]> git.proxmox.com Git - mirror_edk2.git/blame - StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
StandaloneMmPkg: Fix ECC error 5007 in StandaloneMmCoreEntryPoint
[mirror_edk2.git] / StandaloneMmPkg / Library / StandaloneMmCoreEntryPoint / AArch64 / SetPermissions.c
CommitLineData
184558d0
SV		 1/** @file\r
2 Locate, get and update PE/COFF permissions during Standalone MM\r
3 Foundation Entry point on ARM platforms.\r
4\r
7aa9d752 5Copyright (c) 2017 - 2021, Arm Ltd. All rights reserved.<BR>\r
86094561 6SPDX-License-Identifier: BSD-2-Clause-Patent\r
184558d0
SV		 7\r
8**/\r
9\r
10\r
11#include <PiMm.h>\r
12\r
13#include <PiPei.h>\r
14#include <Guid/MmramMemoryReserve.h>\r
15#include <Guid/MpInformation.h>\r
16\r
17#include <Library/AArch64/StandaloneMmCoreEntryPoint.h>\r
18#include <Library/ArmMmuLib.h>\r
19#include <Library/ArmSvcLib.h>\r
20#include <Library/DebugLib.h>\r
21#include <Library/HobLib.h>\r
22#include <Library/BaseLib.h>\r
23#include <Library/BaseMemoryLib.h>\r
24#include <Library/SerialPortLib.h>\r
25\r
26#include <IndustryStandard/ArmStdSmc.h>\r
27\r
28EFI_STATUS\r
29EFIAPI\r
30UpdateMmFoundationPeCoffPermissions (\r
31 IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r
493f2c69 32 IN EFI_PHYSICAL_ADDRESS ImageBase,\r
184558d0
SV		 33 IN UINT32 SectionHeaderOffset,\r
34 IN CONST UINT16 NumberOfSections,\r
35 IN REGION_PERMISSION_UPDATE_FUNC TextUpdater,\r
36 IN REGION_PERMISSION_UPDATE_FUNC ReadOnlyUpdater,\r
37 IN REGION_PERMISSION_UPDATE_FUNC ReadWriteUpdater\r
38 )\r
39{\r
40 EFI_IMAGE_SECTION_HEADER SectionHeader;\r
41 RETURN_STATUS Status;\r
42 EFI_PHYSICAL_ADDRESS Base;\r
43 UINTN Size;\r
44 UINTN ReadSize;\r
45 UINTN Index;\r
46\r
47 ASSERT (ImageContext != NULL);\r
48\r
49 //\r
50 // Iterate over the sections\r
51 //\r
52 for (Index = 0; Index < NumberOfSections; Index++) {\r
53 //\r
54 // Read section header from file\r
55 //\r
56 Size = sizeof (EFI_IMAGE_SECTION_HEADER);\r
57 ReadSize = Size;\r
58 Status = ImageContext->ImageRead (\r
59 ImageContext->Handle,\r
60 SectionHeaderOffset,\r
61 &Size,\r
62 &SectionHeader\r
63 );\r
64\r
65 if (RETURN_ERROR (Status) || (Size != ReadSize)) {\r
66 DEBUG ((DEBUG_ERROR,\r
67 "%a: ImageContext->ImageRead () failed (Status = %r)\n",\r
68 __FUNCTION__, Status));\r
69 return Status;\r
70 }\r
71\r
72 DEBUG ((DEBUG_INFO,\r
73 "%a: Section %d of image at 0x%lx has 0x%x permissions\n",\r
74 __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Characteristics));\r
75 DEBUG ((DEBUG_INFO,\r
41915a19 76 "%a: Section %d of image at 0x%lx has %a name\n",\r
184558d0
SV		 77 __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Name));\r
78 DEBUG ((DEBUG_INFO,\r
79 "%a: Section %d of image at 0x%lx has 0x%x address\n",\r
80 __FUNCTION__, Index, ImageContext->ImageAddress,\r
81 ImageContext->ImageAddress + SectionHeader.VirtualAddress));\r
82 DEBUG ((DEBUG_INFO,\r
83 "%a: Section %d of image at 0x%lx has 0x%x data\n",\r
84 __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.PointerToRawData));\r
85\r
86 //\r
87 // If the section is marked as XN then remove the X attribute. Furthermore,\r
88 // if it is a writeable section then mark it appropriately as well.\r
89 //\r
90 if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_EXECUTE) == 0) {\r
493f2c69 91 Base = ImageBase + SectionHeader.VirtualAddress;\r
184558d0
SV		 92\r
93 TextUpdater (Base, SectionHeader.Misc.VirtualSize);\r
94\r
95 if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_WRITE) != 0) {\r
96 ReadWriteUpdater (Base, SectionHeader.Misc.VirtualSize);\r
97 DEBUG ((DEBUG_INFO,\r
98 "%a: Mapping section %d of image at 0x%lx with RW-XN permissions\n",\r
99 __FUNCTION__, Index, ImageContext->ImageAddress));\r
100 } else {\r
101 DEBUG ((DEBUG_INFO,\r
102 "%a: Mapping section %d of image at 0x%lx with RO-XN permissions\n",\r
103 __FUNCTION__, Index, ImageContext->ImageAddress));\r
104 }\r
105 } else {\r
106 DEBUG ((DEBUG_INFO,\r
107 "%a: Ignoring section %d of image at 0x%lx with 0x%x permissions\n",\r
108 __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Characteristics));\r
109 }\r
110 SectionHeaderOffset += sizeof (EFI_IMAGE_SECTION_HEADER);\r
111 }\r
112\r
113 return RETURN_SUCCESS;\r
114}\r
115\r
116EFI_STATUS\r
117EFIAPI\r
118LocateStandaloneMmCorePeCoffData (\r
119 IN EFI_FIRMWARE_VOLUME_HEADER *BfvAddress,\r
120 IN OUT VOID **TeData,\r
121 IN OUT UINTN *TeDataSize\r
122 )\r
123{\r
7aa9d752 124 EFI_FFS_FILE_HEADER *FileHeader;\r
184558d0
SV		 125 EFI_STATUS Status;\r
126\r
7aa9d752 127 FileHeader = NULL;\r
184558d0
SV		 128 Status = FfsFindNextFile (\r
129 EFI_FV_FILETYPE_SECURITY_CORE,\r
130 BfvAddress,\r
131 &FileHeader\r
132 );\r
133\r
134 if (EFI_ERROR (Status)) {\r
135 DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM FFS file - 0x%x\n",\r
136 Status));\r
137 return Status;\r
138 }\r
139\r
140 Status = FfsFindSectionData (EFI_SECTION_PE32, FileHeader, TeData, TeDataSize);\r
141 if (EFI_ERROR (Status)) {\r
4b28452d
AB		 142 Status = FfsFindSectionData (EFI_SECTION_TE, FileHeader, TeData, TeDataSize);\r
143 if (EFI_ERROR (Status)) {\r
144 DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - %r\n",\r
145 Status));\r
146 return Status;\r
147 }\r
184558d0
SV		 148 }\r
149\r
150 DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", *TeData));\r
151 return Status;\r
152}\r
153\r
154STATIC\r
155EFI_STATUS\r
156GetPeCoffSectionInformation (\r
4b28452d 157 IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r
493f2c69 158 OUT EFI_PHYSICAL_ADDRESS *ImageBase,\r
4b28452d
AB		 159 OUT UINT32 *SectionHeaderOffset,\r
160 OUT UINT16 *NumberOfSections\r
184558d0
SV		 161 )\r
162{\r
163 RETURN_STATUS Status;\r
164 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;\r
165 EFI_IMAGE_OPTIONAL_HEADER_UNION HdrData;\r
166 UINTN Size;\r
167 UINTN ReadSize;\r
168\r
169 ASSERT (ImageContext != NULL);\r
184558d0
SV		 170 ASSERT (SectionHeaderOffset != NULL);\r
171 ASSERT (NumberOfSections != NULL);\r
172\r
4b28452d
AB		 173 Status = PeCoffLoaderGetImageInfo (ImageContext);\r
174 if (RETURN_ERROR (Status)) {\r
175 DEBUG ((DEBUG_ERROR,\r
176 "%a: PeCoffLoaderGetImageInfo () failed (Status == %r)\n",\r
177 __FUNCTION__, Status));\r
178 return Status;\r
184558d0
SV		 179 }\r
180\r
4b28452d 181 if (ImageContext->SectionAlignment < EFI_PAGE_SIZE) {\r
184558d0
SV		 182 //\r
183 // The sections need to be at least 4 KB aligned, since that is the\r
184 // granularity at which we can tighten permissions.\r
185 //\r
4b28452d 186 if (!ImageContext->IsTeImage) {\r
184558d0
SV		 187 DEBUG ((DEBUG_WARN,\r
188 "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n",\r
4b28452d
AB		 189 __FUNCTION__, ImageContext->ImageAddress, ImageContext->SectionAlignment));\r
190 return RETURN_UNSUPPORTED;\r
184558d0 191 }\r
4b28452d 192 ImageContext->SectionAlignment = EFI_PAGE_SIZE;\r
184558d0
SV		 193 }\r
194\r
195 //\r
196 // Read the PE/COFF Header. For PE32 (32-bit) this will read in too much\r
197 // data, but that should not hurt anything. Hdr.Pe32->OptionalHeader.Magic\r
198 // determines if this is a PE32 or PE32+ image. The magic is in the same\r
199 // location in both images.\r
200 //\r
201 Hdr.Union = &HdrData;\r
202 Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION);\r
203 ReadSize = Size;\r
4b28452d
AB		 204 Status = ImageContext->ImageRead (\r
205 ImageContext->Handle,\r
206 ImageContext->PeCoffHeaderOffset,\r
184558d0
SV		 207 &Size,\r
208 Hdr.Pe32\r
209 );\r
210\r
211 if (RETURN_ERROR (Status) || (Size != ReadSize)) {\r
212 DEBUG ((DEBUG_ERROR,\r
213 "%a: TmpContext->ImageRead () failed (Status = %r)\n",\r
214 __FUNCTION__, Status));\r
215 return Status;\r
216 }\r
217\r
493f2c69 218 *ImageBase = ImageContext->ImageAddress;\r
4b28452d
AB		 219 if (!ImageContext->IsTeImage) {\r
220 ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE);\r
221\r
222 *SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + sizeof (UINT32) +\r
223 sizeof (EFI_IMAGE_FILE_HEADER);\r
224 *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections;\r
225\r
226 switch (Hdr.Pe32->OptionalHeader.Magic) {\r
227 case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:\r
228 *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader;\r
229 break;\r
230 case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:\r
231 *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader;\r
232 break;\r
233 default:\r
234 ASSERT (FALSE);\r
235 }\r
236 } else {\r
237 *SectionHeaderOffset = (UINTN)(sizeof (EFI_TE_IMAGE_HEADER));\r
238 *NumberOfSections = Hdr.Te->NumberOfSections;\r
493f2c69 239 *ImageBase -= (UINT32)Hdr.Te->StrippedSize - sizeof (EFI_TE_IMAGE_HEADER);\r
184558d0 240 }\r
184558d0
SV		 241 return RETURN_SUCCESS;\r
242}\r
243\r
244EFI_STATUS\r
245EFIAPI\r
246GetStandaloneMmCorePeCoffSections (\r
247 IN VOID *TeData,\r
248 IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r
493f2c69 249 OUT EFI_PHYSICAL_ADDRESS *ImageBase,\r
184558d0
SV		 250 IN OUT UINT32 *SectionHeaderOffset,\r
251 IN OUT UINT16 *NumberOfSections\r
252 )\r
253{\r
254 EFI_STATUS Status;\r
184558d0
SV		 255\r
256 // Initialize the Image Context\r
257 ZeroMem (ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT));\r
258 ImageContext->Handle = TeData;\r
259 ImageContext->ImageRead = PeCoffLoaderImageReadFromMemory;\r
260\r
261 DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData));\r
262\r
493f2c69
AB		 263 Status = GetPeCoffSectionInformation (ImageContext, ImageBase,\r
264 SectionHeaderOffset, NumberOfSections);\r
184558d0 265 if (EFI_ERROR (Status)) {\r
4b28452d 266 DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - %r\n", Status));\r
184558d0
SV		 267 return Status;\r
268 }\r
269\r
270 DEBUG ((DEBUG_INFO, "Standalone MM Core PE-COFF SectionHeaderOffset - 0x%x, NumberOfSections - %d\n",\r
271 *SectionHeaderOffset, *NumberOfSections));\r
272\r
273 return Status;\r
274}\r
EFI Development Kit II mirror for PVE