<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1+type@vertical+block@7b1604c16fa64d989875f6c921c5558b" data-request-token="31e1b54a095711efabb30242ac12000b" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1+type@markdown+block@2363235fa93545d8ad02b302e9437a92">
<div class="xblock xblock-public_view xblock-public_view-markdown" data-course-id="course-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1" data-block-type="markdown" data-usage-id="block-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1+type@markdown+block@2363235fa93545d8ad02b302e9437a92" data-request-token="31e1b54a095711efabb30242ac12000b" data-graded="True" data-has-score="False">
<div class="markdown_xblock"><p>Let's start with DEBUG build and analysis of <code>debug.log</code>:</p>
<pre><code>build -p OvmfPkg/OvmfPkgX64.dsc -b DEBUG -t GCC5 -n $(nproc) -a X64 all
qemu-system-x86_64 -nographic -bios Build/OvmfX64/DEBUG_GCC5/FV/OVMF.fd -chardev file,path=debug.log,id=edk2-debug -device isa-debugcon,iobase=0x402,chardev=edk2-debug
grep hob debug.log -i
</code></pre>
<p>You should see something like:</p>
<pre><code> temporary memory heap used for HobList: 6808 bytes.
Stack Hob: BaseAddress=0x3F36000 Length=0x20000
GetMicrocodePatchInfoFromHob: Microcode patch cache HOB is not found.
HOBLIST address in DXE = 0x78EA018
FV Hob 0x900000 - 0x14FFFFF
GetMicrocodePatchInfoFromHob: MicrocodeBase = 0x0, MicrocodeSize = 0x0
</code></pre>
<p>As we see even our OVMF build for QEMU talks about HOB. How should we read the above information?</p>
<ul>
<li>The number of bytes allocated for Hob List is non-zero</li>
<li>There is something called Stack Hob, which most probably provides information about the stack to the next phase</li>
<li>There is some information about microcode expected, however it is not found/populated since we are in QEMU and microcode is not needed</li>
<li>There is an address of the Hob list in DXE</li>
<li>There is a Firmware Volume Hob located at some address</li>
</ul>
<h1>Exercise #1: Print contents of HOB</h1>
<ul>
<li>Find the file where the string "<code>HOBLIST address in DXE</code>" is located. Using that file name, find in which module (<code>*.inf</code>) it is compiled-in. Please note you have know <code>BASE_NAME</code> from the INF file in which C file is used. It is important to note that based name may be different then module entry point name or main C file used to create module.</li>
<li>Now we have to find the location in memory where the <code>*.debug</code> file should be loaded. This situation is not as easy as in the previous Practice #2, because there is no <code>*.map</code> file which will tell us location in memory where module should be loaded. The easiest way to find the location of our module, is to look in the <code>debug.log</code> for a string like:</li>
</ul>
<pre><code>Loading (...) at <LOADING_ADDRESS> EntryPoint=<ENTRY_POINT_ADDRESS> <OUR_MODULE_BASE_NAME>.efi
Loading (...) at <LOADING_ADDRESS> EntryPoint=<ENTRY_POINT_ADDRESS>
</code></pre>
<ul>
<li>Let's start GDB debugging session</li>
</ul>
<div class="codehilite">
<pre><span></span><code>qemu-system-x86_64 -nographic -bios Build/OvmfX64/DEBUG_GCC5/FV/OVMF.fd -chardev file,path<span class="o">=</span>debug.log,id<span class="o">=</span>edk2-debug -device isa-debugcon,iobase<span class="o">=</span>0x402,chardev<span class="o">=</span>edk2-debug -s -S
</code></pre>
</div>
<ul>
<li>In second terminal </li>
</ul>
<pre><code>gdb
</code></pre>
<ul>
<li>In <code>gdb</code>:</li>
</ul>
<pre><code>(gdb) file ./path/to/<OUR_MODULE_BASE_NAME>.debug
Reading symbols from ./path/to/<OUR_MODULE_BASE_NAME>.debug...
(gdb) info file
Symbols from "/full/path/to/<OUR_MODULE_BASE_NAME>.debug".
Local exec file:
`/full/path/to/<OUR_MODULE_BASE_NAME>.debug', file type elf64-x86-64.
Entry point: 0x2ef0
0x0000000000000240 - 0x0000000000021df4 is .text
0x0000000000021e00 - 0x0000000000025611 is .data
0x0000000000025640 - 0x0000000000025640 is .eh_frame
(gdb) symbol-file
Discard symbol table from `/full/path/to/<OUR_MODULE_BASE_NAME>.debug'? (y or n) y
No symbol file now.
(gdb) add-symbol-file ./path/to/<OUR_MODULE_BASE_NAME>.debug (<LOADING_ADDRESS>+<.TEXT_START_ADDRESS>) -s .data (<LOADING_ADDRESS>+<.DATA_START_ADDRESS>)
add symbol table from file "./Build/OvmfX64/DEBUG_GCC5/X64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.debug" at
.text_addr = <TEXT_ADDR>
.data_addr = <DATA_ADDR>
(y or n) y
Reading symbols from ./path/to/<OUR_MODULE_BASE_NAME>.debug...
</code></pre>
<ul>
<li>Set breakpoint on function (<code><SOME_FUNCTION></code>) in which <code>HOBLIST address in DXE</code> string is printed</li>
</ul>
<pre><code>(gdb) break <SOME_FUNCTION>
Breakpoint 1 at 0x7ead2d4: file /full/path/to/our/file.c, line 236.
(gdb) target remote :1234
Remote debugging using :1234
0x000000000000fff0 in jQuery224023036190459170758_1652831349626 ()
(gdb) c
Continuing.
Breakpoint 1, <SOME_FUNCTION> (param=0x3f56000) at /full/path/to/our/file.c:line
236 {
(gdb)
</code></pre>
<ul>
<li>Print HOB structures in following way:</li>
</ul>
<pre><code>(gdb) ptype /o EFI_HOB_GENERIC_HEADER
type = struct {
/* 0 | 2 */ UINT16 HobType;
/* 2 | 2 */ UINT16 HobLength;
/* 4 | 4 */ UINT32 Reserved;
/* total size (bytes): 8 */
}
(gdb) p (EFI_HOB_GENERIC_HEADER *)HobStart
$1 = (EFI_HOB_GENERIC_HEADER *) 0x3f56000
(gdb) p *$1
$2 = {HobType = 1, HobLength = 56, Reserved = 0}
(gdb) p (EFI_HOB_GENERIC_HEADER *)(HobStart+56 )
$3 = (EFI_HOB_GENERIC_HEADER *) 0x3f56038
(gdb) p *$3
$4 = {HobType = 7, HobLength = 72, Reserved = 0}
(gdb) p (EFI_HOB_GENERIC_HEADER *)(HobStart+56+72)
$5 = (EFI_HOB_GENERIC_HEADER *) 0x3f56080
(gdb) p *$5
$6 = {HobType = 7, HobLength = 520, Reserved = 0}
(gdb) p (EFI_HOB_HANDOFF_INFO_TABLE *)$1
$7 = (EFI_HOB_HANDOFF_INFO_TABLE *) 0x3f56000
(gdb) p *$7
$8 = {Header = {HobType = 1, HobLength = 56, Reserved = 0}, Version = 9, BootMode = 0, EfiMemoryTop = 133660672, EfiMemoryBottom = 66281472, EfiFreeMemoryTop = 130023424,
EfiFreeMemoryBottom = 66424176, EfiEndOfHobList = 66424168}
</code></pre>
</div>
</div>
</div>
<div class="vert vert-1" data-id="block-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1+type@done+block@1ed8e9d0a13e45d396d61d10f2c127ba">
<div class="xblock xblock-public_view xblock-public_view-done" data-course-id="course-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1" data-block-type="done" data-usage-id="block-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1+type@done+block@1ed8e9d0a13e45d396d61d10f2c127ba" data-request-token="31e1b54a095711efabb30242ac12000b" data-graded="True" data-has-score="True">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Completion is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
<div class="vert vert-2" data-id="block-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1+type@discussion+block@6bda31feb0fc4b23a3fdb5cf2e156db6">
<div class="xblock xblock-public_view xblock-public_view-discussion" data-course-id="course-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1" data-block-type="discussion" data-usage-id="block-v1:OpenSecurityTraining2+4021_Intro_UEFI+2022_v1+type@discussion+block@6bda31feb0fc4b23a3fdb5cf2e156db6" data-request-token="31e1b54a095711efabb30242ac12000b" data-graded="True" data-has-score="False">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Discussion is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>