Re: [edk2] [PATCH] NX/ASLR/GS/RTCs Security Features

Subject: Re: [edk2] [PATCH] NX/ASLR/GS/RTCs Security Features

From: Eugene Khoruzhenko <Eugene_Khoruzhenko@phoenix.com>

To: "edk2-devel@lists.sourceforge.net" <edk2-devel@lists.sourceforge.net>

Date: 2012-05-21 05:04:20

Jordan, thanks for your suggestion. I cannot think of 10+, but we can definitely split it into at least 5 incremental patches by features:

NX/DEP:
1st patch - BasePageTableLibIA32E and BasePageTableLibNull in MdePkg.
2nd patch - the use of BasePageTableLib in MdeModulePkg, plus Nt32Pkg to link with this library.

ASLR:
3rd patch - the BaseBinSecurityLib in MdePkg, but only ASLR stuff.
4th patch is the use of BaseBinSecurityLib in MdeModulePkg, plus Nt32Pkg to link with this library.

GS/RTCs;
5th patch is adding GSCompilerSwitch.c and ASM files to BaseBinSecurityLib. This can also include INF, DSC, and other scripting code to support different compilers, so this may span several patches.

Does the above look good? If so, we'll split and resubmit.

Regards
ek

-----Original Message-----
From: Jordan Justen [mailto:jljusten@gmail.com] 
Sent: Thursday, May 17, 2012 8:27 AM
To: edk2-devel@lists.sourceforge.net
Subject: Re: [edk2] [PATCH] NX/ASLR/GS/RTCs Security Features

Given that there are several features, it seems like this should be
broken into quite a few smaller changes. (For instance, maybe it make
sense for there to be 10+ changes here?)

It looks as though .S assembly is missing in many places.

For the new libraries, should there be NULL versions?

I assume blamo.txt was not meant to be included. :)

-Jordan

On Wed, May 16, 2012 at 7:34 PM, Eugene Khoruzhenko
 wrote:
> Dear EDK2 MdeModulePkg maintainer and community,
>
> Please find the attached patch for the NX/ASLR/GS/RTCs features. Adding these features provides blanket security protection for latent vulnerabilities.
>
> The NX feature uses page tables and DXE memory management to mark pages containing data (or that do not contain code) as No Execute, causing a page fault if there is any attempt to execute code from those pages. This is to prevent code that exploits buffer overruns from including the code to be executed directly in the buffer overrun; for example, NX prevents code on the stack from being executed. This feature is implemented as a pair of libraries under MdePkg, one of which is BasePageTableLib stub library, and the other is a full implementation of the page table library for IA32E - BasePageTableLibIA32E. Integration involves changes to DxeCore and DxeIplPeim, as well as a bunch of changes to platform and silicon code to enable NXP in AP processors and SMM (not explicitly included with this patch).
>
> The ASLR feature causes PE images that are loaded to RAM to be loaded at randomized addresses. The intent is to prevent code that exploits stack buffer overruns from being able to use return oriented code from exploiting code loaded at known or fixed locations. This feature is implemented as a library that provides a randomization function called BaseBinSecurityLib.
> Integration involves changes to PeiCore, DxeIplPeim, DxeCore and SmmCore.
>
> GS and RTCs are to support VS2010 build with /GS and /RTCs switches enabled.
> Note that the /GS switch is only secure when ASLR is enabled, as we leverage ASLR's randomizing of the address of loaded code to automatically initialize the security cookie. Rather than setting the security cookie randomly in the program entrypoint code, we let PE loader set the security cookie value to the address of an arbitrarily selected function within BaseBinSecurityLib, and that address is random as a side effect of ASLR. This way, we don't have to link the full randomization code into every single driver or application.
>
> Regards,
> Eugene Khoruzhenko
> Principal Software Architect
> Phoenix Technologies Ltd.
> (425) 443-3883
>
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel