Initial implementation of supervisor

Cargo.toml

@@ -1,6 +1,6 @@
 [workspace]
 resolver = "3"
-members = ["components/*", "core/*", "sdk/*", "patina_dxe_core"]
+members = ["components/*", "core/*", "sdk/*", "patina_dxe_core", "patina_mm_supervisor_core", "patina_mm_user_core"]
 
 [workspace.package]
 version = "21.0.1"
@@ -38,15 +38,19 @@ patina_ffs_extractors = { version = "21.0.1", path = "sdk/patina_ffs_extractors"
 patina_internal_collections = { version = "21.0.1", path = "core/patina_internal_collections", default-features = false }
 patina_internal_cpu = { version = "21.0.1", path = "core/patina_internal_cpu" }
 patina_internal_depex = { version = "21.0.1", path = "core/patina_internal_depex" }
+patina_internal_mm_common = { version = "21.0.0", path = "core/patina_internal_mm_common" }
 patina_lzma_rs = { version = "0.3.1", default-features = false }
 patina_macro = { version = "21.0.1", path = "sdk/patina_macro" }
 patina_mm = { version = "21.0.1", path = "components/patina_mm" }
 patina_mtrr = { version = "^1.1.6" }
+patina_mm_policy = { version = "21.0.0", path = "components/patina_mm_policy" }
+patina_mm_supervisor_core = { version = "21.0.0", path = "patina_mm_supervisor_core" }
 patina_paging = { version = "11.0.2" }
 patina_performance = { version = "21.0.1", path = "components/patina_performance" }
 patina_smbios = { version = "21.0.1", path = "components/patina_smbios" }
 patina_stacktrace = { version = "21.0.1", path = "core/patina_stacktrace" }
 patina_test = { version = "21.0.1", path = "components/patina_test" }
+patina_adv_logger = { version = "21.0.0", path = "components/patina_adv_logger" }
 proc-macro2 = { version = "1" }
 quote = { version = "1" }
 r-efi = { version = "5.0.0", default-features = false }
@@ -76,3 +80,6 @@ lzma-rs = { version = "0.3" }
 
 [workspace.lints.clippy]
 undocumented_unsafe_blocks = "warn"
+
+[patch.crates-io]
+patina_paging = { path = 'D:\Repos\patina-paging' }

components/patina_mm_policy/Cargo.toml

@@ -0,0 +1,25 @@
+[package]
+name = "patina_mm_policy"
+resolver = "2"
+version.workspace = true
+repository.workspace = true
+license.workspace = true
+edition.workspace = true
+readme = "README.md"
+description = "MM Supervisor secure policy library for Rust UEFI environments."
+
+# Metadata to tell docs.rs how to build the documentation when uploading
+[package.metadata.docs.rs]
+features = ["doc"]
+
+[dependencies]
+log = { workspace = true }
+r-efi = { workspace = true }
+spin = { workspace = true }
+
+[dev-dependencies]
+
+[features]
+default = []
+std = []
+doc = []

components/patina_mm_policy/README.md

@@ -0,0 +1,44 @@
+# patina_mm_policy
+
+MM Supervisor secure policy library for Rust UEFI environments.
+
+This crate provides a comprehensive policy management library for the MM Supervisor,
+including policy data structures, access validation (policy gate), and helper utilities.
+
+## Features
+
+### Policy Gate
+Initialize with a policy buffer pointer, then query whether operations are allowed:
+- `is_io_allowed()` - Check I/O port access
+- `is_msr_allowed()` - Check MSR access  
+- `is_instruction_allowed()` - Check privileged instruction execution
+- `is_save_state_read_allowed()` - Check save state read access
+
+### Helper Functions
+- `dump_policy()` - Print policy contents for debugging
+- `compare_policies()` - Compare two policies (order-independent)
+- `populate_memory_policy_from_page_table()` - Walk page tables to generate memory policy
+
+## Usage
+
+```rust,ignore
+use patina_mm_policy::{PolicyGate, AccessType, IoWidth};
+
+// Initialize the policy gate with a policy buffer
+let gate = unsafe { PolicyGate::new(policy_ptr) }?;
+
+// Check if I/O access is allowed
+let result = gate.is_io_allowed(0x3F8, IoWidth::Byte, AccessType::Read);
+if result.is_ok() {
+    // Access allowed
+}
+
+// Dump policy for debugging
+gate.dump_policy();
+```
+
+## License
+
+Copyright (c) Microsoft Corporation.
+
+SPDX-License-Identifier: Apache-2.0