From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C585681F39 for ; Thu, 9 Feb 2017 00:49:03 -0800 (PST) Received: by mail-io0-x231.google.com with SMTP id j18so11620095ioe.2 for ; Thu, 09 Feb 2017 00:49:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=B2eXCnXqTTMjhertr7yLLjQXyJ80t69u/dFrcjXkEtg=; b=aJN9zEATYg6TT92mws8TBtdTKIztTC3+q3/jTcn7Civoe9OR8bNzXuls6tVqkJfddt iXoH05ieXQbwsWaZrpWiZfJRDU2ScQ3u74UC5ks37YahUcg+7I955xbN0C3S7xcgUFYn MzwCZ2y2RG7ETIAilJC0EIEno55OYsG8/Zy54= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=B2eXCnXqTTMjhertr7yLLjQXyJ80t69u/dFrcjXkEtg=; b=tceOPsgmGV3rR3wIUN6GtTCllx6XloXMVvzwWngTJGvRsyyEjOzr42Rb7XQd6NbEDZ mwVSewI5ATuyP5zK1CJQxLBD+BdSwIeu2Fpc+XtibxHmn8lcelnPIcvpruTVAQmM+5gY dFnbWZ7cq1olB02TMVXL8xoJE/FujrtIx5puC4YuLPNaWhHO9XmCw2m9nxg3aUnICmQ8 lYgm7HIUIQtg80Myk9FwiwtDuI3CHPIEJ7VnECn6xUQBb2g56S5zWRRE21prnzdUvbG0 ZhFZ61csfVNubxaDMGUnH5E+v2vX68XK2MfnetHZG1CXlaordmUdKnmVeS7AZmjhZw6R znKw== X-Gm-Message-State: AMke39lreNdGH0IycpF4cpT+1jFs7TjTnx5R/52lXOS2qQrinBF9ryDBjIiyGc4AzoIHE86oORehtzpOTr9B/qnO X-Received: by 10.107.12.150 with SMTP id 22mr2101167iom.138.1486630143028; Thu, 09 Feb 2017 00:49:03 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.144.139 with HTTP; Thu, 9 Feb 2017 00:49:02 -0800 (PST) In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503A8EBD52@shsmsx102.ccr.corp.intel.com> References: <1486624832-15736-1-git-send-email-jiewen.yao@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8EBD52@shsmsx102.ccr.corp.intel.com> From: Ard Biesheuvel Date: Thu, 9 Feb 2017 08:49:02 +0000 Message-ID: To: "Yao, Jiewen" Cc: "edk2-devel@lists.01.org" , "Tian, Feng" , Leif Lindholm , "Kinney, Michael D" , "Fan, Jeff" , "Zeng, Star" Subject: Re: [PATCH V3 0/4] DXE Memory Protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 08:49:04 -0000 Content-Type: text/plain; charset=UTF-8 On 9 February 2017 at 07:43, Yao, Jiewen wrote: > Hi Lindholm/Ard > This version 3 contains both of your feedback before. > > If you can do me a favor to evaluated the impact to ARM, that will be great. > I will take a look right away. > Thank you > Yao Jiewen > >> -----Original Message----- >> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Jiewen >> Yao >> Sent: Wednesday, February 8, 2017 11:20 PM >> To: edk2-devel@lists.01.org >> Cc: Tian, Feng ; Ard Biesheuvel >> ; Leif Lindholm ; Kinney, >> Michael D ; Fan, Jeff ; Zeng, >> Star >> Subject: [edk2] [PATCH V3 0/4] DXE Memory Protection >> >> ==== V3 ==== >> 1) Add PCD for policy control (feedback from Ard Biesheuvel) >> (Discussed with Mike Kinney) >> + # BIT0 - Image from unknown device.
>> + # BIT1 - Image from firmware volume.
>> + # @Prompt Set image protection policy. >> + # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F >> + >> gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UIN >> T32|0x00001047 >> >> 2) Remove unused function in CpuDxe.(feedback from Liming Gao) >> 3) Add commit log on link option assumption (feedback from Feng Tian) >> >> ==== V2 ==== >> 1) Clean up ArmPkg, (feedback from Leif Lindholm) >> >> ==== V1 ==== >> This series patch provides capability to protect PE/COFF image >> in DXE memory. >> If the UEFI image is page aligned, the image code section is set to read >> only and the image data section is set to non-executable. >> >> The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect >> the image. >> >> Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal X64/ >> Tested OS: UEFI Win10, UEFI Ubuntu 16.04. >> >> Untested platform: ARM/AARCH64. >> Can ARM/AARCH64 owner help to take a look and try the ARM platform? >> >> >> Cc: Jeff Fan >> Cc: Michael Kinney >> Cc: Leif Lindholm >> Cc: Ard Biesheuvel >> Cc: Star Zeng >> Cc: Feng Tian >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Jiewen Yao >> >> Jiewen Yao (4): >> UefiCpuPkg/CpuDxe: Add memory attribute setting. >> ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage >> MdeModulePkg/dec: add PcdImageProtectionPolicy. >> MdeModulePkg/DxeCore: Add UEFI image protection. >> >> ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 3 +- >> ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 14 +- >> ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c | 5 +- >> ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 3 +- >> MdeModulePkg/Core/Dxe/DxeMain.h | 53 ++ >> MdeModulePkg/Core/Dxe/DxeMain.inf | 5 +- >> MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 3 +- >> MdeModulePkg/Core/Dxe/Image/Image.c | 7 +- >> MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 735 >> ++++++++++++++++++ >> MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c | 24 +- >> MdeModulePkg/MdeModulePkg.dec | 10 + >> UefiCpuPkg/CpuDxe/CpuDxe.c | 141 ++-- >> UefiCpuPkg/CpuDxe/CpuDxe.inf | 5 +- >> UefiCpuPkg/CpuDxe/CpuPageTable.c | 779 >> ++++++++++++++++++++ >> UefiCpuPkg/CpuDxe/CpuPageTable.h | 113 +++ >> 15 files changed, 1801 insertions(+), 99 deletions(-) >> create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c >> create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c >> create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h >> >> -- >> 2.7.4.windows.1 >> >> _______________________________________________ >> edk2-devel mailing list >> edk2-devel@lists.01.org >> https://lists.01.org/mailman/listinfo/edk2-devel