From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 93E89D80056 for ; Mon, 17 Jul 2023 16:15:40 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=xwrlQV54r/7T7FScYcUzGTZ06uKtnJJOycJ5v4A6Ixk=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Gm-Message-State:X-Google-Smtp-Source:X-Received:MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:Content-Type:Content-Transfer-Encoding; s=20140610; t=1689610539; v=1; b=B9uAn1qxvkXMfRDaQFZFnSVHGlEr0SpwFTYBRKSmWRQePoZg+hAzTt/wyLjx6G4WeRVWEeXh NKDGf/BziESszL1Kp6P7M7XJeBB0X+AxPKS83rzDAwi2YDjw7KnCAXix+047dTVk4rlUzWFCITy 4GBq+D/xOc2BPvSdYfwBgaPk= X-Received: by 127.0.0.2 with SMTP id Mz5wYY7687511xEG0AJ2zj7W; Mon, 17 Jul 2023 09:15:39 -0700 X-Received: from mail-vk1-f177.google.com (mail-vk1-f177.google.com [209.85.221.177]) by mx.groups.io with SMTP id smtpd.web10.673.1689610538477307806 for ; Mon, 17 Jul 2023 09:15:38 -0700 X-Received: by mail-vk1-f177.google.com with SMTP id 71dfb90a1353d-48138949fb4so1380935e0c.1 for ; Mon, 17 Jul 2023 09:15:38 -0700 (PDT) X-Gm-Message-State: vk3NRUvz0lKIGKKYA0gDKCOox7686176AA= X-Google-Smtp-Source: APBJJlGnkD2E71XeZYqUB/FHjw1OVsyL6WyVX5cwquEBrJGL8wn+dYy04RJ64Ih6vFW5iamxRVB0eeCuY5C9sMZg/L4= X-Received: by 2002:a1f:c144:0:b0:481:476c:c6d9 with SMTP id r65-20020a1fc144000000b00481476cc6d9mr6568238vkf.11.1689610537251; Mon, 17 Jul 2023 09:15:37 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Pedro Falcato" Date: Mon, 17 Jul 2023 17:15:26 +0100 Message-ID: Subject: Re: [edk2-devel] [PATCH 00/14] Implement Dynamic Memory Protections To: devel@edk2.groups.io, t@taylorbeebe.com Cc: Jian J Wang , Liming Gao , Dandan Bi , Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Leif Lindholm , Sami Mujawar , Andrew Fish , Ray Ni , Eric Dong , Rahul Kumar , Guo Dong , Sean Rhodes , James Lu , Gua Guo Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pedro.falcato@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=B9uAn1qx; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none) On Wed, Jul 12, 2023 at 12:53=E2=80=AFAM Taylor Beebe w= rote: > > In the past, memory protection settings were configured via FixedAtBuild = PCDs, > which resulted in a build-time configuration of memory mitigations. This > approach limited the flexibility of applying mitigations to the > system and made it difficult to update or adjust the settings post-build. How do you mitigate the possibility of an attack overwriting the dynamic configuration data (the HOBs)? It seems most dangerous to me to publish this sort of security-sensitive configuration knobs dynamically such that an attacker can change them. --=20 Pedro -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106965): https://edk2.groups.io/g/devel/message/106965 Mute This Topic: https://groups.io/mt/100090629/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-