From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 520FC7803CC for ; Wed, 30 Aug 2023 23:19:30 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=0m4nWkI9g2hlM8nvYyP40lFCmqWMz7LdrqBjSgsERMM=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1693437569; v=1; b=B2XA1gHA2vxaQIF4Q8FKJXLht0tmRCwsOMrBvvyjI9A2lk6fmWUsA6n/r2CMGmpTihAAyWEg gpyJlLIrcFgn/dooPKgt9Qedq4FqqxqR/QX2jWbznCQyTN6Ydd74JnozcXgOw/ZhHPWjIlI0VHm mQZN67qzjX1cakGRm9iYuE0A= X-Received: by 127.0.0.2 with SMTP id PK17YY7687511xoOPEWdiOHZ; Wed, 30 Aug 2023 16:19:29 -0700 X-Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.4971.1693437563940191922 for ; Wed, 30 Aug 2023 16:19:24 -0700 X-Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-68c0d886ea0so172711b3a.2 for ; Wed, 30 Aug 2023 16:19:23 -0700 (PDT) X-Gm-Message-State: Z6TynPoPSZK2AuEszSWfaJkQx7686176AA= X-Google-Smtp-Source: AGHT+IHciAmc5Pxpc8jXvPgmwnEw0O24sDX+HY+6H1Q0Lpqf9P3fcF80TxlZ4a/aAEKHiK5cFMrowg== X-Received: by 2002:a05:6a00:158a:b0:68b:dbad:7ae0 with SMTP id u10-20020a056a00158a00b0068bdbad7ae0mr4469716pfk.21.1693437562894; Wed, 30 Aug 2023 16:19:22 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id x16-20020a62fb10000000b0064398fe3451sm102550pfm.217.2023.08.30.16.19.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Aug 2023 16:19:22 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao Subject: [edk2-devel] [PATCH v3 26/26] MdeModulePkg: Delete Memory Protection PCDs Date: Wed, 30 Aug 2023 16:18:34 -0700 Message-ID: <20230830231851.779-27-taylor.d.beebe@gmail.com> In-Reply-To: <20230830231851.779-1-taylor.d.beebe@gmail.com> References: <20230830231851.779-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=B2XA1gHA; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Now that the transition to use SetMemoryProtectionsLib and GetMemoryProtectionsLib is complete, delete the memory protection PCDs to avoid confusing the interface. All memory protection settings will now be set and consumed via the libraries. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao --- MdeModulePkg/MdeModulePkg.dec | 169 -------------------- MdeModulePkg/MdeModulePkg.uni | 153 ------------------ 2 files changed, 322 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 50c26fedaf6f..c701173b9803 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1004,119 +1004,12 @@ [PcdsFixedAtBuild] # @ValidList 0x80000006 | 0x03058002 gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable|0x03058002|UINT32|0x30001040 - ## Mask to control the NULL address detection in code for different phases. - # If enabled, accessing NULL address in UEFI or SMM code can be caught.

- # BIT0 - Enable NULL pointer detection for UEFI.
- # BIT1 - Enable NULL pointer detection for SMM.
- # BIT2..5 - Reserved for future uses.
- # BIT6 - Enable non-stop mode.
- # BIT7 - Disable NULL pointer detection just after EndOfDxe.
- # This is a workaround for those unsolvable NULL access issues in - # OptionROM, boot loader, etc. It can also help to avoid unnecessary - # exception caused by legacy memory (0-4095) access after EndOfDxe, - # such as Windows 7 boot on Qemu.
- # @Prompt Enable NULL address detection. - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask|0x0|UINT8|0x30001050 - ## Init Value in Temp Stack to be shared between SEC and PEI_CORE # SEC fills the full temp stack with this values. When switch stack, PeiCore can check # this value in the temp stack to know how many stack has been used. # @Prompt Init Value in Temp Stack gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack|0x5AA55AA5|UINT32|0x30001051 - ## Indicates which type allocation need guard page. - # - # If a bit is set, a head guard page and a tail guard page will be added just - # before and after corresponding type of pages allocated if there's enough - # free pages for all of them. The page allocation for the type related to - # cleared bits keeps the same as ususal. - # - # This PCD is only valid if BIT0 and/or BIT2 are set in PcdHeapGuardPropertyMask. - # - # Below is bit mask for this PCD: (Order is same as UEFI spec)
- # EfiReservedMemoryType 0x0000000000000001
- # EfiLoaderCode 0x0000000000000002
- # EfiLoaderData 0x0000000000000004
- # EfiBootServicesCode 0x0000000000000008
- # EfiBootServicesData 0x0000000000000010
- # EfiRuntimeServicesCode 0x0000000000000020
- # EfiRuntimeServicesData 0x0000000000000040
- # EfiConventionalMemory 0x0000000000000080
- # EfiUnusableMemory 0x0000000000000100
- # EfiACPIReclaimMemory 0x0000000000000200
- # EfiACPIMemoryNVS 0x0000000000000400
- # EfiMemoryMappedIO 0x0000000000000800
- # EfiMemoryMappedIOPortSpace 0x0000000000001000
- # EfiPalCode 0x0000000000002000
- # EfiPersistentMemory 0x0000000000004000
- # OEM Reserved 0x4000000000000000
- # OS Reserved 0x8000000000000000
- # e.g. LoaderCode+LoaderData+BootServicesCode+BootServicesData are needed, 0x1E should be used.
- # @Prompt The memory type mask for Page Guard. - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType|0x0|UINT64|0x30001052 - - ## Indicates which type allocation need guard page. - # - # If a bit is set, a head guard page and a tail guard page will be added just - # before and after corresponding type of pages which the allocated pool occupies, - # if there's enough free memory for all of them. The pool allocation for the - # type related to cleared bits keeps the same as ususal. - # - # This PCD is only valid if BIT1 and/or BIT3 are set in PcdHeapGuardPropertyMask. - # - # Below is bit mask for this PCD: (Order is same as UEFI spec)
- # EfiReservedMemoryType 0x0000000000000001
- # EfiLoaderCode 0x0000000000000002
- # EfiLoaderData 0x0000000000000004
- # EfiBootServicesCode 0x0000000000000008
- # EfiBootServicesData 0x0000000000000010
- # EfiRuntimeServicesCode 0x0000000000000020
- # EfiRuntimeServicesData 0x0000000000000040
- # EfiConventionalMemory 0x0000000000000080
- # EfiUnusableMemory 0x0000000000000100
- # EfiACPIReclaimMemory 0x0000000000000200
- # EfiACPIMemoryNVS 0x0000000000000400
- # EfiMemoryMappedIO 0x0000000000000800
- # EfiMemoryMappedIOPortSpace 0x0000000000001000
- # EfiPalCode 0x0000000000002000
- # EfiPersistentMemory 0x0000000000004000
- # OEM Reserved 0x4000000000000000
- # OS Reserved 0x8000000000000000
- # e.g. LoaderCode+LoaderData+BootServicesCode+BootServicesData are needed, 0x1E should be used.
- # @Prompt The memory type mask for Pool Guard. - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053 - - ## This mask is to control Heap Guard behavior. - # - # Note: - # a) Heap Guard is for debug purpose and should not be enabled in product - # BIOS. - # b) Due to the limit of pool memory implementation and the alignment - # requirement of UEFI spec, BIT7 is a try-best setting which cannot - # guarantee that the returned pool is exactly adjacent to head guard - # page or tail guard page. - # c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled - # at the same time. - # - # BIT0 - Enable UEFI page guard.
- # BIT1 - Enable UEFI pool guard.
- # BIT2 - Enable SMM page guard.
- # BIT3 - Enable SMM pool guard.
- # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).
- # BIT6 - Enable non-stop mode.
- # BIT7 - The direction of Guard Page for Pool Guard. - # 0 - The returned pool is near the tail guard page.
- # 1 - The returned pool is near the head guard page.
- # @Prompt The Heap Guard feature mask - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask|0x0|UINT8|0x30001054 - - ## Indicates if UEFI Stack Guard will be enabled. - # If enabled, stack overflow in UEFI can be caught, preventing chaotic consequences.

- # TRUE - UEFI Stack Guard will be enabled.
- # FALSE - UEFI Stack Guard will be disabled.
- # @Prompt Enable UEFI Stack Guard. - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|FALSE|BOOLEAN|0x30001055 - ## Indicate debug level of Trace Hub. # 0x0 - TraceHubDebugLevelError.
# 0x1 - TraceHubDebugLevelErrorWarning.
@@ -1393,54 +1286,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # @Prompt Memory profile driver path. gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath|{0x0}|VOID*|0x00001043 - ## Set image protection policy. The policy is bitwise. - # If a bit is set, the image will be protected by DxeCore if it is aligned. - # The code section becomes read-only, and the data section becomes non-executable. - # If a bit is clear, nothing will be done to image code/data sections.

- # BIT0 - Image from unknown device.
- # BIT1 - Image from firmware volume.
- #
- # Note: If a bit is cleared, the data section could be still non-executable if - # PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData - # and/or EfiRuntimeServicesData.
- #
- # @Prompt Set image protection policy. - # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047 - - ## Set DXE memory protection policy. The policy is bitwise. - # If a bit is set, memory regions of the associated type will be mapped - # non-executable.
- # If a bit is cleared, nothing will be done to associated type of memory.
- #
- # Below is bit mask for this PCD: (Order is same as UEFI spec)
- # EfiReservedMemoryType 0x0001
- # EfiLoaderCode 0x0002
- # EfiLoaderData 0x0004
- # EfiBootServicesCode 0x0008
- # EfiBootServicesData 0x0010
- # EfiRuntimeServicesCode 0x0020
- # EfiRuntimeServicesData 0x0040
- # EfiConventionalMemory 0x0080
- # EfiUnusableMemory 0x0100
- # EfiACPIReclaimMemory 0x0200
- # EfiACPIMemoryNVS 0x0400
- # EfiMemoryMappedIO 0x0800
- # EfiMemoryMappedIOPortSpace 0x1000
- # EfiPalCode 0x2000
- # EfiPersistentMemory 0x4000
- # OEM Reserved 0x4000000000000000
- # OS Reserved 0x8000000000000000
- # - # NOTE: User must NOT set NX protection for EfiLoaderCode / EfiBootServicesCode / EfiRuntimeServicesCode.
- # User MUST set the same NX protection for EfiBootServicesData and EfiConventionalMemory.
- # - # e.g. 0x7FD5 can be used for all memory except Code.
- # e.g. 0x7BD4 can be used for all memory except Code and ACPINVS/Reserved.
- # - # @Prompt Set DXE memory protection policy. - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0x0000000|UINT64|0x00001048 - ## PCI Serial Device Info. It is an array of Device, Function, and Power Management # information that describes the path that contains zero or more PCI to PCI bridges # followed by a PCI serial device. Each array entry is 4-bytes in length. The @@ -2029,20 +1874,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] # @Prompt Default Creator Revision for ACPI table creation. gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision|0x01000013|UINT32|0x30001038 - ## Indicates if to set NX for stack.

- # For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.
- # For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require - # IA32 PAE is supported and Execute Disable Bit is available.
- #
- # TRUE - Set NX for stack.
- # FALSE - Do nothing for stack.
- #
- # Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for - # EfiBootServicesData.
- #
- # @Prompt Set NX for stack. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE|BOOLEAN|0x0001006f - ## This PCD specifies the PCI-based SD/MMC host controller mmio base address. # Define the mmio base address of the pci-based SD/MMC host controller. If there are multiple SD/MMC # host controllers, their mmio base addresses are calculated one by one from this base address. diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index a17d34d60b21..afbbc44761ca 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -330,16 +330,6 @@ #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSerialRegisterStride_HELP #language en-US "The number of bytes between registers in serial device. The default is 1 byte." -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSetNxForStack_PROMPT #language en-US "Set NX for stack" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSetNxForStack_HELP #language en-US "Indicates if to set NX for stack.

" - "For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.
" - "For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require" - "IA32 PAE is supported and Execute Disable Bit is available.
" - "TRUE - Set NX for stack.
" - "FALSE - Do nothing for stack.
" - "Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for EfiBootServicesData.
" - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_PROMPT #language en-US "ACPI S3 Enable" #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_HELP #language en-US "Indicates if ACPI S3 will be enabled.

" @@ -1096,51 +1086,6 @@ #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSmiHandlerProfilePropertyMask_HELP #language en-US "The mask is used to control SmiHandlerProfile behavior.

\n" "BIT0 - Enable SmiHandlerProfile.
" -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdImageProtectionPolicy_PROMPT #language en-US "Set image protection policy." - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdImageProtectionPolicy_HELP #language en-US "Set image protection policy. The policy is bitwise.\n" - "If a bit is set, the image will be protected by DxeCore if it is aligned.\n" - "The code section becomes read-only, and the data section becomes non-executable.\n" - "If a bit is clear, nothing will be done to image code/data sections.

\n" - "BIT0 - Image from unknown device.
\n" - "BIT1 - Image from firmware volume.
" - "Note: If a bit is cleared, the data section could be still non-executable if\n" - "PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData\n" - "and/or EfiRuntimeServicesData.
" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_PROMPT #language en-US "Set DXE memory protection policy." - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_HELP #language en-US "Set DXE memory protection policy. The policy is bitwise.\n" - "If a bit is set, memory regions of the associated type will be mapped\n" - "non-executable.
\n" - "If a bit is cleared, nothing will be done to associated type of memory.

\n" - "\n" - "Below is bit mask for this PCD: (Order is same as UEFI spec)
\n" - "EfiReservedMemoryType 0x0001
\n" - "EfiLoaderCode 0x0002
\n" - "EfiLoaderData 0x0004
\n" - "EfiBootServicesCode 0x0008
\n" - "EfiBootServicesData 0x0010
\n" - "EfiRuntimeServicesCode 0x0020
\n" - "EfiRuntimeServicesData 0x0040
\n" - "EfiConventionalMemory 0x0080
\n" - "EfiUnusableMemory 0x0100
\n" - "EfiACPIReclaimMemory 0x0200
\n" - "EfiACPIMemoryNVS 0x0400
\n" - "EfiMemoryMappedIO 0x0800
\n" - "EfiMemoryMappedIOPortSpace 0x1000
\n" - "EfiPalCode 0x2000
\n" - "EfiPersistentMemory 0x4000
\n" - "OEM Reserved 0x4000000000000000
\n" - "OS Reserved 0x8000000000000000
\n" - "\n" - "NOTE: User must NOT set NX protection for EfiLoaderCode / EfiBootServicesCode / EfiRuntimeServicesCode.
\n" - "User MUST set the same NX protection for EfiBootServicesData and EfiConventionalMemory.
\n" - "\n" - "e.g. 0x7FD5 can be used for all memory except Code.
\n" - "e.g. 0x7BD4 can be used for all memory except Code and ACPINVS/Reserved.
\n" - "" - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOrMask_PROMPT #language en-US "The address mask when memory encryption is enabled." #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOrMask_HELP #language en-US "This PCD holds the address mask for page table entries when memory encryption is\n" @@ -1186,110 +1131,12 @@ #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCodRelocationDevPath_HELP #language en-US "Full device path of platform specific device to store Capsule On Disk temp relocation file.
" "If this PCD is set, Capsule On Disk temp relocation file will be stored in the device specified by this PCD, instead of the EFI System Partition that stores capsule image file." -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdNullPointerDetectionPropertyMask_PROMPT #language en-US "Enable NULL pointer detection" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdNullPointerDetectionPropertyMask_HELP #language en-US "Mask to control the NULL address detection in code for different phases.\n" - " If enabled, accessing NULL address in UEFI or SMM code can be caught.\n\n" - " BIT0 - Enable NULL pointer detection for UEFI.\n" - " BIT1 - Enable NULL pointer detection for SMM.\n" - " BIT2..6 - Reserved for future uses.\n" - " BIT7 - Disable NULL pointer detection just after EndOfDxe." - " This is a workaround for those unsolvable NULL access issues in" - " OptionROM, boot loader, etc. It can also help to avoid unnecessary" - " exception caused by legacy memory (0-4095) access after EndOfDxe," - " such as Windows 7 boot on Qemu.\n" - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdInitValueInTempStack_PROMPT #language en-US "Init Value in Temp Stack" #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdInitValueInTempStack_HELP #language en-US "Init Value in Temp Stack to be shared between SEC and PEI_CORE\n" "SEC fills the full temp stack with this values. When switch stack, PeiCore can check\n" "this value in the temp stack to know how many stack has been used.\n" -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPageType_PROMPT #language en-US "The memory type mask for Page Guard" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPageType_HELP #language en-US "Indicates which type allocation need guard page.\n\n" - " If a bit is set, a head guard page and a tail guard page will be added just\n" - " before and after corresponding type of pages allocated if there's enough\n" - " free pages for all of them. The page allocation for the type related to\n" - " cleared bits keeps the same as ususal.\n\n" - " This PCD is only valid if BIT0 and/or BIT2 are set in PcdHeapGuardPropertyMask.\n\n" - " Below is bit mask for this PCD: (Order is same as UEFI spec)
\n" - " EfiReservedMemoryType 0x0000000000000001\n" - " EfiLoaderCode 0x0000000000000002\n" - " EfiLoaderData 0x0000000000000004\n" - " EfiBootServicesCode 0x0000000000000008\n" - " EfiBootServicesData 0x0000000000000010\n" - " EfiRuntimeServicesCode 0x0000000000000020\n" - " EfiRuntimeServicesData 0x0000000000000040\n" - " EfiConventionalMemory 0x0000000000000080\n" - " EfiUnusableMemory 0x0000000000000100\n" - " EfiACPIReclaimMemory 0x0000000000000200\n" - " EfiACPIMemoryNVS 0x0000000000000400\n" - " EfiMemoryMappedIO 0x0000000000000800\n" - " EfiMemoryMappedIOPortSpace 0x0000000000001000\n" - " EfiPalCode 0x0000000000002000\n" - " EfiPersistentMemory 0x0000000000004000\n" - " OEM Reserved 0x4000000000000000\n" - " OS Reserved 0x8000000000000000\n" - " e.g. LoaderCode+LoaderData+BootServicesCode+BootServicesData are needed, 0x1E should be used.
" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPoolType_PROMPT #language en-US "The memory type mask for Pool Guard" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPoolType_HELP #language en-US "Indicates which type allocation need guard page.\n\n" - " If a bit is set, a head guard page and a tail guard page will be added just\n" - " before and after corresponding type of pages which the allocated pool occupies,\n" - " if there's enough free memory for all of them. The pool allocation for the\n" - " type related to cleared bits keeps the same as ususal.\n\n" - " This PCD is only valid if BIT1 and/or BIT3 are set in PcdHeapGuardPropertyMask.\n\n" - " Below is bit mask for this PCD: (Order is same as UEFI spec)
\n" - " EfiReservedMemoryType 0x0000000000000001\n" - " EfiLoaderCode 0x0000000000000002\n" - " EfiLoaderData 0x0000000000000004\n" - " EfiBootServicesCode 0x0000000000000008\n" - " EfiBootServicesData 0x0000000000000010\n" - " EfiRuntimeServicesCode 0x0000000000000020\n" - " EfiRuntimeServicesData 0x0000000000000040\n" - " EfiConventionalMemory 0x0000000000000080\n" - " EfiUnusableMemory 0x0000000000000100\n" - " EfiACPIReclaimMemory 0x0000000000000200\n" - " EfiACPIMemoryNVS 0x0000000000000400\n" - " EfiMemoryMappedIO 0x0000000000000800\n" - " EfiMemoryMappedIOPortSpace 0x0000000000001000\n" - " EfiPalCode 0x0000000000002000\n" - " EfiPersistentMemory 0x0000000000004000\n" - " OEM Reserved 0x4000000000000000\n" - " OS Reserved 0x8000000000000000\n" - " e.g. LoaderCode+LoaderData+BootServicesCode+BootServicesData are needed, 0x1E should be used.
" - - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_PROMPT #language en-US "The Heap Guard feature mask" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_HELP #language en-US "This mask is to control Heap Guard behavior.\n" - " Note:\n" - " a) Heap Guard is for debug purpose and should not be enabled in product" - " BIOS.\n" - " b) Due to the limit of pool memory implementation and the alignment" - " requirement of UEFI spec, BIT7 is a try-best setting which cannot" - " guarantee that the returned pool is exactly adjacent to head guard" - " page or tail guard page.\n" - " c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled" - " at the same time.\n" - " BIT0 - Enable UEFI page guard.
\n" - " BIT1 - Enable UEFI pool guard.
\n" - " BIT2 - Enable SMM page guard.
\n" - " BIT3 - Enable SMM pool guard.
\n" - " BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).
\n" - " BIT7 - The direction of Guard Page for Pool Guard.\n" - " 0 - The returned pool is near the tail guard page.
\n" - " 1 - The returned pool is near the head guard page.
" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCpuStackGuard_PROMPT #language en-US "Enable UEFI Stack Guard" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCpuStackGuard_HELP #language en-US "Indicates if UEFI Stack Guard will be enabled.\n" - " If enabled, stack overflow in UEFI can be caught, preventing chaotic consequences.

\n" - " TRUE - UEFI Stack Guard will be enabled.
\n" - " FALSE - UEFI Stack Guard will be disabled.
" - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdTraceHubDebugLevel_PROMPT #language en-US "Debug level of Trace Hub." #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdTraceHubDebugLevel_HELP #language en-US "Indicate debug level of Trace Hub" -- 2.42.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108180): https://edk2.groups.io/g/devel/message/108180 Mute This Topic: https://groups.io/mt/101064101/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-