sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
system76-edk2/MdeModulePkg/Core/Dxe/DxeMain.inf
Jiewen Yao d0e92aad46 MdeModulePkg/DxeCore: Add UEFI image protection. 
If the UEFI image is page aligned, the image code section is set to read
only and the image data section is set to non-executable.

1) This policy is applied for all UEFI image including boot service driver,
runtime driver or application.
2) This policy is applied only if the UEFI image meets the page alignment
requirement.
3) This policy is applied only if the Source UEFI image matches the
PcdImageProtectionPolicy definition.
4) This policy is not applied to the non-PE image region.

The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
the image. If the CpuArch protocol is not installed yet, the DxeCore
enqueues the protection request. Once the CpuArch is installed, the
DxeCore dequeues the protection request and applies policy.

Once the image is unloaded, the protection is removed automatically.

The UEFI runtime image protection is teared down at ExitBootServices(),
the runtime image code relocation need write code segment at
SetVirtualAddressMap(). We cannot assume OS/Loader has taken over
page table at that time.

NOTE: It is per-requisite that code section and data section
should not be not merged. That is same criteria for SMM/runtime driver.

We are not able to detect during BIOS boot, because
we can only get LINK warning below:
"LINK : warning LNK4254: section '.data' (C0000040) merged into
'.text' (60000020) with different attributes"
But final attribute in PE code section is same.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2017-02-22 14:07:04 +08:00

208 lines
7.9 KiB
INI
Raw Blame History

## @file
# This is core module in DXE phase.
#
# It provides an implementation of DXE Core that is compliant with DXE CIS.
#
# Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = DxeCore
MODULE_UNI_FILE = DxeCore.uni
FILE_GUID = D6A2CB7F-6A18-4e2f-B43B-9920A733700A
MODULE_TYPE = DXE_CORE
VERSION_STRING = 1.0
ENTRY_POINT = DxeMain
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 IPF EBC (EBC is for build only)
#
[Sources]
DxeMain.h
SectionExtraction/CoreSectionExtraction.c
Image/Image.c
Image/Image.h
Misc/DebugImageInfo.c
Misc/Stall.c
Misc/SetWatchdogTimer.c
Misc/InstallConfigurationTable.c
Misc/PropertiesTable.c
Misc/MemoryAttributesTable.c
Misc/MemoryProtection.c
Library/Library.c
Hand/DriverSupport.c
Hand/Notify.c
Hand/Locate.c
Hand/Handle.c
Hand/Handle.h
Gcd/Gcd.c
Gcd/Gcd.h
Mem/Pool.c
Mem/Page.c
Mem/MemData.c
Mem/Imem.h
Mem/MemoryProfileRecord.c
FwVolBlock/FwVolBlock.c
FwVolBlock/FwVolBlock.h
FwVol/FwVolWrite.c
FwVol/FwVolRead.c
FwVol/FwVolAttrib.c
FwVol/Ffs.c
FwVol/FwVol.c
FwVol/FwVolDriver.h
Event/Tpl.c
Event/Timer.c
Event/Event.c
Event/Event.h
Dispatcher/Dependency.c
Dispatcher/Dispatcher.c
DxeMain/DxeProtocolNotify.c
DxeMain/DxeMain.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
[LibraryClasses]
BaseMemoryLib
CacheMaintenanceLib
UefiDecompressLib
PerformanceLib
HobLib
BaseLib
UefiLib
DebugLib
DxeCoreEntryPoint
PeCoffLib
PeCoffGetEntryPointLib
PeCoffExtraActionLib
ExtractGuidedSectionLib
MemoryAllocationLib
UefiBootServicesTableLib
DevicePathLib
ReportStatusCodeLib
TimerLib
DxeServicesLib
DebugAgentLib
CpuExceptionHandlerLib
PcdLib
[Guids]
gEfiEventMemoryMapChangeGuid ## PRODUCES ## Event
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event
## CONSUMES ## Event
## PRODUCES ## Event
gEfiEventExitBootServicesGuid
gEfiHobMemoryAllocModuleGuid ## CONSUMES ## HOB
gEfiFirmwareFileSystem2Guid ## CONSUMES ## GUID # Used to compare with FV's file system guid and get the FV's file system format
gEfiFirmwareFileSystem3Guid ## CONSUMES ## GUID # Used to compare with FV's file system guid and get the FV's file system format
gAprioriGuid ## SOMETIMES_CONSUMES ## File
gEfiDebugImageInfoTableGuid ## PRODUCES ## SystemTable
gEfiHobListGuid ## PRODUCES ## SystemTable
gEfiDxeServicesTableGuid ## PRODUCES ## SystemTable
## PRODUCES ## SystemTable
## SOMETIMES_CONSUMES ## HOB
gEfiMemoryTypeInformationGuid
gEfiEventDxeDispatchGuid ## PRODUCES ## Event
gLoadFixedAddressConfigurationTableGuid ## SOMETIMES_PRODUCES ## SystemTable
## PRODUCES ## Event
## CONSUMES ## Event
gIdleLoopEventGuid
gEventExitBootServicesFailedGuid ## SOMETIMES_PRODUCES ## Event
gEfiVectorHandoffTableGuid ## SOMETIMES_PRODUCES ## SystemTable
gEdkiiMemoryProfileGuid ## SOMETIMES_PRODUCES ## GUID # Install protocol
gEfiPropertiesTableGuid ## SOMETIMES_PRODUCES ## SystemTable
gEfiMemoryAttributesTableGuid ## SOMETIMES_PRODUCES ## SystemTable
gEfiEndOfDxeEventGroupGuid ## SOMETIMES_CONSUMES ## Event
[Ppis]
gEfiVectorHandoffInfoPpiGuid ## UNDEFINED # HOB
[Protocols]
## PRODUCES
## SOMETIMES_CONSUMES
gEfiDecompressProtocolGuid
gEfiLoadPeImageProtocolGuid ## SOMETIMES_PRODUCES # Produces when PcdFrameworkCompatibilitySupport is set
gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
gEfiLoadFileProtocolGuid ## SOMETIMES_CONSUMES
gEfiLoadFile2ProtocolGuid ## SOMETIMES_CONSUMES
gEfiBusSpecificDriverOverrideProtocolGuid ## SOMETIMES_CONSUMES
gEfiDriverFamilyOverrideProtocolGuid ## SOMETIMES_CONSUMES
gEfiPlatformDriverOverrideProtocolGuid ## SOMETIMES_CONSUMES
gEfiDriverBindingProtocolGuid ## SOMETIMES_CONSUMES
## PRODUCES
## CONSUMES
## NOTIFY
gEfiFirmwareVolumeBlockProtocolGuid
## PRODUCES
## CONSUMES
## NOTIFY
gEfiFirmwareVolume2ProtocolGuid
## PRODUCES
## CONSUMES
gEfiDevicePathProtocolGuid
gEfiLoadedImageProtocolGuid ## PRODUCES
gEfiLoadedImageDevicePathProtocolGuid ## PRODUCES
gEfiHiiPackageListProtocolGuid ## SOMETIMES_PRODUCES
gEfiEbcProtocolGuid ## SOMETIMES_CONSUMES
gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES
gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES
# Arch Protocols
gEfiBdsArchProtocolGuid ## CONSUMES
gEfiCpuArchProtocolGuid ## CONSUMES
gEfiMetronomeArchProtocolGuid ## CONSUMES
gEfiMonotonicCounterArchProtocolGuid ## CONSUMES
gEfiRealTimeClockArchProtocolGuid ## CONSUMES
gEfiResetArchProtocolGuid ## CONSUMES
gEfiRuntimeArchProtocolGuid ## CONSUMES
gEfiSecurityArchProtocolGuid ## CONSUMES
gEfiSecurity2ArchProtocolGuid ## SOMETIMES_CONSUMES
gEfiTimerArchProtocolGuid ## CONSUMES
gEfiVariableWriteArchProtocolGuid ## CONSUMES
gEfiVariableArchProtocolGuid ## CONSUMES
gEfiCapsuleArchProtocolGuid ## CONSUMES
gEfiWatchdogTimerArchProtocolGuid ## CONSUMES
[FeaturePcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdFrameworkCompatibilitySupport ## CONSUMES
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdLoadFixAddressBootTimeCodePageNumber ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdLoadFixAddressRuntimeCodePageNumber ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdLoadModuleAtFixAddressEnable ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxEfiSystemTablePointerAddress ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileMemoryType ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfilePropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdPropertiesTableEnable ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy ## CONSUMES
# [Hob]
# RESOURCE_DESCRIPTOR ## CONSUMES
# MEMORY_ALLOCATION ## CONSUMES
# FIRMWARE_VOLUME ## CONSUMES
# UNDEFINED ## CONSUMES # CPU
#
# [Event]
# EVENT_TYPE_RELATIVE_TIMER ## PRODUCES # DxeCore signals timer event.
# EVENT_TYPE_PERIODIC_TIMER ## PRODUCES # DxeCore signals timer event.
#
[UserExtensions.TianoCore."ExtraFiles"]
DxeCoreExtra.uni
Reference in New Issue View Git Blame Copy Permalink