MdeModulePkg/DxeCore: Add UEFI image protection.

If the UEFI image is page aligned, the image code section is set to read only and the image data section is set to non-executable. 1) This policy is applied for all UEFI image including boot service driver, runtime driver or application. 2) This policy is applied only if the UEFI image meets the page alignment requirement. 3) This policy is applied only if the Source UEFI image matches the PcdImageProtectionPolicy definition. 4) This policy is not applied to the non-PE image region. The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect the image. If the CpuArch protocol is not installed yet, the DxeCore enqueues the protection request. Once the CpuArch is installed, the DxeCore dequeues the protection request and applies policy. Once the image is unloaded, the protection is removed automatically. The UEFI runtime image protection is teared down at ExitBootServices(), the runtime image code relocation need write code segment at SetVirtualAddressMap(). We cannot assume OS/Loader has taken over page table at that time. NOTE: It is per-requisite that code section and data section should not be not merged. That is same criteria for SMM/runtime driver. We are not able to detect during BIOS boot, because we can only get LINK warning below: "LINK : warning LNK4254: section '.data' (C0000040) merged into '.text' (60000020) with different attributes" But final attribute in PE code section is same. Cc: Star Zeng <star.zeng@intel.com> Cc: Feng Tian <feng.tian@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
author: Jiewen Yao <jiewen.yao@intel.com> 2017-01-13 23:04:10 -0800
committer: Jiewen Yao <jiewen.yao@intel.com> 2017-02-22 14:07:04 +0800
commit: d0e92aad46706643469cf3ecc235a9cee5b52323 (patch)
tree: 6105703077310e34e6402f895d3238be3fc43128 /MdeModulePkg/Core/Dxe/DxeMain.h
parent: 861cc65656dfd5c8b340e890114651b7d3506471 (diff)
download: edk2-d0e92aad46706643469cf3ecc235a9cee5b52323.zip
edk2-d0e92aad46706643469cf3ecc235a9cee5b52323.tar.gz
edk2-d0e92aad46706643469cf3ecc235a9cee5b52323.tar.bz2
1 files changed, 61 insertions, 0 deletions
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
index ae35fbb..b14be9a 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -267,6 +267,26 @@ typedef struct {
 #define LOADED_IMAGE_PRIVATE_DATA_FROM_THIS(a) \
           CR(a, LOADED_IMAGE_PRIVATE_DATA, Info, LOADED_IMAGE_PRIVATE_DATA_SIGNATURE)
 
+#define IMAGE_PROPERTIES_RECORD_CODE_SECTION_SIGNATURE SIGNATURE_32 ('I','P','R','C')
+
+typedef struct {
+  UINT32                 Signature;
+  LIST_ENTRY             Link;
+  EFI_PHYSICAL_ADDRESS   CodeSegmentBase;
+  UINT64                 CodeSegmentSize;
+} IMAGE_PROPERTIES_RECORD_CODE_SECTION;
+
+#define IMAGE_PROPERTIES_RECORD_SIGNATURE SIGNATURE_32 ('I','P','R','D')
+
+typedef struct {
+  UINT32                 Signature;
+  LIST_ENTRY             Link;
+  EFI_PHYSICAL_ADDRESS   ImageBase;
+  UINT64                 ImageSize;
+  UINTN                  CodeSegmentCount;
+  LIST_ENTRY             CodeSegmentList;
+} IMAGE_PROPERTIES_RECORD;
+
 //
 // DXE Core Global Variables
 //
@@ -2859,6 +2879,15 @@ CoreInitializeMemoryAttributesTable (
   );
 
 /**
+  Initialize Memory Protection support.
+**/
+VOID
+EFIAPI
+CoreInitializeMemoryProtection (
+  VOID
+  );
+
+/**
   Install MemoryAttributesTable on memory allocation.
 
   @param[in] MemoryType EFI memory type.
@@ -2888,4 +2917,36 @@ RemoveImageRecord (
   IN EFI_RUNTIME_IMAGE_ENTRY  *RuntimeImage
   );
 
+/**
+  Protect UEFI image.
+
+  @param[in]  LoadedImage              The loaded image protocol
+  @param[in]  LoadedImageDevicePath    The loaded image device path protocol
+**/
+VOID
+ProtectUefiImage (
+  IN EFI_LOADED_IMAGE_PROTOCOL   *LoadedImage,
+  IN EFI_DEVICE_PATH_PROTOCOL    *LoadedImageDevicePath
+  );
+
+/**
+  Unprotect UEFI image.
+
+  @param[in]  LoadedImage              The loaded image protocol
+  @param[in]  LoadedImageDevicePath    The loaded image device path protocol
+**/
+VOID
+UnprotectUefiImage (
+  IN EFI_LOADED_IMAGE_PROTOCOL   *LoadedImage,
+  IN EFI_DEVICE_PATH_PROTOCOL    *LoadedImageDevicePath
+  );
+
+/**
+  ExitBootServices Callback function for memory protection.
+**/
+VOID
+MemoryProtectionExitBootServicesCallback (
+  VOID
+  );
+
 #endif
author	Jiewen Yao <jiewen.yao@intel.com>	2017-01-13 23:04:10 -0800
committer	Jiewen Yao <jiewen.yao@intel.com>	2017-02-22 14:07:04 +0800
commit	d0e92aad46706643469cf3ecc235a9cee5b52323 (patch)
tree	6105703077310e34e6402f895d3238be3fc43128 /MdeModulePkg/Core/Dxe/DxeMain.h
parent	861cc65656dfd5c8b340e890114651b7d3506471 (diff)
download	edk2-d0e92aad46706643469cf3ecc235a9cee5b52323.zip edk2-d0e92aad46706643469cf3ecc235a9cee5b52323.tar.gz edk2-d0e92aad46706643469cf3ecc235a9cee5b52323.tar.bz2