From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 7677EAC0770 for ; Mon, 9 Oct 2023 00:08:17 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=hxcnZ4ShSuAwG/rVql2urApEv8TrBAzWXutJxvc6kkc=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1696810096; v=1; b=IKKM+71cM2wHMAUfJ0Htv/TjB4RZhrBfYiFSl3EyDXWUB83ngrrXRhzyeXnCa7+/GSTgjAwX 0INoeAaD9ejaRrWYmN7G5So3vK3jFYZFwJMFY/83hyTXC4yvvnWz/tpzIDMYzvbW0W19w8u7MxV 0HfDaioEfQDSBm81f+mVjxxE= X-Received: by 127.0.0.2 with SMTP id 4rk3YY7687511xMfeParPNlN; Sun, 08 Oct 2023 17:08:16 -0700 X-Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web11.50048.1696810088771955070 for ; Sun, 08 Oct 2023 17:08:08 -0700 X-Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-692b2bdfce9so3584441b3a.3 for ; Sun, 08 Oct 2023 17:08:08 -0700 (PDT) X-Gm-Message-State: Xz2TEkni3A8B5wxWVud0gfghx7686176AA= X-Google-Smtp-Source: AGHT+IGcRdqBLiaR1CKTKCQY/niHoAPrpskeIjI2+G0hd7EJOd6slPypA2lTNw32dwn6ehYNIY9fVw== X-Received: by 2002:a05:6a00:230c:b0:68a:6305:a4cc with SMTP id h12-20020a056a00230c00b0068a6305a4ccmr16897317pfh.5.1696810087978; Sun, 08 Oct 2023 17:08:07 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id t20-20020a62ea14000000b0068fcc7f6b00sm5048320pfh.74.2023.10.08.17.08.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Oct 2023 17:08:07 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao Subject: [edk2-devel] [PATCH v5 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib Date: Sun, 8 Oct 2023 17:07:32 -0700 Message-ID: <20231009000742.1792-21-taylor.d.beebe@gmail.com> In-Reply-To: <20231009000742.1792-1-taylor.d.beebe@gmail.com> References: <20231009000742.1792-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=IKKM+71c; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Now that the EDK2 tree uses GetMemoryProtectionsLib to query the platform memory protection settings, we can add additional profiles to SetMemoryProtectionsLib to give plaforms more options for setting memory protections. Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao --- MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c | 496 +++++++++++++++++++- MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h | 8 + 2 files changed, 502 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c index 13032ec80fbf..5a82a94fe258 100644 --- a/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c +++ b/MdeModulePkg/Library/SetMemoryProtectionsLib/SetMemoryProtectionsLib.c @@ -28,6 +28,227 @@ typedef struct { // DXE PROFILE DEFINITIONS // ///////////////////////////// +// +// A memory profile with strict settings ideal for development scenarios. +// +#define DXE_MEMORY_PROTECTION_SETTINGS_DEBUG \ +{ \ + DXE_MEMORY_PROTECTION_SIGNATURE, \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + TRUE, /* Stack Guard */ \ + TRUE, /* Stack Execution Protection */ \ + { /* NULL Pointer Detection */ \ + .Enabled = TRUE, \ + .DisableEndOfDxe = FALSE, \ + .NonstopModeEnabled = TRUE \ + }, \ + { /* Image Protection */ \ + .ProtectImageFromUnknown = TRUE, \ + .ProtectImageFromFv = TRUE \ + }, \ + { /* Execution Protection */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = TRUE, \ + [EfiLoaderCode] = FALSE, \ + [EfiLoaderData] = TRUE, \ + [EfiBootServicesCode] = FALSE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = FALSE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = TRUE, \ + [EfiUnusableMemory] = TRUE, \ + [EfiACPIReclaimMemory] = TRUE, \ + [EfiACPIMemoryNVS] = TRUE, \ + [EfiMemoryMappedIO] = TRUE, \ + [EfiMemoryMappedIOPortSpace] = TRUE, \ + [EfiPalCode] = TRUE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = TRUE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \ + } \ + }, \ + { /* Heap Guard */ \ + .PageGuardEnabled = TRUE, \ + .PoolGuardEnabled = TRUE, \ + .FreedMemoryGuardEnabled = FALSE, \ + .NonstopModeEnabled = TRUE, \ + .GuardAlignedToTail = TRUE \ + }, \ + { /* Pool Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = TRUE, \ + [EfiLoaderCode] = TRUE, \ + [EfiLoaderData] = TRUE, \ + [EfiBootServicesCode] = TRUE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = TRUE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = FALSE, \ + [EfiUnusableMemory] = TRUE, \ + [EfiACPIReclaimMemory] = TRUE, \ + [EfiACPIMemoryNVS] = TRUE, \ + [EfiMemoryMappedIO] = TRUE, \ + [EfiMemoryMappedIOPortSpace] = TRUE, \ + [EfiPalCode] = TRUE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = TRUE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \ + } \ + }, \ + { /* Page Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = TRUE, \ + [EfiLoaderCode] = TRUE, \ + [EfiLoaderData] = TRUE, \ + [EfiBootServicesCode] = TRUE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = TRUE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = FALSE, \ + [EfiUnusableMemory] = TRUE, \ + [EfiACPIReclaimMemory] = TRUE, \ + [EfiACPIMemoryNVS] = TRUE, \ + [EfiMemoryMappedIO] = TRUE, \ + [EfiMemoryMappedIOPortSpace] = TRUE, \ + [EfiPalCode] = TRUE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = TRUE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \ + } \ + } \ +} + +// +// A memory profile recommended for production. Compared to the debug +// settings, this profile removes the pool guards and uses page guards +// for fewer memory types. +// +#define DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE \ +{ \ + DXE_MEMORY_PROTECTION_SIGNATURE, \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + TRUE, /* Stack Guard */ \ + TRUE, /* Stack Execution Protection */ \ + { /* NULL Pointer Detection */ \ + .Enabled = TRUE, \ + .DisableEndOfDxe = FALSE, \ + .NonstopModeEnabled = FALSE \ + }, \ + { /* Image Protection */ \ + .ProtectImageFromUnknown = FALSE, \ + .ProtectImageFromFv = TRUE \ + }, \ + { /* Execution Protection */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = TRUE, \ + [EfiLoaderCode] = FALSE, \ + [EfiLoaderData] = TRUE, \ + [EfiBootServicesCode] = FALSE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = FALSE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = TRUE, \ + [EfiUnusableMemory] = TRUE, \ + [EfiACPIReclaimMemory] = TRUE, \ + [EfiACPIMemoryNVS] = TRUE, \ + [EfiMemoryMappedIO] = TRUE, \ + [EfiMemoryMappedIOPortSpace] = TRUE, \ + [EfiPalCode] = TRUE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = TRUE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \ + } \ + }, \ + { /* Heap Guard */ \ + .PageGuardEnabled = TRUE, \ + .PoolGuardEnabled = FALSE, \ + .FreedMemoryGuardEnabled = FALSE, \ + .NonstopModeEnabled = FALSE, \ + .GuardAlignedToTail = TRUE \ + }, \ + { /* Pool Guard */ \ + 0 \ + }, \ + { /* Page Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = FALSE, \ + [EfiLoaderCode] = FALSE, \ + [EfiLoaderData] = FALSE, \ + [EfiBootServicesCode] = FALSE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = FALSE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = FALSE, \ + [EfiUnusableMemory] = FALSE, \ + [EfiACPIReclaimMemory] = FALSE, \ + [EfiACPIMemoryNVS] = FALSE, \ + [EfiMemoryMappedIO] = FALSE, \ + [EfiMemoryMappedIOPortSpace] = FALSE, \ + [EfiPalCode] = FALSE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = FALSE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \ + } \ + } \ +} + +// +// A memory profile which mirrors DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE +// but doesn't include page guards. +// +#define DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE_NO_PAGE_GUARDS \ +{ \ + DXE_MEMORY_PROTECTION_SIGNATURE, \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + TRUE, /* Stack Guard */ \ + TRUE, /* Stack Execution Protection */ \ + { /* NULL Pointer Detection */ \ + .Enabled = TRUE, \ + .DisableEndOfDxe = FALSE, \ + .NonstopModeEnabled = FALSE \ + }, \ + { /* Image Protection */ \ + .ProtectImageFromUnknown = FALSE, \ + .ProtectImageFromFv = TRUE \ + }, \ + { /* Execution Protection */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = TRUE, \ + [EfiLoaderCode] = FALSE, \ + [EfiLoaderData] = TRUE, \ + [EfiBootServicesCode] = FALSE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = FALSE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = TRUE, \ + [EfiUnusableMemory] = TRUE, \ + [EfiACPIReclaimMemory] = TRUE, \ + [EfiACPIMemoryNVS] = TRUE, \ + [EfiMemoryMappedIO] = TRUE, \ + [EfiMemoryMappedIOPortSpace] = TRUE, \ + [EfiPalCode] = TRUE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = TRUE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \ + } \ + }, \ + { /* Heap Guard */ \ + 0 \ + }, \ + { /* Pool Guard */ \ + 0 \ + }, \ + { /* Page Guard */ \ + 0 \ + } \ +} + // // A memory profile which uses the fixed at build PCDs defined in MdeModulePkg.dec // @@ -121,10 +342,220 @@ typedef struct { } \ } +// A memory profile recommended for compatibility with older +// versions of Grub. +// +#define DXE_MEMORY_PROTECTION_SETTINGS_GRUB_COMPAT \ +{ \ + DXE_MEMORY_PROTECTION_SIGNATURE, \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + TRUE, /* Stack Guard */ \ + TRUE, /* Stack Execution Protection */ \ + { /* NULL Pointer Detection */ \ + .Enabled = TRUE, \ + .DisableEndOfDxe = TRUE, \ + .NonstopModeEnabled = FALSE \ + }, \ + { /* Image Protection */ \ + .ProtectImageFromUnknown = FALSE, \ + .ProtectImageFromFv = TRUE \ + }, \ + { /* Execution Protection */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = TRUE, \ + [EfiLoaderCode] = FALSE, \ + [EfiLoaderData] = FALSE, \ + [EfiBootServicesCode] = FALSE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = FALSE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = TRUE, \ + [EfiUnusableMemory] = TRUE, \ + [EfiACPIReclaimMemory] = TRUE, \ + [EfiACPIMemoryNVS] = TRUE, \ + [EfiMemoryMappedIO] = TRUE, \ + [EfiMemoryMappedIOPortSpace] = TRUE, \ + [EfiPalCode] = TRUE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = TRUE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = TRUE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = TRUE \ + } \ + }, \ + { /* Heap Guard */ \ + .PageGuardEnabled = TRUE, \ + .PoolGuardEnabled = FALSE, \ + .FreedMemoryGuardEnabled = FALSE, \ + .NonstopModeEnabled = FALSE, \ + .GuardAlignedToTail = TRUE \ + }, \ + { /* Pool Guard */ \ + 0 \ + }, \ + { /* Page Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = FALSE, \ + [EfiLoaderCode] = FALSE, \ + [EfiLoaderData] = FALSE, \ + [EfiBootServicesCode] = FALSE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = FALSE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = FALSE, \ + [EfiUnusableMemory] = FALSE, \ + [EfiACPIReclaimMemory] = FALSE, \ + [EfiACPIMemoryNVS] = FALSE, \ + [EfiMemoryMappedIO] = FALSE, \ + [EfiMemoryMappedIOPortSpace] = FALSE, \ + [EfiPalCode] = FALSE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = FALSE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \ + } \ + } \ +} + +// +// A memory profile which disables all DXE memory protection settings. +// +#define DXE_MEMORY_PROTECTION_SETTINGS_OFF \ +{ \ + DXE_MEMORY_PROTECTION_SIGNATURE, \ + DXE_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + FALSE, /* Stack Guard */ \ + FALSE, /* Stack Execution Protection */ \ + { /* NULL Pointer Detection */ \ + 0 \ + }, \ + { /* Image Protection */ \ + 0 \ + }, \ + { /* Execution Protection */ \ + 0 \ + }, \ + { /* Heap Guard */ \ + 0 \ + }, \ + { /* Pool Guard */ \ + 0 \ + }, \ + { /* Page Guard */ \ + 0 \ + } \ +} + //////////////////////////// // MM PROFILE DEFINITIONS // //////////////////////////// +// +// A memory profile ideal for development scenarios. +// +#define MM_MEMORY_PROTECTION_SETTINGS_DEBUG \ +{ \ + MM_MEMORY_PROTECTION_SIGNATURE, \ + MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + { /* NULL Pointer Detection */ \ + .Enabled = TRUE, \ + .NonstopModeEnabled = TRUE \ + }, \ + { /* Heap Guard */ \ + .PageGuardEnabled = TRUE, \ + .PoolGuardEnabled = TRUE, \ + .NonstopModeEnabled = TRUE, \ + .GuardAlignedToTail = TRUE \ + }, \ + { /* Pool Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = FALSE, \ + [EfiLoaderCode] = FALSE, \ + [EfiLoaderData] = FALSE, \ + [EfiBootServicesCode] = FALSE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = FALSE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = FALSE, \ + [EfiUnusableMemory] = FALSE, \ + [EfiACPIReclaimMemory] = FALSE, \ + [EfiACPIMemoryNVS] = FALSE, \ + [EfiMemoryMappedIO] = FALSE, \ + [EfiMemoryMappedIOPortSpace] = FALSE, \ + [EfiPalCode] = FALSE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = FALSE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \ + } \ + }, \ + { /* Page Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = FALSE, \ + [EfiLoaderCode] = FALSE, \ + [EfiLoaderData] = FALSE, \ + [EfiBootServicesCode] = FALSE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = FALSE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = FALSE, \ + [EfiUnusableMemory] = FALSE, \ + [EfiACPIReclaimMemory] = FALSE, \ + [EfiACPIMemoryNVS] = FALSE, \ + [EfiMemoryMappedIO] = FALSE, \ + [EfiMemoryMappedIOPortSpace] = FALSE, \ + [EfiPalCode] = FALSE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = FALSE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \ + } \ + } \ +} + +// +// A memory profile ideal for production scenarios. +// +#define MM_MEMORY_PROTECTION_SETTINGS_PROD_MODE \ +{ \ + MM_MEMORY_PROTECTION_SIGNATURE, \ + MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + { /* NULL Pointer Detection */ \ + .Enabled = TRUE, \ + .NonstopModeEnabled = FALSE \ + }, \ + { /* Heap Guard */ \ + .PageGuardEnabled = TRUE, \ + .PoolGuardEnabled = FALSE, \ + .NonstopModeEnabled = FALSE, \ + .GuardAlignedToTail = TRUE \ + }, \ + { /* Pool Guard */ \ + 0 \ + }, \ + { /* Page Guard */ \ + .EnabledForType = { \ + [EfiReservedMemoryType] = FALSE, \ + [EfiLoaderCode] = FALSE, \ + [EfiLoaderData] = FALSE, \ + [EfiBootServicesCode] = FALSE, \ + [EfiBootServicesData] = TRUE, \ + [EfiRuntimeServicesCode] = FALSE, \ + [EfiRuntimeServicesData] = TRUE, \ + [EfiConventionalMemory] = FALSE, \ + [EfiUnusableMemory] = FALSE, \ + [EfiACPIReclaimMemory] = FALSE, \ + [EfiACPIMemoryNVS] = FALSE, \ + [EfiMemoryMappedIO] = FALSE, \ + [EfiMemoryMappedIOPortSpace] = FALSE, \ + [EfiPalCode] = FALSE, \ + [EfiPersistentMemory] = FALSE, \ + [EfiUnacceptedMemoryType] = FALSE, \ + [OEM_RESERVED_MPS_MEMORY_TYPE] = FALSE, \ + [OS_RESERVED_MPS_MEMORY_TYPE] = FALSE \ + } \ + } \ +} + // // A memory profile which uses the fixed at build PCDs defined in MdeModulePkg.dec // @@ -188,24 +619,85 @@ typedef struct { } \ } +// +// A memory profile which disables all MM memory protection settings. +// +#define MM_MEMORY_PROTECTION_SETTINGS_OFF \ +{ \ + MM_MEMORY_PROTECTION_SIGNATURE, \ + MM_MEMORY_PROTECTION_SETTINGS_CURRENT_VERSION, \ + { /* NULL Pointer Detection */ \ + 0 \ + }, \ + { /* Heap Guard */ \ + 0 \ + }, \ + { /* Pool Guard */ \ + 0 \ + }, \ + { /* Page Guard */ \ + 0 \ + } \ +} + //////////////////////////// // PROFILE CONFIGURATIONS // //////////////////////////// DXE_MEMORY_PROTECTION_PROFILES DxeMemoryProtectionProfiles[DxeMemoryProtectionSettingsMax] = { - [DxeMemoryProtectionSettingsPcd] = { + [DxeMemoryProtectionSettingsDebug] = { + .Name = "Debug", + .Description = "Development profile ideal for debug scenarios", + .Settings = DXE_MEMORY_PROTECTION_SETTINGS_DEBUG + }, + [DxeMemoryProtectionSettingsRelease] = { + .Name = "Release", + .Description = "Release profile recommended for production scenarios", + .Settings = DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE + }, + [DxeMemoryProtectionSettingsReleaseNoPageGuards] = { + .Name = "ReleaseNoPageGuards", + .Description = "Release profile without page guards recommended for performance sensitive production scenarios", + .Settings = DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE_NO_PAGE_GUARDS + }, + [DxeMemoryProtectionSettingsPcd] = { .Name = "Pcd", .Description = "Memory protection settings from PCDs", .Settings = DXE_MEMORY_PROTECTION_SETTINGS_PCD }, + [DxeMemoryProtectionSettingsGrubCompat] = { + .Name = "GrubCompat", + .Description = "DXE_MEMORY_PROTECTION_SETTINGS_PROD_MODE with some protections disabled for legacy Grub compatibility", + .Settings = DXE_MEMORY_PROTECTION_SETTINGS_GRUB_COMPAT + }, + [DxeMemoryProtectionSettingsOff] = { + .Name = "Off", + .Description = "Disables all memory protection settings", + .Settings = DXE_MEMORY_PROTECTION_SETTINGS_OFF + } }; MM_MEMORY_PROTECTION_PROFILES MmMemoryProtectionProfiles[MmMemoryProtectionSettingsMax] = { - [MmMemoryProtectionSettingsPcd] = { + [MmMemoryProtectionSettingsDebug] = { + .Name = "Debug", + .Description = "Development profile ideal for debug scenarios", + .Settings = MM_MEMORY_PROTECTION_SETTINGS_DEBUG + }, + [MmMemoryProtectionSettingsRelease] = { + .Name = "Release", + .Description = "Release profile recommended for production scenarios", + .Settings = MM_MEMORY_PROTECTION_SETTINGS_PROD_MODE + }, + [MmMemoryProtectionSettingsPcd] = { .Name = "Pcd", .Description = "Memory protection settings from PCDs", .Settings = MM_MEMORY_PROTECTION_SETTINGS_PCD }, + [MmMemoryProtectionSettingsOff] = { + .Name = "Off", + .Description = "Disables all memory protection settings", + .Settings = MM_MEMORY_PROTECTION_SETTINGS_OFF + } }; ///////////////////////////////////// diff --git a/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h b/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h index 023c987c3c7e..3638ba7e3ef7 100644 --- a/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h +++ b/MdeModulePkg/Include/Library/SetMemoryProtectionsLib.h @@ -17,6 +17,11 @@ typedef struct { } DXE_MEMORY_PROTECTION_PROFILES; typedef enum { + DxeMemoryProtectionSettingsDebug = 0, + DxeMemoryProtectionSettingsRelease, + DxeMemoryProtectionSettingsReleaseNoPageGuards, + DxeMemoryProtectionSettingsGrubCompat, + DxeMemoryProtectionSettingsOff, DxeMemoryProtectionSettingsPcd, DxeMemoryProtectionSettingsMax } DXE_MEMORY_PROTECTION_PROFILE_INDEX; @@ -28,6 +33,9 @@ typedef struct { } MM_MEMORY_PROTECTION_PROFILES; typedef enum { + MmMemoryProtectionSettingsDebug = 0, + MmMemoryProtectionSettingsRelease, + MmMemoryProtectionSettingsOff, MmMemoryProtectionSettingsPcd, MmMemoryProtectionSettingsMax } MM_MEMORY_PROTECTION_PROFILE_INDEX; -- 2.42.0.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109425): https://edk2.groups.io/g/devel/message/109425 Mute This Topic: https://groups.io/mt/101843364/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-