summaryrefslogtreecommitdiffstats
path: root/ArmPkg
diff options
context:
space:
mode:
authorArd Biesheuvel <ardb@kernel.org>2023-06-02 17:17:37 +0200
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2023-06-26 09:11:53 +0000
commit4249829cf27b177bb507a57ddd6f49f9202a69ca (patch)
tree4fb83243b97f78bf01a7d02ac3d1b727ad049151 /ArmPkg
parent8f5ad634ad4b0593fce0e79f0f743af5f0cf4208 (diff)
downloadedk2-4249829cf27b177bb507a57ddd6f49f9202a69ca.tar.gz
edk2-4249829cf27b177bb507a57ddd6f49f9202a69ca.tar.bz2
edk2-4249829cf27b177bb507a57ddd6f49f9202a69ca.zip
ArmPkg/CpuPei: Implement the memory attributes PPI
Implement the newly defined PPI that permits the PEI core and DXE IPL to manage memory permissions on ranges of DRAM, for doing things like mapping the stack non-executable, or granting executable permissions to shadowed PEIMs. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Oliver Smith-Denny <osde@linux.microsoft.com> Reviewed-by: Michael Kubacki <michael.kubacki@microsoft.com>
Diffstat (limited to 'ArmPkg')
-rw-r--r--ArmPkg/Drivers/CpuPei/CpuPei.c76
-rw-r--r--ArmPkg/Drivers/CpuPei/CpuPei.inf4
2 files changed, 80 insertions, 0 deletions
diff --git a/ArmPkg/Drivers/CpuPei/CpuPei.c b/ArmPkg/Drivers/CpuPei/CpuPei.c
index 85ef5ec07b..1c2b53100f 100644
--- a/ArmPkg/Drivers/CpuPei/CpuPei.c
+++ b/ArmPkg/Drivers/CpuPei/CpuPei.c
@@ -3,6 +3,7 @@
Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 Hewlett Packard Corporation. All rights reserved.<BR>
Copyright (c) 2011-2013, ARM Limited. All rights reserved.<BR>
+Copyright (c) 2023, Google, LLC. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -24,6 +25,7 @@ Abstract:
// The protocols, PPI and GUID definitions for this module
//
#include <Ppi/ArmMpCoreInfo.h>
+#include <Ppi/MemoryAttribute.h>
//
// The Library classes this module consumes
@@ -34,6 +36,77 @@ Abstract:
#include <Library/PcdLib.h>
#include <Library/HobLib.h>
#include <Library/ArmLib.h>
+#include <Library/ArmMmuLib.h>
+
+/**
+ Set the requested memory permission attributes on a region of memory.
+
+ BaseAddress and Length must be aligned to EFI_PAGE_SIZE.
+
+ Attributes must contain a combination of EFI_MEMORY_RP, EFI_MEMORY_RO and
+ EFI_MEMORY_XP, and specifies the attributes that must be set for the
+ region in question. Attributes that are omitted will be cleared from the
+ region only if they are set in AttributeMask.
+
+ AttributeMask must contain a combination of EFI_MEMORY_RP, EFI_MEMORY_RO and
+ EFI_MEMORY_XP, and specifies the attributes that the call will operate on.
+ AttributeMask must not be 0x0, and must contain at least the bits set in
+ Attributes.
+
+ @param[in] This The protocol instance pointer.
+ @param[in] BaseAddress The physical address that is the start address
+ of a memory region.
+ @param[in] Length The size in bytes of the memory region.
+ @param[in] Attributes Memory attributes to set or clear.
+ @param[in] AttributeMask Mask of memory attributes to operate on.
+
+ @retval EFI_SUCCESS The attributes were set for the memory region.
+ @retval EFI_INVALID_PARAMETER Length is zero.
+ AttributeMask is zero.
+ AttributeMask lacks bits set in Attributes.
+ BaseAddress or Length is not suitably aligned.
+ @retval EFI_UNSUPPORTED The processor does not support one or more
+ bytes of the memory resource range specified
+ by BaseAddress and Length.
+ The bit mask of attributes is not supported for
+ the memory resource range specified by
+ BaseAddress and Length.
+ @retval EFI_OUT_OF_RESOURCES Requested attributes cannot be applied due to
+ lack of system resources.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+SetMemoryPermissions (
+ IN EDKII_MEMORY_ATTRIBUTE_PPI *This,
+ IN EFI_PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length,
+ IN UINT64 Attributes,
+ IN UINT64 AttributeMask
+ )
+{
+ if ((Length == 0) ||
+ (AttributeMask == 0) ||
+ ((AttributeMask & (EFI_MEMORY_RP | EFI_MEMORY_RO | EFI_MEMORY_XP)) == 0) ||
+ ((Attributes & ~AttributeMask) != 0) ||
+ (((BaseAddress | Length) & EFI_PAGE_MASK) != 0))
+ {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return ArmSetMemoryAttributes (BaseAddress, Length, Attributes, AttributeMask);
+}
+
+STATIC CONST EDKII_MEMORY_ATTRIBUTE_PPI mMemoryAttributePpi = {
+ SetMemoryPermissions
+};
+
+STATIC CONST EFI_PEI_PPI_DESCRIPTOR mMemoryAttributePpiDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEdkiiMemoryAttributePpiGuid,
+ (VOID *)&mMemoryAttributePpi
+};
/*++
@@ -79,5 +152,8 @@ InitializeCpuPeim (
}
}
+ Status = PeiServicesInstallPpi (&mMemoryAttributePpiDesc);
+ ASSERT_EFI_ERROR (Status);
+
return EFI_SUCCESS;
}
diff --git a/ArmPkg/Drivers/CpuPei/CpuPei.inf b/ArmPkg/Drivers/CpuPei/CpuPei.inf
index a9f85cbc68..49b67077ec 100644
--- a/ArmPkg/Drivers/CpuPei/CpuPei.inf
+++ b/ArmPkg/Drivers/CpuPei/CpuPei.inf
@@ -3,6 +3,7 @@
#
# This module provides platform specific function to detect boot mode.
# Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2023, Google, LLC. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -28,6 +29,7 @@
CpuPei.c
[Packages]
+ MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec
EmbeddedPkg/EmbeddedPkg.dec
ArmPkg/ArmPkg.dec
@@ -37,9 +39,11 @@
DebugLib
HobLib
ArmLib
+ ArmMmuLib
[Ppis]
gArmMpCoreInfoPpiGuid
+ gEdkiiMemoryAttributePpiGuid
[Guids]
gArmMpCoreInfoGuid