From patchwork Wed Jan 16 20:22:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 155758 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp1097226jaa; Wed, 16 Jan 2019 12:23:22 -0800 (PST) X-Google-Smtp-Source: ALg8bN5Ir79V2dQK5vUcyuPLQPinIXmqnaJQzzz8CGV2GFmAmb1/sPc3BfTukZ1KYsyLUPTJncQu X-Received: by 2002:a81:d84c:: with SMTP id n12mr9491044ywl.280.1547670201911; Wed, 16 Jan 2019 12:23:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547670201; cv=none; d=google.com; s=arc-20160816; b=RowhN0zrsM4BR1zon/wW8AW5ICQVTc+sAtm+EtWhfbj8VQI94lsdatEUJ8b2VIrX5/ SC6pZW+pHANSX305Xnp4gaA1WkOtzZP87KsSSsxocOLNHAFBXkrGGogx/pQEc9icYGZP m3T9fK8wnkvVbKLISSs2aFuhCweLPFUHQxHH1haVVYTwt+DmYbAa/Yht/sKzwVjitcjI W7wnTOFHCcJJ47AqTf5MNBK6ZPkx6JLAGFhDYTQGAVfSjSlhvjjRCAjkm4wAmxg1woge Hn6u7B38mO210IcgWRo+ivDIDGYtYuND3o7LzCl2olCGxXkOV9ZoOJnYj4xpzwH9DdtY /m/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to; bh=Y5bhNZ2NgQRcGPlpYRl7AM9qWtKkWncB1FoAhuEH1HU=; b=xU4ymJy14bphD4vcWXbeoUaqlHnZqMXKQgbzAtrLyqwXF2MmjSoiUbUNv1QO4TvG1t C0CEtTgVfiv5G8p8YvS5+MUPkLVEyw7y8VOsN9qKnwBaQEYY1XR3y01WYKQzTM9XTmgA 4TsNKBYwGkyaIsvT/tDqhOV2f51PlNz7z1E3PnfY/ZbwBSWSx/K8bd2Auf0OIkfN1A3r DSt79kLU2ZkYNXkTSquCcJWk4o2JRlkPanQWvWdBa4x6M6JwnLTHRbIjxgDbOJqQCOCN b5dC91mbe/nNZ87iSR4KD6oWt7IN+VBQxqfr1SCBQTS6aRhcW1Uw2lZKAsfu4nwosbLu rFTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=YMA2Ugs+; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1]) by mx.google.com with ESMTPS id c22si4656100ywc.443.2019.01.16.12.23.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Jan 2019 12:23:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) client-ip=2001:19d0:306:5::1; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=YMA2Ugs+; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 505B8211B81B6; Wed, 16 Jan 2019 12:23:02 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::330; helo=mail-wm1-x330.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 19AD3211A759E for ; Wed, 16 Jan 2019 12:23:00 -0800 (PST) Received: by mail-wm1-x330.google.com with SMTP id y139so3415642wmc.5 for ; Wed, 16 Jan 2019 12:22:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Hli/q0XoE/UtzHjDRSUIMt2BcGy9QJBwUJV8lE4bcak=; b=YMA2Ugs+gZj52zF4jFGrKHBaUMNa+ZpTYxXtc97SkY9HFHIX4mRto2Uv+ZHu+HQMhi psJPkO4gwXdgM5aZiMfnNactIRFnCPeDEcJ5k70htwgpJ9LiUH+kDz0+BpMzikiEMhhR eEzl+TfbAFY8LTDcEX2jgtMb/UJXw3PxxuDz0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Hli/q0XoE/UtzHjDRSUIMt2BcGy9QJBwUJV8lE4bcak=; b=dwFXQrfiX9vhBTfKK6hYHutcpnoJxHTttnmYa/437JAT3nH8o7rBNWic2NPcbzZcMI 8WLsr4XLVGDBjwvxzbMG8Y9J6BPBhOVxPMSVgxp3mq9KWj50ZuINgPmfRpLzZAeva+R6 BYBzx1iDcYZ7ziOOsIn4vzuai4lB25oTEKTx0QvCFmSIHcmkmQNYQ+HaUjg4fVlCvPOp PBlJcMeKauDK8EZwOZwyr4zUMogAMOAEZzKmhUJeWeaGE537sdQcGWkglhZC8KL9Mga0 bOUalWrh/0iqfo9bDj+wPwsZJ6L8tBvnIKQas1ZkVGWCurkU1ssMLPXF5Bn1D7kLIZhi fQow== X-Gm-Message-State: AJcUukdDNTWutShR7qaSBG0iGnRCXUn7WtEH40gQm9rBqyed6XxUsptU mXFS3pHx9FLSfaySRIC/2GlmPzi+oCX90g== X-Received: by 2002:a7b:c76b:: with SMTP id x11mr8703826wmk.37.1547670176900; Wed, 16 Jan 2019 12:22:56 -0800 (PST) Received: from dogfood.home ([2a01:cb1d:112:6f00:28df:207d:542c:1451]) by smtp.gmail.com with ESMTPSA id p139sm70901316wmd.31.2019.01.16.12.22.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Jan 2019 12:22:56 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Wed, 16 Jan 2019 21:22:35 +0100 Message-Id: <20190116202236.6977-11-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190116202236.6977-1-ard.biesheuvel@linaro.org> References: <20190116202236.6977-1-ard.biesheuvel@linaro.org> Subject: [edk2] [PATCH v2 10/11] StandaloneMmPkg/StandaloneMmCoreEntryPoint: permit the use of TE images X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" TE images take up less space when using 4 KB section alignment, since the FFS/FV generation code optimizes away the redundant, nested padding. This saves 4 KB of space, which is a worthwhile improvement for code that executes in place in secure context. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel --- StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c | 107 +++++++++----------- 1 file changed, 46 insertions(+), 61 deletions(-) -- 2.17.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c index 3ca7f6660f47..90299ebbafb6 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c @@ -143,9 +143,12 @@ LocateStandaloneMmCorePeCoffData ( Status = FfsFindSectionData (EFI_SECTION_PE32, FileHeader, TeData, TeDataSize); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - 0x%x\n", - Status)); - return Status; + Status = FfsFindSectionData (EFI_SECTION_TE, FileHeader, TeData, TeDataSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - %r\n", + Status)); + return Status; + } } DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", *TeData)); @@ -155,10 +158,9 @@ LocateStandaloneMmCorePeCoffData ( STATIC EFI_STATUS GetPeCoffSectionInformation ( - IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, - IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *TmpContext, - IN OUT UINT32 *SectionHeaderOffset, - IN OUT UINT16 *NumberOfSections + IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, + OUT UINT32 *SectionHeaderOffset, + OUT UINT16 *NumberOfSections ) { RETURN_STATUS Status; @@ -168,44 +170,29 @@ GetPeCoffSectionInformation ( UINTN ReadSize; ASSERT (ImageContext != NULL); - ASSERT (TmpContext != NULL); ASSERT (SectionHeaderOffset != NULL); ASSERT (NumberOfSections != NULL); - // - // We need to copy ImageContext since PeCoffLoaderGetImageInfo () - // will mangle the ImageAddress field - // - CopyMem (TmpContext, ImageContext, sizeof (*TmpContext)); - - if (TmpContext->PeCoffHeaderOffset == 0) { - Status = PeCoffLoaderGetImageInfo (TmpContext); - if (RETURN_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, - "%a: PeCoffLoaderGetImageInfo () failed (Status = %r)\n", - __FUNCTION__, Status)); - return Status; - } - } - - if (TmpContext->IsTeImage && - TmpContext->ImageAddress == ImageContext->ImageAddress) { - DEBUG ((DEBUG_INFO, "%a: ignoring XIP TE image at 0x%lx\n", __FUNCTION__, - ImageContext->ImageAddress)); - return RETURN_UNSUPPORTED; + Status = PeCoffLoaderGetImageInfo (ImageContext); + if (RETURN_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, + "%a: PeCoffLoaderGetImageInfo () failed (Status == %r)\n", + __FUNCTION__, Status)); + return Status; } - if (TmpContext->SectionAlignment < EFI_PAGE_SIZE) { + if (ImageContext->SectionAlignment < EFI_PAGE_SIZE) { // // The sections need to be at least 4 KB aligned, since that is the // granularity at which we can tighten permissions. // - if (!TmpContext->IsTeImage) { + if (!ImageContext->IsTeImage) { DEBUG ((DEBUG_WARN, "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n", - __FUNCTION__, ImageContext->ImageAddress, TmpContext->SectionAlignment)); + __FUNCTION__, ImageContext->ImageAddress, ImageContext->SectionAlignment)); + return RETURN_UNSUPPORTED; } - return RETURN_UNSUPPORTED; + ImageContext->SectionAlignment = EFI_PAGE_SIZE; } // @@ -217,9 +204,9 @@ GetPeCoffSectionInformation ( Hdr.Union = &HdrData; Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION); ReadSize = Size; - Status = TmpContext->ImageRead ( - TmpContext->Handle, - TmpContext->PeCoffHeaderOffset, + Status = ImageContext->ImageRead ( + ImageContext->Handle, + ImageContext->PeCoffHeaderOffset, &Size, Hdr.Pe32 ); @@ -231,23 +218,28 @@ GetPeCoffSectionInformation ( return Status; } - ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE); - - *SectionHeaderOffset = TmpContext->PeCoffHeaderOffset + sizeof (UINT32) + - sizeof (EFI_IMAGE_FILE_HEADER); - *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections; - - switch (Hdr.Pe32->OptionalHeader.Magic) { - case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: - *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader; - break; - case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: - *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader; - break; - default: - ASSERT (FALSE); + if (!ImageContext->IsTeImage) { + ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE); + + *SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER); + *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections; + + switch (Hdr.Pe32->OptionalHeader.Magic) { + case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC: + *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader; + break; + case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC: + *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader; + break; + default: + ASSERT (FALSE); + } + } else { + *SectionHeaderOffset = (UINTN)(sizeof (EFI_TE_IMAGE_HEADER)); + *NumberOfSections = Hdr.Te->NumberOfSections; + ImageContext->ImageAddress -= (UINT32)Hdr.Te->StrippedSize - sizeof (EFI_TE_IMAGE_HEADER); } - return RETURN_SUCCESS; } @@ -261,7 +253,6 @@ GetStandaloneMmCorePeCoffSections ( ) { EFI_STATUS Status; - PE_COFF_LOADER_IMAGE_CONTEXT TmpContext; // Initialize the Image Context ZeroMem (ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT)); @@ -270,15 +261,9 @@ GetStandaloneMmCorePeCoffSections ( DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData)); - Status = PeCoffLoaderGetImageInfo (ImageContext); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Image information - 0x%x\n", Status)); - return Status; - } - - Status = GetPeCoffSectionInformation (ImageContext, &TmpContext, SectionHeaderOffset, NumberOfSections); + Status = GetPeCoffSectionInformation (ImageContext, SectionHeaderOffset, NumberOfSections); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - 0x%x\n", Status)); + DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - %r\n", Status)); return Status; }