MdeModulePkg: Added PROTECT_IF_ALIGNED_ELSE_DISALLOW option for

PcdImageProtectionPolicy.
acidanthera · Nov 3, 2023 · e6cb370 · e6cb370
1 parent 3dff9d7
commit e6cb370
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 11 deletions.
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -49,8 +49,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 //
 // Protection policy bit definition
 //
-#define DO_NOT_PROTECT                 0x00000000
-#define PROTECT_IF_ALIGNED_ELSE_ALLOW  0x00000001
+#define DO_NOT_PROTECT                    0x00000000
+#define PROTECT_IF_ALIGNED_ELSE_ALLOW     0x00000001
+#define PROTECT_IF_ALIGNED_ELSE_DISALLOW  0x00000002
 
 #define MEMORY_TYPE_OS_RESERVED_MIN   0x80000000
 #define MEMORY_TYPE_OEM_RESERVED_MIN  0x70000000
@@ -80,9 +81,13 @@ GetProtectionPolicyFromImageType (
 
   if (((ImageIsFromFv + 1) & mImageProtectionPolicy) == 0) {
     return DO_NOT_PROTECT;
-  } else {
+  }
+
+  if ((mImageProtectionPolicy & 4U) == 0) {
     return PROTECT_IF_ALIGNED_ELSE_ALLOW;
   }
+
+  return PROTECT_IF_ALIGNED_ELSE_DISALLOW;
 }
 
 /**
@@ -233,13 +238,13 @@ ProtectUefiImage (
   UEFI_IMAGE_LOADER_IMAGE_CONTEXT  *ImageContext
   )
 {
-  RETURN_STATUS               PdbStatus;
-  UINT32                                SectionAlignment;
-  UEFI_IMAGE_RECORD                    *ImageRecord;
-  CONST CHAR8                          *PdbPointer;
-  UINT32                               PdbSize;
-  BOOLEAN                               IsAligned;
-  UINT32                                ProtectionPolicy;
+  RETURN_STATUS      PdbStatus;
+  UINT32             SectionAlignment;
+  UEFI_IMAGE_RECORD  *ImageRecord;
+  CONST CHAR8        *PdbPointer;
+  UINT32             PdbSize;
+  BOOLEAN            IsAligned;
+  UINT32             ProtectionPolicy;
 
   DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage));
   DEBUG ((DEBUG_INFO, "  - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize));
@@ -250,6 +255,8 @@ ProtectUefiImage (
       return;
     case PROTECT_IF_ALIGNED_ELSE_ALLOW:
       break;
+    case PROTECT_IF_ALIGNED_ELSE_DISALLOW:
+      break;
     default:
       ASSERT (FALSE);
       return;
@@ -275,6 +282,11 @@ ProtectUefiImage (
       DEBUG ((DEBUG_VERBOSE, "!!!!!!!!  Image - %a  !!!!!!!!\n", PdbPointer));
     }
 
+    if (ProtectionPolicy == PROTECT_IF_ALIGNED_ELSE_DISALLOW) {
+      ASSERT (FALSE);
+      return;
+    }
+
     goto Finish;
   }
 

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
@@ -1367,11 +1367,13 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath|{0x0}|VOID*|0x00001043
 
   ## Set image protection policy. The policy is bitwise.
-  #  If a bit is set, the image will be protected by DxeCore if it is aligned.
+  #  If a bit is set, the image will be protected by DxeCore if it is aligned,
+  #   and if it is unaligned and BIT2 is set the boot process will be stopped.
   #   The code section becomes read-only, and the data section becomes non-executable.
   #  If a bit is clear, nothing will be done to image code/data sections.<BR><BR>
   #    BIT0       - Image from unknown device. <BR>
   #    BIT1       - Image from firmware volume.<BR>
+  #    BIT2       - Forbid loading of unaligned images.<BR>
   #  <BR>
   #  Note: If a bit is cleared, the data section could be still non-executable if
   #  PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData