From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ard.biesheuvel@linaro.org>
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com
 [IPv6:2607:f8b0:4001:c0b::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 888318215F
 for <edk2-devel@ml01.01.org>; Fri, 24 Feb 2017 07:17:44 -0800 (PST)
Received: by mail-it0-x22b.google.com with SMTP id 203so25113913ith.0
 for <edk2-devel@ml01.01.org>; Fri, 24 Feb 2017 07:17:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=eAAh+VbGZ6p5qRzO1JV+F6sAgBIkH6ShAuqwSjEIe3Y=;
 b=WrqHvhGk23yxcC8xmaWd2hlKIrtC9DxMvZE8DwSRRqa1XXlLzvxpb5EIzI3l1iG2YW
 UzvqLTmESQF14wHnx/Lk0Lw+aU1/a6YFfK+LzOtutCYqT9sFB0+ByuN1vFU721fQ4yNM
 b/CaIrEvX5vSWYSNNVGTB2RGw/fHa+3GcRogY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=eAAh+VbGZ6p5qRzO1JV+F6sAgBIkH6ShAuqwSjEIe3Y=;
 b=IxQ8OhO78EDo3vQyicRibvPrjndi3PSZ/njlgnQzUf5gBXUrUjxG8Nt0aNRv86MNVZ
 PwnXhylnsBFhn/5mS4M6bF9zXD/7p+w8MOFI2ap//qbyr5nYoc4ch46YO7Jg4d3zBlNC
 3cC0AOjSmenWV59uvWg6rTme83tR+FsA0YiHMx4XHIU4jv5egGgjiiB1DNeI3de0qIe4
 DDLnA7kj4jrxCBlMFsop9RIcWi9Nm0IsBMGTbxTPVQddFDnweHXP9T7ui1m2vefQb3bR
 BU8g+Fprc81dQaaAkIlnKUBBsiEWOPovp4tXXMeGXElTJ65mnBiSoaoDtV3dlGpJD6uY
 WCkw==
X-Gm-Message-State: AMke39kQEU9gCndPVMNdhV9AOok5Lk4bjk2YsY0+NanAInmZpf+2HA+uKylcTaEkbRna6VG50QmjBeTiMPzA7g+6
X-Received: by 10.36.77.10 with SMTP id l10mr2728589itb.59.1487949461220; Fri,
 24 Feb 2017 07:17:41 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.198.134 with HTTP; Fri, 24 Feb 2017 07:17:40 -0800 (PST)
In-Reply-To: <8f8f4c91-0114-0b38-f1f8-d653253b9fb0@redhat.com>
References: <1487764485-18631-1-git-send-email-ard.biesheuvel@linaro.org>
 <8f8f4c91-0114-0b38-f1f8-d653253b9fb0@redhat.com>
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Fri, 24 Feb 2017 15:17:40 +0000
Message-ID: <CAKv+Gu-ZNv1VFC0DQBtpFUqx0CFg4NNFtk_S6T1BGyQKOH21nA@mail.gmail.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@ml01.01.org>,
 Leif Lindholm <leif.lindholm@linaro.org>
Subject: Re: [PATCH] ArmVirtPkg/ArmVirt.dsc.inc: AARCH64: enable DXE image protection feature
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2017 15:17:44 -0000
Content-Type: text/plain; charset=UTF-8

On 23 February 2017 at 09:36, Laszlo Ersek <lersek@redhat.com> wrote:
> On 02/22/17 12:54, Ard Biesheuvel wrote:
>> Enable the new DXE image protection for all image, i.e., FV images but
>> also external images that originate from disk or the network, such as
>> OS loaders.
>>
>> This complements work that is underway on the arm64/Linux kernel side,
>> to emit the OS loader with 4 KB section alignment, and a suitable split
>> between code and data.
>>
>> http://marc.info/?l=linux-arm-kernel&m=148655557227819
>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>>  ArmVirtPkg/ArmVirt.dsc.inc | 10 ++++++++++
>>  1 file changed, 10 insertions(+)
>>
>> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
>> index dbd6678accde..c0d5e7c6aa6d 100644
>> --- a/ArmVirtPkg/ArmVirt.dsc.inc
>> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
>> @@ -17,6 +17,9 @@ [Defines]
>>    DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
>>    DEFINE TTY_TERMINAL            = FALSE
>>
>> +[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION]
>> +  GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000
>> +
>>  [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
>>    GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000
>>    GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000
>> @@ -380,6 +383,13 @@ [PcdsFixedAtBuild.common]
>>  [PcdsFixedAtBuild.ARM]
>>    gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40
>>
>> +[PcdsFixedAtBuild.AARCH64]
>> +  #
>> +  # Enable strict image permissions for all images. (This applies
>> +  # only to images that were built with >= 4 KB section alignment.)
>> +  #
>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3
>> +
>>  [Components.common]
>>    #
>>    # Networking stack
>>
>
> So, if I understand correctly, setting BIT0 will not break external
> images with unaligned sections, they just won't be protected, and
> they'll trigger loud warnings. OK.
>

Indeed.

> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
>

Pushed, thanks.