]> git.proxmox.com Git - mirror_edk2.git/blob - StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/AArch64/SetPermissions.c
projects / mirror_edk2.git / blob
? search:


3ca7f6660f4787b402959f48fe86bd0e1c3baab8
[mirror_edk2.git] / StandaloneMmPkg / Library / StandaloneMmCoreEntryPoint / AArch64 / SetPermissions.c
1 /** @file
2 Locate, get and update PE/COFF permissions during Standalone MM
3 Foundation Entry point on ARM platforms.
4
5 Copyright (c) 2017 - 2018, ARM Ltd. All rights reserved.<BR>
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php.
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16
17 #include <PiMm.h>
18
19 #include <PiPei.h>
20 #include <Guid/MmramMemoryReserve.h>
21 #include <Guid/MpInformation.h>
22
23 #include <Library/AArch64/StandaloneMmCoreEntryPoint.h>
24 #include <Library/ArmMmuLib.h>
25 #include <Library/ArmSvcLib.h>
26 #include <Library/DebugLib.h>
27 #include <Library/HobLib.h>
28 #include <Library/BaseLib.h>
29 #include <Library/BaseMemoryLib.h>
30 #include <Library/SerialPortLib.h>
31
32 #include <IndustryStandard/ArmStdSmc.h>
33
34 EFI_STATUS
35 EFIAPI
36 UpdateMmFoundationPeCoffPermissions (
37 IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,
38 IN UINT32 SectionHeaderOffset,
39 IN CONST UINT16 NumberOfSections,
40 IN REGION_PERMISSION_UPDATE_FUNC TextUpdater,
41 IN REGION_PERMISSION_UPDATE_FUNC ReadOnlyUpdater,
42 IN REGION_PERMISSION_UPDATE_FUNC ReadWriteUpdater
43 )
44 {
45 EFI_IMAGE_SECTION_HEADER SectionHeader;
46 RETURN_STATUS Status;
47 EFI_PHYSICAL_ADDRESS Base;
48 UINTN Size;
49 UINTN ReadSize;
50 UINTN Index;
51
52 ASSERT (ImageContext != NULL);
53
54 //
55 // Iterate over the sections
56 //
57 for (Index = 0; Index < NumberOfSections; Index++) {
58 //
59 // Read section header from file
60 //
61 Size = sizeof (EFI_IMAGE_SECTION_HEADER);
62 ReadSize = Size;
63 Status = ImageContext->ImageRead (
64 ImageContext->Handle,
65 SectionHeaderOffset,
66 &Size,
67 &SectionHeader
68 );
69
70 if (RETURN_ERROR (Status) || (Size != ReadSize)) {
71 DEBUG ((DEBUG_ERROR,
72 "%a: ImageContext->ImageRead () failed (Status = %r)\n",
73 __FUNCTION__, Status));
74 return Status;
75 }
76
77 DEBUG ((DEBUG_INFO,
78 "%a: Section %d of image at 0x%lx has 0x%x permissions\n",
79 __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Characteristics));
80 DEBUG ((DEBUG_INFO,
81 "%a: Section %d of image at 0x%lx has %a name\n",
82 __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Name));
83 DEBUG ((DEBUG_INFO,
84 "%a: Section %d of image at 0x%lx has 0x%x address\n",
85 __FUNCTION__, Index, ImageContext->ImageAddress,
86 ImageContext->ImageAddress + SectionHeader.VirtualAddress));
87 DEBUG ((DEBUG_INFO,
88 "%a: Section %d of image at 0x%lx has 0x%x data\n",
89 __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.PointerToRawData));
90
91 //
92 // If the section is marked as XN then remove the X attribute. Furthermore,
93 // if it is a writeable section then mark it appropriately as well.
94 //
95 if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_EXECUTE) == 0) {
96 Base = ImageContext->ImageAddress + SectionHeader.VirtualAddress;
97
98 TextUpdater (Base, SectionHeader.Misc.VirtualSize);
99
100 if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_WRITE) != 0) {
101 ReadWriteUpdater (Base, SectionHeader.Misc.VirtualSize);
102 DEBUG ((DEBUG_INFO,
103 "%a: Mapping section %d of image at 0x%lx with RW-XN permissions\n",
104 __FUNCTION__, Index, ImageContext->ImageAddress));
105 } else {
106 DEBUG ((DEBUG_INFO,
107 "%a: Mapping section %d of image at 0x%lx with RO-XN permissions\n",
108 __FUNCTION__, Index, ImageContext->ImageAddress));
109 }
110 } else {
111 DEBUG ((DEBUG_INFO,
112 "%a: Ignoring section %d of image at 0x%lx with 0x%x permissions\n",
113 __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Characteristics));
114 }
115 SectionHeaderOffset += sizeof (EFI_IMAGE_SECTION_HEADER);
116 }
117
118 return RETURN_SUCCESS;
119 }
120
121 EFI_STATUS
122 EFIAPI
123 LocateStandaloneMmCorePeCoffData (
124 IN EFI_FIRMWARE_VOLUME_HEADER *BfvAddress,
125 IN OUT VOID **TeData,
126 IN OUT UINTN *TeDataSize
127 )
128 {
129 EFI_FFS_FILE_HEADER *FileHeader = NULL;
130 EFI_STATUS Status;
131
132 Status = FfsFindNextFile (
133 EFI_FV_FILETYPE_SECURITY_CORE,
134 BfvAddress,
135 &FileHeader
136 );
137
138 if (EFI_ERROR (Status)) {
139 DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM FFS file - 0x%x\n",
140 Status));
141 return Status;
142 }
143
144 Status = FfsFindSectionData (EFI_SECTION_PE32, FileHeader, TeData, TeDataSize);
145 if (EFI_ERROR (Status)) {
146 DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - 0x%x\n",
147 Status));
148 return Status;
149 }
150
151 DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", *TeData));
152 return Status;
153 }
154
155 STATIC
156 EFI_STATUS
157 GetPeCoffSectionInformation (
158 IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,
159 IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *TmpContext,
160 IN OUT UINT32 *SectionHeaderOffset,
161 IN OUT UINT16 *NumberOfSections
162 )
163 {
164 RETURN_STATUS Status;
165 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;
166 EFI_IMAGE_OPTIONAL_HEADER_UNION HdrData;
167 UINTN Size;
168 UINTN ReadSize;
169
170 ASSERT (ImageContext != NULL);
171 ASSERT (TmpContext != NULL);
172 ASSERT (SectionHeaderOffset != NULL);
173 ASSERT (NumberOfSections != NULL);
174
175 //
176 // We need to copy ImageContext since PeCoffLoaderGetImageInfo ()
177 // will mangle the ImageAddress field
178 //
179 CopyMem (TmpContext, ImageContext, sizeof (*TmpContext));
180
181 if (TmpContext->PeCoffHeaderOffset == 0) {
182 Status = PeCoffLoaderGetImageInfo (TmpContext);
183 if (RETURN_ERROR (Status)) {
184 DEBUG ((DEBUG_ERROR,
185 "%a: PeCoffLoaderGetImageInfo () failed (Status = %r)\n",
186 __FUNCTION__, Status));
187 return Status;
188 }
189 }
190
191 if (TmpContext->IsTeImage &&
192 TmpContext->ImageAddress == ImageContext->ImageAddress) {
193 DEBUG ((DEBUG_INFO, "%a: ignoring XIP TE image at 0x%lx\n", __FUNCTION__,
194 ImageContext->ImageAddress));
195 return RETURN_UNSUPPORTED;
196 }
197
198 if (TmpContext->SectionAlignment < EFI_PAGE_SIZE) {
199 //
200 // The sections need to be at least 4 KB aligned, since that is the
201 // granularity at which we can tighten permissions.
202 //
203 if (!TmpContext->IsTeImage) {
204 DEBUG ((DEBUG_WARN,
205 "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n",
206 __FUNCTION__, ImageContext->ImageAddress, TmpContext->SectionAlignment));
207 }
208 return RETURN_UNSUPPORTED;
209 }
210
211 //
212 // Read the PE/COFF Header. For PE32 (32-bit) this will read in too much
213 // data, but that should not hurt anything. Hdr.Pe32->OptionalHeader.Magic
214 // determines if this is a PE32 or PE32+ image. The magic is in the same
215 // location in both images.
216 //
217 Hdr.Union = &HdrData;
218 Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION);
219 ReadSize = Size;
220 Status = TmpContext->ImageRead (
221 TmpContext->Handle,
222 TmpContext->PeCoffHeaderOffset,
223 &Size,
224 Hdr.Pe32
225 );
226
227 if (RETURN_ERROR (Status) || (Size != ReadSize)) {
228 DEBUG ((DEBUG_ERROR,
229 "%a: TmpContext->ImageRead () failed (Status = %r)\n",
230 __FUNCTION__, Status));
231 return Status;
232 }
233
234 ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE);
235
236 *SectionHeaderOffset = TmpContext->PeCoffHeaderOffset + sizeof (UINT32) +
237 sizeof (EFI_IMAGE_FILE_HEADER);
238 *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections;
239
240 switch (Hdr.Pe32->OptionalHeader.Magic) {
241 case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:
242 *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader;
243 break;
244 case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:
245 *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader;
246 break;
247 default:
248 ASSERT (FALSE);
249 }
250
251 return RETURN_SUCCESS;
252 }
253
254 EFI_STATUS
255 EFIAPI
256 GetStandaloneMmCorePeCoffSections (
257 IN VOID *TeData,
258 IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,
259 IN OUT UINT32 *SectionHeaderOffset,
260 IN OUT UINT16 *NumberOfSections
261 )
262 {
263 EFI_STATUS Status;
264 PE_COFF_LOADER_IMAGE_CONTEXT TmpContext;
265
266 // Initialize the Image Context
267 ZeroMem (ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT));
268 ImageContext->Handle = TeData;
269 ImageContext->ImageRead = PeCoffLoaderImageReadFromMemory;
270
271 DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData));
272
273 Status = PeCoffLoaderGetImageInfo (ImageContext);
274 if (EFI_ERROR (Status)) {
275 DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Image information - 0x%x\n", Status));
276 return Status;
277 }
278
279 Status = GetPeCoffSectionInformation (ImageContext, &TmpContext, SectionHeaderOffset, NumberOfSections);
280 if (EFI_ERROR (Status)) {
281 DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - 0x%x\n", Status));
282 return Status;
283 }
284
285 DEBUG ((DEBUG_INFO, "Standalone MM Core PE-COFF SectionHeaderOffset - 0x%x, NumberOfSections - %d\n",
286 *SectionHeaderOffset, *NumberOfSections));
287
288 return Status;
289 }
EFI Development Kit II mirror for PVE