lersek / edk2

Clone
Source Code
GIT

960f2d5 MdeModulePkg PiDxeS3BootScriptLib: Remove a hidden assumption.

5 files Authored by Star Zeng 8 years ago, Committed by lzeng14 8 years ago,
raw patch tree parent
5 files changed. 345 lines added. 161 lines removed.
MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c
file modified
+327 -150
MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
file modified
+3 -1
MdeModulePkg/Library/PiDxeS3BootScriptLib/InternalBootScriptLib.h
file modified
+11 -6
MdeModulePkg/MdeModulePkg.dec
file modified
+4 -4
MdeModulePkg/MdeModulePkg.uni
file modified
+0 -0 
    MdeModulePkg PiDxeS3BootScriptLib: Remove a hidden assumption.
    
    What to do:
    1. Remove a hidden assumption "No SMM driver writes BootScript between
    SmmReadyToLock and S3SleepEntryCallback".
     1.1. Use SmmExitBootServices and SmmLegacyBoot notification to record
          AtRuntime flag.
     1.2. Use mBootScriptDataBootTimeGuid LockBox to save boot time boot
          script data to handle potential INSERT boot script at runtime in SMM.
    2. Do not depend on OS to help restore ACPINvs data and use
    EfiReservedMemoryType instead of EfiACPIMemoryNVS.
     2.1. Use mBootScriptSmmPrivateDataGuid LockBox to save boot script
          SMM private data with BackFromS3 = TRUE at runtime. S3 resume
          will help restore it to tell the Library the system is back
          from S3.
    
    Why to do:
    1. The hidden assumption "No SMM driver writes BootScript between
    SmmReadyToLock and S3SleepEntryCallback" will cause confusion to
    the library's consumer and block the usage of "SMM driver writes
    BootScript after SmmReadyToLock". So Remove the assumption.
    2. In original code, there might be a corner case that malicious
    code patch ACPINvs boot TableLength field same as SMM boot script.
    So that it can skip the table restore. The impact is that BootScript
    in SMM may be overridden by malicious code.
    --------------------
        CopyMem ((VOID*)&TableHeader, (VOID*)mS3BootScriptTablePtr->TableBase, sizeof(EFI_BOOT_SCRIPT_TABLE_HEADER));
        if (mS3BootScriptTablePtr->TableLength + sizeof(EFI_BOOT_SCRIPT_TERMINATE) != TableHeader.TableLength) { // TableLength is in NVS
          ......
          //
          // NOTE: We should NOT use TableHeader.TableLength, because it is already updated to be whole length.
          //
          mS3BootScriptTablePtr->TableLength = (UINT32)(mLockBoxLength - sizeof(EFI_BOOT_SCRIPT_TERMINATE)); ? This line can be skipped.
    --------------------
    So use EfiReservedMemoryType instead of EfiACPIMemoryNVS as the code
    has been updated to not depend on OS to help restore ACPINvs data.
    
    Contributed-under: TianoCore Contribution Agreement 1.0
    Signed-off-by: Star Zeng <star.zeng@intel.com>
    Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
    
    git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18467 6f19259b-4bc3-4df7-8a09-765794883524
file modified
+327 -150
file modified
+3 -1
file modified
+11 -6
file modified
+4 -4
file modified
+0 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.