[U-Boot] efi_loader: detaching runtime
Alexander Graf
agraf at csgraf.de
Fri Jun 21 07:36:58 UTC 2019
On 20.06.19 23:59, Heinrich Schuchardt wrote:
> Hello Alex,
>
> currently we have two code sections in U-Boot:
>
> * __efi_runtime/__efi_runtime_data (mapped to EFI_RUNTIME_SERVICES_CODE)
> * all other code (mapped to EFI_LOADER_DATA by add_u_boot_and_runtime())
>
> All code and data that is not marked as __efi_runtime or
> __efi_runtime_data lives in a memory area that the EFI application may
> reuse after ExitBootServices().
>
> Code that is marked as __efi_runtime is relocated at
> SetVirtualMemoryMap().
>
> I wonder in which section the relocation code should live.
>
> It cannot be __efi_runtime or it will mess up itself while relocating.
> It cannot be in EFI_LOADER_DATA or it may be overwritten after
> ExitBootServices().
>
> If this reasoning is right wouldn't we need a third code section living
> in EFI_RUNTIME_SERVICES_CODE but which is excluded from the relocation
> during SetVirtualMemoryMap()?
Ard, are we guaranteed that during SetVirtualMemoryMap both the old as
well as the new memory location are accessible?
If that's the case, we can't mess ourselves up. If not, I don't see how
SetVirtualMemoryMap would work at all.
> Another option of cause would be to put the whole U-Boot code into
> EFI_RUNTIME_SERVICES_CODE which will incur a loss of less than 1 MiB for
> the operating system.
I'd rather not leak random U-Boot code into the runtime accessible area
for both security and validation reasons. Chances that we accidently
leak random MMIO accesses that are not runtime patched are really high.
Alex
More information about the U-Boot
mailing list