summaryrefslogtreecommitdiffstats
path: root/OvmfPkg/Sec
diff options
context:
space:
mode:
authorLaszlo Ersek <lersek@redhat.com>2015-11-30 18:41:24 +0000
committerlersek <lersek@Edk2>2015-11-30 18:41:24 +0000
commitefb0f16e9839b39830bf3eb4017d5964f06c7122 (patch)
tree52d5bad383e6ac72ac55a69b548dbb19cccfe7b7 /OvmfPkg/Sec
parent9beac0d847bf9c299fe6c05b0fe7041a75bffa67 (diff)
downloadedk2-efb0f16e9839b39830bf3eb4017d5964f06c7122.tar.gz
edk2-efb0f16e9839b39830bf3eb4017d5964f06c7122.tar.bz2
edk2-efb0f16e9839b39830bf3eb4017d5964f06c7122.zip
OvmfPkg: decompress FVs on S3 resume if SMM_REQUIRE is set
If OVMF was built with -D SMM_REQUIRE, that implies that the runtime OS is not trusted and we should defend against it tampering with the firmware's data. One such datum is the PEI firmware volume (PEIFV). Normally PEIFV is decompressed on the first boot by SEC, then the OS preserves it across S3 suspend-resume cycles; at S3 resume SEC just reuses the originally decompressed PEIFV. However, if we don't trust the OS, then SEC must decompress PEIFV from the pristine flash every time, lest we execute OS-injected code or work with OS-injected data. Due to how FVMAIN_COMPACT is organized, we can't decompress just PEIFV; the decompression brings DXEFV with itself, plus it uses a temporary output buffer and a scratch buffer too, which even reach above the end of the finally installed DXEFV. For this reason we must keep away a non-malicious OS from DXEFV too, plus the memory up to PcdOvmfDecomprScratchEnd. The delay introduced by the LZMA decompression on S3 resume is negligible. If -D SMM_REQUIRE is not specified, then PcdSmmSmramRequire remains FALSE (from the DEC file), and then this patch has no effect (not counting some changed debug messages). If QEMU doesn't support S3 (or the user disabled it on the QEMU command line), then this patch has no effect also. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19037 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'OvmfPkg/Sec')
-rw-r--r--OvmfPkg/Sec/SecMain.c16
-rw-r--r--OvmfPkg/Sec/SecMain.inf3
2 files changed, 17 insertions, 2 deletions
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 93e3594e29..a12e6768ae 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -539,13 +539,25 @@ FindPeiCoreImageBase (
OUT EFI_PHYSICAL_ADDRESS *PeiCoreImageBase
)
{
+ BOOLEAN S3Resume;
+
*PeiCoreImageBase = 0;
- if (IsS3Resume ()) {
+ S3Resume = IsS3Resume ();
+ if (S3Resume && !FeaturePcdGet (PcdSmmSmramRequire)) {
+ //
+ // A malicious runtime OS may have injected something into our previously
+ // decoded PEI FV, but we don't care about that unless SMM/SMRAM is required.
+ //
DEBUG ((EFI_D_VERBOSE, "SEC: S3 resume\n"));
GetS3ResumePeiFv (BootFv);
} else {
- DEBUG ((EFI_D_VERBOSE, "SEC: Normal boot\n"));
+ //
+ // We're either not resuming, or resuming "securely" -- we'll decompress
+ // both PEI FV and DXE FV from pristine flash.
+ //
+ DEBUG ((EFI_D_VERBOSE, "SEC: %a\n",
+ S3Resume ? "S3 resume (with PEI decompression)" : "Normal boot"));
FindMainFv (BootFv);
DecompressMemFvs (BootFv);
diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index 9e8571dddd..711b595309 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -71,3 +71,6 @@
gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress
gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd
+
+[FeaturePcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire