microsoft · makubacki · Jun 21, 2024 · Oct 3, 2020 · Oct 3, 2020 · Oct 3, 2020
diff --git a/MdeModulePkg/MdeModulePkg.ci.yaml b/MdeModulePkg/MdeModulePkg.ci.yaml
@@ -91,6 +91,9 @@
 
     ## options defined .pytool/Plugin/LibraryClassCheck
     "LibraryClassCheck": {
+        "IgnoreLibraryClass": [
+            "HwResetSystemLib"          # MU_CHANGE - "Virtual" LibraryClass
+        ],
         "IgnoreHeaderFile": []
     },
 

diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
@@ -86,6 +86,8 @@
   DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
   PlatformHookLib|MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf
   ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf
+  ResetUtilityLib|MdeModulePkg/Library/ResetUtilityLib/ResetUtilityLib.inf                    ## MU_CHANGE
+  HwResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf     ## MU_CHANGE
   SmbusLib|MdePkg/Library/DxeSmbusLib/DxeSmbusLib.inf
   S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
   CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf

diff --git a/MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf b/MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
@@ -64,6 +64,7 @@
   PrintLib
   BaseMemoryLib
   CacheMaintenanceLib
+  ResetUtilityLib                        ## MU_CHANGE
 
 [LibraryClasses.X64]
   UefiLib
@@ -74,6 +75,7 @@
   ## SOMETIMES_PRODUCES   ## Variable:L"CapsuleLongModeBuffer" # The long mode buffer used by IA32 Capsule PEIM to call X64 CapsuleCoalesce code to handle >4GB capsule blocks
   gEfiCapsuleVendorGuid
   gEfiFmpCapsuleGuid                            ## SOMETIMES_CONSUMES   ## GUID # FMP capsule GUID
+  gCapsuleArmedResetGuid                        ## SOMETIMES_CONSUMES   # MU_CHANGE
 
 [Protocols]
   gEfiCapsuleArchProtocolGuid                   ## PRODUCES

diff --git a/MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleService.c b/MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleService.c
@@ -5,12 +5,16 @@
   the capsule runtime services are ready.
 
 Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.
+
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
 #include "CapsuleService.h"
 
+#include <Library/ResetUtilityLib.h>                  // MU_CHANGE - ResetSystem refactoring.
+
 //
 // Handle for the installation of Capsule Architecture Protocol.
 //
@@ -224,7 +228,8 @@ UpdateCapsule (
       // will initiate a reset of the platform which is compatible with the passed-in capsule request and will
       // not return back to the caller.
       //
-      EfiResetSystem (EfiResetWarm, EFI_SUCCESS, 0, NULL);
+      // MU_CHANGE_250018 - ResetSystem refactoring.
+      ResetSystemWithSubtype (EfiResetWarm, &gCapsuleArmedResetGuid);
     }
   }
 

diff --git a/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf b/MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf
@@ -38,7 +38,7 @@
   PeiServicesLib
   HobLib
   PeimEntryPoint
-  ResetSystemLib
+  HwResetSystemLib                ## MU_CHANGE - Use HW reset from reset arch providers.
   ReportStatusCodeLib
 
 [Ppis]

diff --git a/MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf b/MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
@@ -32,7 +32,7 @@
   MdeModulePkg/MdeModulePkg.dec
 
 [LibraryClasses]
-  ResetSystemLib
+  HwResetSystemLib                              ## MU_CHANGE - Use HwResetSystemLib
   UefiRuntimeServicesTableLib
   UefiRuntimeLib
   UefiBootServicesTableLib

diff --git a/MdePkg/Include/Library/UefiRuntimeLib.h b/MdePkg/Include/Library/UefiRuntimeLib.h
@@ -323,6 +323,8 @@ EfiGetNextHighMonotonicCount (
   OUT UINT32  *HighCount
   );
 
+// MU_CHANGE [BEGIN] - Move EfiResetSystem out of UefiRuntimeLib and into ResetSystemLib.
+
 /**
   This service is a wrapper for the UEFI Runtime Service ResetSystem().
 
@@ -351,14 +353,15 @@ EfiGetNextHighMonotonicCount (
                       address. For a ResetType of EfiResetPlatformSpecific the data buffer also starts with a Null-terminated
                       string that is followed by an EFI_GUID that describes the specific type of reset to perform.
 **/
-VOID
-EFIAPI
-EfiResetSystem (
-  IN EFI_RESET_TYPE  ResetType,
-  IN EFI_STATUS      ResetStatus,
-  IN UINTN           DataSize,
-  IN VOID            *ResetData OPTIONAL
-  );
+// VOID
+// EFIAPI
+// EfiResetSystem (
+//   IN EFI_RESET_TYPE               ResetType,
+//   IN EFI_STATUS                   ResetStatus,
+//   IN UINTN                        DataSize,
+//   IN VOID                         *ResetData OPTIONAL
+//   );
+// MU_CHANGE [END] - Move EfiResetSystem out of UefiRuntimeLib and into ResetSystemLib.
 
 /**
   This service is a wrapper for the UEFI Runtime Service ConvertPointer().

diff --git a/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c b/MdePkg/Library/UefiRuntimeLib/RuntimeLib.c
@@ -192,6 +192,8 @@ EfiGoneVirtual (
   return mEfiGoneVirtual;
 }
 
+// MU_CHANGE [BEGIN] - Move EfiResetSystem out of UefiRuntimeLib and into ResetSystemLib.
+
 /**
   This service is a wrapper for the UEFI Runtime Service ResetSystem().
 
@@ -221,17 +223,18 @@ EfiGoneVirtual (
                       that is followed by a physical VOID * to an EFI_CAPSULE_HEADER.
 
 **/
-VOID
-EFIAPI
-EfiResetSystem (
-  IN EFI_RESET_TYPE  ResetType,
-  IN EFI_STATUS      ResetStatus,
-  IN UINTN           DataSize,
-  IN VOID            *ResetData OPTIONAL
-  )
-{
-  mInternalRT->ResetSystem (ResetType, ResetStatus, DataSize, ResetData);
-}
+// VOID
+// EFIAPI
+// EfiResetSystem (
+//   IN EFI_RESET_TYPE               ResetType,
+//   IN EFI_STATUS                   ResetStatus,
+//   IN UINTN                        DataSize,
+//   IN VOID                         *ResetData OPTIONAL
+//   )
+// {
+//   mInternalRT->ResetSystem (ResetType, ResetStatus, DataSize, ResetData);
+// }
+// MU_CHANGE [END] - Move EfiResetSystem out of UefiRuntimeLib and into ResetSystemLib.
 
 /**
   This service is a wrapper for the UEFI Runtime Service GetTime().

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
@@ -886,6 +886,11 @@
   #
   gLinuxEfiInitrdMediaGuid       = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
 
+  # MU_CHANGE [BEGIN] - Guid to use for gRT->ResetSystem() to indicate the type of reset that is being performed.
+  gCapsuleArmedResetGuid            = {0xc6b4eea7, 0xfce2, 0x4625, {0x9c, 0x4f, 0xc4, 0xb0, 0x82, 0x37, 0xae, 0x23}}
+  gCapsuleUpdateCompleteResetGuid   = {0x5d512714, 0xa4df, 0x4e46, {0xb6, 0xc7, 0xbc, 0x9f, 0x97, 0x9d, 0x59, 0xa0}}
+  # MU_CHANGE [END] - Guid to use for gRT->ResetSystem() to indicate the type of reset that is being performed.
+
   ## Include/Protocol/CcMeasurement.h
   gEfiCcFinalEventsTableGuid     = { 0xdd4a4648, 0x2de7, 0x4665, { 0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0xb4, 0x46 }}
 

diff --git a/UefiCpuPkg/Include/Protocol/SmmExceptionTestProtocol.h b/UefiCpuPkg/Include/Protocol/SmmExceptionTestProtocol.h
@@ -0,0 +1,38 @@
+/** @file -- SmmExceptionTestProtocol.h
+A simple protocol to enable SMM exception handling being placed in test mode.
+
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef SMM_EXCEPTION_TEST_PROTOCOL_H_
+#define SMM_EXCEPTION_TEST_PROTOCOL_H_
+
+// B76383A1-0E70-4A3F-86B4-C6134C8E5723
+#define SMM_EXCEPTION_TEST_PROTOCOL_GUID \
+  { \
+    0xb76383a1, 0x0e70, 0x4a3f, { 0x86, 0xb4, 0xc6, 0x13, 0x4c, 0x8e, 0x57, 0x23 } \
+  }
+
+extern EFI_GUID  gSmmExceptionTestProtocolGuid;
+
+/**
+  Enable exception handling test mode.
+
+  NOTE: This should only work on debug builds, otherwise return EFI_UNSUPPORTED.
+
+  @retval EFI_SUCCESS            Test mode enabled.
+  @retval EFI_UNSUPPORTED        Test mode could not be enabled.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *SMM_ENABLE_EXCEPTION_TEST_MODE)(
+  VOID
+  );
+
+typedef struct _SMM_EXCEPTION_TEST_PROTOCOL {
+  SMM_ENABLE_EXCEPTION_TEST_MODE    EnableTestMode;
+} SMM_EXCEPTION_TEST_PROTOCOL;
+
+#endif // SMM_EXCEPTION_TEST_PROTOCOL_H_
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@@ -4,6 +4,7 @@ Agent Module to load other modules to deploy SMM Entry Vector for X86 CPU.
 Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved.<BR>
 Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 Copyright (C) 2023 - 2024 Advanced Micro Devices, Inc. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.
 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -126,6 +127,39 @@ SPIN_LOCK  *mConfigSmmCodeAccessCheckLock = NULL;
 //
 EFI_SMRAM_DESCRIPTOR  *mSmmCpuSmramRanges;
 UINTN                 mSmmCpuSmramRangeCount;
+//
+// MU_CHANGE [BEGIN] - Add flag to enable "test mode" for the SMM protections.
+//                     NOTE: "Test mode" will only be enabled in DEBUG builds.
+// Flag to indicate exception handling should be in test mode.
+// This will cause exceptions to reset the system and/or log
+// additional telemetry.
+//
+
+/**
+  Enable exception handling test mode.
+
+  NOTE: This should only work on debug builds, otherwise return EFI_UNSUPPORTED.
+
+  @retval EFI_SUCCESS            Test mode enabled.
+  @retval EFI_UNSUPPORTED        Test mode could not be enabled.
+
+**/
+EFI_STATUS
+EFIAPI
+EnableSmmExceptionTestMode (
+  VOID
+  );
+
+//
+// Protocol for other drivers to enable test mode.
+//
+SMM_EXCEPTION_TEST_PROTOCOL  mSmmExceptionTestProtocol = {
+  EnableSmmExceptionTestMode
+};
+EFI_HANDLE                   mSmmExceptionTestProtocolHandle = NULL;
+
+BOOLEAN  mSmmRebootOnException = TRUE;
+// MU_CHANGE [END]
 
 UINT8  mPhysicalAddressBits;
 
@@ -874,6 +908,8 @@ PiCpuSmmEntry (
     EFI_COMPUTING_UNIT_HOST_PROCESSOR | EFI_CU_HP_PC_SMM_INIT
     );
 
+  mSmmRebootOnException = PcdGetBool (PcdSmmExceptionRebootInsteadOfHaltDefault); // MS_CHANGE
+
   //
   // Find out SMRR Base and SMRR Size
   //
@@ -1299,6 +1335,20 @@ PiCpuSmmEntry (
                     );
   ASSERT_EFI_ERROR (Status);
 
+  // MU_CHANGE [BEGIN] - Add flag to enable "test mode" for the SMM protections.
+  //                    NOTE: "Test mode" will only be enabled in DEBUG builds.
+  if (FeaturePcdGet (PcdSmmExceptionTestModeSupport)) {
+    Status = gSmst->SmmInstallProtocolInterface (
+                      &mSmmExceptionTestProtocolHandle,
+                      &gSmmExceptionTestProtocolGuid,
+                      EFI_NATIVE_INTERFACE,
+                      &mSmmExceptionTestProtocol
+                      );
+    ASSERT_EFI_ERROR (Status);
+  }
+
+  // MU_CHANGE [END]
+
   //
   // Install the SMM Memory Attribute Protocol into SMM protocol database
   //
@@ -1745,3 +1795,34 @@ PerformPreTasks (
 {
   RestoreSmmConfigurationInS3 ();
 }
+
+// MU_CHANGE [BEGIN] - Add flag to enable "test mode" for the SMM protections.
+//                    NOTE: "Test mode" will only be enabled in DEBUG builds.
+
+/**
+  Enable exception handling test mode.
+
+  NOTE: This should only work on debug builds, otherwise return EFI_UNSUPPORTED.
+
+  @retval EFI_SUCCESS            Test mode enabled.
+  @retval EFI_UNSUPPORTED        Test mode could not be enabled.
+
+**/
+EFI_STATUS
+EFIAPI
+EnableSmmExceptionTestMode (
+  VOID
+  )
+{
+  EFI_STATUS  Status = EFI_UNSUPPORTED;
+
+  if (FeaturePcdGet (PcdSmmExceptionTestModeSupport)) {
+    DEBUG ((DEBUG_INFO, "%a - Test mode enabled!\n", __func__));
+    mSmmRebootOnException = TRUE;
+    Status                = EFI_SUCCESS;
+  }
+
+  return Status;
+}
+
+// MU_CHANGE [END]
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -21,6 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Protocol/SmmCpuService.h>
 #include <Protocol/SmmMemoryAttribute.h>
 #include <Protocol/MmMp.h>
+#include <Protocol/SmmExceptionTestProtocol.h>    // MU_CHANGE - Add support for testing SMM page protections
 
 #include <Guid/AcpiS3Context.h>
 #include <Guid/MemoryAttributesTable.h>
@@ -192,6 +193,13 @@ typedef struct {
 
 #define INVALID_APIC_ID  0xFFFFFFFFFFFFFFFFULL
 
+// MU_CHANGE [BEGIN]
+typedef UINT32 SMM_CPU_ARRIVAL_EXCEPTIONS;
+#define ARRIVAL_EXCEPTION_BLOCKED       0x1
+#define ARRIVAL_EXCEPTION_DELAYED       0x2
+#define ARRIVAL_EXCEPTION_SMI_DISABLED  0x4
+// MU_CHANGE [END]
+
 //
 // Wrapper used to convert EFI_AP_PROCEDURE2 and EFI_AP_PROCEDURE.
 //
@@ -296,6 +304,8 @@ EnableCet (
   VOID
   );
 
+extern BOOLEAN  mSmmRebootOnException;    // MU_CHANGE
+
 //
 // SMM CPU Protocol function prototypes.
 //

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
@@ -4,6 +4,7 @@
 # This SMM driver performs SMM initialization, deploy SMM Entry Vector,
 # provides CPU specific services in SMM.
 #
+# Copyright (c) Microsoft Corporation.
 # Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved.<BR>
 # Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 # Copyright (C) 2023 - 2024 Advanced Micro Devices, Inc. All rights reserved.<BR>
@@ -97,6 +98,7 @@
   SmmCpuFeaturesLib
   PeCoffGetEntryPointLib
   PerformanceLib
+  HwResetSystemLib                         ## MU_CHANGE - Use HwResetSystemLib
   CpuPageTableLib
   MmSaveStateLib
   SmmCpuSyncLib
@@ -105,6 +107,7 @@
   gEfiSmmAccess2ProtocolGuid               ## CONSUMES
   gEfiSmmConfigurationProtocolGuid         ## PRODUCES
   gEfiSmmCpuProtocolGuid                   ## PRODUCES
+  gSmmExceptionTestProtocolGuid            ## PRODUCES ## MS_CHANGE
   gEfiSmmReadyToLockProtocolGuid           ## NOTIFY
   gEfiSmmCpuServiceProtocolGuid            ## PRODUCES
   gEdkiiSmmMemoryAttributeProtocolGuid     ## PRODUCES
@@ -129,7 +132,8 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmProfileRingBuffer             ## CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmFeatureControlMsrLock         ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode         ## CONSUMES
-  gUefiCpuPkgTokenSpaceGuid.PcdSmmApPerfLogEnable                  ## CONSUMES
+  gUefiCpuPkgTokenSpaceGuid.PcdSmmExceptionTestModeSupport
+  gUefiCpuPkgTokenSpaceGuid.PcdSmmApPerfLogEnable
 
 [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber        ## SOMETIMES_CONSUMES
@@ -147,6 +151,7 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask    ## CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask               ## CONSUMES
   gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask        ## CONSUMES
+  gUefiCpuPkgTokenSpaceGuid.PcdSmmExceptionRebootInsteadOfHaltDefault   ## CONSUMES ## MS_CHANGE
 
 [FixedPcd]
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmMpTokenCountPerChunk               ## CONSUMES