OvmfPkg: VirtioLib: add Virtio10WriteFeatures() function

[mirror_edk2.git] / OvmfPkg / Sec / SecMain.c

diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 4f87059e1755f463b805be924cca732c5180bd8b..a12e6768ae26c28447a5c80e314e7c76fffa6b64 100644 (file)
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -362,6 +362,14 @@ DecompressMemFvs (
 \r
   OutputBuffer = (VOID*) ((UINT8*)(UINTN) PcdGet32 (PcdOvmfDxeMemFvBase) + SIZE_1MB);\r
   ScratchBuffer = ALIGN_POINTER ((UINT8*) OutputBuffer + OutputBufferSize, SIZE_1MB);\r
+\r
+  DEBUG ((EFI_D_VERBOSE, "%a: OutputBuffer@%p+0x%x ScratchBuffer@%p+0x%x "\r
+    "PcdOvmfDecompressionScratchEnd=0x%x\n", __FUNCTION__, OutputBuffer,\r
+    OutputBufferSize, ScratchBuffer, ScratchBufferSize,\r
+    PcdGet32 (PcdOvmfDecompressionScratchEnd)));\r
+  ASSERT ((UINTN)ScratchBuffer + ScratchBufferSize ==\r
+    PcdGet32 (PcdOvmfDecompressionScratchEnd));\r
+\r
   Status = ExtractGuidedSectionDecode (\r
              Section,\r
              &OutputBuffer,\r
@@ -531,13 +539,25 @@ FindPeiCoreImageBase (
      OUT  EFI_PHYSICAL_ADDRESS             *PeiCoreImageBase\r
   )\r
 {\r
+  BOOLEAN S3Resume;\r
+\r
   *PeiCoreImageBase = 0;\r
 \r
-  if (IsS3Resume ()) {\r
+  S3Resume = IsS3Resume ();\r
+  if (S3Resume && !FeaturePcdGet (PcdSmmSmramRequire)) {\r
+    //\r
+    // A malicious runtime OS may have injected something into our previously\r
+    // decoded PEI FV, but we don't care about that unless SMM/SMRAM is required.\r
+    //\r
     DEBUG ((EFI_D_VERBOSE, "SEC: S3 resume\n"));\r
     GetS3ResumePeiFv (BootFv);\r
   } else {\r
-    DEBUG ((EFI_D_VERBOSE, "SEC: Normal boot\n"));\r
+    //\r
+    // We're either not resuming, or resuming "securely" -- we'll decompress\r
+    // both PEI FV and DXE FV from pristine flash.\r
+    //\r
+    DEBUG ((EFI_D_VERBOSE, "SEC: %a\n",\r
+      S3Resume ? "S3 resume (with PEI decompression)" : "Normal boot"));\r
     FindMainFv (BootFv);\r
 \r
     DecompressMemFvs (BootFv);\r
@@ -698,6 +718,19 @@ SecCoreStartupWithStack (
   SEC_IDT_TABLE               IdtTableInStack;\r
   IA32_DESCRIPTOR             IdtDescriptor;\r
   UINT32                      Index;\r
+  volatile UINT8              *Table;\r
+\r
+  //\r
+  // To ensure SMM can't be compromised on S3 resume, we must force re-init of\r
+  // the BaseExtractGuidedSectionLib. Since this is before library contructors\r
+  // are called, we must use a loop rather than SetMem.\r
+  //\r
+  Table = (UINT8*)(UINTN)FixedPcdGet64 (PcdGuidedExtractHandlerTableAddress);\r
+  for (Index = 0;\r
+       Index < FixedPcdGet32 (PcdGuidedExtractHandlerTableSize);\r
+       ++Index) {\r
+    Table[Index] = 0;\r
+  }\r
 \r
   ProcessLibraryConstructorList (NULL, NULL);\r
 \r