UefiCpuPkg/SecMigrationPei: Add initial PEIM (CVE-2019-11098)

[mirror_edk2.git] / UefiCpuPkg / SecCore / SecMain.c

diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c
index 5d5e7f17dced59c9f2253d7b2b14d53cf7784d42..155be49a60117b46bdce57307232a252ed692014 100644 (file)
--- a/UefiCpuPkg/SecCore/SecMain.c
+++ b/UefiCpuPkg/SecCore/SecMain.c
@@ -370,13 +370,35 @@ SecTemporaryRamDone (
   VOID\r
   )\r
 {\r
-  BOOLEAN  State;\r
+  EFI_STATUS                    Status;\r
+  EFI_STATUS                    Status2;\r
+  UINTN                         Index;\r
+  BOOLEAN                       State;\r
+  EFI_PEI_PPI_DESCRIPTOR        *PeiPpiDescriptor;\r
+  REPUBLISH_SEC_PPI_PPI         *RepublishSecPpiPpi;\r
 \r
   //\r
   // Republish Sec Platform Information(2) PPI\r
   //\r
   RepublishSecPlatformInformationPpi ();\r
 \r
+  //\r
+  // Re-install SEC PPIs using a PEIM produced service if published\r
+  //\r
+  for (Index = 0, Status = EFI_SUCCESS; Status == EFI_SUCCESS; Index++) {\r
+    Status = PeiServicesLocatePpi (\r
+               &gRepublishSecPpiPpiGuid,\r
+               Index,\r
+               &PeiPpiDescriptor,\r
+               (VOID **) &RepublishSecPpiPpi\r
+               );\r
+    if (!EFI_ERROR (Status)) {\r
+      DEBUG ((DEBUG_INFO, "Calling RepublishSecPpi instance %d.\n", Index));\r
+      Status2 = RepublishSecPpiPpi->RepublishSecPpis ();\r
+      ASSERT_EFI_ERROR (Status2);\r
+    }\r
+  }\r
+\r
   //\r
   // Migrate DebugAgentContext.\r
   //\r
@@ -385,7 +407,7 @@ SecTemporaryRamDone (
   //\r
   // Disable interrupts and save current interrupt state\r
   //\r
-  State = SaveAndDisableInterrupts();\r
+  State = SaveAndDisableInterrupts ();\r
 \r
   //\r
   // Disable Temporary RAM after Stack and Heap have been migrated at this point.\r