From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ard.biesheuvel@linaro.org>
Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com
 [IPv6:2607:f8b0:4001:c0b::22c])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 85F2E803B6
 for <edk2-devel@ml01.01.org>; Mon, 13 Mar 2017 01:50:52 -0700 (PDT)
Received: by mail-it0-x22c.google.com with SMTP id w124so8469884itb.1
 for <edk2-devel@ml01.01.org>; Mon, 13 Mar 2017 01:50:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=bH4H3ZwfM9duCwsP3vSq4WazP78RKgSQYWdVH7RFkb0=;
 b=bPsYKPAW73vT4eQ16MJgekJCYt6y4mz7LsswEqGEh+Gi1rAYoRxAidJLRiXXjNHtiL
 u0oTDMbpSQE2vHFDjAmXei98neRBXscBGy0yJdGQeitwGdGHH7VHEpr8TFQB4H7YPEff
 hfEzmtSssrrfiC/5RPGwuK8FW1ATKuGb11chQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=bH4H3ZwfM9duCwsP3vSq4WazP78RKgSQYWdVH7RFkb0=;
 b=siAqP/Iydv5JJyKph6HYth5dA+Ez0LYUzbPATDPBuLOcS34G24sIw0Wp9IjiDnUA8v
 PYj0IoR5MeLauyU6yIKEVdMc+BNEJ8wEDoJfXrm2SXIi6IXrJTB7xqI+qZ16+5HmLYGw
 Llv0hYsdnIB/m1dy7TuBGhRaIvRQIo4dk0YRGzu4sPoqHK2vwaix67DCKBphOHM1yk5D
 0Uvi4mxQE5OvIJVg6QsT2/kI20WzRNzwyxzx/9EVIY7oilZU8UzSCldAlUJ0wUW0J0wi
 xhsUZWuGuW5rQX51a6ubjR1tRuXysUcMx4mRzV5iaxyOdWpK0TDkn7bojeONzGF4pQM3
 tusA==
X-Gm-Message-State: AFeK/H02j3fXfDVPaHg5nz0W8zV4UrGVew009Ge5Lk5jUyjulRGOh+z0N5dBkyzs8KbXX008KMMDGhBOdutGZDdG
X-Received: by 10.36.137.4 with SMTP id s4mr9263471itd.63.1489395051892; Mon,
 13 Mar 2017 01:50:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.10.27 with HTTP; Mon, 13 Mar 2017 01:50:51 -0700 (PDT)
In-Reply-To: <CAN9vWDJqb75ErUNirHK8th--9RjxGZU+ydmtJo_RtzuoRrmQCQ@mail.gmail.com>
References: <1488206291-25768-1-git-send-email-ard.biesheuvel@linaro.org>
 <ce6a676c-416a-84f2-a171-3aceeca7e4ce@redhat.com>
 <CAKv+Gu85MOs4Arc6hWraMJ=fxHxBNTAZn+C=02keodtQSk=H_Q@mail.gmail.com>
 <CAKv+Gu8V4o0-s9jhQSM5hFaaC6yppdC001MiuBX830WrXi_VKQ@mail.gmail.com>
 <9677ecfd-ab2a-71ea-54e8-b30e6510b202@redhat.com>
 <CAN9vWDJqb75ErUNirHK8th--9RjxGZU+ydmtJo_RtzuoRrmQCQ@mail.gmail.com>
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Date: Mon, 13 Mar 2017 09:50:51 +0100
Message-ID: <CAKv+Gu_CO2_ss6A3F=N5j4uYLzkPVocqtKxECBwZcv1B0fT3Yg@mail.gmail.com>
To: Michael Zimmermann <sigmaepsilon92@gmail.com>
Cc: Laszlo Ersek <lersek@redhat.com>, Leif Lindholm <leif.lindholm@linaro.org>,
 "Tian, Feng" <feng.tian@intel.com>,
 "edk2-devel@lists.01.org" <edk2-devel@ml01.01.org>, 
 "afish@apple.com" <afish@apple.com>, "Gao, Liming" <liming.gao@intel.com>, 
 "Yao, Jiewen" <jiewen.yao@intel.com>, "Kinney,
 Michael D" <michael.d.kinney@intel.com>, 
 "Zeng, Star" <star.zeng@intel.com>
Subject: Re: [PATCH v4 0/7] MdeModulePkg/DxeCore: increased memory protection
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 08:50:52 -0000
Content-Type: text/plain; charset=UTF-8

On 13 March 2017 at 09:43, Michael Zimmermann <sigmaepsilon92@gmail.com> wrote:
> I fail to get this working on my target. I've enabled the following
> Pcd's like in ArmVirt:
> gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
>
> but apparently, DxeCore removes the executable permission from it's own code.
> after the BL instruction of the call to gCpu->SetMemoryAttributes I
> get an instruction permission fault:
>
> InitializeDxeNxMemoryProtectionPolicy: applying strict permissions to
> active memory regions
> SetUefiImageMemoryAttributes - 0x0000000080200000 - 0x0000000008C00000
> (0x0000000000004000)
> SetUefiImageMemoryAttributes - 0x0000000089000000 - 0x0000000004A00000
> (0x0000000000004000)
> SetUefiImageMemoryAttributes - 0x000000008EC00000 - 0x0000000000400000
> (0x0000000000004000)
> SetUefiImageMemoryAttributes - 0x000000008F700000 - 0x0000000000700000
> (0x0000000000004000)
> SetUefiImageMemoryAttributes - 0x000000008FF00000 - 0x000000006E095000
> (0x0000000000004000)
> SetUefiImageMemoryAttributes - 0x00000000FDFB9000 - 0x0000000000047000
> (0x0000000000004000)
> SetUefiImageMemoryAttributes - 0x00000000FE400000 - 0x0000000001C00000
> (0x0000000000004000)
>
> Prefetch Abort Exception PC at 0xFEEA630E  CPSR 0x20000033 nzCveaifT_svc
> Build/LittleKernelPkg/DEBUG_GCC5/ARM/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll
> loaded at 0xFEEA4000 (PE/COFF offset) 0x230E (ELF or Mach-O offset) 0x130E
> 0xBF00       IT     EQ
>   R0 0x00000000   R1 0x01C00000   R2 0x00000000   R3 0x00000000
>   R4 0x00000000   R5 0x00026000   R6 0x00000000   R7 0xFE000214
>   R8 0x80000000   R9 0xFE400000  R10 0xFFFEF000  R11 0x00000004
>  R12 0x00000002   SP 0xFFFFEBA0   LR 0xFDF98B4D   PC 0xFEEA630E
> DFSR 0x00000000 DFAR 0x00000000 IFSR 0x0000000D IFAR 0xFEEA630E
>  Instruction Permission fault on Section at 0xFEEA630E
>
> ASSERT [ArmCpuDxe]
> ArmPkg/Library/DefaultExceptionHandlerLib/Arm/DefaultExceptionHandler.c(268):
> ((BOOLEAN)(0==1))
>
> ----
>
> so did I miss anything?
>

You are using PrePi, right?