Re: AARCH64:Use of EFI_MEMORY_XP

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: Evan Lloyd <Evan.Lloyd@arm.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
	 "Matteo.Carlini@arm.com@arm.com"
	<"Matteo.Carlini@arm.com"@arm.com>,
	 "leif.lindholm@linaro.org@arm.com"
	<"leif.lindholm@linaro.org"@arm.com>,
	 "nd@arm.com@arm.com" <"nd@arm.com"@arm.com>,
	Girish Pathak <Girish.Pathak@arm.com>,
	 Sami Mujawar <Sami.Mujawar@arm.com>, Dong Wei <Dong.Wei@arm.com>,
	 Mitch Ishihara <Mitch.Ishihara@arm.com>
Subject: Re: AARCH64:Use of EFI_MEMORY_XP
Date: Wed, 14 Mar 2018 19:39:29 +0000	[thread overview]
Message-ID: <CAKv+Gu-4Lv_FHOsM-BQXZeUASg8NNeCuKMTkLx-oEEnLADz-HQ@mail.gmail.com> (raw)
In-Reply-To: <HE1PR0801MB17719FB8E3925CFE097A4C318BD10@HE1PR0801MB1771.eurprd08.prod.outlook.com>

On 14 March 2018 at 19:34, Evan Lloyd <Evan.Lloyd@arm.com> wrote:
> Hi Ard.
> We still have a minor problem in that the spec disqualifies EFI_MEMORY_XP for AARCH64.
> Do you have any thoughts on this?
> How should we proceed here?  I assume the specification statement was a considered decision.
> Do we need to get it changed, or is EFI_MEMORY_XP unnecessary?
>

No, that is a spec bug

EFI_MEMORY_RO and EFI_MEMORY_XP are essential for things like the
memory attributes table, which prevents UEFI memory regions from being
an exploit walhalla consisting only of memory regions that are
writable and executable at the same time, which would defeat all the
hard work OS engineers are doing to tighten memory permissions in
privileged execution contexts.

In this particular case, having a read-write-execute framebuffer could
be a security hazard as well, so I'd prefer to strip the executable
permissions here.


>> -----Original Message-----
>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>> Evan Lloyd
>> Sent: 08 January 2018 18:51
>> To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: "Matteo.Carlini@arm.com"@arm.com;
>> "leif.lindholm@linaro.org"@arm.com; "nd@arm.com"@arm.com; edk2-
>> devel@lists.01.org; Arvind Chauhan <Arvind.Chauhan@arm.com>;
>> "ard.biesheuvel@linaro.org"@arm.com; Thomas Abraham
>> <thomas.abraham@arm.com>
>> Subject: Re: [edk2] [PATCH edk2-platforms v2 15/18] ARM/VExpressPkg:
>> New DP500/DP550/DP650 platform library.
>>
>>
>>
>> > -----Original Message-----
>> > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>> > Sent: 23 December 2017 16:07
>> > To: Evan Lloyd <Evan.Lloyd@arm.com>
>> > Cc: edk2-devel@lists.01.org; Arvind Chauhan
>> <Arvind.Chauhan@arm.com>;
>> > Daniil Egranov <Daniil.Egranov@arm.com>; Thomas Abraham
>> > <thomas.abraham@arm.com>; "ard.biesheuvel@linaro.org"@arm.com;
>> > "leif.lindholm@linaro.org"@arm.com;
>> > "Matteo.Carlini@arm.com"@arm.com; "nd@arm.com"@arm.com
>> > Subject: Re: [PATCH edk2-platforms v2 15/18] ARM/VExpressPkg: New
>> > DP500/DP550/DP650 platform library.
>> >
> ...
>> > > +  // Mark the VRAM as write-combining. The VRAM is inside the DRAM,
>> > > + which is  // cacheable, for ARM/AArch64 EFI_MEMORY_WC memory
>> is
>> > actually uncached.
>> > > +  Status = gDS->SetMemorySpaceAttributes (
>> > > +                  *VramBaseAddress,
>> > > +                  *VramSize,
>> > > +                  EFI_MEMORY_WC
>> >
>> > Please add EFI_MEMORY_XP here
>> >
>>
>>  [[Evan Lloyd]] We can do that, happily.  However, in looking at this we
>> found that the UEFI spec has in "2.3.6 AArch64 Platforms", section "2.3.6.1
>> Memory types":
>> EFI_MEMORY_XP, ...                                                                             Not used
>> or defined
>>
>> Does that suggest we need a minor spec update?
>>
>> > > +                  );
> ...
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

     prev parent reply	other threads:[~2018-03-14 19:33 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-14 19:34 AARCH64:Use of EFI_MEMORY_XP Evan Lloyd
2018-03-14 19:39 ` Ard Biesheuvel [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKv+Gu-4Lv_FHOsM-BQXZeUASg8NNeCuKMTkLx-oEEnLADz-HQ@mail.gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox