From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 59EAA81FAE for ; Thu, 26 Jan 2017 00:40:30 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP; 26 Jan 2017 00:40:30 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,288,1477983600"; d="scan'208";a="52568377" Received: from jyao1-mobl.ccr.corp.intel.com ([10.239.192.51]) by orsmga004.jf.intel.com with ESMTP; 26 Jan 2017 00:40:28 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Jeff Fan , Michael Kinney , Leif Lindholm , Ard Biesheuvel , Star Zeng , Feng Tian Date: Thu, 26 Jan 2017 16:39:12 +0800 Message-Id: <1485419955-26652-1-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 Subject: [PATCH 0/3] DXE Memory Protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2017 08:40:30 -0000 This series patch provides capability to protect PE/COFF image in DXE memory. If the UEFI image is page aligned, the image code section is set to read only and the image data section is set to non-executable. The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect the image. Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal X64/ Tested OS: UEFI Win10, UEFI Ubuntu 16.04. Untested platform: ARM/AARCH64. Can ARM/AARCH64 owner help to take a look and try the ARM platform? Cc: Jeff Fan Cc: Michael Kinney Cc: Leif Lindholm Cc: Ard Biesheuvel Cc: Star Zeng Cc: Feng Tian Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Jiewen Yao (3): UefiCpuPkg/CpuDxe: Add memory attribute setting. ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage MdeModulePkg/DxeCore: Add UEFI image protection. ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 2 +- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 5 +- MdeModulePkg/Core/Dxe/DxeMain.h | 53 ++ MdeModulePkg/Core/Dxe/DxeMain.inf | 2 + MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 1 + MdeModulePkg/Core/Dxe/Image/Image.c | 5 + MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 822 ++++++++++++++++ MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c | 22 - UefiCpuPkg/CpuDxe/CpuDxe.c | 137 +-- UefiCpuPkg/CpuDxe/CpuDxe.inf | 4 +- UefiCpuPkg/CpuDxe/PageTableLib.h | 204 ++++ UefiCpuPkg/CpuDxe/PageTableLibX86Pae.c | 997 ++++++++++++++++++++ 12 files changed, 2168 insertions(+), 86 deletions(-) create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c create mode 100644 UefiCpuPkg/CpuDxe/PageTableLib.h create mode 100644 UefiCpuPkg/CpuDxe/PageTableLibX86Pae.c -- 2.7.4.windows.1