SecurePE: Turned ImageOrigin into function argument,

added comments, introduced bits disabling protecion.
acidanthera · Nov 16, 2023 · ee96dc3 · ee96dc3
1 parent 7e4b66e
commit ee96dc3
Show file tree

Hide file tree

Showing 30 changed files with 139 additions and 110 deletions.
diff --git a/ArmPkg/Library/DebugAgentSymbolsBaseLib/DebugAgentSymbolsBaseLib.c b/ArmPkg/Library/DebugAgentSymbolsBaseLib/DebugAgentSymbolsBaseLib.c
@@ -214,13 +214,12 @@ GetImageContext (
 
   // Initialize the Image Context
   // FIXME: Common FFS API with size checks
-  ImageContext->ImageOrigin = UefiImageOriginFv;
-
   Status = UefiImageInitializeContext (
              ImageContext,
              EfiImage,
              SectionLength - sizeof (*Section),
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             UefiImageOriginFv
              );
   if (!EFI_ERROR(Status)) {
     Status = UefiImageLoadImageInplace( ImageContext);

diff --git a/ArmVirtPkg/PrePi/PrePi.c b/ArmVirtPkg/PrePi/PrePi.c
@@ -158,13 +158,12 @@ RelocateUefiImage (
   Status = FfsFindSectionData (EFI_SECTION_PE32, FileHandle, &SectionData, &SectionSize);
   ASSERT_EFI_ERROR (Status);
 
-  ImageContext.ImageOrigin = UefiImageOriginFv;
-
   Status = UefiImageInitializeContext (
              &ImageContext,
              SectionData,
              SectionSize,
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             UefiImageOriginFv
              );
   ASSERT_RETURN_ERROR (Status);
 

diff --git a/BaseTools/ImageTool/UefiImageScan.c b/BaseTools/ImageTool/UefiImageScan.c
@@ -205,13 +205,12 @@ ToolContextConstructUefiImage (
 
   assert (File != NULL || FileSize == 0);
 
-  Context.ImageOrigin = UefiImageOriginFv;
-
   Status = UefiImageInitializeContext (
              &Context,
              File,
              (UINT32)FileSize,
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             UefiImageOriginFv
              );
   if (RETURN_ERROR (Status)) {
     return Status;

diff --git a/BaseTools/Source/C/Common/CommonLib.c b/BaseTools/Source/C/Common/CommonLib.c
@@ -669,13 +669,12 @@ GetAlignmentFromFile (
   CommonHeader  = (EFI_COMMON_SECTION_HEADER *) ImageFileBuffer;
   CurSecHdrSize = GetSectionHeaderLength(CommonHeader);
 
-  ImageContext.ImageOrigin = UefiImageOriginFv;
-
   Status = UefiImageInitializeContext (
              &ImageContext,
              ImageFileBuffer + CurSecHdrSize,
              ImageFileSize,
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             UefiImageOriginFv
              );
   if (EFI_ERROR (Status)) {
     Error (NULL, 0, 3000, "Invalid UefiImage", "The input file is %s and return status is %x", InFile, (int) Status);

diff --git a/BaseTools/Source/C/EfiRom/EfiRom.c b/BaseTools/Source/C/EfiRom/EfiRom.c
@@ -836,13 +836,12 @@ Routine Description:
   RETURN_STATUS                    Status;
   UEFI_IMAGE_LOADER_IMAGE_CONTEXT  Context;
 
-  Context.ImageOrigin = UefiImageOriginFv;
-
   Status = UefiImageInitializeContext (
              &Context,
              FileBuffer,
              FileSize,
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             UefiImageOriginFv
              );
   if (RETURN_ERROR (Status)) {
     Error (NULL, 0, 2000, "Invalid parameter", "Input file does not appear to be an UEFI image - %llu!", Status);

diff --git a/BaseTools/Source/C/GenFv/GenFvInternalLib.c b/BaseTools/Source/C/GenFv/GenFvInternalLib.c
@@ -2514,13 +2514,12 @@ Routine Description:
     return EFI_INVALID_PARAMETER;
   }
 
-  Context.ImageOrigin = UefiImageOriginFv;
-
   RETURN_STATUS Status = UefiImageInitializeContext (
                            &Context,
                            UefiImage,
                            UefiImageSize,
-                           UEFI_IMAGE_SOURCE_FV
+                           UEFI_IMAGE_SOURCE_FV,
+                           UefiImageOriginFv
                            );
   if (RETURN_ERROR (Status)) {
     Error (NULL, 0, 3000, "Invalid", "Unrecognized UEFI image file.");
@@ -3704,13 +3703,12 @@ Routine Description:
     //
     SectPeSize = GetSectionFileLength (CurrentPe32Section.CommonHeader) - CurSecHdrSize;
 
-    ImageContext.ImageOrigin = UefiImageOriginFv;
-
     Status = UefiImageInitializeContext (
                &ImageContext,
                (VOID *) ((UINTN) CurrentPe32Section.Pe32Section + CurSecHdrSize),
                SectPeSize,
-               UEFI_IMAGE_SOURCE_FV
+               UEFI_IMAGE_SOURCE_FV,
+               UefiImageOriginFv
                );
     if (EFI_ERROR (Status)) {
       Error (NULL, 0, 3000, "Invalid UefiImage", "The input file is %s and the return status is %x", FileName, (int) Status);
@@ -3993,14 +3991,13 @@ Routine Description:
     //
     // Get this module function address from ModulePeMapFile and add them into FvMap file
     //
-    ImageContext.ImageOrigin = UefiImageOriginFv;
-
     Status = UefiImageInitializeContext (
-      &ImageContext,
-      (VOID *) ((UINTN)(*FfsFile) + FileOffset),
-      RebasedImageSize,
-      UEFI_IMAGE_SOURCE_FV
-      );
+               &ImageContext,
+               (VOID *) ((UINTN)(*FfsFile) + FileOffset),
+               RebasedImageSize,
+               UEFI_IMAGE_SOURCE_FV,
+               UefiImageOriginFv
+               );
     ASSERT_EFI_ERROR (Status);
 
     //

diff --git a/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/LoadBelow4G.c b/IntelFsp2WrapperPkg/FspWrapperNotifyDxe/LoadBelow4G.c
@@ -90,13 +90,12 @@ RelocateImageUnder4GIfNeeded (
   //
   // Get information about the image being loaded
   //
-  ImageContext.ImageOrigin = UefiImageOriginFv;
-
   Status = UefiImageInitializeContext (
              &ImageContext,
              Buffer,
              (UINT32) BufferSize,
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             UefiImageOriginFv
              );
   ASSERT_EFI_ERROR (Status);
   ImageSize      = UefiImageGetImageSize (&ImageContext);

diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -2720,14 +2720,13 @@ RemoveImageRecord (
   Protect UEFI image.
 
   @param[in]  LoadedImage              The loaded image protocol
-  @param[in]  ImageType                Whether File comes from FV. Must be FALSE
-                                       or TRUE.
+  @param[in]  ImageOrigin              Where File comes from.
   @param[in]  LoadedImageDevicePath    The loaded image device path protocol
 **/
 VOID
 ProtectUefiImage (
   IN EFI_LOADED_IMAGE_PROTOCOL     *LoadedImage,
-  IN BOOLEAN                       ImageIsFromFv,
+  IN UINT8                         ImageOrigin,
   UEFI_IMAGE_LOADER_IMAGE_CONTEXT  *ImageContext
   );
 

diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
@@ -203,6 +203,7 @@ EFI_RUNTIME_SERVICES  *gRT = &mEfiRuntimeServicesTableTemplate;
 EFI_HANDLE            gImageHandle = NULL;
 
 BOOLEAN               gMemoryMapTerminated = FALSE;
+BOOLEAN               gBdsStarted          = FALSE;
 
 //
 // EFI Decompress Protocol
@@ -318,7 +319,7 @@ DxeMain (
 
   CoreInitializeMemoryProtection ();
 
-  ProtectUefiImage (&mCurrentImage->Info, TRUE, &ImageContext);
+  ProtectUefiImage (&mCurrentImage->Info, UefiImageOriginFv, &ImageContext);
 
   //
   // Call constructor for all libraries
@@ -562,6 +563,8 @@ DxeMain (
     (EFI_SOFTWARE_DXE_CORE | EFI_SW_DXE_CORE_PC_HANDOFF_TO_NEXT)
     );
 
+  gBdsStarted = TRUE;
+
   //
   // Transfer control to the BDS Architectural Protocol
   //

diff --git a/MdeModulePkg/Core/Dxe/Image/Image.c b/MdeModulePkg/Core/Dxe/Image/Image.c
@@ -24,6 +24,8 @@ STATIC LIST_ENTRY  mAvailableEmulators;
 STATIC EFI_EVENT   mPeCoffEmuProtocolRegistrationEvent;
 STATIC VOID        *mPeCoffEmuProtocolNotifyRegistration;
 
+extern BOOLEAN     gBdsStarted;
+
 //
 // This code is needed to build the Image handle for the DXE Core
 //
@@ -1101,6 +1103,7 @@ CoreLoadImageCommon (
   BOOLEAN                         ImageIsFromFv;
   BOOLEAN                         ImageIsFromLoadFile;
   UEFI_IMAGE_LOADER_IMAGE_CONTEXT ImageContext;
+  UINT8                           ImageOrigin;
 
   SecurityStatus = EFI_SUCCESS;
 
@@ -1171,8 +1174,8 @@ CoreLoadImageCommon (
     Node   = NULL;
     Status = CoreLocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid, &HandleFilePath, &DeviceHandle);
     if (!EFI_ERROR (Status)) {
-      ImageIsFromFv            = TRUE;
-      ImageContext.ImageOrigin = UefiImageOriginFv;
+      ImageIsFromFv = TRUE;
+      ImageOrigin   = UefiImageOriginFv;
     } else {
       HandleFilePath = FilePath;
       Status         = CoreLocateDevicePath (&gEfiSimpleFileSystemProtocolGuid, &HandleFilePath, &DeviceHandle);
@@ -1186,15 +1189,13 @@ CoreLoadImageCommon (
           HandleFilePath = FilePath;
           Status         = CoreLocateDevicePath (&gEfiLoadFileProtocolGuid, &HandleFilePath, &DeviceHandle);
           if (!EFI_ERROR (Status)) {
-            ImageIsFromLoadFile      = TRUE;
-            Node                     = HandleFilePath;
+            ImageIsFromLoadFile = TRUE;
+            Node                = HandleFilePath;
           }
         }
-
-        ImageContext.ImageOrigin = UefiImageOriginOptionROM;
-      } else {
-        ImageContext.ImageOrigin = UefiImageOriginUserImage;
       }
+
+      ImageOrigin = UefiImageOriginOptionROM;
     }
 
     //
@@ -1223,22 +1224,27 @@ CoreLoadImageCommon (
     goto Done;
   }
 
+  if (gBdsStarted) {
+    ImageOrigin = UefiImageOriginUserImage;
+  }
+
   //
   // Get information about the image being loaded
   //
   Status = UefiImageInitializeContextPreHash (
              &ImageContext,
              FHand.Source,
              (UINT32) FHand.SourceSize,
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             ImageOrigin
              );
   if (Status == EFI_NOT_STARTED) {
     goto Done;
   }
 
   if (EFI_ERROR (Status)) {
-    ASSERT (FALSE);
-    return Status;
+    CpuDeadLoop ();
+    return Status; ///< Should be unreachable.
   }
 
   // FIXME: Context
@@ -1298,8 +1304,8 @@ CoreLoadImageCommon (
 
   Status = UefiImageInitializeContextPostHash (&ImageContext);
   if (EFI_ERROR (Status)) {
-    ASSERT (FALSE);
-    return Status;
+    CpuDeadLoop ();
+    return Status; ///< Should be unreachable.
   }
 
   //
@@ -1427,7 +1433,7 @@ CoreLoadImageCommon (
   }
 
   Status = EFI_SUCCESS;
-  ProtectUefiImage (&Image->Info, ImageIsFromFv, &ImageContext);
+  ProtectUefiImage (&Image->Info, ImageOrigin, &ImageContext);
 
   RegisterMemoryProfileImage (
     Image->LoadedImageDevicePath,

diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -10,7 +10,6 @@
      requirement.
   3) This policy is applied only if the Source UEFI image matches the
      PcdImageProtectionPolicy definition.
-  4) This policy is not applied to the non-PE image region.
 
   The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
   the image. If the CpuArch protocol is not installed yet, the DxeCore
@@ -164,14 +163,13 @@ IsMemoryProtectionSectionAligned (
   Protect UEFI PE/COFF image.
 
   @param[in]  LoadedImage              The loaded image protocol
-  @param[in]  ImageIsFromFv            Whether File comes from FV. Must be FALSE
-                                       or TRUE.
+  @param[in]  ImageOrigin              Where File comes from.
   @param[in]  LoadedImageDevicePath    The loaded image device path protocol
 **/
 VOID
 ProtectUefiImage (
   IN EFI_LOADED_IMAGE_PROTOCOL     *LoadedImage,
-  IN BOOLEAN                       ImageIsFromFv,
+  IN UINT8                         ImageOrigin,
   UEFI_IMAGE_LOADER_IMAGE_CONTEXT  *ImageContext
   )
 {
@@ -181,6 +179,12 @@ ProtectUefiImage (
   CONST CHAR8        *PdbPointer;
   UINT32             PdbSize;
   BOOLEAN            IsAligned;
+  //
+  // Do not protect images, if policy allows.
+  //
+  if ((mImageProtectionPolicy & (BIT30 >> ImageOrigin)) != 0) {
+    return;
+  }
 
   DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage));
   DEBUG ((DEBUG_INFO, "  - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize));

diff --git a/MdeModulePkg/Core/Pei/Image/Image.c b/MdeModulePkg/Core/Pei/Image/Image.c
@@ -195,13 +195,12 @@ LoadAndRelocateUefiImage (
 
   ReturnStatus = EFI_SUCCESS;
 
-  ImageContext->ImageOrigin = UefiImageOriginFv;
-
   Status = UefiImageInitializeContext (
              ImageContext,
              Pe32Data,
              Pe32DataSize,
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             UefiImageOriginFv
              );
   if (EFI_ERROR (Status)) {
     return Status;
@@ -382,13 +381,12 @@ LoadAndRelocateUefiImageInPlace (
 
   CopyMem (ImageAddress, Pe32Data, ImageSize);
 
-  ImageContext.ImageOrigin = UefiImageOriginFv;
-
   Status = UefiImageInitializeContext (
              &ImageContext,
              ImageAddress,
              ImageSize,
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             UefiImageOriginFv
              );
   if (EFI_ERROR (Status)) {
     ASSERT_EFI_ERROR (Status);

diff --git a/MdeModulePkg/Core/Pei/Ppi/Ppi.c b/MdeModulePkg/Core/Pei/Ppi/Ppi.c
@@ -1117,13 +1117,12 @@ ConvertPeiCorePpiPointers (
     // Find PEI Core EntryPoint in the BFV in temporary memory.
     //
     // FIXME: "Assume" sanity and skip full initialisation?
-    ImageContext.ImageOrigin = UefiImageOriginFv;
-
     Status = UefiImageInitializeContext (
                &ImageContext,
                (VOID *) (UINTN) PeiCoreImageBase,
                PeiCoreImageSize,
-               UEFI_IMAGE_SOURCE_FV
+               UEFI_IMAGE_SOURCE_FV,
+               UefiImageOriginFv
                );
     ASSERT_EFI_ERROR (Status);
 

diff --git a/MdeModulePkg/Core/PiSmmCore/Dispatcher.c b/MdeModulePkg/Core/PiSmmCore/Dispatcher.c
@@ -339,13 +339,12 @@ SmmLoadImage (
   //
   // Get information about the image being loaded
   //
-  ImageContext->ImageOrigin = UefiImageOriginFv;
-
   Status = UefiImageInitializeContextPreHash (
              ImageContext,
              Buffer,
              (UINT32) Size,
-             UEFI_IMAGE_SOURCE_FV
+             UEFI_IMAGE_SOURCE_FV,
+             UefiImageOriginFv
              );
   if (EFI_ERROR (Status)) {
     if (Buffer != NULL) {