From 16efe9ff64e423a5a25acfc3d889f0f0b196df0e Mon Sep 17 00:00:00 2001 From: Marc Chen Date: Sat, 24 Jun 2023 00:58:05 +0800 Subject: [PATCH] Refactoring the MM implementation to support both Standalone MM and Traditional MM (#461) Issue #867 cherry-pick from ad777e9aed Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). Refactoring the MM implementation to support both Standalone MM and Traditional MM 1. Add DXE_SMM_DRIVER to LIBRARY_CLASS of MmPolicyLib.inf 2. Refactor the PolicyMm module to have a common entrypoint, and both Standalone MM and Traditional MM entrypoint call the common entrypoint. 3. Add Traditional MM description to Readme.md. This PR resolves #460. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [x] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... Verified with the CI build N/A --- .../Library/MmPolicyLib/MmPolicyLib.inf | 2 +- .../PolicyService/DxeMm/PolicyMm.c | 13 ++--- .../PolicyService/DxeMm/PolicyMm.inf | 3 +- .../PolicyService/DxeMm/PolicyStandaloneMm.c | 40 ++++++++++++++++ .../PolicyService/DxeMm/PolicyTraditionalMm.c | 39 +++++++++++++++ .../DxeMm/PolicyTraditionalMm.inf | 47 +++++++++++++++++++ PolicyServicePkg/PolicyServicePkg.dec | 1 + PolicyServicePkg/PolicyServicePkg.dsc | 9 +++- PolicyServicePkg/README.md | 6 +-- 9 files changed, 145 insertions(+), 15 deletions(-) create mode 100644 PolicyServicePkg/PolicyService/DxeMm/PolicyStandaloneMm.c create mode 100644 PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.c create mode 100644 PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf diff --git a/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf b/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf index 2d355671ee..3ff1aa35b5 100644 --- a/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf +++ b/PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf @@ -14,7 +14,7 @@ FILE_GUID = C2A9C781-8D58-46DA-BC39-5385AB8D5C8A MODULE_TYPE = MM_STANDALONE VERSION_STRING = 1.0 - LIBRARY_CLASS = PolicyLib | MM_STANDALONE + LIBRARY_CLASS = PolicyLib | DXE_SMM_DRIVER MM_STANDALONE [Sources] ../PolicyLibCommon.c diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.c b/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.c index bb2274fc71..949fc4b2e0 100644 --- a/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.c +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.c @@ -1,5 +1,5 @@ /** @file - Implements the Standalone MM policy protocol, providing services to publish and + Implements the MM policy protocol, providing services to publish and access system policy. Copyright (c) Microsoft Corporation @@ -87,20 +87,15 @@ InstallPolicyIndicatorProtocol ( } /** - Entry to the Standalone MM policy service module. - - @param[in] ImageHandle The image handle. - @param[in] SystemTable The system table. + Common Entry of the MM policy service module. @retval Status From internal routine or boot object, should not fail **/ EFI_STATUS EFIAPI -PolicyStandaloneEntry ( - IN EFI_HANDLE ImageHandle, - IN EFI_MM_SYSTEM_TABLE *SystemTable +PolicyMmCommonEntry ( + VOID ) - { EFI_STATUS Status; diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf b/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf index fc3bfecb5b..c9992ac9b1 100644 --- a/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf @@ -14,9 +14,10 @@ FILE_GUID = 9FF65AAD-5982-4609-9702-05EFD584148C MODULE_TYPE = MM_STANDALONE VERSION_STRING = 1.0 - ENTRY_POINT = PolicyStandaloneEntry + ENTRY_POINT = PolicyStandaloneMmEntry [Sources] + PolicyStandaloneMm.c PolicyMm.c PolicyCommon.c PolicyCommon.h diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyStandaloneMm.c b/PolicyServicePkg/PolicyService/DxeMm/PolicyStandaloneMm.c new file mode 100644 index 0000000000..cf7af56a52 --- /dev/null +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyStandaloneMm.c @@ -0,0 +1,40 @@ +/** @file + Implements the Standalone MM policy protocol, providing services to publish and + access system policy. + + Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Common Entry of the MM policy service module. + + @retval Status From internal routine or boot object, should not fail +**/ +EFI_STATUS +EFIAPI +PolicyMmCommonEntry ( + VOID + ); + +/** + Entry to the Standalone MM policy service module. + + @param[in] ImageHandle The image handle. + @param[in] SystemTable The system table. + + @retval Status From internal routine or boot object, should not fail +**/ +EFI_STATUS +EFIAPI +PolicyStandaloneMmEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return PolicyMmCommonEntry (); +} diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.c b/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.c new file mode 100644 index 0000000000..d2ec87f0eb --- /dev/null +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.c @@ -0,0 +1,39 @@ +/** @file + Implements the Traditional MM policy protocol, providing services to publish and + access system policy. + + Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +/** + Common Entry of the MM policy service module. + + @retval Status From internal routine or boot object, should not fail +**/ +EFI_STATUS +EFIAPI +PolicyMmCommonEntry ( + VOID + ); + +/** + Entry to the Traditional MM policy service module. + + @param[in] ImageHandle The image handle. + @param[in] SystemTable The system table. + + @retval Status From internal routine or boot object, should not fail +**/ +EFI_STATUS +EFIAPI +PolicyTraditionalMmEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return PolicyMmCommonEntry (); +} diff --git a/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf b/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf new file mode 100644 index 0000000000..1eec7c3836 --- /dev/null +++ b/PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf @@ -0,0 +1,47 @@ +## @file +# +# This is a driver for Traditional MM policy service module. +# +# Copyright (C) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010017 + PI_SPECIFICATION_VERSION = 0x00010032 + BASE_NAME = PolicyTraditionalMm + FILE_GUID = 51084E31-393D-4D06-A867-BDE321D4E4F5 + MODULE_TYPE = DXE_SMM_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = PolicyTraditionalMmEntry + +[Sources] + PolicyTraditionalMm.c + PolicyMm.c + PolicyCommon.c + PolicyCommon.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + PolicyServicePkg/PolicyServicePkg.dec + +[LibraryClasses] + BaseLib + DebugLib + HobLib + UefiDriverEntryPoint + MmServicesTableLib + MemoryAllocationLib + +[Pcd] + +[Guids] + gPolicyHobGuid + +[Protocols] + gMmPolicyProtocolGuid ## PRODUCES + +[Depex] + TRUE diff --git a/PolicyServicePkg/PolicyServicePkg.dec b/PolicyServicePkg/PolicyServicePkg.dec index 34a6c6e6c0..883c9f77a7 100644 --- a/PolicyServicePkg/PolicyServicePkg.dec +++ b/PolicyServicePkg/PolicyServicePkg.dec @@ -30,4 +30,5 @@ [Protocols] ## Include/Protocol/Policy.h gPolicyProtocolGuid = { 0xd7c9b744, 0x13a5, 0x4377, { 0x8d, 0x2a, 0x6b, 0x37, 0xad, 0x1f, 0xd8, 0x2a } } + ## Include/Protocol/MmPolicy.h gMmPolicyProtocolGuid = { 0xe55ad3a1, 0xbd34, 0x46f4, { 0xbb, 0x6e, 0x72, 0x28, 0x0b, 0xdc, 0xbf, 0xd9 } } diff --git a/PolicyServicePkg/PolicyServicePkg.dsc b/PolicyServicePkg/PolicyServicePkg.dsc index effb5e1939..83b4189425 100644 --- a/PolicyServicePkg/PolicyServicePkg.dsc +++ b/PolicyServicePkg/PolicyServicePkg.dsc @@ -51,17 +51,24 @@ HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf PolicyLib|PolicyServicePkg/Library/DxePolicyLib/DxePolicyLib.inf +[LibraryClasses.common.DXE_SMM_DRIVER] + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf + [LibraryClasses.common.MM_STANDALONE] MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf - StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf PolicyLib|PolicyServicePkg/Library/MmPolicyLib/MmPolicyLib.inf [Components] PolicyServicePkg/PolicyService/DxeMm/PolicyDxe.inf PolicyServicePkg/PolicyService/DxeMm/PolicyMm.inf + PolicyServicePkg/PolicyService/DxeMm/PolicyTraditionalMm.inf PolicyServicePkg/PolicyService/Pei/PolicyPei.inf PolicyServicePkg/Library/DxePolicyLib/DxePolicyLib.inf PolicyServicePkg/Library/PeiPolicyLib/PeiPolicyLib.inf diff --git a/PolicyServicePkg/README.md b/PolicyServicePkg/README.md index 8c4691f06a..9a02f11b85 100644 --- a/PolicyServicePkg/README.md +++ b/PolicyServicePkg/README.md @@ -207,7 +207,7 @@ Like the PEIM, the DXE driver will install/reinstall a NULL protocol with the given policies GUID when it is created or updated to allow for notification and dispatch on the policy availability. -### Standalone MM +### Traditional/Standalone MM Like the DXE phase, the MM policy service will ingest any policies from the HOB list for architectures. The MM policy service is implemented identically to the @@ -215,11 +215,11 @@ DXE phase module with the exception of using the MM specific protocols. Policies in the MM service are isolated from PEI and DXE. The MM module will ingest any policies available in the hob list from PEI where applicable but no policies -created or modified by PEI or DXE after Standalone MM has been launched will be +created or modified by PEI or DXE after Traditional/Standalone MM has been launched will be available from the MM policy service. Similarly, no policy created or edited in the MM policy service will be readable from the PEI or DXE policies services. -Policies are not shared with the standalone MM module after initialization. Any +Policies are not shared with the traditional/standalone MM module after initialization. Any policy created in MM will not be readable by DXE and PEI, and any policy made after MM initialization will not be readable from MM.