On 10/9/23 02:07, Taylor Beebe wrote:
> SetMemoryProtectionsLib is a PEIM which allows platforms to
> apply memory protection settings to the current boot.
>
> GetMemoryProtectionsLib has DXE and MM implementations to allow
> platforms to query the current memory protection settings via a
> global variable populated by the library Implementations.
>
> The global variable is a union of the MM and DXE settings. the
> DXE struct is only valid in a DXE module and the MM struct is
> only valid in an SMM or Stanalone MM module.
>
> Signed-off-by: Taylor Beebe <taylor.d.be...@gmail.com>
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Liming Gao <gaolim...@byosoft.com.cn>
> ---
> MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h | 83 +++++++++++
> MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h | 152
> ++++++++++++++++++++
> MdeModulePkg/MdeModulePkg.dec | 8 ++
> 3 files changed, 243 insertions(+)
>
> diff --git a/MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h
> b/MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h
> new file mode 100644
> index 000000000000..c8f7084e9c80
> --- /dev/null
> +++ b/MdeModulePkg/Include/Library/GetMemoryProtectionsLib.h
> @@ -0,0 +1,83 @@
> +/** @file
> +Library for accessing the platform memory protection settings.
> +
> +Copyright (c) Microsoft Corporation.
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef GET_MEMORY_PROTECTION_SETTINGS_LIB_H_
> +#define GET_MEMORY_PROTECTION_SETTINGS_LIB_H_
> +
> +#include <Library/BaseMemoryLib.h>
> +#include <Guid/MemoryProtectionSettings.h>
> +
> +#pragma pack(1)
> +
> +typedef union {
> + DXE_MEMORY_PROTECTION_SETTINGS Dxe;
> + MM_MEMORY_PROTECTION_SETTINGS Mm;
> +} MEMORY_PROTECTION_SETTINGS_UNION;
> +
> +#pragma pack()
> +
> +// The global used to access current Memory Protection Settings
> +extern MEMORY_PROTECTION_SETTINGS_UNION gMps;
> +
> +#define MPS_IS_DXE_SIGNATURE_VALID (gMps.Dxe.Signature ==
> DXE_MEMORY_PROTECTION_SIGNATURE)
> +#define MPS_IS_MM_SIGNATURE_VALID (gMps.Mm.Signature ==
> MM_MEMORY_PROTECTION_SIGNATURE)
> +
> +#define IS_DXE_PAGE_GUARD_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID
> && \
> + !IsZeroBuffer
> (&gMps.Dxe.PageGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE) && \
> + gMps.Dxe.HeapGuard.PageGuardEnabled)
> +
> +#define IS_DXE_POOL_GUARD_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID
> && \
> + !IsZeroBuffer
> (&gMps.Dxe.PoolGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE) && \
> + gMps.Dxe.HeapGuard.PoolGuardEnabled)
> +
> +#define IS_DXE_EXECUTION_PROTECTION_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID
> && \
> + !IsZeroBuffer
> (&gMps.Dxe.ExecutionProtection.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE))
> +
> +#define IS_DXE_IMAGE_PROTECTION_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID
> && \
> +
> (gMps.Dxe.ImageProtection.ProtectImageFromFv || \
> +
> gMps.Dxe.ImageProtection.ProtectImageFromUnknown))
> +
> +#define IS_DXE_MEMORY_PROTECTION_ACTIVE (MPS_IS_DXE_SIGNATURE_VALID
> && \
> + (IS_DXE_PAGE_GUARD_ACTIVE
> || \
> + IS_DXE_POOL_GUARD_ACTIVE
> || \
> + IS_DXE_EXECUTION_PROTECTION_ACTIVE
> || \
> + IS_DXE_IMAGE_PROTECTION_ACTIVE
> || \
> + gMps.Dxe.CpuStackGuardEnabled
> || \
> +
> gMps.Dxe.StackExecutionProtectionEnabled || \
> +
> gMps.Dxe.NullPointerDetection.Enabled || \
> +
> gMps.Dxe.HeapGuard.FreedMemoryGuardEnabled))
> +
> +#define IS_MM_PAGE_GUARD_ACTIVE (MPS_IS_MM_SIGNATURE_VALID
> && \
> + gMps.Mm.HeapGuard.PageGuardEnabled
> && \
> + !IsZeroBuffer
> (&gMps.Mm.PageGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE))
> +
> +#define IS_MM_POOL_GUARD_ACTIVE (MPS_IS_MM_SIGNATURE_VALID
> && \
> + gMps.Mm.HeapGuard.PoolGuardEnabled
> && \
> + !IsZeroBuffer
> (&gMps.Mm.PoolGuard.EnabledForType, MPS_MEMORY_TYPE_BUFFER_SIZE))
> +
> +#define IS_MM_MEMORY_PROTECTION_ACTIVE (MPS_IS_MM_SIGNATURE_VALID
> && \
> + (IS_MM_PAGE_GUARD_ACTIVE
> || \
> + IS_MM_POOL_GUARD_ACTIVE
> || \
> +
> gMps.Mm.NullPointerDetection.Enabled));
> +
> +/**
> + Populates gMps global. This function is invoked by the library constructor
> and only needs to be
> + called if library contructors have not yet been invoked.
> +
> + @retval EFI_SUCCESS gMps global was populated.
> + @retval EFI_NOT_FOUND The gMemoryProtectionSettingsGuid HOB was not
> found.
> + @retval EFI_ABORTED The version number of the DXE or MM memory
> protection settings was invalid.
> + @retval EFI_UNSUPPORTED NULL implementation called.
> +**/
> +EFI_STATUS
> +EFIAPI
> +PopulateMpsGlobal (
> + VOID
> + );
> +
> +#endif
> diff --git a/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h
> b/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h
> new file mode 100644
> index 000000000000..023c987c3c7e
> --- /dev/null
> +++ b/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h
> @@ -0,0 +1,152 @@
> +/** @file
> +Library for creating the MM and DXE memory protection HOB entries.
> +
> +Copyright (c) Microsoft Corporation.
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#ifndef SET_MEMORY_PROTECTION_SETTINGS_LIB_H_
> +#define SET_MEMORY_PROTECTION_SETTINGS_LIB_H_
> +
> +#include <Guid/MemoryProtectionSettings.h>
> +
> +typedef struct {
> + CHAR8 *Name;
> + CHAR8 *Description;
> + DXE_MEMORY_PROTECTION_SETTINGS Settings;
> +} DXE_MEMORY_PROTECTION_PROFILES;
> +
> +typedef enum {
> + DxeMemoryProtectionSettingsPcd,
> + DxeMemoryProtectionSettingsMax
> +} DXE_MEMORY_PROTECTION_PROFILE_INDEX;
> +
> +typedef struct {
> + CHAR8 *Name;
> + CHAR8 *Description;
> + MM_MEMORY_PROTECTION_SETTINGS Settings;
> +} MM_MEMORY_PROTECTION_PROFILES;
> +
> +typedef enum {
> + MmMemoryProtectionSettingsPcd,
> + MmMemoryProtectionSettingsMax
> +} MM_MEMORY_PROTECTION_PROFILE_INDEX;
> +
> +extern DXE_MEMORY_PROTECTION_PROFILES
> DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsMax];
> +extern MM_MEMORY_PROTECTION_PROFILES
> MmMemoryProtectionProfiles[MmMemoryProtectionSettingsMax];
These names aren't right; global variable names minimally need to start
with "m" (for "module"), or if the thing they refer to is
firmware-global, they should start with "g".
Compare: "gBS", from
"MdePkg/Include/Library/UefiBootServicesTableLib.h". Each module using
UefiBootServicesTableLib will have a copy of that pointer, but it will
point to the same thing.
Laszlo
> +
> +/**
> + Prevent further changes to the memory protection settings via this
> + library API.
> +
> + @retval EFI_SUCCESS The memory protection settings are locked.
> + @retval EFI_ABORTED Unable to get/create the memory protection
> settings.
> + @retval EFI_UNSUPPORTED NULL implementation called.
> +**/
> +EFI_STATUS
> +EFIAPI
> +LockMemoryProtectionSettings (
> + VOID
> + );
> +
> +/**
> + Sets the DXE memory protection settings. If DxeMps is NULL, the settings
> will be set based
> + on ProfileIndex.
> +
> + @param[in] DxeMps Pointer to the memory protection settings to
> publish. If NULL, the
> + settings will be created based on ProfileIndex.
> + @param[in] ProfileIndex The index of the memory protection profile to use
> if DxeMps is NULL.
> +
> + @retval EFI_SUCCESS The memory protection HOB was successfully
> created.
> + @retval EFI_INVALID_PARAMETER The ProfileIndex was invalid or the version
> number of the
> + input DxeMps was not equal to the version
> currently present
> + in the settings.
> + @retval EFI_ABORTED Unable to get/create the memory protection
> settings.
> + @retval EFI_ACCESS_DENIED The memory protection settings are locked.
> + @retval EFI_UNSUPPORTED NULL implementation called.
> +**/
> +EFI_STATUS
> +EFIAPI
> +SetDxeMemoryProtectionSettings (
> + IN DXE_MEMORY_PROTECTION_SETTINGS *DxeMps OPTIONAL,
> + IN DXE_MEMORY_PROTECTION_PROFILE_INDEX ProfileIndex
> + );
> +
> +/**
> + Sets the MM memory protection HOB entry. If MmMps is NULL, the settings
> will be set based
> + on ProfileIndex.
> +
> + @param[in] MmMps Pointer to the memory protection settings to
> publish. If NULL, the
> + settings will be created based on ProfileIndex.
> + @param[in] ProfileIndex The index of the memory protection profile to use
> if MmMps is NULL.
> +
> + @retval EFI_SUCCESS The memory protection HOB was successfully
> created.
> + @retval EFI_OUT_OF_RESOURCES There was insufficient memory to create the
> HOB.
> + @retval EFI_INVALID_PARAMETER The ProfileIndex was invalid or the version
> number of the
> + input MmMps was not equal to the version
> currently present
> + in the settings.
> + @retval EFI_ABORTED Unable to get/create the memory protection
> settings.
> + @retval EFI_ACCESS_DENIED The memory protection settings are locked.
> + @retval EFI_UNSUPPORTED NULL implementation called.
> +**/
> +EFI_STATUS
> +EFIAPI
> +SetMmMemoryProtectionSettings (
> + IN MM_MEMORY_PROTECTION_SETTINGS *MmMps OPTIONAL,
> + IN MM_MEMORY_PROTECTION_PROFILE_INDEX ProfileIndex
> + );
> +
> +/**
> + Copies the current memory protection settings into the input buffer.
> +
> + NOTE: The returned settings may not be the final settings used by the
> + platform on this boot. Unless LockMemoryProtectionSettings() has
> + been called, settings may be modified by drivers until DXE handoff.
> +
> + @param[out] Mps The memory protection settings pointer to populate.
> +
> + @retval EFI_SUCCESS The memory protection settings were copied
> + into the input buffer.
> + @retval EFI_INVALID_PARAMETER Mps was NULL.
> + @retval EFI_ABORTED Unable to get/create the memory protection
> settings.
> + @retval EFI_UNSUPPORTED NULL implementation called.
> +**/
> +EFI_STATUS
> +EFIAPI
> +GetCurrentMemoryProtectionSettings (
> + OUT MEMORY_PROTECTION_SETTINGS *Mps
> + );
> +
> +/**
> + Returns TRUE any form of DXE memory protection is currently active.
> +
> + NOTE: The returned value may reflect the final settings used by the
> + platform on this boot. Unless LockMemoryProtectionSettings() has
> + been called, settings may be modified by drivers until DXE handoff.
> +
> + @retval TRUE DXE Memory protection is active.
> + @retval FALSE DXE Memory protection is not active.
> +**/
> +BOOLEAN
> +EFIAPI
> +IsDxeMemoryProtectionActive (
> + VOID
> + );
> +
> +/**
> + Returns TRUE any form of MM memory protection is currently active.
> +
> + NOTE: The returned value may reflect the final settings used by the
> + platform on this boot. Unless LockMemoryProtectionSettings() has
> + been called, settings may be modified by drivers until DXE handoff.
> +
> + @retval TRUE MM Memory protection is active.
> + @retval FALSE MM Memory protection is not active.
> +**/
> +BOOLEAN
> +EFIAPI
> +IsMmMemoryProtectionActive (
> + VOID
> + );
> +
> +#endif
> diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
> index 5e1a0388bed3..6ad0902a1bff 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -164,6 +164,14 @@ [LibraryClasses]
> #
> VariableFlashInfoLib|Include/Library/VariableFlashInfoLib.h
>
> + ## @libraryclass Provides a global for consuming memory protection settings
> + #
> + GetMemoryProtectionsLib|Include/Library/GetMemoryProtectionsLib.h
> +
> + ## @libraryclass Library for creating the memory protection settings HOB
> + #
> + SetMemoryProtectionsLib|Include/Library/SetMemoryProtectionsLib.h
> +
> [Guids]
> ## MdeModule package token space guid
> # Include/Guid/MdeModulePkgTokenSpace.h
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109442): https://edk2.groups.io/g/devel/message/109442
Mute This Topic: https://groups.io/mt/101843342/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe:
https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
