+++ /dev/null
-/** @file\r
- Locate, get and update PE/COFF permissions during Standalone MM\r
- Foundation Entry point on ARM platforms.\r
-\r
-Copyright (c) 2017 - 2021, Arm Ltd. All rights reserved.<BR>\r
-SPDX-License-Identifier: BSD-2-Clause-Patent\r
-\r
-**/\r
-\r
-\r
-#include <PiMm.h>\r
-\r
-#include <PiPei.h>\r
-#include <Guid/MmramMemoryReserve.h>\r
-#include <Guid/MpInformation.h>\r
-\r
-#include <Library/AArch64/StandaloneMmCoreEntryPoint.h>\r
-#include <Library/ArmMmuLib.h>\r
-#include <Library/ArmSvcLib.h>\r
-#include <Library/DebugLib.h>\r
-#include <Library/HobLib.h>\r
-#include <Library/BaseLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/SerialPortLib.h>\r
-\r
-#include <IndustryStandard/ArmStdSmc.h>\r
-\r
-/**\r
- Privileged firmware assigns RO & Executable attributes to all memory occupied\r
- by the Boot Firmware Volume. This function sets the correct permissions of\r
- sections in the Standalone MM Core module to be able to access RO and RW data\r
- and make further progress in the boot process.\r
-\r
- @param [in] ImageContext Pointer to PE/COFF image context\r
- @param [in] ImageBase Base of image in memory\r
- @param [in] SectionHeaderOffset Offset of PE/COFF image section header\r
- @param [in] NumberOfSections Number of Sections\r
- @param [in] TextUpdater Function to change code permissions\r
- @param [in] ReadOnlyUpdater Function to change RO permissions\r
- @param [in] ReadWriteUpdater Function to change RW permissions\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-UpdateMmFoundationPeCoffPermissions (\r
- IN CONST PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r
- IN EFI_PHYSICAL_ADDRESS ImageBase,\r
- IN UINT32 SectionHeaderOffset,\r
- IN CONST UINT16 NumberOfSections,\r
- IN REGION_PERMISSION_UPDATE_FUNC TextUpdater,\r
- IN REGION_PERMISSION_UPDATE_FUNC ReadOnlyUpdater,\r
- IN REGION_PERMISSION_UPDATE_FUNC ReadWriteUpdater\r
- )\r
-{\r
- EFI_IMAGE_SECTION_HEADER SectionHeader;\r
- RETURN_STATUS Status;\r
- EFI_PHYSICAL_ADDRESS Base;\r
- UINTN Size;\r
- UINTN ReadSize;\r
- UINTN Index;\r
-\r
- ASSERT (ImageContext != NULL);\r
-\r
- //\r
- // Iterate over the sections\r
- //\r
- for (Index = 0; Index < NumberOfSections; Index++) {\r
- //\r
- // Read section header from file\r
- //\r
- Size = sizeof (EFI_IMAGE_SECTION_HEADER);\r
- ReadSize = Size;\r
- Status = ImageContext->ImageRead (\r
- ImageContext->Handle,\r
- SectionHeaderOffset,\r
- &Size,\r
- &SectionHeader\r
- );\r
-\r
- if (RETURN_ERROR (Status) || (Size != ReadSize)) {\r
- DEBUG ((DEBUG_ERROR,\r
- "%a: ImageContext->ImageRead () failed (Status = %r)\n",\r
- __FUNCTION__, Status));\r
- return Status;\r
- }\r
-\r
- DEBUG ((DEBUG_INFO,\r
- "%a: Section %d of image at 0x%lx has 0x%x permissions\n",\r
- __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Characteristics));\r
- DEBUG ((DEBUG_INFO,\r
- "%a: Section %d of image at 0x%lx has %a name\n",\r
- __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Name));\r
- DEBUG ((DEBUG_INFO,\r
- "%a: Section %d of image at 0x%lx has 0x%x address\n",\r
- __FUNCTION__, Index, ImageContext->ImageAddress,\r
- ImageContext->ImageAddress + SectionHeader.VirtualAddress));\r
- DEBUG ((DEBUG_INFO,\r
- "%a: Section %d of image at 0x%lx has 0x%x data\n",\r
- __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.PointerToRawData));\r
-\r
- //\r
- // If the section is marked as XN then remove the X attribute. Furthermore,\r
- // if it is a writeable section then mark it appropriately as well.\r
- //\r
- if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_EXECUTE) == 0) {\r
- Base = ImageBase + SectionHeader.VirtualAddress;\r
-\r
- TextUpdater (Base, SectionHeader.Misc.VirtualSize);\r
-\r
- if ((SectionHeader.Characteristics & EFI_IMAGE_SCN_MEM_WRITE) != 0) {\r
- ReadWriteUpdater (Base, SectionHeader.Misc.VirtualSize);\r
- DEBUG ((DEBUG_INFO,\r
- "%a: Mapping section %d of image at 0x%lx with RW-XN permissions\n",\r
- __FUNCTION__, Index, ImageContext->ImageAddress));\r
- } else {\r
- DEBUG ((DEBUG_INFO,\r
- "%a: Mapping section %d of image at 0x%lx with RO-XN permissions\n",\r
- __FUNCTION__, Index, ImageContext->ImageAddress));\r
- }\r
- } else {\r
- DEBUG ((DEBUG_INFO,\r
- "%a: Ignoring section %d of image at 0x%lx with 0x%x permissions\n",\r
- __FUNCTION__, Index, ImageContext->ImageAddress, SectionHeader.Characteristics));\r
- }\r
- SectionHeaderOffset += sizeof (EFI_IMAGE_SECTION_HEADER);\r
- }\r
-\r
- return RETURN_SUCCESS;\r
-}\r
-\r
-/**\r
- Privileged firmware assigns RO & Executable attributes to all memory occupied\r
- by the Boot Firmware Volume. This function locates the Standalone MM Core\r
- module PE/COFF image in the BFV and returns this information.\r
-\r
- @param [in] BfvAddress Base Address of Boot Firmware Volume\r
- @param [in, out] TeData Pointer to address for allocating memory\r
- for PE/COFF image data\r
- @param [in, out] TeDataSize Pointer to size of PE/COFF image data\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-LocateStandaloneMmCorePeCoffData (\r
- IN EFI_FIRMWARE_VOLUME_HEADER *BfvAddress,\r
- IN OUT VOID **TeData,\r
- IN OUT UINTN *TeDataSize\r
- )\r
-{\r
- EFI_FFS_FILE_HEADER *FileHeader;\r
- EFI_STATUS Status;\r
-\r
- FileHeader = NULL;\r
- Status = FfsFindNextFile (\r
- EFI_FV_FILETYPE_SECURITY_CORE,\r
- BfvAddress,\r
- &FileHeader\r
- );\r
-\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM FFS file - 0x%x\n",\r
- Status));\r
- return Status;\r
- }\r
-\r
- Status = FfsFindSectionData (EFI_SECTION_PE32, FileHeader, TeData, TeDataSize);\r
- if (EFI_ERROR (Status)) {\r
- Status = FfsFindSectionData (EFI_SECTION_TE, FileHeader, TeData, TeDataSize);\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Section data - %r\n",\r
- Status));\r
- return Status;\r
- }\r
- }\r
-\r
- DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", *TeData));\r
- return Status;\r
-}\r
-\r
-/**\r
- Returns the PC COFF section information.\r
-\r
- @param [in, out] ImageContext Pointer to PE/COFF image context\r
- @param [out] ImageBase Base of image in memory\r
- @param [out] SectionHeaderOffset Offset of PE/COFF image section header\r
- @param [out] NumberOfSections Number of Sections\r
-\r
-**/\r
-STATIC\r
-EFI_STATUS\r
-GetPeCoffSectionInformation (\r
- IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r
- OUT EFI_PHYSICAL_ADDRESS *ImageBase,\r
- OUT UINT32 *SectionHeaderOffset,\r
- OUT UINT16 *NumberOfSections\r
- )\r
-{\r
- RETURN_STATUS Status;\r
- EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;\r
- EFI_IMAGE_OPTIONAL_HEADER_UNION HdrData;\r
- UINTN Size;\r
- UINTN ReadSize;\r
-\r
- ASSERT (ImageContext != NULL);\r
- ASSERT (SectionHeaderOffset != NULL);\r
- ASSERT (NumberOfSections != NULL);\r
-\r
- Status = PeCoffLoaderGetImageInfo (ImageContext);\r
- if (RETURN_ERROR (Status)) {\r
- DEBUG ((DEBUG_ERROR,\r
- "%a: PeCoffLoaderGetImageInfo () failed (Status == %r)\n",\r
- __FUNCTION__, Status));\r
- return Status;\r
- }\r
-\r
- if (ImageContext->SectionAlignment < EFI_PAGE_SIZE) {\r
- //\r
- // The sections need to be at least 4 KB aligned, since that is the\r
- // granularity at which we can tighten permissions.\r
- //\r
- if (!ImageContext->IsTeImage) {\r
- DEBUG ((DEBUG_WARN,\r
- "%a: non-TE Image at 0x%lx has SectionAlignment < 4 KB (%lu)\n",\r
- __FUNCTION__, ImageContext->ImageAddress, ImageContext->SectionAlignment));\r
- return RETURN_UNSUPPORTED;\r
- }\r
- ImageContext->SectionAlignment = EFI_PAGE_SIZE;\r
- }\r
-\r
- //\r
- // Read the PE/COFF Header. For PE32 (32-bit) this will read in too much\r
- // data, but that should not hurt anything. Hdr.Pe32->OptionalHeader.Magic\r
- // determines if this is a PE32 or PE32+ image. The magic is in the same\r
- // location in both images.\r
- //\r
- Hdr.Union = &HdrData;\r
- Size = sizeof (EFI_IMAGE_OPTIONAL_HEADER_UNION);\r
- ReadSize = Size;\r
- Status = ImageContext->ImageRead (\r
- ImageContext->Handle,\r
- ImageContext->PeCoffHeaderOffset,\r
- &Size,\r
- Hdr.Pe32\r
- );\r
-\r
- if (RETURN_ERROR (Status) || (Size != ReadSize)) {\r
- DEBUG ((DEBUG_ERROR,\r
- "%a: TmpContext->ImageRead () failed (Status = %r)\n",\r
- __FUNCTION__, Status));\r
- return Status;\r
- }\r
-\r
- *ImageBase = ImageContext->ImageAddress;\r
- if (!ImageContext->IsTeImage) {\r
- ASSERT (Hdr.Pe32->Signature == EFI_IMAGE_NT_SIGNATURE);\r
-\r
- *SectionHeaderOffset = ImageContext->PeCoffHeaderOffset + sizeof (UINT32) +\r
- sizeof (EFI_IMAGE_FILE_HEADER);\r
- *NumberOfSections = Hdr.Pe32->FileHeader.NumberOfSections;\r
-\r
- switch (Hdr.Pe32->OptionalHeader.Magic) {\r
- case EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:\r
- *SectionHeaderOffset += Hdr.Pe32->FileHeader.SizeOfOptionalHeader;\r
- break;\r
- case EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:\r
- *SectionHeaderOffset += Hdr.Pe32Plus->FileHeader.SizeOfOptionalHeader;\r
- break;\r
- default:\r
- ASSERT (FALSE);\r
- }\r
- } else {\r
- *SectionHeaderOffset = (UINTN)(sizeof (EFI_TE_IMAGE_HEADER));\r
- *NumberOfSections = Hdr.Te->NumberOfSections;\r
- *ImageBase -= (UINT32)Hdr.Te->StrippedSize - sizeof (EFI_TE_IMAGE_HEADER);\r
- }\r
- return RETURN_SUCCESS;\r
-}\r
-\r
-/**\r
- Privileged firmware assigns RO & Executable attributes to all memory occupied\r
- by the Boot Firmware Volume. This function locates the section information of\r
- the Standalone MM Core module to be able to change permissions of the\r
- individual sections later in the boot process.\r
-\r
- @param [in] TeData Pointer to PE/COFF image data\r
- @param [in, out] ImageContext Pointer to PE/COFF image context\r
- @param [out] ImageBase Pointer to ImageBase variable\r
- @param [in, out] SectionHeaderOffset Offset of PE/COFF image section header\r
- @param [in, out] NumberOfSections Number of Sections\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-GetStandaloneMmCorePeCoffSections (\r
- IN VOID *TeData,\r
- IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,\r
- OUT EFI_PHYSICAL_ADDRESS *ImageBase,\r
- IN OUT UINT32 *SectionHeaderOffset,\r
- IN OUT UINT16 *NumberOfSections\r
- )\r
-{\r
- EFI_STATUS Status;\r
-\r
- // Initialize the Image Context\r
- ZeroMem (ImageContext, sizeof (PE_COFF_LOADER_IMAGE_CONTEXT));\r
- ImageContext->Handle = TeData;\r
- ImageContext->ImageRead = PeCoffLoaderImageReadFromMemory;\r
-\r
- DEBUG ((DEBUG_INFO, "Found Standalone MM PE data - 0x%x\n", TeData));\r
-\r
- Status = GetPeCoffSectionInformation (ImageContext, ImageBase,\r
- SectionHeaderOffset, NumberOfSections);\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((DEBUG_ERROR, "Unable to locate Standalone MM Core PE-COFF Section information - %r\n", Status));\r
- return Status;\r
- }\r
-\r
- DEBUG ((DEBUG_INFO, "Standalone MM Core PE-COFF SectionHeaderOffset - 0x%x, NumberOfSections - %d\n",\r
- *SectionHeaderOffset, *NumberOfSections));\r
-\r
- return Status;\r
-}\r