From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8575E74004D for ; Mon, 11 Dec 2023 09:25:56 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=iEBTGR261idw4zj2pAL1vUkBT+jiWilvcshz2QdBOgw=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20140610; t=1702286755; v=1; b=J9rvMRfVALIbWI3Q2llIBoc4nQySqQyRZCn9LYNNNZD7xZiFhjT5X76ehF7KhsrD8uxgppXG tCDulMziONtUqzyhil2WvBwq7MxkxyoY+2TnlFNnY4fJ1+C8XCx6ctaLguoAA7oWh57oxsFI1FJ H+XlxeRj9d3QMrzbgUpMQv+U= X-Received: by 127.0.0.2 with SMTP id F0hGYY7687511xVDLeSE68vU; Mon, 11 Dec 2023 01:25:55 -0800 X-Received: from mail-qt1-f171.google.com (mail-qt1-f171.google.com [209.85.160.171]) by mx.groups.io with SMTP id smtpd.web10.4608.1702286754538439420 for ; Mon, 11 Dec 2023 01:25:54 -0800 X-Received: by mail-qt1-f171.google.com with SMTP id d75a77b69052e-425c1d7d72eso242491cf.1 for ; Mon, 11 Dec 2023 01:25:54 -0800 (PST) X-Gm-Message-State: T5uk2JdQdkUUsztP3NlTOypWx7686176AA= X-Google-Smtp-Source: AGHT+IGJ9Gz+vXFbSwyOhWkmxpUWZV8zEYOwNQAq9G0/uEZU9uas7O9kt4kojqQqhxFE06W8YEzKJkNIv6M7vyw9bqc= X-Received: by 2002:ac8:5a4d:0:b0:425:9b90:f69f with SMTP id o13-20020ac85a4d000000b004259b90f69fmr672957qta.6.1702286753264; Mon, 11 Dec 2023 01:25:53 -0800 (PST) MIME-Version: 1.0 References: <20231207100603.2654084-1-ardb@google.com> In-Reply-To: From: "Ard Biesheuvel" Date: Mon, 11 Dec 2023 10:25:41 +0100 Message-ID: Subject: Re: [edk2-devel] [PATCH v2] ArmVirt: Allow memory attributes protocol to be disabled on first boot To: Gerd Hoffmann Cc: devel@edk2.groups.io, Ard Biesheuvel , Laszlo Ersek , Oliver Steffen , Alexander Graf , Oliver Smith-Denny , Taylor Beebe , Peter Jones , Leif Lindholm Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=J9rvMRfV; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On Mon, Dec 11, 2023 at 10:06=E2=80=AFAM Gerd Hoffmann = wrote: > > On Thu, Dec 07, 2023 at 11:06:03AM +0100, Ard Biesheuvel wrote: > > From: Ard Biesheuvel > > > > Shim's PE loader uses the EFI memory attributes protocol in a way that > > results in an immediate crash when invoking the loaded image, unless th= e > > base and size of its executable segment are both aligned to 4k. > > > > If this is not the case, it will strip the memory allocation of its > > executable permissions, but fail to add them back for the executable > > region, resulting in non-executable code. Unfortunately, the PE loader > > does not even bother invoking the protocol in this case (as it notices > > the misalignment), making it very hard for system firmware to work > > around this by attempting to infer the intent of the caller. > > > > So let's introduce a QEMU command line option to indicate that the > > protocol should not be exposed at all on the first boot, which is when > > the issue is triggered. (fbaa64.efi is broken but grubaa64.efi boots > > fine) > > > > -fw_cfg opt/org.tianocore/UninstallMemAttrProtocolOnFirstBoot,string= =3Dy > > > > Also introduce a fixed boolean PCD that sets the default. > > Did some more testing meanwhile with latest shim. Noticed things can > explode in other ways as well in case the memory attribute protocol is > present. > > Specifically rhel-9.3 grub on aa64 crashes with latest shim. Which I > suspect is that grub version not being NX-clean, and shim setting page > permissions via memory attribute protocol triggers that bug. Didn't > analyze it yet though. > > So, while I'd love to see some automatic way here I suspect trying to be > too clever does more harm than good. > OK, so not worth the trouble of trying to detect the first boot, I guess. For my info, is rhel-9.3 an old GRUB? -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112277): https://edk2.groups.io/g/devel/message/112277 Mute This Topic: https://groups.io/mt/103031504/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-