From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5B602821CF for ; Wed, 1 Mar 2017 06:42:30 -0800 (PST) Received: by mail-wr0-x234.google.com with SMTP id g10so31668326wrg.2 for ; Wed, 01 Mar 2017 06:42:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=VzRiQrom6xzI4ozJiKkjIs2o0mqglfzcbztGK01F3Wo=; b=Q6/EARSj+Tno2JovvtGjh2mygbbB8qLaKHSw2myaUuVKRKTxzQQfnlsGhgf8A58P23 +5IJZuM9z86Rie3+nwHJtLoyhg7TQLSqoMR++KMrkOMhAZbDZOhwX6YchwVQR34RU0Dn InFVibEm7O4Vnzr0Fwb186a1z3KLW3Bgd8wqc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=VzRiQrom6xzI4ozJiKkjIs2o0mqglfzcbztGK01F3Wo=; b=Vle07Ar3w18VHNC9gVFnrFq1R8d4/veVZJ8tmJpPu1/iF031HHF49hZufg0vrzig/7 jiphUgsV3BJeQQKTZPABF7Qp9RWLWZpFUi7c63PYiysdP/37WOiT7dydud9DhbBKqx3S yFa2vBHsVndFWT3qMfWzFsBv+U0lEQEs2zk5ePe12lol8hGKeubA4ws5Bexged0UQC5/ JgMZKPuhZUdGe9NEW4LOsKiql9+ur60+V5tpWCkr+OyV8mw0XiACQ0Yk0wiB0u2rpFQ0 ADkQW61xQjJQ66xj5GUQxYMvAAvE/wdR3azHxcCW9WeUAQPg+5CcheolrFZ5YG+wJL1k tLGA== X-Gm-Message-State: AMke39lNLhn9tgDiP4l7lTqGHosOZxAtzwOuaF3ax7jl9L8f3qVVZ9f2prqKP9xH/SWYOkK7 X-Received: by 10.223.133.5 with SMTP id 5mr7185118wrh.175.1488379348997; Wed, 01 Mar 2017 06:42:28 -0800 (PST) Received: from localhost.localdomain ([105.147.1.203]) by smtp.gmail.com with ESMTPSA id h75sm6867958wrh.37.2017.03.01.06.42.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Mar 2017 06:42:28 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, leif.lindholm@linaro.org, lersek@redhat.com Cc: Ard Biesheuvel Date: Wed, 1 Mar 2017 14:42:20 +0000 Message-Id: <1488379344-16273-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [PATCH 0/4] ArmPkg, ArmVirtpkg ARM: enable strict memory protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 14:42:30 -0000 This series makes the prerequisite modifications to the ARM version of the CpuDxe driver so we can enable PE/COFF image and NX memory protection for ARM platforms, including ArmVirtPkg (#4) Patch #1 refactors CpuSetMemoryAttributes() so it no longer splits section mappings into page mappings unnecessarily. Patch #2 removes some unnecessary cache/TLB maintenance, which becomes very costly when CpuSetMemoryAttributes() is used in anger as is the case with memory protections enabled. Patch #3 wires up the EFI_MEMORY_RO/EFI_MEMORY_XP attributes, which were ignored before. Patch #4 enables the protection features for ArmVirtPkg platforms when built for 32-bit ARM. Ard Biesheuvel (4): ArmPkg/CpuDxe ARM: avoid splitting page table sections unnecessarily ArmPkg/CpuDxe ARM: avoid unnecessary cache/TLB maintenance ArmPkg/CpuDxe ARM: honour RO/XP attributes in SetMemoryAttributes() ArmVirtPkg: enable PE/COFF image and memory protection for ARM platforms ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 209 ++++++++++---------- ArmVirtPkg/ArmVirt.dsc.inc | 9 +- 2 files changed, 109 insertions(+), 109 deletions(-) -- 2.7.4