From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 7DBBB7803EA for ; Mon, 9 Oct 2023 10:02:45 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=W3EExH8dVHJzf6f2hlaXfWYugWUl8MqZHnK9S4LCo4w=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1696845764; v=1; b=w/V3QD/GQj3EENSfKoNBjg02ulUn2TW2CeoJgpszE16eaRX7c0OzDmmVHTTRvRyvh0k5oAED 4nvrX+6I2DG1ntF86u875UTePVKn3u05UCLXbFfMtd57/qjMkULEvXBON0kOmL0Pe/2mjxoj4ps IAv7iYyGHaRoxyoUL1Amslso= X-Received: by 127.0.0.2 with SMTP id WakHYY7687511xONK2PPHT2E; Mon, 09 Oct 2023 03:02:44 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.57571.1696845763583489410 for ; Mon, 09 Oct 2023 03:02:43 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-678-GPMBgYLBNB6gMHvJA9j5jA-1; Mon, 09 Oct 2023 06:02:37 -0400 X-MC-Unique: GPMBgYLBNB6gMHvJA9j5jA-1 X-Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4E953810BD9; Mon, 9 Oct 2023 10:02:37 +0000 (UTC) X-Received: from [10.39.192.114] (unknown [10.39.192.114]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4BFC0492B16; Mon, 9 Oct 2023 10:02:36 +0000 (UTC) Message-ID: <28bee206-5130-ee2c-934a-ab0273383316@redhat.com> Date: Mon, 9 Oct 2023 12:02:35 +0200 MIME-Version: 1.0 Subject: Re: [edk2-devel] [PATCH v5 27/28] ArmVirtPkg: Delete Memory Protection PCDs To: devel@edk2.groups.io, taylor.d.beebe@gmail.com Cc: Ard Biesheuvel , Leif Lindholm , Sami Mujawar , Gerd Hoffmann References: <20231009000742.1792-1-taylor.d.beebe@gmail.com> <20231009000742.1792-28-taylor.d.beebe@gmail.com> From: "Laszlo Ersek" In-Reply-To: <20231009000742.1792-28-taylor.d.beebe@gmail.com> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: OdJlFtVJaQFcq3VRlVcId44mx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b="w/V3QD/G"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On 10/9/23 02:07, Taylor Beebe wrote: > Now that the transition to use SetMemoryProtectionsLib and > GetMemoryProtectionsLib is complete, delete the memory protection PCDs > to avoid confusing the interface. All memory protection settings > will now be set and consumed via the libraries. >=20 > Signed-off-by: Taylor Beebe > Cc: Ard Biesheuvel > Cc: Leif Lindholm > Cc: Sami Mujawar > Cc: Gerd Hoffmann > --- > ArmVirtPkg/ArmVirt.dsc.inc | 15 --------------- > ArmVirtPkg/ArmVirtCloudHv.dsc | 5 ----- > ArmVirtPkg/ArmVirtQemu.dsc | 5 ----- > 3 files changed, 25 deletions(-) >=20 > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc > index f76601503cd9..9b9d18a6e6c1 100644 > --- a/ArmVirtPkg/ArmVirt.dsc.inc > +++ b/ArmVirtPkg/ArmVirt.dsc.inc > @@ -360,21 +360,6 @@ [PcdsFixedAtBuild.common] > gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20 > gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0 > =20 > - # > - # Enable strict image permissions for all images. (This applies > - # only to images that were built with >=3D 4 KB section alignment.) > - # > - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 > - > - # > - # Enable NX memory protection for all non-code regions, including OEM = and OS > - # reserved ones, with the exception of LoaderData regions, of which OS= loaders > - # (i.e., GRUB) may assume that its contents are executable. > - # > - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC00000= 0000007FD5 > - > - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE > - > [Components.common] > # > # Ramdisk support > diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.ds= c > index 2cb89ce10cf6..c87b71ccc28e 100644 > --- a/ArmVirtPkg/ArmVirtCloudHv.dsc > +++ b/ArmVirtPkg/ArmVirtCloudHv.dsc > @@ -140,11 +140,6 @@ [PcdsFixedAtBuild.common] > # > gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 > =20 > - # > - # Enable the non-executable DXE stack. (This gets set up by DxeIpl) > - # > - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE > - > !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE > # override the default values from SecurityPkg to ensure images from a= ll sources are verified in secure boot > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 > diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc > index 30e3cfc8b9cc..7dedbd912b2c 100644 > --- a/ArmVirtPkg/ArmVirtQemu.dsc > +++ b/ArmVirtPkg/ArmVirtQemu.dsc > @@ -212,11 +212,6 @@ [PcdsFixedAtBuild.common] > # > gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 > =20 > - # > - # Enable the non-executable DXE stack. (This gets set up by DxeIpl) > - # > - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE > - > !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE > # override the default values from SecurityPkg to ensure images from a= ll sources are verified in secure boot > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 I'll leave this to Ard :) -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109452): https://edk2.groups.io/g/devel/message/109452 Mute This Topic: https://groups.io/mt/101843371/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/19134562= 12/xyzzy [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-