From d1aca1f56270257160cae9d5b8461a3ffe75919a Mon Sep 17 00:00:00 2001 From: Marc Chen Date: Sat, 24 Jun 2023 00:58:05 +0800 Subject: [PATCH] Refactoring the MM implementation to support both Standalone MM and Traditional MM (#461) Issue #867 cherry-pick from ad777e9aed Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). Refactoring the MM implementation to support both Standalone MM and Traditional MM 1. Add DXE_SMM_DRIVER to LIBRARY_CLASS of MmPolicyLib.inf 2. Refactor the PolicyMm module to have a common entrypoint, and both Standalone MM and Traditional MM entrypoint call the common entrypoint. 3. Add Traditional MM description to Readme.md. This PR resolves #460. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [x] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... Verified with the CI build N/A --- .../Library/MmPolicyLib/MmPolicyLib.inf | 2 +- .../PolicyService/DxeMm/PolicyMm.c | 13 ++--- .../PolicyService/DxeMm/PolicyMm.inf | 3 +- .../PolicyService/DxeMm/PolicyStandaloneMm.c | 40 ++++++++++++++++ .../PolicyService/DxeMm/PolicyTraditionalMm.c | 39 +++++++++++++++ .../DxeMm/PolicyTraditionalMm.inf | 47 +++++++++++++++++++ PolicyServicePkg/PolicyServicePkg.dec | 1 + PolicyServicePkg/PolicyServicePkg.dsc | 9 +++- PolicyServicePkg/README.md | 6 +-- 9 files changed, 145 insertions(+), 15 deletions(-) create mode 100644 PolicyServicePkg/PolicyService/DxeMm/PolicyStandaloneMm.c create mode 100644 PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.c create mode 100644 PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf diff --git a/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf b/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf index 2d355671ee8..3ff1aa35b59 100644 --- a/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf +++ b/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf @@ -14,7 +14,7 @@ FILE_GUID = C2A9C781-8D58-46DA-BC39-5385AB8D5C8A MODULE_TYPE = MM_STANDALONE VERSION_STRING = 1.0 - LIBRARY_CLASS = PolicyLib | MM_STANDALONE + LIBRARY_CLASS = PolicyLib | DXE_SMM_DRIVER MM_STANDALONE [Sources] ../PolicyLibCommon.c diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.c b/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.c index bb2274fc712..949fc4b2e0a 100644 --- a/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.c +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.c @@ -1,5 +1,5 @@ /** @file - Implements the Standalone MM policy protocol, providing services to publish and + Implements the MM policy protocol, providing services to publish and access system policy. Copyright (c) Microsoft Corporation @@ -87,20 +87,15 @@ InstallPolicyIndicatorProtocol ( } /** - Entry to the Standalone MM policy service module. - - @param[in] ImageHandle The image handle. - @param[in] SystemTable The system table. + Common Entry of the MM policy service module. @retval Status From internal routine or boot object, should not fail **/ EFI_STATUS EFIAPI -PolicyStandaloneEntry ( - IN EFI_HANDLE ImageHandle, - IN EFI_MM_SYSTEM_TABLE *SystemTable +PolicyMmCommonEntry ( + VOID ) - { EFI_STATUS Status; diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf b/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf index fc3bfecb5b3..c9992ac9b18 100644 --- a/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf @@ -14,9 +14,10 @@ FILE_GUID = 9FF65AAD-5982-4609-9702-05EFD584148C MODULE_TYPE = MM_STANDALONE VERSION_STRING = 1.0 - ENTRY_POINT = PolicyStandaloneEntry + ENTRY_POINT = PolicyStandaloneMmEntry [Sources] + PolicyStandaloneMm.c PolicyMm.c PolicyCommon.c PolicyCommon.h diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyStandaloneMm.c b/PolicyServicePkg/PolicyService/DxeMm/PolicyStandaloneMm.c new file mode 100644 index 00000000000..cf7af56a528 --- /dev/null +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyStandaloneMm.c @@ -0,0 +1,40 @@ +/** @file + Implements the Standalone MM policy protocol, providing services to publish and + access system policy. + + Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Common Entry of the MM policy service module. + + @retval Status From internal routine or boot object, should not fail +**/ +EFI_STATUS +EFIAPI +PolicyMmCommonEntry ( + VOID + ); + +/** + Entry to the Standalone MM policy service module. + + @param[in] ImageHandle The image handle. + @param[in] SystemTable The system table. + + @retval Status From internal routine or boot object, should not fail +**/ +EFI_STATUS +EFIAPI +PolicyStandaloneMmEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return PolicyMmCommonEntry (); +} diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.c b/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.c new file mode 100644 index 00000000000..d2ec87f0ebf --- /dev/null +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.c @@ -0,0 +1,39 @@ +/** @file + Implements the Traditional MM policy protocol, providing services to publish and + access system policy. + + Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +/** + Common Entry of the MM policy service module. + + @retval Status From internal routine or boot object, should not fail +**/ +EFI_STATUS +EFIAPI +PolicyMmCommonEntry ( + VOID + ); + +/** + Entry to the Traditional MM policy service module. + + @param[in] ImageHandle The image handle. + @param[in] SystemTable The system table. + + @retval Status From internal routine or boot object, should not fail +**/ +EFI_STATUS +EFIAPI +PolicyTraditionalMmEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return PolicyMmCommonEntry (); +} diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf b/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf new file mode 100644 index 00000000000..1eec7c38365 --- /dev/null +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf @@ -0,0 +1,47 @@ +## @file +# +# This is a driver for Traditional MM policy service module. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010017 + PI_SPECIFICATION_VERSION = 0x00010032 + BASE_NAME = PolicyTraditionalMm + FILE_GUID = 51084E31-393D-4D06-A867-BDE321D4E4F5 + MODULE_TYPE = DXE_SMM_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = PolicyTraditionalMmEntry + +[Sources] + PolicyTraditionalMm.c + PolicyMm.c + PolicyCommon.c + PolicyCommon.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + PolicyServicePkg/PolicyServicePkg.dec + +[LibraryClasses] + BaseLib + DebugLib + HobLib + UefiDriverEntryPoint + MmServicesTableLib + MemoryAllocationLib + +[Pcd] + +[Guids] + gPolicyHobGuid + +[Protocols] + gMmPolicyProtocolGuid ## PRODUCES + +[Depex] + TRUE diff --git a/PolicyServicePkg/PolicyServicePkg.dec b/PolicyServicePkg/PolicyServicePkg.dec index 34a6c6e6c0a..883c9f77a71 100644 --- a/PolicyServicePkg/PolicyServicePkg.dec +++ b/PolicyServicePkg/PolicyServicePkg.dec @@ -30,4 +30,5 @@ [Protocols] ## Include/Protocol/Policy.h gPolicyProtocolGuid = { 0xd7c9b744, 0x13a5, 0x4377, { 0x8d, 0x2a, 0x6b, 0x37, 0xad, 0x1f, 0xd8, 0x2a } } + ## Include/Protocol/MmPolicy.h gMmPolicyProtocolGuid = { 0xe55ad3a1, 0xbd34, 0x46f4, { 0xbb, 0x6e, 0x72, 0x28, 0x0b, 0xdc, 0xbf, 0xd9 } } diff --git a/PolicyServicePkg/PolicyServicePkg.dsc b/PolicyServicePkg/PolicyServicePkg.dsc index effb5e19396..83b41894250 100644 --- a/PolicyServicePkg/PolicyServicePkg.dsc +++ b/PolicyServicePkg/PolicyServicePkg.dsc @@ -51,17 +51,24 @@ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf PolicyLib|PolicyServicePkg/Library/DxePolicyLib/DxePolicyLib.inf +[LibraryClasses.common.DXE_SMM_DRIVER] + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf + [LibraryClasses.common.MM_STANDALONE] MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf - StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf PolicyLib|PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf [Components] PolicyServicePkg/PolicyService/DxeMm/PolicyDxe.inf PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf + PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf PolicyServicePkg/PolicyService/Pei/PolicyPei.inf PolicyServicePkg/Library/DxePolicyLib/DxePolicyLib.inf PolicyServicePkg/Library/PeiPolicyLib/PeiPolicyLib.inf diff --git a/PolicyServicePkg/README.md b/PolicyServicePkg/README.md index 8c4691f06ab..9a02f11b859 100644 --- a/PolicyServicePkg/README.md +++ b/PolicyServicePkg/README.md @@ -207,7 +207,7 @@ Like the PEIM, the DXE driver will install/reinstall a NULL protocol with the given policies GUID when it is created or updated to allow for notification and dispatch on the policy availability. -### Standalone MM +### Traditional/Standalone MM Like the DXE phase, the MM policy service will ingest any policies from the HOB list for architectures. The MM policy service is implemented identically to the @@ -215,11 +215,11 @@ DXE phase module with the exception of using the MM specific protocols. Policies in the MM service are isolated from PEI and DXE. The MM module will ingest any policies available in the hob list from PEI where applicable but no policies -created or modified by PEI or DXE after Standalone MM has been launched will be +created or modified by PEI or DXE after Traditional/Standalone MM has been launched will be available from the MM policy service. Similarly, no policy created or edited in the MM policy service will be readable from the PEI or DXE policies services. -Policies are not shared with the standalone MM module after initialization. Any +Policies are not shared with the traditional/standalone MM module after initialization. Any policy created in MM will not be readable by DXE and PEI, and any policy made after MM initialization will not be readable from MM.