From: "Taylor Beebe" <taylor.d.beebe@gmail.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>
Subject: [edk2-devel] [PATCH v5 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib
Date: Sun, 8 Oct 2023 17:07:32 -0700 [thread overview]
Message-ID: <20231009000742.1792-21-taylor.d.beebe@gmail.com> (raw)
In-Reply-To: <20231009000742.1792-1-taylor.d.beebe@gmail.com>
Now that the EDK2 tree uses GetMemoryProtectionsLib to query
the platform memory protection settings, we can add additional
profiles to SetMemoryProtectionsLib to give plaforms more options
for setting memory protections.
Signed-off-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
---
MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c | 496 +++++++++++++++++++-
MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h | 8 +
2 files changed, 502 insertions(+), 2 deletions(-)
diff --git a/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c
index 13032ec80fbf..5a82a94fe258 100644
--- a/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c
+++ b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c
@@ -28,6 +28,227 @@ typedef struct {
// DXE PROFILE DEFINITIONS //
/////////////////////////////
+//
+// A memory profile with strict settings ideal for development scenarios.
+//
+#define DXE_MEMORY_PROTECTION_SETTINGS_DEBUG \
+{ \
+ DXE_MEMORY_PROTECTION_SIGNATURE, \
+ DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ TRUE, /* Stack Guard */ \
+ TRUE, /* Stack Execution Protection */ \
+ { /* NULL Pointer Detection */ \
+ .Enabled = TRUE, \
+ .DisableEndOfDxe = FALSE, \
+ .NonstopModeEnabled = TRUE \
+ }, \
+ { /* Image Protection */ \
+ .ProtectImageFromUnknown = TRUE, \
+ .ProtectImageFromFv = TRUE \
+ }, \
+ { /* Execution Protection */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = TRUE, \
+ [EfiLoaderCode] = FALSE, \
+ [EfiLoaderData] = TRUE, \
+ [EfiBootServicesCode] = FALSE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = FALSE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = TRUE, \
+ [EfiUnusableMemory] = TRUE, \
+ [EfiACPIReclaimMemory] = TRUE, \
+ [EfiACPIMemoryNVS] = TRUE, \
+ [EfiMemoryMappedIO] = TRUE, \
+ [EfiMemoryMappedIOPortSpace] = TRUE, \
+ [EfiPalCode] = TRUE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = TRUE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \
+ } \
+ }, \
+ { /* Heap Guard */ \
+ .PageGuardEnabled = TRUE, \
+ .PoolGuardEnabled = TRUE, \
+ .FreedMemoryGuardEnabled = FALSE, \
+ .NonstopModeEnabled = TRUE, \
+ .GuardAlignedToTail = TRUE \
+ }, \
+ { /* Pool Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = TRUE, \
+ [EfiLoaderCode] = TRUE, \
+ [EfiLoaderData] = TRUE, \
+ [EfiBootServicesCode] = TRUE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = TRUE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = FALSE, \
+ [EfiUnusableMemory] = TRUE, \
+ [EfiACPIReclaimMemory] = TRUE, \
+ [EfiACPIMemoryNVS] = TRUE, \
+ [EfiMemoryMappedIO] = TRUE, \
+ [EfiMemoryMappedIOPortSpace] = TRUE, \
+ [EfiPalCode] = TRUE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = TRUE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \
+ } \
+ }, \
+ { /* Page Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = TRUE, \
+ [EfiLoaderCode] = TRUE, \
+ [EfiLoaderData] = TRUE, \
+ [EfiBootServicesCode] = TRUE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = TRUE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = FALSE, \
+ [EfiUnusableMemory] = TRUE, \
+ [EfiACPIReclaimMemory] = TRUE, \
+ [EfiACPIMemoryNVS] = TRUE, \
+ [EfiMemoryMappedIO] = TRUE, \
+ [EfiMemoryMappedIOPortSpace] = TRUE, \
+ [EfiPalCode] = TRUE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = TRUE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \
+ } \
+ } \
+}
+
+//
+// A memory profile recommended for production. Compared to the debug
+// settings, this profile removes the pool guards and uses page guards
+// for fewer memory types.
+//
+#define DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE \
+{ \
+ DXE_MEMORY_PROTECTION_SIGNATURE, \
+ DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ TRUE, /* Stack Guard */ \
+ TRUE, /* Stack Execution Protection */ \
+ { /* NULL Pointer Detection */ \
+ .Enabled = TRUE, \
+ .DisableEndOfDxe = FALSE, \
+ .NonstopModeEnabled = FALSE \
+ }, \
+ { /* Image Protection */ \
+ .ProtectImageFromUnknown = FALSE, \
+ .ProtectImageFromFv = TRUE \
+ }, \
+ { /* Execution Protection */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = TRUE, \
+ [EfiLoaderCode] = FALSE, \
+ [EfiLoaderData] = TRUE, \
+ [EfiBootServicesCode] = FALSE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = FALSE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = TRUE, \
+ [EfiUnusableMemory] = TRUE, \
+ [EfiACPIReclaimMemory] = TRUE, \
+ [EfiACPIMemoryNVS] = TRUE, \
+ [EfiMemoryMappedIO] = TRUE, \
+ [EfiMemoryMappedIOPortSpace] = TRUE, \
+ [EfiPalCode] = TRUE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = TRUE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \
+ } \
+ }, \
+ { /* Heap Guard */ \
+ .PageGuardEnabled = TRUE, \
+ .PoolGuardEnabled = FALSE, \
+ .FreedMemoryGuardEnabled = FALSE, \
+ .NonstopModeEnabled = FALSE, \
+ .GuardAlignedToTail = TRUE \
+ }, \
+ { /* Pool Guard */ \
+ 0 \
+ }, \
+ { /* Page Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = FALSE, \
+ [EfiLoaderCode] = FALSE, \
+ [EfiLoaderData] = FALSE, \
+ [EfiBootServicesCode] = FALSE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = FALSE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = FALSE, \
+ [EfiUnusableMemory] = FALSE, \
+ [EfiACPIReclaimMemory] = FALSE, \
+ [EfiACPIMemoryNVS] = FALSE, \
+ [EfiMemoryMappedIO] = FALSE, \
+ [EfiMemoryMappedIOPortSpace] = FALSE, \
+ [EfiPalCode] = FALSE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = FALSE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \
+ } \
+ } \
+}
+
+//
+// A memory profile which mirrors DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE
+// but doesn't include page guards.
+//
+#define DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE_NO_PAGE_GUARDS \
+{ \
+ DXE_MEMORY_PROTECTION_SIGNATURE, \
+ DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ TRUE, /* Stack Guard */ \
+ TRUE, /* Stack Execution Protection */ \
+ { /* NULL Pointer Detection */ \
+ .Enabled = TRUE, \
+ .DisableEndOfDxe = FALSE, \
+ .NonstopModeEnabled = FALSE \
+ }, \
+ { /* Image Protection */ \
+ .ProtectImageFromUnknown = FALSE, \
+ .ProtectImageFromFv = TRUE \
+ }, \
+ { /* Execution Protection */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = TRUE, \
+ [EfiLoaderCode] = FALSE, \
+ [EfiLoaderData] = TRUE, \
+ [EfiBootServicesCode] = FALSE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = FALSE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = TRUE, \
+ [EfiUnusableMemory] = TRUE, \
+ [EfiACPIReclaimMemory] = TRUE, \
+ [EfiACPIMemoryNVS] = TRUE, \
+ [EfiMemoryMappedIO] = TRUE, \
+ [EfiMemoryMappedIOPortSpace] = TRUE, \
+ [EfiPalCode] = TRUE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = TRUE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \
+ } \
+ }, \
+ { /* Heap Guard */ \
+ 0 \
+ }, \
+ { /* Pool Guard */ \
+ 0 \
+ }, \
+ { /* Page Guard */ \
+ 0 \
+ } \
+}
+
//
// A memory profile which uses the fixed at build PCDs defined in MdeModulePkg.dec
//
@@ -121,10 +342,220 @@ typedef struct {
} \
}
+// A memory profile recommended for compatibility with older
+// versions of Grub.
+//
+#define DXE_MEMORY_PROTECTION_SETTINGS_GRUB_COMPAT \
+{ \
+ DXE_MEMORY_PROTECTION_SIGNATURE, \
+ DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ TRUE, /* Stack Guard */ \
+ TRUE, /* Stack Execution Protection */ \
+ { /* NULL Pointer Detection */ \
+ .Enabled = TRUE, \
+ .DisableEndOfDxe = TRUE, \
+ .NonstopModeEnabled = FALSE \
+ }, \
+ { /* Image Protection */ \
+ .ProtectImageFromUnknown = FALSE, \
+ .ProtectImageFromFv = TRUE \
+ }, \
+ { /* Execution Protection */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = TRUE, \
+ [EfiLoaderCode] = FALSE, \
+ [EfiLoaderData] = FALSE, \
+ [EfiBootServicesCode] = FALSE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = FALSE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = TRUE, \
+ [EfiUnusableMemory] = TRUE, \
+ [EfiACPIReclaimMemory] = TRUE, \
+ [EfiACPIMemoryNVS] = TRUE, \
+ [EfiMemoryMappedIO] = TRUE, \
+ [EfiMemoryMappedIOPortSpace] = TRUE, \
+ [EfiPalCode] = TRUE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = TRUE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \
+ } \
+ }, \
+ { /* Heap Guard */ \
+ .PageGuardEnabled = TRUE, \
+ .PoolGuardEnabled = FALSE, \
+ .FreedMemoryGuardEnabled = FALSE, \
+ .NonstopModeEnabled = FALSE, \
+ .GuardAlignedToTail = TRUE \
+ }, \
+ { /* Pool Guard */ \
+ 0 \
+ }, \
+ { /* Page Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = FALSE, \
+ [EfiLoaderCode] = FALSE, \
+ [EfiLoaderData] = FALSE, \
+ [EfiBootServicesCode] = FALSE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = FALSE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = FALSE, \
+ [EfiUnusableMemory] = FALSE, \
+ [EfiACPIReclaimMemory] = FALSE, \
+ [EfiACPIMemoryNVS] = FALSE, \
+ [EfiMemoryMappedIO] = FALSE, \
+ [EfiMemoryMappedIOPortSpace] = FALSE, \
+ [EfiPalCode] = FALSE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = FALSE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \
+ } \
+ } \
+}
+
+//
+// A memory profile which disables all DXE memory protection settings.
+//
+#define DXE_MEMORY_PROTECTION_SETTINGS_OFF \
+{ \
+ DXE_MEMORY_PROTECTION_SIGNATURE, \
+ DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ FALSE, /* Stack Guard */ \
+ FALSE, /* Stack Execution Protection */ \
+ { /* NULL Pointer Detection */ \
+ 0 \
+ }, \
+ { /* Image Protection */ \
+ 0 \
+ }, \
+ { /* Execution Protection */ \
+ 0 \
+ }, \
+ { /* Heap Guard */ \
+ 0 \
+ }, \
+ { /* Pool Guard */ \
+ 0 \
+ }, \
+ { /* Page Guard */ \
+ 0 \
+ } \
+}
+
////////////////////////////
// MM PROFILE DEFINITIONS //
////////////////////////////
+//
+// A memory profile ideal for development scenarios.
+//
+#define MM_MEMORY_PROTECTION_SETTINGS_DEBUG \
+{ \
+ MM_MEMORY_PROTECTION_SIGNATURE, \
+ MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ { /* NULL Pointer Detection */ \
+ .Enabled = TRUE, \
+ .NonstopModeEnabled = TRUE \
+ }, \
+ { /* Heap Guard */ \
+ .PageGuardEnabled = TRUE, \
+ .PoolGuardEnabled = TRUE, \
+ .NonstopModeEnabled = TRUE, \
+ .GuardAlignedToTail = TRUE \
+ }, \
+ { /* Pool Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = FALSE, \
+ [EfiLoaderCode] = FALSE, \
+ [EfiLoaderData] = FALSE, \
+ [EfiBootServicesCode] = FALSE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = FALSE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = FALSE, \
+ [EfiUnusableMemory] = FALSE, \
+ [EfiACPIReclaimMemory] = FALSE, \
+ [EfiACPIMemoryNVS] = FALSE, \
+ [EfiMemoryMappedIO] = FALSE, \
+ [EfiMemoryMappedIOPortSpace] = FALSE, \
+ [EfiPalCode] = FALSE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = FALSE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \
+ } \
+ }, \
+ { /* Page Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = FALSE, \
+ [EfiLoaderCode] = FALSE, \
+ [EfiLoaderData] = FALSE, \
+ [EfiBootServicesCode] = FALSE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = FALSE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = FALSE, \
+ [EfiUnusableMemory] = FALSE, \
+ [EfiACPIReclaimMemory] = FALSE, \
+ [EfiACPIMemoryNVS] = FALSE, \
+ [EfiMemoryMappedIO] = FALSE, \
+ [EfiMemoryMappedIOPortSpace] = FALSE, \
+ [EfiPalCode] = FALSE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = FALSE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \
+ } \
+ } \
+}
+
+//
+// A memory profile ideal for production scenarios.
+//
+#define MM_MEMORY_PROTECTION_SETTINGS_PROD_MODE \
+{ \
+ MM_MEMORY_PROTECTION_SIGNATURE, \
+ MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ { /* NULL Pointer Detection */ \
+ .Enabled = TRUE, \
+ .NonstopModeEnabled = FALSE \
+ }, \
+ { /* Heap Guard */ \
+ .PageGuardEnabled = TRUE, \
+ .PoolGuardEnabled = FALSE, \
+ .NonstopModeEnabled = FALSE, \
+ .GuardAlignedToTail = TRUE \
+ }, \
+ { /* Pool Guard */ \
+ 0 \
+ }, \
+ { /* Page Guard */ \
+ .EnabledForType = { \
+ [EfiReservedMemoryType] = FALSE, \
+ [EfiLoaderCode] = FALSE, \
+ [EfiLoaderData] = FALSE, \
+ [EfiBootServicesCode] = FALSE, \
+ [EfiBootServicesData] = TRUE, \
+ [EfiRuntimeServicesCode] = FALSE, \
+ [EfiRuntimeServicesData] = TRUE, \
+ [EfiConventionalMemory] = FALSE, \
+ [EfiUnusableMemory] = FALSE, \
+ [EfiACPIReclaimMemory] = FALSE, \
+ [EfiACPIMemoryNVS] = FALSE, \
+ [EfiMemoryMappedIO] = FALSE, \
+ [EfiMemoryMappedIOPortSpace] = FALSE, \
+ [EfiPalCode] = FALSE, \
+ [EfiPersistentMemory] = FALSE, \
+ [EfiUnacceptedMemoryType] = FALSE, \
+ [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \
+ [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \
+ } \
+ } \
+}
+
//
// A memory profile which uses the fixed at build PCDs defined in MdeModulePkg.dec
//
@@ -188,24 +619,85 @@ typedef struct {
} \
}
+//
+// A memory profile which disables all MM memory protection settings.
+//
+#define MM_MEMORY_PROTECTION_SETTINGS_OFF \
+{ \
+ MM_MEMORY_PROTECTION_SIGNATURE, \
+ MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \
+ { /* NULL Pointer Detection */ \
+ 0 \
+ }, \
+ { /* Heap Guard */ \
+ 0 \
+ }, \
+ { /* Pool Guard */ \
+ 0 \
+ }, \
+ { /* Page Guard */ \
+ 0 \
+ } \
+}
+
////////////////////////////
// PROFILE CONFIGURATIONS //
////////////////////////////
DXE_MEMORY_PROTECTION_PROFILES DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsMax] = {
- [DxeMemoryProtectionSettingsPcd] = {
+ [DxeMemoryProtectionSettingsDebug] = {
+ .Name = "Debug",
+ .Description = "Development profile ideal for debug scenarios",
+ .Settings = DXE_MEMORY_PROTECTION_SETTINGS_DEBUG
+ },
+ [DxeMemoryProtectionSettingsRelease] = {
+ .Name = "Release",
+ .Description = "Release profile recommended for production scenarios",
+ .Settings = DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE
+ },
+ [DxeMemoryProtectionSettingsReleaseNoPageGuards] = {
+ .Name = "ReleaseNoPageGuards",
+ .Description = "Release profile without page guards recommended for performance sensitive production scenarios",
+ .Settings = DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE_NO_PAGE_GUARDS
+ },
+ [DxeMemoryProtectionSettingsPcd] = {
.Name = "Pcd",
.Description = "Memory protection settings from PCDs",
.Settings = DXE_MEMORY_PROTECTION_SETTINGS_PCD
},
+ [DxeMemoryProtectionSettingsGrubCompat] = {
+ .Name = "GrubCompat",
+ .Description = "DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE with some protections disabled for legacy Grub compatibility",
+ .Settings = DXE_MEMORY_PROTECTION_SETTINGS_GRUB_COMPAT
+ },
+ [DxeMemoryProtectionSettingsOff] = {
+ .Name = "Off",
+ .Description = "Disables all memory protection settings",
+ .Settings = DXE_MEMORY_PROTECTION_SETTINGS_OFF
+ }
};
MM_MEMORY_PROTECTION_PROFILES MmMemoryProtectionProfiles[MmMemoryProtectionSettingsMax] = {
- [MmMemoryProtectionSettingsPcd] = {
+ [MmMemoryProtectionSettingsDebug] = {
+ .Name = "Debug",
+ .Description = "Development profile ideal for debug scenarios",
+ .Settings = MM_MEMORY_PROTECTION_SETTINGS_DEBUG
+ },
+ [MmMemoryProtectionSettingsRelease] = {
+ .Name = "Release",
+ .Description = "Release profile recommended for production scenarios",
+ .Settings = MM_MEMORY_PROTECTION_SETTINGS_PROD_MODE
+ },
+ [MmMemoryProtectionSettingsPcd] = {
.Name = "Pcd",
.Description = "Memory protection settings from PCDs",
.Settings = MM_MEMORY_PROTECTION_SETTINGS_PCD
},
+ [MmMemoryProtectionSettingsOff] = {
+ .Name = "Off",
+ .Description = "Disables all memory protection settings",
+ .Settings = MM_MEMORY_PROTECTION_SETTINGS_OFF
+ }
};
/////////////////////////////////////
diff --git a/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h b/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h
index 023c987c3c7e..3638ba7e3ef7 100644
--- a/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h
+++ b/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h
@@ -17,6 +17,11 @@ typedef struct {
} DXE_MEMORY_PROTECTION_PROFILES;
typedef enum {
+ DxeMemoryProtectionSettingsDebug = 0,
+ DxeMemoryProtectionSettingsRelease,
+ DxeMemoryProtectionSettingsReleaseNoPageGuards,
+ DxeMemoryProtectionSettingsGrubCompat,
+ DxeMemoryProtectionSettingsOff,
DxeMemoryProtectionSettingsPcd,
DxeMemoryProtectionSettingsMax
} DXE_MEMORY_PROTECTION_PROFILE_INDEX;
@@ -28,6 +33,9 @@ typedef struct {
} MM_MEMORY_PROTECTION_PROFILES;
typedef enum {
+ MmMemoryProtectionSettingsDebug = 0,
+ MmMemoryProtectionSettingsRelease,
+ MmMemoryProtectionSettingsOff,
MmMemoryProtectionSettingsPcd,
MmMemoryProtectionSettingsMax
} MM_MEMORY_PROTECTION_PROFILE_INDEX;
--
2.42.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109425): https://edk2.groups.io/g/devel/message/109425
Mute This Topic: https://groups.io/mt/101843364/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-10-09 0:08 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-09 0:07 [edk2-devel] [PATCH v5 00/28] Implement Dynamic Memory Protection Settings Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 01/28] MdeModulePkg: Add DXE and MM Memory Protection Settings Definitions Taylor Beebe
2023-11-03 5:52 ` Ni, Ray
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 02/28] MdeModulePkg: Define SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-10-09 7:52 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 03/28] MdeModulePkg: Add NULL Instances for Get/SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 04/28] MdeModulePkg: Implement SetMemoryProtectionsLib and GetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 05/28] MdeModulePkg: Copy PEI PCD Database Into New Buffer Taylor Beebe
2023-10-09 6:47 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 06/28] MdeModulePkg: Apply Protections to the HOB List Taylor Beebe
2023-10-09 6:54 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 07/28] MdeModulePkg: Check Print Level Before Dumping GCD Memory Map Taylor Beebe
2023-10-09 7:10 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 08/28] UefiCpuPkg: Always Set Stack Guard in MpPei Init Taylor Beebe
2023-10-09 7:28 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 09/28] ArmVirtPkg: Add Memory Protection Library Definitions to Platforms Taylor Beebe
2023-10-09 7:30 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 10/28] OvmfPkg: " Taylor Beebe
2023-10-09 7:47 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 11/28] OvmfPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-10-09 8:19 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 12/28] OvmfPkg: Update PeilessStartupLib to use SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 13/28] UefiPayloadPkg: Update DXE Handoff " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 14/28] MdeModulePkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 15/28] ArmPkg: Use GetMemoryProtectionsLib instead of Memory Protection PCDs Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 16/28] EmulatorPkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 17/28] OvmfPkg: " Taylor Beebe
2023-10-09 8:29 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 18/28] UefiCpuPkg: " Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 19/28] MdeModulePkg: " Taylor Beebe
2023-10-09 0:07 ` Taylor Beebe [this message]
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 21/28] OvmfPkg: Add QemuFwCfgParseString to QemuFwCfgSimpleParserLib Taylor Beebe
2023-10-09 8:40 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 22/28] OvmfPkg: Add MemoryProtectionConfigLib Taylor Beebe
2023-10-09 9:17 ` Laszlo Ersek
2023-10-09 9:22 ` Laszlo Ersek
2023-10-09 9:34 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 23/28] OvmfPkg: Enable Choosing Memory Protection Profile via QemuCfg Taylor Beebe
2023-10-09 9:53 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 24/28] ArmVirtPkg: Apply Memory Protections via SetMemoryProtectionsLib Taylor Beebe
2023-10-09 10:00 ` Laszlo Ersek
2023-10-10 11:48 ` Gerd Hoffmann
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 25/28] MdeModulePkg: Delete PCD Profile from SetMemoryProtectionsLib Taylor Beebe
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 26/28] OvmfPkg: Delete Memory Protection PCDs Taylor Beebe
2023-10-09 10:02 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 27/28] ArmVirtPkg: " Taylor Beebe
2023-10-09 10:02 ` Laszlo Ersek
2023-10-09 0:07 ` [edk2-devel] [PATCH v5 28/28] MdeModulePkg: " Taylor Beebe
2023-10-09 10:03 ` Laszlo Ersek
2023-10-09 14:47 ` Taylor Beebe
2023-10-09 10:16 ` [edk2-devel] [PATCH v5 00/28] Implement Dynamic Memory Protection Settings Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231009000742.1792-21-taylor.d.beebe@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox