From e6b6aa90d490c298da140bc118d73ceff510f563 Mon Sep 17 00:00:00 2001
From: Oliver Smith-Denny <osde@microsoft.com>
Date: Wed, 29 Jan 2025 11:05:03 -0800
Subject: MdePkg: Add Dynamic Stack Cookie Support

Adds dynamic stack cookies in the form of copies of the entry
point libraries that use shared logic to update stack cookies
at runtime.

This relies on RDRAND on IA32/X64 and RNDR on AARCH64 to get a
random number to apply to the stack cookie on module entry point.

This simplifies the logic a platform must do to include stack
check functionality.

Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
---
 .../Peim/PeimStackCheckEntryPointLibNull.c         | 46 ++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 MdePkg/Library/DynamicStackCookieEntryPointLib/Peim/PeimStackCheckEntryPointLibNull.c

(limited to 'MdePkg/Library/DynamicStackCookieEntryPointLib/Peim/PeimStackCheckEntryPointLibNull.c')

diff --git a/MdePkg/Library/DynamicStackCookieEntryPointLib/Peim/PeimStackCheckEntryPointLibNull.c b/MdePkg/Library/DynamicStackCookieEntryPointLib/Peim/PeimStackCheckEntryPointLibNull.c
new file mode 100644
index 0000000000..aa4a55d8d6
--- /dev/null
+++ b/MdePkg/Library/DynamicStackCookieEntryPointLib/Peim/PeimStackCheckEntryPointLibNull.c
@@ -0,0 +1,46 @@
+/** @file
+  Entry point to a PEIM that does not update the stack cookie dynamically.
+
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+
+#include <Library/PeimEntryPoint.h>
+#include <Library/DebugLib.h>
+
+extern
+EFI_STATUS
+EFIAPI
+_CModuleEntryPoint (
+  IN EFI_PEI_FILE_HANDLE     FileHandle,
+  IN CONST EFI_PEI_SERVICES  **PeiServices
+  );
+
+/**
+  The entry point of PE/COFF Image for a PEIM.
+
+  This function is the entry point for a PEIM.  This function must call ProcessLibraryConstructorList()
+  and ProcessModuleEntryPointList().  The return value from ProcessModuleEntryPointList() is returned.
+  If _gPeimRevision is not zero and PeiServices->Hdr.Revision is less than _gPeimRevison, then ASSERT().
+
+  @param  FileHandle  Handle of the file being invoked.
+  @param  PeiServices Describes the list of possible PEI Services.
+
+  @retval  EFI_SUCCESS   The PEIM executed normally.
+  @retval  !EFI_SUCCESS  The PEIM failed to execute normally.
+**/
+EFI_STATUS
+EFIAPI
+_ModuleEntryPoint (
+  IN EFI_PEI_FILE_HANDLE     FileHandle,
+  IN CONST EFI_PEI_SERVICES  **PeiServices
+  )
+{
+  //
+  // Call the driver entry point
+  //
+  return _CModuleEntryPoint (FileHandle, PeiServices);
+}
-- 
cgit