Sync AARCH64 GCD Capabilities with Page Table #89
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kenlautner
approved these changes
Apr 7, 2023
os-d
commented
Apr 7, 2023
TaylorBeebe
approved these changes
Apr 7, 2023
|
Regarding this in the PR description:
Can you provide more context on the rationale behind the previous behavior? Was this an implementation error? A design gap? Etc. |
makubacki
reviewed
Apr 11, 2023
I updated the PR description, let me know if this answers your question. |
Yes, thanks |
makubacki
approved these changes
Apr 12, 2023
os-d
force-pushed
the
osde/sync_aarch64_gcd_capabilities
branch
from
ea31c95 to
c74464c
Compare
os-d
force-pushed
the
osde/sync_aarch64_gcd_capabilities
branch
from
c74464c to
b003a6b
Compare
kenlautner
pushed a commit
that referenced
this pull request
May 12, 2023
# Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. ## Integration Instructions N/A.
kenlautner
pushed a commit
that referenced
this pull request
May 13, 2023
# Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. ## Integration Instructions N/A.
kenlautner
pushed a commit
that referenced
this pull request
May 13, 2023
# Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. ## Integration Instructions N/A.
kenlautner
pushed a commit
that referenced
this pull request
May 13, 2023
# Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. ## Integration Instructions N/A.
kenlautner
pushed a commit
that referenced
this pull request
Oct 25, 2023
# Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. ## Integration Instructions N/A.
kenlautner
pushed a commit
that referenced
this pull request
Oct 25, 2023
# Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. ## Integration Instructions N/A.
kenlautner
pushed a commit
that referenced
this pull request
Dec 19, 2023
# Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. ## Integration Instructions N/A.
kenlautner
pushed a commit
that referenced
this pull request
Dec 19, 2023
# Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. ## Integration Instructions N/A.
ProjectMuBot
referenced
this pull request
in microsoft/mu_tiano_platforms
Feb 6, 2024
Introduces 1018 new commits in [Silicon/Arm/MU_TIANO](https://github.com/microsoft/mu_silicon_arm_tiano.git). <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/b26f7dfe2927a276bf5c3238bec363abadd5a52f">b26f7d</a> CryptoPkg: Add all .inf files for BaseCryptLibMbedTls</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/4049ca493c4ec8399ba95c06db49e45247fd5ad7">4049ca</a> CryptoPkg: Add Null functions for building pass</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/c5fedb030a4eee1133358a8c5af9ff05082feb44">c5fedb</a> CryptoPkg: Add MD5/SHA1/SHA2 functions based on Mbedtls</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/26754b37075909f3eed8f5666835c2c3d6146987">26754b</a> CryptoPkg: Add Mbedtls submodule in CI</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/c109e4a2448b5ed861e6227b0b9949089f39b378">c109e4</a> CryptoPkg: Add basic Readme for BaseCryptLibMbedTls</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/eebd446875a4b1e4879e03764f63c6c358fd64f5">eebd44</a> CryptoPkg: Add CryptAes functions based on Mbedtls Add CryptAes APIS.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/326b9e1d815c4ae4b0b207fcb0bfa16864af5400">326b9e</a> UefiCpuPkg/CpuDxe: Eliminate the unused variable.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e07948255cfafb75fa9cbe4555bfe3421488dd9a">e07948</a> MdeModulePkg: UsbNetwork: fix Ethernet functional descriptor processing</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/03d6569f70939d2a1653265367121212459a6b89">03d656</a> MdeModulePkg: UsbRndis: get rid of magic values</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a445e1a42ccf3cb9f70537c7cd80ece689bf4d9a">a445e1</a> ShellPkg: Increase PcdShellPrintBufferSize from UINT16 to UINT32</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/772ec92577a8c786b6c9f8643fa60f1cf893bcd9">772ec9</a> UefiCpuPkg: RISC-V: MMU: Introduce a PCD for SATP mode</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/01e1bc28943a6bd66830e8af56665dc9e4647a08">01e1bc</a> ArmPkg/ArmPsciMpServices: Add EFI_NOT_READY return</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/747a08eae26bda91c53d232d3bd65946183693d0">747a08</a> RedfishPkg/RedfishDiscoverDxe: introduce PcdRedfishSendReceiveTimeout</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/c62fb455491bc029ca225e61702a7259c4ec324a">c62fb4</a> PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe: rename LibRtcVirtualNotifyEvent</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/189addfde6e01b49de269700c979551675336f80">189add</a> ArmPlatformPkg/PL031RealTimeClockLib: hide LibRtcVirtualNotifyEvent</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e6e0e7ba74b670564efea79e628207f5f76ce743">e6e0e7</a> EmbeddedPkg/TemplateRealTimeClockLib: drop LibRtcVirtualNotifyEvent</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/3c3136d3b6ae2976cbe05ff2b8f23ae58b780034">3c3136</a> EmbeddedPkg/VirtualRealTimeClockLib: drop LibRtcVirtualNotifyEvent</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/7fe49887c4d227e585d5aa5530ee8a8d79d5fa1e">7fe498</a> EmbeddedPkg/RealTimeClockLib: drop LibRtcVirtualNotifyEvent from lib class</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/b75d9f556d6f290a4037064a2b934f5a3396328c">b75d9f</a> BaseTools: trim warning to error</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8abbf6d87e68aa6634d63a5e3920ca44e331ddfa">8abbf6</a> OvmfPkg/VirtioFsDxe: tolerate opening an abs. pathname rel. to a reg. file</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/96ed60dfd7d4818a532216d64ee87b13fae5c726">96ed60</a> MdePkg/UefiDevicePathLib: Fix AcpiEx print logic</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/0355e559c6c4a7d3602120045d74e3a1e792fec6">0355e5</a> MdePkg/Test: Add DevicePathLib host test module</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/bed477d9cf727c1061f1203c5cd61fe1af2e9c19">bed477</a> Maintainers.txt: Stop to be reviewer of several modules</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/c591395f4ab5359c14e783481473685cf432fe75">c59139</a> EmbeddedPkg/NorFlashInfoLib: Update norflash device list</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/575bd4f55c0aea6096579a649a018cfd183546fc">575bd4</a> DynamicTablesPkg/TableHelperLib: Fix and improve text handling</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/ec7f73436646a9232c6494d1ce23fb38000e10d3">ec7f73</a> DynamicTablesPkg/TableHelperLib: Enhance error handling</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/309450db268c8721afa102c7c49adccd153b0e88">309450</a> DynamicTablesPkg/AmlLib: Enumerate memory attributes</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/9f5e409623e043d6298181aa94ab5cd3c5e315a1">9f5e40</a> Edk2: edk2-pytools: Update to latest versions</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/cbcdf4ff7bf18483dfed89e7dd1167338f361d0f">cbcdf4</a> UnitTestFrameworkPkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/36b41b067f3c7903860146bc54d282e1f2e9ff3b">36b41b</a> CryptoPkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/2298769ecf9ff2af7baa681ea5517414b4dbbf34">229876</a> DynamicTablesPkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/22b667c821941575aa135381e7931b05833b5f59">22b667</a> EmbeddedPkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/1cd0227c5d9164d9f8f15decafca84e5aaddeff4">1cd022</a> FmpDevicePkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/b24c8b046770e47094d233d83ee45658ce4be2ab">b24c8b</a> IntelFsp2Pkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e5b4fe21aea9101c93ba8a670da4ce83513c0ef7">e5b4fe</a> RedfishPkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e44097a9653a1f6e67439c5c49cb952f7a8aafe2">e44097</a> PrmPkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f8923b72deb62df0cd948a8e9966c9edfab3b415">f8923b</a> MdePkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/87ef986eeb902b9aab74c451b65fc7cd73bb5447">87ef98</a> MdeModulePkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/2ad52adb6606f89f0c475faa6552fee69c02d082">2ad52a</a> IntelFsp2WrapperPkg: CI: Add PrEval entry</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/da73578bf7afee1fdd1abe97eaf733aa1e4bdefe">da7357</a> RedfishPkg/RedfishPlatformConfigDxe: add debug message.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/fb044b7fe893a4545995bfe2701fd38e593355d9">fb044b</a> RedfishPkg/RedfishDiscoverDxe: remove Redfish false alarm</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e17e58e81b356a347102ee6d780bf699544e9b81">e17e58</a> DynamicTablesPkg: HOWTO for Handcrafted tables</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a6648418c1600f0a81f2914d9dd14de1adbfe598">a66484</a> MdeModulePkg: Optimize BmExpandPartitionDevicePath</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/d85bf54b7f462eb0297351b5f8dfde09adf617fb">d85bf5</a> ArmPlatformPkg/PL031RealTimeClockLib: remove needless instance init steps</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/170d4ce8e90abb1eff03852940a69c9d17f8afe5">170d4c</a> UefiCpuPkg/BaseXApicX2ApicLib: fix CPUID_V2_EXTENDED_TOPOLOGY detection</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/cf87fd95c1f5be4880a015c82a18e8ae12ff5e94">cf87fd</a> OvmfPkg/AcpiPlatformDxe: Fix Coverity report issues</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/1f21e11168dd6a071a92e41ecdffc7cd6e5f3f02">1f21e1</a> Maintainers.txt: Update maintainers list</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/00dbde5fa4e21d9c7cacf01cf119f06860fcfb11">00dbde</a> MdePkg/Mctp.h: Correct typo in structure member name</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/884ef984541c3e346d39e423fea53cf25066ff5a">884ef9</a> MdePkg/Pldm.h: Add define for the PLDM response flag</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/9bb5ef1287c6765c477fb2cb3107339f700ab419">9bb5ef</a> MdePkg: Add Cxl20.h into IndustryStandard</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/cf68ff61308843bcd50db9ec1f96a8dcfa541b47">cf68ff</a> RedfishPkg/RedfishLib: introduce new interfaces.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/1cbdd6e9ffe19ffde1de13ee680a1e68b2a93d56">1cbdd6</a> RedfishPkg/libredfish: introduce new interfaces.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8765f3eb428f86974033215fe08f8d3d85deedae">8765f3</a> RedfishPkg/RedfishLib: return HTTP headers to caller</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/9a38ddc80656a83337938312e9cd93cd335a678f">9a38dd</a> MdePkg/Include: Definitions of IPMI Get System Interface Capabilities</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/fe43b426762c31c2f1958444d3aca388ec8d4702">fe43b4</a> MdeModulePkg/Include: API of IPMI Get System Interface Capabilities</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/74c687cc2f2f29d3bdd454a416624f0ca5a86566">74c687</a> UefiCpuPkg/MpInitLib: Wait for all APs to finish initialization</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/eb83b53309611aba6160ef396c91f36eb8975eca">eb83b5</a> ArmVirtPkg: introduce FdtSerialPortAddressLib</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f078a6fdd4d78c8ff39a554625f1cc3d2c32b538">f078a6</a> ArmVirtPkg/Fdt16550SerialPortHookLib: rebase to FdtSerialPortAddressLib</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/5fc3c397048596cf319c6addbd2f9c07db7fb87a">5fc3c3</a> ArmVirtPkg: adjust whitespace in block scope declarations</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/66046aeb6dfab48122944ae6f8bcc9ddcdc065ff">66046a</a> ArmVirtPkg: adhere to the serial port selected by /chosen "stdout-path"</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/115b59d9c60fffb22eeab2ed467b888e4b24c1dc">115b59</a> ArmVirtPkg: store separate console and debug PL011 addresses in GUID HOB</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/b7e6d979732f1cf127ffd8ef4e366cf37e43fa37">b7e6d9</a> ArmVirtPkg: introduce DebugLibFdtPL011Uart Flash instance</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/ba5d955e2505e963eaf91f7ba7d7d5db534372ad">ba5d95</a> ArmVirtPkg: introduce DebugLibFdtPL011Uart RAM instance</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/601abf5d50ca7e797bf0e3e9f3398cd7225aa30b">601abf</a> ArmVirtPkg: introduce DebugLibFdtPL011Uart DXE Runtime instance</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f945b72331d7e9eed7f84c71052f198377ac3950">f945b7</a> ArmVirtPkg: steer DebugLib output away from SerialPortLib+console traffic</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/d0cac9f63f8a1929356f2e707dd3f577995f1a50">d0cac9</a> .pytool: Set uncrustify check to audit only (temporary)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/41c622523de353a136fac4ecd3335b05e35fd411">41c622</a> .pytool: Add cpp support to uncrustify plugin</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/504953ef976b2435c871f5c0896701afcebdcf8a">504953</a> MdeModulePkg: Apply uncrustify formatting to relevant files.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/716a3292e084b4217790aefa088d4faaa8c1ca8e">716a32</a> MdePkg: Apply uncrustify formatting to relevant files</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a00f7a355ad8e1a84d8087861020d45d6565a8f1">a00f7a</a> SecurityPkg: Apply uncrustify formatting to relevant files</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/1e27258a89647cdb79721062baad1903b29cd023">1e2725</a> UnitTestFrameworkPkg: Apply uncrustify formatting to relevant files</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/ca32f75fc6ba4a41a65b5ea83eaa21d209bae570">ca32f7</a> .pytool: Undo uncrustify check change</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/7e08d17a4a535a7abfa58a0606ca1a0e7f5862ad">7e08d1</a> Maintainers.txt: Add .pytool maintainers to BaseTools/Plugin</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/7ff6ab2b3e09ee7ec0d698398001295b7867b08c">7ff6ab</a> UefiPayloadPkg: Fix incorrect code on Fit function.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/7f5c24ad35419d4779f6f61c891b9bb0da5a41b1">7f5c24</a> .pytool: Integration of edk2-pytools</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/7806713f00e92b37799ef920daae3ebf14c5b07f">780671</a> BaseTools: Plugin: Integration of edk2-pytools</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/4f3ee7fbafc8e83c20f273f4db6c24fe240f6a94">4f3ee7</a> Maintainers.txt: update Gary's email address</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/822c54eb0177833d7949049cb9eb1e18dc3572a9">822c54</a> MdePkg: MADT: Add Online capable flag in GICC</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f9925c89532bbbe22c277ed56e2ffa8d21532d05">f9925c</a> MdePkg: MADT: Add TRBE interrupt to GICC</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/db9800dce87656dcd561ee510b4036db5910dc39">db9800</a> DynamicTablesPkg: Add TRBE interrupt to GICC object</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/cf62548a35fb002166b01b33cbfe72f65f0d6900">cf6254</a> DynamicTablesPkg: Add TRBE interrupt to GICC object parser</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/36e9f3d08a4c3f1e9828119285fcfaee80cf9d47">36e9f3</a> DynamicTablesPkg: Update MADT generator for ACPI 6.5</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/50e8518276d9c7de3cb9593a482901d3a936a2b7">50e851</a> DynamicTablesPkg: Update FADT generator to ACPI 6.5</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/2b0d117b4b4ea44b213fc3b10c9e59fa96510c83">2b0d11</a> ShellPkg: Acpiview: Update MADT parser for TRBE interrupt</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/4821daa5246deff8d8f9fb35d9c171050e704951">4821da</a> DynamicTablesPkg: Add an ET info object to Arm namespace</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f81ee47513e55e4748eccb2f941a5bb0cbf45612">f81ee4</a> DynamicTablesPkg: Add an ET info object parser</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/3ee23713e1ce09faa6fa66ee6799e3e336deb58b">3ee237</a> DynamicTablesPkg: Add ETE device to CPU node in AML</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/09fd4e41728ffabbb98bc4e0520369f70eb9c583">09fd4e</a> DynamicTablesPkg: Fix referencing of CPC token</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/08431081a3623bd6c44de5c859ef42c579de63d1">084310</a> ArmPkg/ArmLib: Add ArmHasTrbe () helper function</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a671a14e63fdaa9490e5c61cf11346416f1d1463">a671a1</a> ArmPkg/ArmLib: Add ArmHasEte () helper function</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/aa8431822b7631659586247b1e50d21126f3cfcc">aa8431</a> MdeModulePkg/DxeCore: Allow relocation of images with large address</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/2426a356258f0f759eb0661e1f8c0196aac48123">2426a3</a> MdePkg ACPI65: Add 0x0B/PRM to Generic Address Structure</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8e7462907050350f8a9ed54437a4441082180a9c">8e7462</a> .azurepipelines: Fix Python version (to 3.12)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f3b2187d558b1540e65e86024423ee39fe6264aa">f3b218</a> MdeModulePkg/VariablePolicy: Add more granular variable policy querying</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/d4358a7f7629c996f80236588c95b62cd9c93584">d4358a</a> ShellPkg: Add varpolicy dynamic shell command and app</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/fe6cd1c1872132160ddd156c963e1a568d098225">fe6cd1</a> OvmfPkg: Add varpolicy shell command</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/2e128302e608fbe2c03d1967dd7328bbdf07bab3">2e1283</a> ArmVirtPkg: Add varpolicy shell command</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a6871b53599e2bf23bfa16adae638cc9a6f0755f">a6871b</a> ArmVirtPkg/PlatformCI/ReadMe.md: Update contents</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/36812d6c3e0c4402ea90e20566ac80de634d210b">36812d</a> .github/workflows: Add Stale Check</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/ccbe2e938386ed1ec49b3ad8ed6d107e7416e273">ccbe2e</a> UefiCpuPkg: Correct file description for MpHandOff header file</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/1b1509abee839b74d3232bbd6a256a1bdc230925">1b1509</a> RedfishPkg/RedfishCrtLib: remove multiple definitions.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/fbbbd984998d83cf6b69e9291336aefbac23396c">fbbbd9</a> DynamicTablesPkg: Fix assert in CmObject parser</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8da978bf68535ec9fc41f400f22f09b033dd535a">8da978</a> ReadMe.rst: Add Apache License 2.0 and update submodule list</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/0b4acb88d67520ad5cd9fd8896db0a2e203eaca4">0b4acb</a> IntelFsp2Pkg/SwitchStack: Reserve 32B when calling C function in 64bit</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/08ac799d36332d41d1a25ff3df748672676c0947">08ac79</a> IntelFsp2Pkg/PatchFv: Fix syntax issue in markdown manual</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/038499a2681c1adab5a508da34621f74c52bc05c">038499</a> Maintainers.txt: Update based on active community members</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/ee942c5360dad560d5fc0f6758bed502fd1be4c7">ee942c</a> MdeModulePkg/DxeCorePerformanceLib: Install BPDT in config table</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/778134e491a9f53abc903f6fa730d8389f27697d">778134</a> ShellPkg/Dp: Allow dp command to work without ACPI</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/ae02d487a3a4f198e37ca5029ae04abd8976076d">ae02d4</a> BaseTools: Update PatchCheck.py to allow whitespace issues in .rtf files</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e53c618ea4928820eea5a6d778395ce1e6145cbc">e53c61</a> MdePkg: IndustryStandard: Add DLL Characteristics</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/da219919538b679d5cf7387f4eba6c20384bf868">da2199</a> BaseTools: GenFw: auto-set nxcompat flag</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/c1393bd4867b9b1cc2ec1e203eac2e2520ad6ce7">c1393b</a> Remove existing CodeQL infrastructure</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/5464d0bed60ccdb160f6d32c2ad9af203c1542c9">5464d0</a> BaseTools/Plugin/CodeQL: Add CodeQL build plugin</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/b531ca4bb37b59c3fef6b7dd927b62b21a688075">b531ca</a> BaseTools/Plugin/CodeQL: Add integration helpers</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/29763016e01f1d085227063a6b8979229538127d">297630</a> .pytool/CISettings.py: Integrate CodeQL</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/1384ce443ded4e75fce9c100a98ed0897619f098">1384ce</a> .github/workflows/codeql.yml: Add CodeQL workflow</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a3e8efcc8efa87b3cafb5648e956b3396493fce1">a3e8ef</a> .pytool/CISettings: Enable CodeQL audit mode</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/d461137e22ed46fdae725741decb44b91e59c110">d46113</a> BaseTools/Plugin/CodeQL: Enable 30 queries</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/c96b4da2a079eb837ab3af9aeb86a97078b3bde6">c96b4d</a> ReadMe.rst: Add CodeQL/analyze directory under other licenses</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/bb18fb80abb9d35d01be5d693086a9ed4b9d65b5">bb18fb</a> Maintainers.txt: Remove Orphan status option</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/616f0d503707c2e3fbdbc397ccb16a822f584b03">616f0d</a> IntelFsp2WrapperPkg: Add variable initialization</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/68e37f457881d222c68834920f4ffd6f668a2b77">68e37f</a> MdePkg/BaseLib: Update TdVmcall to always output the value in R11</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/212cf07aaa149160d37ce3c383a13d012ca45c01">212cf0</a> MdePkg/Tdx.h: Add TDVMCALL_STATUS_RETRY</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8a41004643412b59f669876658bd02b8025bec71">8a4100</a> OvmfPkg/BaseMemEncryptTdxLib: Handle retry result of MapGPA</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e077ccff6d0f2e8c3fc44b3e2ab71aff66927c3b">e077cc</a> BaseTools/tools_def: drop -mgeneral-regs-only for AArch64 CLANGDWARF</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/35c0c63edbab6a37d6c019d613a4b06529941a80">35c0c6</a> Maintainers.txt: Remove unused OvmfPkg Confidential Computing path</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/589f2e49e5f9ff998bd4f08cbf28a1572ab7b544">589f2e</a> UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception when CET enable</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/431ead235f37781e68c3661ed300546b00be0611">431ead</a> BaseTools/Scripts/GetMaintainer: Fix logic bug collecting maintainers</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/1cb580be85d01b6bd76449dc9615b044da9a23b1">1cb580</a> BaseTools/Scripts/GetMaintainer: Simplify logic</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/05f3c3f3d0cc49b123f7fcefaed3b89eb42396f8">05f3c3</a> BaseTools/Scripts/GetMaintainer: refactor internal returns as dicts</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/706811819dcbc16ee53c621ee552f81cc87526e0">706811</a> BaseTools/Scripts/GetMaintainer: Handle reviewer only case</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/33deaa3b845f0d588ffd068003558be46f90aaac">33deaa</a> BaseTools/Scripts/GetMaintainer: Sort output addresses</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/c9cce5a00591dc437c258f0365b5d434c628b1e0">c9cce5</a> MdeModulePkg/RegularExpressinoDxe: Fix clang error</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/06b27ccb90302bffbb34e4ddf31a6e2843dd20f5">06b27c</a> RedfishPkg: RedfishDiscoverDxe: Fix issue if IPv4 installed after RestEx</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/3db76e6476e493d3cda45b81bba99a645180cf35">3db76e</a> RedfishPkg: RedfishDiscoverDxe: Optimize the Redfish Discover flow</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/23dbb8a07d108a7b8589e31639b6302b70445b9f">23dbb8</a> DynamicTablesPkg: Fix ETE _UID Creation</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/15538bc62eeeeafadfa6afc6ac3f3b2115529568">15538b</a> Revert "RedfishPkg: RedfishDiscoverDxe: Optimize the Redfish Discover flow"</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8dd52c949e131dc0663337f77b5651b79a6cb92b">8dd52c</a> Revert "RedfishPkg: RedfishDiscoverDxe: Fix issue if IPv4 installed later"</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f444c4bea5125ebc2b8b92ec03ab8d11c5c183bf">f444c4</a> RedfishPkg: RedfishDiscoverDxe: Fix issue if IPv4 installed after RestEx</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8736b8fdca85e02933cdb0a13309de14c9799ece">8736b8</a> RedfishPkg: RedfishDiscoverDxe: Optimize the Redfish Discover flow</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/ada540a97193ad5143eba41516d56a969456ff86">ada540</a> TCMORPH: Move the StandaloneMmCpu driver to ArmPkg</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e3b7c193ba74470b0f32d95a607f8027ed70015c">e3b7c1</a> TCMORPH: Move the StandaloneMmCoreEntryPoint lib to ArmPkg</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/c88a22b517a1df75de827216c62a3e6f41a319c0">c88a22</a> TCMORPH: Remove unused packages from Tiano (command in comments)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8d3327e9d715391fec7f7b5477eeac02b8bafe2e">8d3327</a> Remove unneeded files and references to truncated packages.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a843fec1ef78607229f1734defe526d61fd05817">a843fe</a> Add RepoDetails.md file for documentation.</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/533f44d04bdfd5f8a564794bab84197b8354f1d1">533f44</a> Merged PR 972782: Add changes required for arm64 vs tools to work</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/03c899ff19d06256a45f2b85460e6139bae63d27">03c899</a> Merged PR 1417657: Core changes required to build DxeCore for AARCH64</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/2b780b4e8c7e397914143414f92f713decbb6da1">2b780b</a> Merged PR 2327612: Merge changes required to build AARCH64 for Hyper-V</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/575f1ce052a8742c7fbca62d446726bc9fe682b6">575f1c</a> Merged PR 2530876: Fix ARM_GICD_IROUTER incorrect writes for SPIs</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e02bfd164c20ac9f7e5b21f99a5fa3e81c547a02">e02bfd</a> Add MSFT toolchain implementation of ArmGetPhysicalAddressBits (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/3">#3</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/74a4ab9c7775fdeda021303fe8a66e51023f53f7">74a4ab</a> Workaround assembler issues in the Microsoft toolchain, pickup new assembly file changes (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/5">#5</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/bcb69c8ecfdc01a784f795ab9cfe44160c79a77f">bcb69c</a> Add missing stubs for new entries in PlatformBootManagerLib.h (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/6">#6</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/6eac241d1b3d72e69670d5e392329f0dd75b6c98">6eac24</a> ArmVirtPkg: Fix MarkdownLint issues in Readme</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/46fbbdd7b433c622081594f09a0c91e2e5aff864">46fbbd</a> Feature: Add missing function required by Project Mu bds (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/10">#10</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/1c2b9430afa82ef11716e0edf61a8fb9475d9e2f">1c2b94</a> [TCBZ3351] ArmPlatformPkg: Update LcdHwNullLib to prevent init</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8d21ea10754b4fff758068aa4846fa4b602dc388">8d21ea</a> Merged PR 3977: [TCBZ3399] Fix the UINTN being casted to UINT32 causing loss of data</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/b09a3bec7ec5ded6cdec6c009e40f57a43aaf06b">b09a3b</a> [C-P] ArmPlatformPkg: Allow dynamic generation of HEST ACPI table</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/1241a4107922696a2ac1b4056f9298af882c2f29">1241a4</a> [C-P] ArmPlatformPkg: add definition for MM_HEST_ERROR_SOURCE_DESC_PROTOCOL</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/77af85d5ee2317675b10f83dcff2dd661653d289">77af85</a> [C-P] ArmPlatformPkg: retreive error source descriptors from MM</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/4ed763b0ee73aacb087a5e588b474b3b943bc6fa">4ed763</a> [BUGFIX] Resolve CI issues created by ARM patches</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a8398bad79a09bf46417c32e98874032f7a188c5">a8398b</a> Merged PR 3984: Fix missing functions to compile ARM64</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/6015ae1a581b432ec698990abccd16a8bb1b6795">6015ae</a> ArmPkg/Library: Convert StandaloneMmCoreEntryPoint to Arm-only</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/d3299b7cc39ea1f1c797f0011b37fa2abaaee678">d3299b</a> [C-P] ArmPkg/Drivers/StandaloneMmCpu: Avoid redundant copy</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/7bc534f5cefae63215dc17d2e36742e421221cd1">7bc534</a> ArmPkg: Drop CompilerIntrinsicsLib</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/818490548b04c845b30c54cd0d62909eff298c50">818490</a> ArmPkg: Update to pass CI</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/0607475896d1ce9a569acc2cd88dd793b98262a5">060747</a> ArmPlatformPkg: Update to pass CI</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/d61da1f3c988801d5866abc75db0653680f82ba3">d61da1</a> ArmPkg: Update spelling dictionary and correct spelling errors</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/2d5077231b61bd139e0e8066ca7170acd0f63888">2d5077</a> ArmPkg and ArmPlatformPkg: Resolve build errors resulting from package moves</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/99aa575fd91daf0b1fa05fc12b79d4fd0c7205d9">99aa57</a> ArmPkg/Drivers: Update StandaloneMmCpu to support UINT64 MessageLength</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e3c69e74c6aab647771e24bd1d1f3a0982b653b0">e3c69e</a> Sync pipelines and requirements with Basecore. Prepare release</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/5c0ae9c74a12113a4c88d02175257fbe8f2f9736">5c0ae9</a> Add the Readme.rst for the release</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/eb95bb43d6a90afc63b5b01850d580292b2da9ff">eb95bb</a> C-P: HACK StandaloneMmCpu: Support MM Communication call from EL3</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/d2eaaa68e210a0492d1932e8c4a952e9a2475ecc">d2eaaa</a> C-P: ArmPlatformPkg: Add Readme file</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/499c8862f0ce5db51b32afe2c89f879e7e46261e">499c88</a> Add Basic MMU Lib for Arm silicon (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/11">#11</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/b9fe4ded89cce7790ceb91e477f10e5046968b10">b9fe4d</a> ArmPkg: Disavow StandaloneMmMmuLib. It's just ArmMmuLib</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/3c146a2f613b72da38853c084d1d6658a62adf59">3c146a</a> ArmPkg/ArmMmuBaseLib: Disallow STANDALONE_MM</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e3c4afe5660b7e8e44470e5000a8c4e0c0fb1ebc">e3c4af</a> ArmPkg/ArmMmuStandaloneMmLib: Update to match ArmMmuLib</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/c30447ca198d1869897f5638f7fab9ac842e9c76">c30447</a> ArmPkg/StandaloneMmCoreEntryPoint: Swap to ArmMmuLib</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/53c2149abe45478c42ad6697026af4f18fb211e0">53c214</a> Rebase - Updates for moved ArmCompilerIntrinsicsLib</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/56d4fbe8b3610983ee9d9dd6148898f5fb3439f4">56d4fb</a> ArmPkg/Library/MmuLib: Add support for setting RO and improve debug</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/05ef04eebed6a223349a489b828c31ff1d7b4d80">05ef04</a> Update AArch64Support.masm</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/506b0672b83540650926ecc96639f6aa00217c15">506b06</a> OvmfPkg: Generalize AcpiPlatformDxe</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/bf3de40c9e13ef584e1953a781757a12e6039555">bf3de4</a> Merged PR 4851: C-P: ArmPkg: Handle warm reboot request correctly</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e87e4bf7158e14b5926d789594edc8487928033c">e87e4b</a> Merged PR 5288: Updated PL011UartLib.c to not wait indefinitely during read</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f49f73fcf69c5d68711556450d4cf739780e44ed">f49f73</a> Fixed debug print having to many variables</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e561e5a4d79fc9c39dff412771cf81cbe3dd3dbb">e561e5</a> Use Mu DevOps (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/19">#19</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/3e3ff423a911de32a84b6bf66ef7c4c04e8b1293">3e3ff4</a> ArmPkg: MmCommunicationPei: Introduce MM communicate in PEI</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/6305e6105cfdb131ecb907b79342f314dcffe311">6305e6</a> ArmPkg: SmmVariablePei: Introduce variable read service in PEI</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a291ef78e223caf5423d9f76dad04af67d4fab53">a291ef</a> Enable stale bot GitHub Action</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/2f5dad9e606ce8daba923bdf4c23281361d146aa">2f5dad</a> Enable Label Sync GitHub Action</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/3c731908e5b218386a449e5b9088f1b2f8afabf2">3c7319</a> [Cherry-pick] ArmPkg: implement EFI_MP_SERVICES_PROTOCOL based on PSCI calls</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/31b11c9da204fffed8bd85d0249ed76ff29df961">31b11c</a> REBASE ArmPkg: ArmPsciMpServicesDxe: Pipeline build fixes and improvements</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/324728de4f7b3018a27b9d2214766694ed65c339">324728</a> REBASE ArmPkg: ArmPsciMpServicesDxe: Fix CPU resource leakage</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/5117d9a4d17be7aacaba6ba3b293f8ad1cc7eeea">5117d9</a> Add logic for container build to Matrix-Build-Job.yml (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/32">#32</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/461dcc50aecbd3d37b06ebd252e6f6993f65fed9">461dcc</a> changes to support setting OSC CTRL bits based on PCI config space info struct (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/34">#34</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a319b01a66d8d087b6a18b4cd2ab1de4f04789a9">a319b0</a> REBASE ArmPkg: ArmGicLib: Added support to send SGI to NS G1 EL1</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/caf4332671e3e5c3493e4f725d934687ac2cadc5">caf433</a> REBASE ArmPkg: ArmGicLib: Added GIC v3 and v4 support to ArmGicSendSgiTo</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/16333ca81ea0374513890f61145f15f96769bc7d">16333c</a> Specify function number in PCI dynamic ACPI object (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/37">#37</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/415a96b3fb469ce52680f43dfeb57ff7dccb0e30">415a96</a> ArmGicLib/ArmGicV3: Update ICC_SG1R register (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/38">#38</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/40f74122807816372fdc4f6957a4bcb0cad58f4c">40f741</a> Added functionalities to manipulate pending interrupts (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/42">#42</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/faeae74e864762e5f015c51cb7311b1b8094b38a">faeae7</a> Convert line endings from LF to CRLF (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/45">#45</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a971a27ffd9ae69cd49e6231320163ee7874391f">a971a2</a> Add CodeQL Stuart parameter to this repo (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/61">#61</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f3fb1632020c69f02aba45ad60545392bc533345">f3fb16</a> Create ARM platform library function for customizing PEI memory (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/63">#63</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f31de27326befc9e6215fa44adda2cda4dd976d8">f31de2</a> Fixing truncated affinity value when constructing SGI values (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/78">#78</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/66ac1a586a2d3435ac3ac778f74e08e05129b710">66ac1a</a> ArmPkg/CpuDxe: Perform preliminary NX remap of free memory</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/d23da0c82446a267806be5ecc642fe9a51c7732d">d23da0</a> Update ArmPkg/CpuDxe to use the Memory Protection HOB</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e773d728ae5caf9f75470427a3259ab6361ee975">e773d7</a> Update the ARM MemoryAttributeProtocol to Not Check if Region is System Memory</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/757c8a936bbb6060607e3aba2f348e1820eda2c6">757c8a</a> Sync AARCH64 GCD Capabilities with Page Table (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/89">#89</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/2ffb609dcf3f9a8382cf8d76f6411e2d5a66bbe4">2ffb60</a> Set RTC and Runtime Flash MMIO as XP by Default (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/96">#96</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a71af0b53f660de9b088bf7546caa5d13b673cc0">a71af0</a> REBASE: Fixed codeql errors</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/700aae96d11a559c88366c1798836d7b03d24bf1">700aae</a> REBASE: Fixed line endings</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/08aa33d1ce0668f10420eb84c9cd7b0dbece2852">08aa33</a> REBASE: Fixed function definitions with the wrong number of inputs</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/ce964533f8b263e463189958af6675719505e75b">ce9645</a> REBASE: Removed a reference to an inf that no longer exists</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/62b62d6734f3ea327904317390b938b5913e88f3">62b62d</a> Onboarding ARM64 builds on selfhosted Azure pipeline agents (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/106">#106</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/89c7d51482906dc1ae67f70629ef056007cdeef9">89c7d5</a> Improve Arm Memory Attribute Protocol Logging (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/128">#128</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/9553d450a04a37807c495e646472c443dc9b7457">9553d4</a> [CodeQL] DynamicTablesPkg: TableHelperLib: Fixing a mismatched variable size (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/135">#135</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f86d2c0387659e073000f325d9f05f94af4ca9e8">f86d2c</a> Update Arm Memory Attribute Protocol Logging (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/134">#134</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/9e2cf71b5726119e781508d59e673a5ecba45869">9e2cf7</a> ci.yaml: add PrEval entry (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/133">#133</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/541624e30f908506aaa89c0944e750820de7c220">541624</a> [CHERRY-PICK] Add the ability to configure the memory type used for the FD region (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/141">#141</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8008cd06ec1ed9cc615abb1abbfdd92f6c0d88f6">8008cd</a> QemuVirtMemInfoPeiLib: Allow PcdSystemMemorySize to be non-fixed</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/9478247a6054d20cda208380bac25d09926d750a">947824</a> Remove `MDEPKG_NDEBUG` from DynamicTables.dsc.inc (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/163">#163</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/eef8426661ae2896aa438d23e18f0444004df301">eef842</a> MemoryInitPei: Remove Non-RT Types from Mem Type Info HOB (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/168">#168</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/35d97fd9f5a7f7ba4b9f871d523015186ad36c41">35d97f</a> REBASE: Updated the readme for the 202302 release</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/b03e156491365522bfe98d2266eff2dcdb9d5b75">b03e15</a> Made changes to use ArmSetMemoryAttributes over the individual permission helpers</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/ec51ba07472e6d5d575537fd6ecd72c3f4420c12">ec51ba</a> REBASE: Updated submodules to point to 202302 branches</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/062f51d9bcb8d71de0a040c9d187c26dbc24d008">062f51</a> ArmPkg: Fix pointer type errors</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/8b7ed9ab11fab2f3ffe2624fdc14d37f23400cb9">8b7ed9</a> ArmPkg/Drivers/CpuDxe: Check integer before conversion</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/eee6705505fff0d1357ada35919002ef1d71cb57">eee670</a> ArmPkg/Drivers/CpuDxe: Cast table entry (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/178">#178</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a77ddbce3e9b831f33516c9f17a44a79bd46ced5">a77ddb</a> Integration steps for [email protected]: Add Code coverage (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/181">#181</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/64025e1c87514880ec4095e50937be080e4774b0">64025e</a> ArmPkg/Drivers/CpuDxe: Use lower and upper attributes</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/999180abf5d36d7fca089456087dc5849d2ce00d">999180</a> ArmPkg/Drivers/CpuDxe: Avoid EntryType cast</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/5e59af90d829a5d4b1e615efa0099ec52ce05f6d">5e59af</a> Repo File Sync: Synced file(s) with microsoft/mu_devops (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/24">#24</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/01183f01d2e06ce46c1a7a4eceab15437004785e">01183f</a> REBASE: Updated readme for the 202311 release</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e5a2716ac12af90a8b2d54697e1ec673308ca322">e5a271</a> Updated readme details to include the changes from upstream</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/94cf22c49c7faac4dccf535edcea1393a423b3c6">94cf22</a> Updated pulled submodules to use the temporary staging branches</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/6e1dd7ae561ef06bb0bf950859ab8099d3229a0c">6e1dd7</a> Updated the ArmMmuStandaloneMmLib library to have a ArmSetMemoryAttributes function</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/3a0ebe0f8b09122fdd3f063e5f9ef90acb85e9f0">3a0ebe</a> pip: update edk2-pytool-library requirement from ~=0.19.7 to ~=0.19.8 (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/190">#190</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/6fe2e0480db01fb6faf4e35163947356b6a8b7e4">6fe2e0</a> pip: update edk2-pytool-extensions requirement from ~=0.26.3 to ~=0.26.4 (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/192">#192</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/84d55d906642ba87f510e7b57bf1a3d388595f04">84d55d</a> pip: bump regex from 2023.10.3 to 2023.12.25 (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/193">#193</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/6a75bb5955dfa97d60525158b880f165643b00cd">6a75bb</a> .git-blame-ignore-revs: Ignore Line Ending and Uncrustify only commits (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/194">#194</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/62905b3c70f66e927a003195068ea0b10cea7360">62905b</a> Fix up the MmuLib logic as we move to use generic interface (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/191">#191</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/f50dd0e6cfcaef7c1598b8337f45c5fd32bc9e5f">f50dd0</a> Update submodules to point to the 202311 release branches</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e3e3a07eead99b0935f9bd87f9d6e412e1e136a6">e3e3a0</a> Updated CISettings.py to use the edk2toolext codeql helpers (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/195">#195</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/3662334efab43ca021ef61ad0e99a017a29ef5c0">366233</a> Added a few additional functions to MSFT version of AArch64Support ass… (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/196">#196</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/08b2f27bf1891f91ffed2cdcbeb02154e193868a">08b2f2</a> Fix CodeQL issue in AmlLib</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a17dfd41e01296fed65e978cd5d25180587c15f8">a17dfd</a> Fix CodeQL issue in PL061Gpio</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/e27a8fbe1d35ee04c1b852b4fd0cc2a3e1e9b176">e27a8f</a> Implement Memory Attribute Protocol Installation Policy Option (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/200">#200</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a2e21bcff7afafce1529ba98588a34b9faba78f4">a2e21b</a> Update pip-requirements.txt (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/199">#199</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/a81bad9d1d04ebd39a47f50d8cf7c77756617bd6">a81bad</a> Repo File Sync: 202311 Branch Transition Updates (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/207">#207</a>)</li> <li><a href="https://github.com/microsoft/mu_silicon_arm_tiano/commit/4e4f1724a97002e3ec0603a4fa48117bd12e3d0e">4e4f17</a> pip: update edk2-pytool-extensions requirement from ~=0.27.0 to ~=0.27.2 (<a href="https://github.com/microsoft/mu_silicon_arm_tiano/pull/206">#206</a>)</li> </ul> </details> Signed-off-by: Project Mu Bot <[email protected]>
os-d
added a commit
to os-d/mu_silicon_arm_tiano
that referenced
this pull request
Jul 19, 2024
# Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. ## Integration Instructions N/A.
os-d
added a commit
to os-d/mu_silicon_arm_tiano
that referenced
this pull request
Jul 19, 2024
Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. N/A.
os-d
added a commit
to os-d/mu_silicon_arm_tiano
that referenced
this pull request
Jul 22, 2024
Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. N/A.
os-d
added a commit
that referenced
this pull request
Jul 22, 2024
Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. N/A.
os-d
added a commit
that referenced
this pull request
Aug 31, 2024
os-d
added a commit
that referenced
this pull request
Oct 1, 2024
os-d
added a commit
that referenced
this pull request
Oct 1, 2024
apop5
pushed a commit
to apop5/mu_silicon_arm_tiano
that referenced
this pull request
Jan 17, 2025
Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. N/A.
apop5
pushed a commit
to apop5/mu_silicon_arm_tiano
that referenced
this pull request
Feb 5, 2025
Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. N/A.
apop5
pushed a commit
to apop5/mu_silicon_arm_tiano
that referenced
this pull request
Feb 11, 2025
Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding `EFI_MEMORY_RO`, `EFI_MEMORY_RP`, and `EFI_MEMORY_XP` to the current capabilities of the GCD, then the page table attributes are set on the GCD attributes. However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked `EFI_MEMORY_XP` had an additional attribute set using the GCD capabilities, which did not include `EFI_MEMORY_XP`, this caused the page table to be updated to lose `EFI_MEMORY_XP`, which is a potential security issue. This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table. The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things: - The page table attributes must be a subset of the GCD capabilities - The GCD does not need to have its capabilities synced to what the page table attributes are The first is incorrect as important attributes such as `EFI_MEMORY_XP` do not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain: ```c // The GCD implementation maintains its own copy of the state of memory space attributes. GCD needs // to know what the initial memory space attributes are. The CPU Arch. Protocol does not provide a // GetMemoryAttributes function for GCD to get this so we must resort to calling GCD (as if we were // a client) to update its copy of the attributes. This is bad architecture and should be replaced // with a way for GCD to query the CPU Arch. driver of the existing memory space attributes instead. ``` However, this comment misses that updating the capabilities is critical to updating the attributes. The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [x] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... This was tested on QEMU and physical hardware that was experiencing the issue where `EFI_MEMORY_XP` was being removed when an additional attribute was set. N/A.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
Description
On AARCH64 systems, the GCD is not fully synced with the page table. On x86 systems, the GCD is synced by adding
EFI_MEMORY_RO,EFI_MEMORY_RP, andEFI_MEMORY_XPto the current capabilities of the GCD, then the page table attributes are set on the GCD attributes.However, on AARCH64, the GCD capabilities do not get updated, instead only the attributes from the page table are masked by the existing GCD capabilities, which means that any new page table attribute which are already set are dropped and the GCD does not reflect the state of the system. This has been seen to cause issues where memory in the page table that was marked
EFI_MEMORY_XPhad an additional attribute set using the GCD capabilities, which did not includeEFI_MEMORY_XP, this caused the page table to be updated to loseEFI_MEMORY_XP, which is a potential security issue.This patch goes one step further than the x86 GCD syncing by applying any existing non-cache attributes (which it is not supported to update) in the page table (today this is still the same set as in x86 but is more extensible for when new attributes are added) to the GCD capabilities and attributes. In this way, the GCD will actually be fully synced to the already existent state of the page table.
The existing behavior on AARCH64 systems is an implementation error, it assumes one of two things:
The first is incorrect as important attributes such as
EFI_MEMORY_XPdo not get applied to the GCD capabilities by default and therefore must be synced back. This comment from ArmPkg's CpuDxe driver helps explain:However, this comment misses that updating the capabilities is critical to updating the attributes.
The second is incorrect because significant pieces of core code reference the GCD attributes instead of the page table attributes. For example, NonDiscoverablePciDeviceDxe uses the GCD capabilities and attributes when interacting with a non-discoverable PCI device. When the GCD is not synced to the page table, we get the errors and security concerns listed above.
For each item, place an "x" in between
[and]if true. Example:[x].(you can also check items in the GitHub UI)
flow, or firmware?
validation improvement, ...
in build or boot behavior?
a function in a new library class in a pre-existing module, ...
outside direct code modifications (and comments)?
on an a separate Web page, ...
How This Was Tested
This was tested on QEMU and physical hardware that was experiencing the issue where
EFI_MEMORY_XPwas being removed when an additional attribute was set.Integration Instructions
N/A.