From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+109215+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id E41F178003C
	for <rebecca@openfw.io>; Fri, 29 Sep 2023 19:52:38 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=uIib3LGb0+37NLgoIr7vk3ky2wl+Ey9dn8uTE0RcMtI=;
 c=relaxed/simple; d=groups.io;
 h=Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1696017157; v=1;
 b=L8Nqbg2J/XrbJqANhcOeYvvE9t3CxB/L3AqfUsTqV0IN8eSbYZ4RyZMRDB/cmPIPy/irbm7A
 THHUxVm3Gaw+6W9TljUqS+HFU2I2W7hhZqtHJwHOB9/6XOpWFAlSvt4HYwtk4J02zXUHSac4uJu
 Mv2tT2GOQWY6b9PwsdshQsxs=
X-Received: by 127.0.0.2 with SMTP id QwWbYY7687511xl8JsXmta2b; Fri, 29 Sep 2023 12:52:37 -0700
X-Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181])
 by mx.groups.io with SMTP id smtpd.web11.27419.1696017157077407036
 for <devel@edk2.groups.io>;
 Fri, 29 Sep 2023 12:52:37 -0700
X-Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1c4194f769fso109927725ad.3
        for <devel@edk2.groups.io>; Fri, 29 Sep 2023 12:52:37 -0700 (PDT)
X-Gm-Message-State: ig15b5SHlFhOijSvymkn5mdIx7686176AA=
X-Google-Smtp-Source: AGHT+IGjojWBUJEpVrQqw7TiMqRZxShycGQmqWyLaMrYpFxcDxCAEw49krvPzFXiZikEt75QWq3Yog==
X-Received: by 2002:a17:902:ecc3:b0:1c7:36a7:e14a with SMTP id a3-20020a170902ecc300b001c736a7e14amr6314290plh.27.1696017156452;
        Fri, 29 Sep 2023 12:52:36 -0700 (PDT)
X-Received: from [192.168.0.233] ([50.46.253.1])
        by smtp.gmail.com with ESMTPSA id jk21-20020a170903331500b001b9be3b94d3sm11995049plb.140.2023.09.29.12.52.35
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 29 Sep 2023 12:52:36 -0700 (PDT)
Message-ID: <2390fe7b-d994-4aed-8b45-97bf028b2cb3@gmail.com>
Date: Fri, 29 Sep 2023 12:52:35 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [edk2-devel] [PATCH v4 20/28] MdeModulePkg: Add Additional Profiles to SetMemoryProtectionsLib
To: Gerd Hoffmann <kraxel@redhat.com>, devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>, Liming Gao <gaoliming@byosoft.com.cn>
References: <20230920005752.2041-1-taylor.d.beebe@gmail.com>
 <20230920005752.2041-21-taylor.d.beebe@gmail.com>
 <wwmq5ek5t62qxpz27acnlwq5idtflu6in4olbjw7agowfiiirr@7kfhd6trcrqq>
From: "Taylor Beebe" <taylor.d.beebe@gmail.com>
In-Reply-To: <wwmq5ek5t62qxpz27acnlwq5idtflu6in4olbjw7agowfiiirr@7kfhd6trcrqq>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,taylor.d.beebe@gmail.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=L8Nqbg2J;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

Sorry for the slow reply :)


Additional profiles which fit general use cases can be added to

SetMemoryProtectionsLib, but because this is a profile for grub

compatibility I'd say it's better suited for platform code making

MemoryProtectionConfigLib in OvmfPkg the best spot.

I'll add an additional static profile array to MemoryProtectionConfigLib

and have logic loop through both to see if a profile matches. I'll

add the GrubCompat profile you outlined to this new profile array.


I can also update ArmVirtPkg to disable execution protection

for EfiLoaderData by default until fw_cfg parsing

support is added to ArmVirtPkg. Let me know if you think

this is necessary.


Thanks for the feedback :)


-Taylor

On 9/27/23 1:19 AM, Gerd Hoffmann wrote:
> On Tue, Sep 19, 2023 at 05:57:43PM -0700, Taylor Beebe wrote:
>> Now that the EDK2 tree uses GetMemoryProtectionsLib to query
>> the platform memory protection settings, we can add additional
>> profiles to SetMemoryProtectionsLib to give plaforms more options
>> for setting memory protections.
> What is the recommended way to add more profiles?
>
> Specifically I have a bunch of linux test cases failing when testing
> this series, which is most likely causes by older + broken grub versions
> (which are known to use EfiLoaderData for code).
>
> So I think I need a "GrubCompat" profile which has
> ExecutionProtection.EnabledForType[EfiLoaderData] =3D FALSE
> but is otherwise identical to the production profile.
>
> Should that go into SetMemoryProtectionsLib?
> Or MemoryProtectionConfigLib?
>
> take care,
>    Gerd
>


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109215): https://edk2.groups.io/g/devel/message/109215
Mute This Topic: https://groups.io/mt/101469960/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-