]>
Commit | Line | Data |
---|---|---|
184558d0 SV |
1 | /** @file\r |
2 | Locate, get and update PE/COFF permissions during Standalone MM\r | |
3 | Foundation Entry point on ARM platforms.\r | |
4 | \r | |
7aa9d752 | 5 | Copyright (c) 2017 - 2021, Arm Ltd. All rights reserved.<BR>\r |
86094561 | 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
184558d0 SV |
7 | \r |
8 | **/\r | |
9 | \r | |
10 | \r | |
11 | #include <PiMm.h>\r | |
12 | \r | |
13 | #include <PiPei.h>\r | |
14 | #include <Guid/MmramMemoryReserve.h>\r | |
15 | #include <Guid/MpInformation.h>\r | |
16 | \r | |
17 | #include <Library/AArch64/StandaloneMmCoreEntryPoint.h>\r | |
18 | #include <Library/ArmMmuLib.h>\r | |
19 | #include <Library/ArmSvcLib.h>\r | |
20 | #include <Library/DebugLib.h>\r | |
21 | #include <Library/HobLib.h>\r | |
22 | #include <Library/BaseLib.h>\r | |
23 | #include <Library/BaseMemoryLib.h>\r | |
24 | #include <Library/SerialPortLib.h>\r | |
25 | \r | |
26 | #include <IndustryStandard/ArmStdSmc.h>\r | |
27 | \r | |
28 | EFI_STATUS\r | |
29 | EFIAPI\r | |
30 | UpdateMmFoundationPeCoffPermissions (\r | |
31 | IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r | |
493f2c69 | 32 | IN EFI_PHYSICAL_ADDRESS ImageBase,\r |
184558d0 SV |
33 | IN UINT32 SectionHeaderOffset,\r |
34 | IN CONST UINT16 NumberOfSections,\r | |
35 | IN REGION_PERMISSION_UPDATE_FUNC TextUpdater,\r | |
36 | IN REGION_PERMISSION_UPDATE_FUNC ReadOnlyUpdater,\r | |
37 | IN REGION_PERMISSION_UPDATE_FUNC ReadWriteUpdater\r | |
38 | )\r | |
39 | {\r | |
40 | EFI_IMAGE_SECTION_HEADER SectionHeader;\r | |
41 | RETURN_STATUS Status;\r | |
42 | EFI_PHYSICAL_ADDRESS Base;\r | |
43 | UINTN Size;\r | |
44 | UINTN ReadSize;\r | |
45 | UINTN Index;\r | |
46 | \r | |
47 | ASSERT (ImageContext != NULL);\r | |
48 | \r | |
49 | //\r | |
50 | // Iterate over the sections\r | |
51 | //\r | |
52 | for (Index = 0; Index < NumberOfSections; Index++) {\r | |
53 | //\r | |
54 | // Read section header from file\r | |
55 | //\r | |
56 | Size = sizeof (EFI_IMAGE_SECTION_HEADER);\r | |
57 | ReadSize = Size;\r | |
58 | Status = ImageContext->ImageRead (\r | |
59 | ImageContext->Handle,\r | |
60 | SectionHeaderOffset,\r | |
61 | &Size,\r | |
62 | &SectionHeader\r | |
63 | );\r | |
64 | \r | |
65 | if (RETURN_ERROR (Status) || (Size != ReadSize)) {\r | |
66 | DEBUG ((DEBUG_ERROR,\r | |
67 | "%a: ImageContext->ImageRead () failed (Status = %r)\n",\r | |
68 | __FUNCTION__, Status));\r | |
69 | return Status;\r | |
70 | }\r | |
71 | \r | |
72 | DEBUG ((DEBUG_INFO,\r | |
73 | "%a: Section %d of image at 0x%lx has 0x%x permissions\n",\r | |
74 | __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Characteristics));\r | |
75 | DEBUG ((DEBUG_INFO,\r | |
41915a19 | 76 | "%a: Section %d of image at 0x%lx has %a name\n",\r |
184558d0 SV |
77 | __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Name));\r |
78 | DEBUG ((DEBUG_INFO,\r | |
79 | "%a: Section %d of image at 0x%lx has 0x%x address\n",\r | |
80 | __FUNCTION__, Index, ImageContext->ImageAddress,\r | |
81 | ImageContext->ImageAddress + SectionHeader.VirtualAddress));\r | |
82 | DEBUG ((DEBUG_INFO,\r | |
83 | "%a: Section %d of image at 0x%lx has 0x%x data\n",\r | |
84 | __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.PointerToRawData));\r | |
85 | \r | |
86 | //\r | |
87 | // If the section is marked as XN then remove the X attribute. Furthermore,\r | |
88 | // if it is a writeable section then mark it appropriately as well.\r | |
89 | //\r | |
90 | if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_EXECUTE) == 0) {\r | |
493f2c69 | 91 | Base = ImageBase + SectionHeader.VirtualAddress;\r |
184558d0 SV |
92 | \r |
93 | TextUpdater (Base, SectionHeader.Misc.VirtualSize);\r | |
94 | \r | |
95 | if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_WRITE) != 0) {\r | |
96 | ReadWriteUpdater (Base, SectionHeader.Misc.VirtualSize);\r | |
97 | DEBUG ((DEBUG_INFO,\r | |
98 | "%a: Mapping section %d of image at 0x%lx with RW-XN permissions\n",\r | |
99 | __FUNCTION__, Index, ImageContext->ImageAddress));\r | |
100 | } else {\r | |
101 | DEBUG ((DEBUG_INFO,\r | |
102 | "%a: Mapping section %d of image at 0x%lx with RO-XN permissions\n",\r | |
103 | __FUNCTION__, Index, ImageContext->ImageAddress));\r | |
104 | }\r | |
105 | } else {\r | |
106 | DEBUG ((DEBUG_INFO,\r | |
107 | "%a: Ignoring section %d of image at 0x%lx with 0x%x permissions\n",\r | |
108 | __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Characteristics));\r | |
109 | }\r | |
110 | SectionHeaderOffset += sizeof (EFI_IMAGE_SECTION_HEADER);\r | |
111 | }\r | |
112 | \r | |
113 | return RETURN_SUCCESS;\r | |
114 | }\r | |
115 | \r | |
116 | EFI_STATUS\r | |
117 | EFIAPI\r | |
118 | LocateStandaloneMmCorePeCoffData (\r | |
119 | IN EFI_FIRMWARE_VOLUME_HEADER *BfvAddress,\r | |
120 | IN OUT VOID **TeData,\r | |
121 | IN OUT UINTN *TeDataSize\r | |
122 | )\r | |
123 | {\r | |
7aa9d752 | 124 | EFI_FFS_FILE_HEADER *FileHeader;\r |
184558d0 SV |
125 | EFI_STATUS Status;\r |
126 | \r | |
7aa9d752 | 127 | FileHeader = NULL;\r |
184558d0 SV |
128 | Status = FfsFindNextFile (\r |
129 | EFI_FV_FILETYPE_SECURITY_CORE,\r | |
130 | BfvAddress,\r | |
131 | &FileHeader\r | |
132 | );\r | |
133 | \r | |
134 | if (EFI_ERROR (Status)) {\r | |
135 | DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM FFS file - 0x%x\n",\r | |
136 | Status));\r | |
137 | return Status;\r | |
138 | }\r | |
139 | \r | |
140 | Status = FfsFindSectionData (EFI_SECTION_PE32, FileHeader, TeData, TeDataSize);\r | |
141 | if (EFI_ERROR (Status)) {\r | |
4b28452d AB |
142 | Status = FfsFindSectionData (EFI_SECTION_TE, FileHeader, TeData, TeDataSize);\r |
143 | if (EFI_ERROR (Status)) {\r | |
144 | DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - %r\n",\r | |
145 | Status));\r | |
146 | return Status;\r | |
147 | }\r | |
184558d0 SV |
148 | }\r |
149 | \r | |
150 | DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", *TeData));\r | |
151 | return Status;\r | |
152 | }\r | |
153 | \r | |
154 | STATIC\r | |
155 | EFI_STATUS\r | |
156 | GetPeCoffSectionInformation (\r | |
4b28452d | 157 | IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r |
493f2c69 | 158 | OUT EFI_PHYSICAL_ADDRESS *ImageBase,\r |
4b28452d AB |
159 | OUT UINT32 *SectionHeaderOffset,\r |
160 | OUT UINT16 *NumberOfSections\r | |
184558d0 SV |
161 | )\r |
162 | {\r | |
163 | RETURN_STATUS Status;\r | |
164 | EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;\r | |
165 | EFI_IMAGE_OPTIONAL_HEADER_UNION HdrData;\r | |
166 | UINTN Size;\r | |
167 | UINTN ReadSize;\r | |
168 | \r | |
169 | ASSERT (ImageContext != NULL);\r | |
184558d0 SV |
170 | ASSERT (SectionHeaderOffset != NULL);\r |
171 | ASSERT (NumberOfSections != NULL);\r | |
172 | \r | |
4b28452d AB |
173 | Status = PeCoffLoaderGetImageInfo (ImageContext);\r |
174 | if (RETURN_ERROR (Status)) {\r | |
175 | DEBUG ((DEBUG_ERROR,\r | |
176 | "%a: PeCoffLoaderGetImageInfo () failed (Status == %r)\n",\r | |
177 | __FUNCTION__, Status));\r | |
178 | return Status;\r | |
184558d0 SV |
179 | }\r |
180 | \r | |
4b28452d | 181 | if (ImageContext->SectionAlignment < EFI_PAGE_SIZE) {\r |
184558d0 SV |
182 | //\r |
183 | // The sections need to be at least 4 KB aligned, since that is the\r | |
184 | // granularity at which we can tighten permissions.\r | |
185 | //\r | |
4b28452d | 186 | if (!ImageContext->IsTeImage) {\r |
184558d0 SV |
187 | DEBUG ((DEBUG_WARN,\r |
188 | "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n",\r | |
4b28452d AB |
189 | __FUNCTION__, ImageContext->ImageAddress, ImageContext->SectionAlignment));\r |
190 | return RETURN_UNSUPPORTED;\r | |
184558d0 | 191 | }\r |
4b28452d | 192 | ImageContext->SectionAlignment = EFI_PAGE_SIZE;\r |
184558d0 SV |
193 | }\r |
194 | \r | |
195 | //\r | |
196 | // Read the PE/COFF Header. For PE32 (32-bit) this will read in too much\r | |
197 | // data, but that should not hurt anything. Hdr.Pe32->OptionalHeader.Magic\r | |
198 | // determines if this is a PE32 or PE32+ image. The magic is in the same\r | |
199 | // location in both images.\r | |
200 | //\r | |
201 | Hdr.Union = &HdrData;\r | |
202 | Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION);\r | |
203 | ReadSize = Size;\r | |
4b28452d AB |
204 | Status = ImageContext->ImageRead (\r |
205 | ImageContext->Handle,\r | |
206 | ImageContext->PeCoffHeaderOffset,\r | |
184558d0 SV |
207 | &Size,\r |
208 | Hdr.Pe32\r | |
209 | );\r | |
210 | \r | |
211 | if (RETURN_ERROR (Status) || (Size != ReadSize)) {\r | |
212 | DEBUG ((DEBUG_ERROR,\r | |
213 | "%a: TmpContext->ImageRead () failed (Status = %r)\n",\r | |
214 | __FUNCTION__, Status));\r | |
215 | return Status;\r | |
216 | }\r | |
217 | \r | |
493f2c69 | 218 | *ImageBase = ImageContext->ImageAddress;\r |
4b28452d AB |
219 | if (!ImageContext->IsTeImage) {\r |
220 | ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE);\r | |
221 | \r | |
222 | *SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + sizeof (UINT32) +\r | |
223 | sizeof (EFI_IMAGE_FILE_HEADER);\r | |
224 | *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections;\r | |
225 | \r | |
226 | switch (Hdr.Pe32->OptionalHeader.Magic) {\r | |
227 | case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:\r | |
228 | *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader;\r | |
229 | break;\r | |
230 | case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:\r | |
231 | *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader;\r | |
232 | break;\r | |
233 | default:\r | |
234 | ASSERT (FALSE);\r | |
235 | }\r | |
236 | } else {\r | |
237 | *SectionHeaderOffset = (UINTN)(sizeof (EFI_TE_IMAGE_HEADER));\r | |
238 | *NumberOfSections = Hdr.Te->NumberOfSections;\r | |
493f2c69 | 239 | *ImageBase -= (UINT32)Hdr.Te->StrippedSize - sizeof (EFI_TE_IMAGE_HEADER);\r |
184558d0 | 240 | }\r |
184558d0 SV |
241 | return RETURN_SUCCESS;\r |
242 | }\r | |
243 | \r | |
244 | EFI_STATUS\r | |
245 | EFIAPI\r | |
246 | GetStandaloneMmCorePeCoffSections (\r | |
247 | IN VOID *TeData,\r | |
248 | IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r | |
493f2c69 | 249 | OUT EFI_PHYSICAL_ADDRESS *ImageBase,\r |
184558d0 SV |
250 | IN OUT UINT32 *SectionHeaderOffset,\r |
251 | IN OUT UINT16 *NumberOfSections\r | |
252 | )\r | |
253 | {\r | |
254 | EFI_STATUS Status;\r | |
184558d0 SV |
255 | \r |
256 | // Initialize the Image Context\r | |
257 | ZeroMem (ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT));\r | |
258 | ImageContext->Handle = TeData;\r | |
259 | ImageContext->ImageRead = PeCoffLoaderImageReadFromMemory;\r | |
260 | \r | |
261 | DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData));\r | |
262 | \r | |
493f2c69 AB |
263 | Status = GetPeCoffSectionInformation (ImageContext, ImageBase,\r |
264 | SectionHeaderOffset, NumberOfSections);\r | |
184558d0 | 265 | if (EFI_ERROR (Status)) {\r |
4b28452d | 266 | DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - %r\n", Status));\r |
184558d0 SV |
267 | return Status;\r |
268 | }\r | |
269 | \r | |
270 | DEBUG ((DEBUG_INFO, "Standalone MM Core PE-COFF SectionHeaderOffset - 0x%x, NumberOfSections - %d\n",\r | |
271 | *SectionHeaderOffset, *NumberOfSections));\r | |
272 | \r | |
273 | return Status;\r | |
274 | }\r |