summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuomin Jiang <guomin.jiang@intel.com>2020-07-08 09:33:46 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2020-07-28 01:43:16 +0000
commit1facb8fdef6389f390b66da6d8304f54cc93104a (patch)
tree0b09b4df978e8ebc995b6a7df545c84f367c8cd2
parenta44f558a84c67cd88b8215d4c076123cf58438f4 (diff)
downloadedk2-1facb8fdef6389f390b66da6d8304f54cc93104a.tar.gz
edk2-1facb8fdef6389f390b66da6d8304f54cc93104a.tar.bz2
edk2-1facb8fdef6389f390b66da6d8304f54cc93104a.zip
MdeModulePkg: Add new PCD to control the evacuate temporary memory feature (CVE-2019-11098)
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 The security researcher found that we can get control after NEM disable. The reason is that the flash content reside in NEM at startup and the code will get the content from flash directly after disable NEM. To avoid this vulnerability, the feature will copy the PEIMs from temporary memory to permanent memory and only execute the code in permanent memory. The vulnerability is exist in physical platform and haven't report in virtual platform, so the virtual can disable the feature currently. When enable the PcdMigrateTemporaryRamFirmwareVolumes, always shadow all PEIMs no matter the condition of PcdShadowPeimOnBoot or PcdShadowPeimOnS3Boot. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com>
-rw-r--r--MdeModulePkg/MdeModulePkg.dec9
-rw-r--r--MdeModulePkg/MdeModulePkg.uni6
2 files changed, 15 insertions, 0 deletions
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 843e963ad3..45874e9c82 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1220,6 +1220,15 @@
# @Prompt Shadow Peim and PeiCore on boot
gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot|TRUE|BOOLEAN|0x30001029
+ ## Enable the feature that evacuate temporary memory to permanent memory or not<BR><BR>
+ # Set FALSE as default, if the developer need this feature to avoid this vulnerability, please
+ # enable it to shadow all PEIMs no matter the behavior controled by PcdShadowPeimOnBoot or
+ # PcdShadowPeimOnS3Boot<BR>
+ # TRUE - Evacuate temporary memory, the actions include copy memory, convert PPI pointers and so on.<BR>
+ # FALSE - Do nothing, for example, no copy memory, no convert PPI pointers and so on.<BR>
+ # @Prompt Evacuate temporary memory to permanent memory
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes|FALSE|BOOLEAN|0x3000102A
+
## The mask is used to control memory profile behavior.<BR><BR>
# BIT0 - Enable UEFI memory profile.<BR>
# BIT1 - Enable SMRAM profile.<BR>
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index 2007e0596c..5235dee561 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -214,6 +214,12 @@
"TRUE - Shadow PEIM on S3 boot path after memory is ready.<BR>\n"
"FALSE - Not shadow PEIM on S3 boot path after memory is ready.<BR>"
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMigrateTemporaryRamFirmwareVolumes_HELP #language en-US "Enable the feature that evacuate temporary memory to permanent memory or not.<BR><BR>\n"
+ "It will allocate page to save the temporary PEIMs resided in NEM(or CAR) to the permanent memory and change all pointers pointed to the NEM(or CAR) to permanent memory.<BR><BR>\n"
+ "After then, there are no pointer pointed to NEM(or CAR) and TOCTOU volnerability can be avoid.<BR><BR>\n"
+
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMigrateTemporaryRamFirmwareVolumes_PROMPT #language en-US "Enable the feature that evacuate temporary memory to permanent memory or not"
+
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiDefaultOemId_PROMPT #language en-US "Default OEM ID for ACPI table creation"
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiDefaultOemId_HELP #language en-US "Default OEM ID for ACPI table creation, its length must be 0x6 bytes to follow ACPI specification."