From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
Leif Lindholm <leif.lindholm@linaro.org>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [PATCH v2 0/4] ArmPkg: add groundwork for DXE image protection
Date: Tue, 21 Feb 2017 07:36:18 +0000 [thread overview]
Message-ID: <CAKv+Gu_7LsoinRQdbSchos+VjgRtWCPcHN0JcP07jaqb6=OUow@mail.gmail.com> (raw)
In-Reply-To: <1487178716-24569-1-git-send-email-ard.biesheuvel@linaro.org>
Hi Leif,
On 15 February 2017 at 17:11, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> The upcoming DXE image protection feature expects the EFI_CPU_ARCH_PROTOCOL
> method SetMemoryAttributes() to deal with invocations that only modify
> permission attributes, but leave the cacheability attributes alone. This
> requires some groundwork to be performed in the MMU code for ARM.
>
> Patch #1 is Jiewen's patch to retire EFI_MEMORY_WP, which is no longer
> used as a permission attribute.
>
> Patch #2 updates EfiAttributeToArmAttribute () so it can deal with
> unspecified caching modes.
>
> Patch #3 makes ARM deal with EFI_CPU_ARCH_PROTOCOL.SetMemoryAttributes()
> calls that do not specify memory attributes. On ARM, we don't have code
> that manages the permission bits in the page tables, so this does little
> more than ignore such attributes.
>
> Patch #4 implements the handling for AARCH64 to manage the permissions
> bits without touching or caring about the memory type attributes.
>
> Changes since v1:
> - add Leif's and my R-b to #1
> - add Leif's R-b to #3
> - fix reference to TT_ATTR_INDX_MASK in commit log (#2)
> - move rather than redefine EFI_MEMORY_CACHETYPE_MASK macro (#4)
>
I'm aware that you have been off sick, so I'm sure you have quite the
todo list, but could you have a look this, please? Jiewen sent out the
next version of the DXE memory protection feature, which looks
finished to me, and I'd like to get this in first.
Cheers,
> Ard Biesheuvel (3):
> ArmPkg/CpuDxe: translate invalid memory types in
> EfiAttributeToArmAttribute
> ArmPkg/CpuDxe: ARM: ignore page table updates that only change
> permissions
> ArmPkg/ArmMmuLib: AARCH64: add support for modifying only permissions
>
> Jiewen Yao (1):
> ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage
>
> ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 7 +-
> ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 24 ++---
> ArmPkg/Drivers/CpuDxe/CpuDxe.h | 8 --
> ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c | 5 +-
> ArmPkg/Include/Library/ArmLib.h | 4 +
> ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 94 ++++++++++++++------
> 6 files changed, 88 insertions(+), 54 deletions(-)
>
> --
> 2.7.4
>
prev parent reply other threads:[~2017-02-21 7:36 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-15 17:11 [PATCH v2 0/4] ArmPkg: add groundwork for DXE image protection Ard Biesheuvel
2017-02-15 17:11 ` [PATCH v2 1/4] ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage Ard Biesheuvel
2017-02-15 17:11 ` [PATCH v2 2/4] ArmPkg/CpuDxe: translate invalid memory types in EfiAttributeToArmAttribute Ard Biesheuvel
2017-02-21 14:00 ` Leif Lindholm
2017-02-15 17:11 ` [PATCH v2 3/4] ArmPkg/CpuDxe: ARM: ignore page table updates that only change permissions Ard Biesheuvel
2017-02-15 17:11 ` [PATCH v2 4/4] ArmPkg/ArmMmuLib: AARCH64: add support for modifying only permissions Ard Biesheuvel
2017-02-21 14:04 ` Leif Lindholm
2017-02-21 7:36 ` Ard Biesheuvel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKv+Gu_7LsoinRQdbSchos+VjgRtWCPcHN0JcP07jaqb6=OUow@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox