From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id A61CD740032 for ; Sat, 19 Aug 2023 22:13:41 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=9Y4r4M/mEDrXttqBhrd9WXAdKWy5lQvzWRz3D+8FR6c=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20140610; t=1692483220; v=1; b=kF85pdYYKlIu1U7QdK+LC7Qd9NOfT06dwnYEmuI1eMQFZUEspjfGV/vge7ygVIJqeFFisR+k tqWl9lB+0AodRMsq/XzhPHSeHaLA4qN+MDb7m5JCpGiWqGOlogNmpdVaNysAKdxfr20leR/52+9 zVU8Ci+XAThMozXM0BcICVRQ= X-Received: by 127.0.0.2 with SMTP id 0mabYY7687511x7Zfnje9bK3; Sat, 19 Aug 2023 15:13:40 -0700 X-Received: from mail-ua1-f48.google.com (mail-ua1-f48.google.com [209.85.222.48]) by mx.groups.io with SMTP id smtpd.web11.19285.1692483219388163301 for ; Sat, 19 Aug 2023 15:13:39 -0700 X-Received: by mail-ua1-f48.google.com with SMTP id a1e0cc1a2514c-76d846a4b85so647069241.1 for ; Sat, 19 Aug 2023 15:13:39 -0700 (PDT) X-Gm-Message-State: dj8Bbsy0Ek03RzyQxW3G3I5Mx7686176AA= X-Google-Smtp-Source: AGHT+IHqhQhnwkCksQy65VvcgaX7ZJoR535d2SsAXdTWlu0+6OFOK9dGoJWe6H3mN+3yeYpTSccZJxuCn3zVzxonYcs= X-Received: by 2002:a1f:9c02:0:b0:48d:e53:8431 with SMTP id f2-20020a1f9c02000000b0048d0e538431mr550895vke.5.1692483217993; Sat, 19 Aug 2023 15:13:37 -0700 (PDT) MIME-Version: 1.0 References: <20230818223159.1073-1-taylor.d.beebe@gmail.com> In-Reply-To: <20230818223159.1073-1-taylor.d.beebe@gmail.com> From: "Pedro Falcato" Date: Sat, 19 Aug 2023 23:13:26 +0100 Message-ID: Subject: Re: [edk2-devel] [PATCH v2 00/25] Implement Dynamic Memory Protections To: devel@edk2.groups.io, taylor.d.beebe@gmail.com Cc: Abner Chang , Andrei Warkentin , Anatol Belski , Andrew Fish , Anthony Perard , Ard Biesheuvel , =?UTF-8?Q?Corvin_K=C3=B6hne?= , Dandan Bi , Eric Dong , Erdem Aktas , Gerd Hoffmann , Guo Dong , Gua Guo , James Bottomley , James Lu , Jian J Wang , Jianyong Wu , Jiewen Yao , Jordan Justen , Julien Grall , Leif Lindholm , Liming Gao , Michael Roth , Min Xu , Peter Grehan , Rahul Kumar , Ray Ni , Rebecca Cran , Sami Mujawar , Sean Rhodes , Sunil V L , Tom Lendacky Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pedro.falcato@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=kF85pdYY; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On Fri, Aug 18, 2023 at 11:57=E2=80=AFPM Taylor Beebe wrote: > > In the past, memory protection settings were configured via FixedAtBuild = PCDs, > which resulted in a build-time configuration of memory mitigations. This > approach limited the flexibility of applying mitigations to the > system and made it difficult to update or adjust the settings post-build. > > In a design, the configuration interface has been revised to allow for dy= namic > configuration. This is achieved by setting memory protections via a libra= ry > interface which stores/updates the memory protection settings in > a GUIDed HOB, which is then consumed during and after DXE handoff. > > This patch series adds two libraries: > SetMemoryProtectionsLib: A PEIM that allows for setting/fetching memory > protections and "locking" to prevent further updates via the library inte= rface. > The backing for the settings are a GUIDed HOB that is created by the libr= ary > whenever its API is invoked. > > GetMemoryProtectionsLib: A DXE library that allows for getting the memory > protection settings for the current boot. This library populates a global > with the settings from the HOB entry (if present) for access in the modul= e. > Previous references to the PCDs are replaced with references to the globa= l. > > OvmfPkg has been updated to allow the setting of the memory protection pr= ofile > via QemuCfg instead of just the NxForStack setting. If no profile is pass= ed, > the platform will default to the Debug profile for DXE and Off profile fo= r MM. > > ArmVirtPkg will use the Release profile. > > Reference: https://github.com/tianocore/edk2/pull/4566 Hi Taylor, Would you mind stating what changed between v1 and v2? It would help reviewing :) --=20 Pedro -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107896): https://edk2.groups.io/g/devel/message/107896 Mute This Topic: https://groups.io/mt/100830898/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-