From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 2488F740035 for ; Mon, 9 Oct 2023 00:08:20 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=5IXRbnYfVIxpkKfDm1H46Ov6dcxd8WGvHH8RQjleIA8=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20140610; t=1696810099; v=1; b=MqHskvU9s/tGXuFTDp45FQVSDWwJ74DWWRX9vdw+CGSPvzRv9XSZ5cInbNBcWGzSSkHnD/vx gj0WslHV7F/p/5PoQMWvxQd8R+YLbCFBTabrNUA+4zALt+N3e/PzxJ3meK2txGrK95xxHB0Lx1m Fx9kA/mJRDWkdi0U5ijCHZ6c= X-Received: by 127.0.0.2 with SMTP id daU4YY7687511xImqyi7LOvI; Sun, 08 Oct 2023 17:08:19 -0700 X-Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web10.50235.1696810093310660261 for ; Sun, 08 Oct 2023 17:08:13 -0700 X-Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-6910ea9cddbso3298809b3a.0 for ; Sun, 08 Oct 2023 17:08:13 -0700 (PDT) X-Gm-Message-State: Ww6O67TYAHEW85zlDg2pprfnx7686176AA= X-Google-Smtp-Source: AGHT+IHAxtMMP9icAzpWKd6C9Vxj9ZB444gwufR8ST+r95or7sU4Z2/sLIPlXB/DR+6LZyZlZ77zQg== X-Received: by 2002:a05:6a21:78aa:b0:16b:9886:7eda with SMTP id bf42-20020a056a2178aa00b0016b98867edamr10671488pzc.35.1696810092563; Sun, 08 Oct 2023 17:08:12 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.253.1]) by smtp.gmail.com with ESMTPSA id t20-20020a62ea14000000b0068fcc7f6b00sm5048320pfh.74.2023.10.08.17.08.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Oct 2023 17:08:12 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Rebecca Cran , Peter Grehan , =?UTF-8?q?Corvin=20K=C3=B6hne?= , Jianyong Wu , Anatol Belski , Anthony Perard , Julien Grall , Erdem Aktas , James Bottomley , Min Xu , Tom Lendacky , Michael Roth , Sunil V L , Andrei Warkentin Subject: [edk2-devel] [PATCH v5 26/28] OvmfPkg: Delete Memory Protection PCDs Date: Sun, 8 Oct 2023 17:07:38 -0700 Message-ID: <20231009000742.1792-27-taylor.d.beebe@gmail.com> In-Reply-To: <20231009000742.1792-1-taylor.d.beebe@gmail.com> References: <20231009000742.1792-1-taylor.d.beebe@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=MqHskvU9; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Now that the transition to use SetMemoryProtectionsLib and GetMemoryProtectionsLib is complete, delete the memory protection PCDs to avoid confusing the interface. All memory protection settings will now be set and consumed via the libraries. Signed-off-by: Taylor Beebe Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Cc: Rebecca Cran Cc: Peter Grehan Cc: Corvin Köhne Cc: Jianyong Wu Cc: Anatol Belski Cc: Anthony Perard Cc: Julien Grall Cc: Erdem Aktas Cc: James Bottomley Cc: Min Xu Cc: Tom Lendacky Cc: Michael Roth Cc: Sunil V L Cc: Andrei Warkentin --- OvmfPkg/AmdSev/AmdSevX64.dsc | 3 --- OvmfPkg/Bhyve/BhyveX64.dsc | 3 --- OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf | 1 - OvmfPkg/CloudHv/CloudHvX64.dsc | 3 --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 3 --- OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf | 1 - OvmfPkg/Microvm/MicrovmX64.dsc | 3 --- OvmfPkg/OvmfPkgIa32.dsc | 3 --- OvmfPkg/OvmfPkgIa32X64.dsc | 3 --- OvmfPkg/OvmfPkgX64.dsc | 3 --- OvmfPkg/OvmfXen.dsc | 3 --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 - OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 13 ------------- OvmfPkg/TdxDxe/TdxDxe.inf | 1 - 14 files changed, 44 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index b67b50b833b9..46a74e4f8ee8 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -516,9 +516,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 5af5831196f6..21baa47d2526 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -550,9 +550,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 diff --git a/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf b/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf index 07570d4e30ca..07f032941404 100644 --- a/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf @@ -89,7 +89,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index c550ebcd659e..b8d643dfda3c 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -600,9 +600,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index a3370f45940c..513727ae98ff 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -511,9 +511,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf index a6d7b53f52cf..009bee69e405 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf @@ -79,7 +79,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplBuildPageTables ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## CONSUMES gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index da5a4862bfdc..78f2ab64a60d 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -623,9 +623,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index d4d14b69ef1d..0f2b1812a821 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -634,9 +634,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 674010323df1..6180d267067a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -652,9 +652,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 08b70d76d292..937488b043f4 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -670,9 +670,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index d80e20a151d7..e3631202238b 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -506,9 +506,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index fbaa6bdc8ee5..3085f4f46a50 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -104,7 +104,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase diff --git a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc index fe320525153f..57304c40766a 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc +++ b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc @@ -271,19 +271,6 @@ [PcdsFixedAtBuild.common] gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0 - # - # Enable strict image permissions for all images. (This applies - # only to images that were built with >= 4 KB section alignment.) - # - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 - - # - # Enable NX memory protection for all non-code regions, including OEM and OS - # reserved ones, with the exception of LoaderData regions, of which OS loaders - # (i.e., GRUB) may assume that its contents are executable. - # - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5 - [Components.common] # # Ramdisk support diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf index 9793562884c7..42317228c1aa 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.inf +++ b/OvmfPkg/TdxDxe/TdxDxe.inf @@ -68,6 +68,5 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize -- 2.42.0.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109431): https://edk2.groups.io/g/devel/message/109431 Mute This Topic: https://groups.io/mt/101843370/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-