settings needed to be masked. A future patch series will replace instances of checking the PCDs with checks to the memory protection globals populated by MemoryProtectionHobLib. Signed-off-by: Taylor Beebe <t...@taylorbeebe.com> Cc: Jian J Wang <jian.j.w...@intel.com> Cc: Liming Gao <gaolim...@byosoft.com.cn> Cc: Dandan Bi <dandan...@intel.com> --- .../Library/DxeMemoryProtectionHobLib.h | 20 +++++++++++++ .../Library/MmMemoryProtectionHobLib.h | 20 +++++++++++++ .../DxeMemoryProtectionHobLibNull.c | 13 +++++++++ .../DxeMemoryProtectionHobLibNull.inf | 28 +++++++++++++++++++ .../MmMemoryProtectionHobLibNull.c | 13 +++++++++ .../MmMemoryProtectionHobLibNull.inf | 28 +++++++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 8 ++++++ MdeModulePkg/MdeModulePkg.dsc | 8 ++++++ 8 files changed, 138 insertions(+) create mode 100644 MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h create mode 100644 MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c create mode 100644 MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf diff --git a/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h new file mode 100644 index 0000000000..a6809e564c --- /dev/null +++ b/MdeModulePkg/Include/Library/DxeMemoryProtectionHobLib.h @@ -0,0 +1,20 @@ +/** @file + +Library for accessing memory protection settings. + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef DXE_MEMORY_PROTECTION_HOB_LIB_H_ +#define DXE_MEMORY_PROTECTION_HOB_LIB_H_ + +#include <Guid/DxeMemoryProtectionSettings.h> + +// +// The global used to access current Memory Protection Settings +// +extern DXE_MEMORY_PROTECTION_SETTINGS gDxeMps; + +#endif diff --git a/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h new file mode 100644 index 0000000000..09c25e878e --- /dev/null +++ b/MdeModulePkg/Include/Library/MmMemoryProtectionHobLib.h @@ -0,0 +1,20 @@ +/** @file + +Library for accessing memory protection settings. + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef MM_MEMORY_PROTECTION_HOB_LIB_H_ +#define MM_MEMORY_PROTECTION_HOB_LIB_H_ + +#include <Guid/MmMemoryProtectionSettings.h> + +// +// The global used to access current Memory Protection Settings +// +extern MM_MEMORY_PROTECTION_SETTINGS gMmMps; + +#endif diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c new file mode 100644 index 0000000000..2191a136b7 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.c @@ -0,0 +1,13 @@ +/** @file +Library defines the gDxeMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include <Uefi.h> +#include <Library/DxeMemoryProtectionHobLib.h> + +// A global variable which is uninitialized will be zero. +// The net effect is memory protections will be OFF. +DXE_MEMORY_PROTECTION_SETTINGS gDxeMps; diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf new file mode 100644 index 0000000000..65f66936e3 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf @@ -0,0 +1,28 @@ +## @file +# NULL library which defines gDxeMps +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeMemoryProtectionHobLibNull + FILE_GUID = a35c1dc1-0769-421b-a8bc-9db69fae4334 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = DxeMemoryProtectionHobLib + +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + DxeMemoryProtectionHobLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseMemoryLib diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c new file mode 100644 index 0000000000..6b3f6bae8d --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.c @@ -0,0 +1,13 @@ +/** @file +Library defines the gMmMps global + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include <Uefi.h> +#include <Library/MmMemoryProtectionHobLib.h> + +// A global variable which is uninitialized will be zero. +// The net effect is memory protections will be OFF. +MM_MEMORY_PROTECTION_SETTINGS gMmMps; diff --git a/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf new file mode 100644 index 0000000000..5621ccbdb6 --- /dev/null +++ b/MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf @@ -0,0 +1,28 @@ +## @file +# NULL library which defines gMmMps +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = MmMemoryProtectionHobLibNull + FILE_GUID = 4e3f6fd9-4ab5-4911-b80b-009d3338b4b2 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = MmMemoryProtectionHobLib + +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + MmMemoryProtectionHobLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseMemoryLib diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index f8c0fb4e93..2541b2b044 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -164,6 +164,14 @@ # VariableFlashInfoLib|Include/Library/VariableFlashInfoLib.h + ## @libraryclass Provides a way to toggle DXE memory protection settings + # + DxeMemoryProtectionHobLib|Include/Library/DxeMemoryProtectionHobLib.h + + ## @libraryclass Provides a way to toggle SMM memory protection settings + # + MmMemoryProtectionHobLib|Include/Library/MmMemoryProtectionHobLib.h + [Guids] ## MdeModule package token space guid # Include/Guid/MdeModulePkgTokenSpace.h diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 1aedfe280a..3fad493c7f 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -107,6 +107,12 @@ VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf +[LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_CORE, LibraryClasses.common.UEFI_APPLICATION] + DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf + +[LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE] + MmMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf + [LibraryClasses.EBC.PEIM] IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf @@ -231,6 +237,8 @@ MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf + MdeModulePkg/Library/MemoryProtectionHobLibNull/MmMemoryProtectionHobLibNull.inf MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf MdeModulePkg/Library/PiSmmCoreSmmServicesTableLib/PiSmmCoreSmmServicesTableLib.inf MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf -- 2.41.0.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106825): https://edk2.groups.io/g/devel/message/106825 Mute This Topic: https://groups.io/mt/100090632/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
