From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8165A82042 for ; Mon, 6 Feb 2017 06:52:46 -0800 (PST) Received: by mail-it0-x22c.google.com with SMTP id 203so55973401ith.0 for ; Mon, 06 Feb 2017 06:52:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=j45AcBkDsQ+gniV/x0BLM3fg3iLhM9T/w4zNv0ejciM=; b=hY2OQGRr786vfyAtdO7BeQ3eSOwnSIQrfsS8F5pdgmAEtz4l0n/Bbq2/W0zLrQV2Ju 9oJYoLL8FJ6eH17PHBJp5+DbKD6oBuxTU9/lywO3rZEQcBU0zrZbM1mRLDKr+TdYp702 lHMzql+GHRcwYBK01r+9F0LMsGnNc/FaEmr5k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=j45AcBkDsQ+gniV/x0BLM3fg3iLhM9T/w4zNv0ejciM=; b=oUhCcYtPZN3nYp7hoaq/oOkrGheTiHHJ5XA0YdSjc8IBQC6KZGWWOxzWyILtvAPE3b RM+6jxu6MwnUC0LjR4dgEQB/efKUMVItr9/6V8VE83AnIfY+MfaWSpd8qekhnt1DZEgR UqVXsTW/3XP1iKPmNrvx+lGSwJMRxF+ijggO9oMk3SuAzEEedFWduGS6U91VYExq3NpH nGcC2MgRpb9dWl6ESP0mXEYoqa4S3AmqsQNUIkUNcGOaDjxLeQ05jskYYCY4HAUiaLTA 6trlWJSk4VBiTHQmsbVcbb1PlHn9yT7v9EdymAm/TY8USB+/O5z2yN3+Xgquh6pPxE9w IJ5A== X-Gm-Message-State: AIkVDXLh0G9iqv07JH2oHruofkIw6mYCtiDDwcZQ/tzWeQdJzFQU9ILZRY5FIEbH1fB6OVHHnLjquXKqRHYKWULW X-Received: by 10.36.107.194 with SMTP id v185mr7212215itc.59.1486392765869; Mon, 06 Feb 2017 06:52:45 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.144.139 with HTTP; Mon, 6 Feb 2017 06:52:45 -0800 (PST) In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503A8E9938@shsmsx102.ccr.corp.intel.com> References: <1485419955-26652-1-git-send-email-jiewen.yao@intel.com> <1485419955-26652-4-git-send-email-jiewen.yao@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503A8E9938@shsmsx102.ccr.corp.intel.com> From: Ard Biesheuvel Date: Mon, 6 Feb 2017 14:52:45 +0000 Message-ID: To: "Yao, Jiewen" Cc: "Kinney, Michael D" , "edk2-devel@lists.01.org" , "Tian, Feng" , "Zeng, Star" Subject: Re: [PATCH 3/3] MdeModulePkg/DxeCore: Add UEFI image protection. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Feb 2017 14:52:46 -0000 Content-Type: text/plain; charset=UTF-8 On 6 February 2017 at 14:51, Yao, Jiewen wrote: > Hi Ard > > That is a good question. > > > > We (Intel) discussed this internally. > > We do not know if there is any need to make it configurable, so we start > from non-configurable, and see if there is any feedback from other one. > > > > Glad to hear your voice. We can define a policy like below: (I borrow some > definition from security pkg) > > > > [PcdsFixedAtBuild, PcdsPatchableInModule] > > ## Set Image protection policy. The policy is bitwise. > > # If a bit is set, the image will be protected by DxeCore if it is > aligned. > > # The code section becomes read-only, and the data section becomes > non-executable. > > # If a bit is clear, the image will not be protected.

> > # BIT0 - Image from unknown device.
> > # BIT1 - Image from firmware volume.
> > # BIT2 - Image from OptionRom.
> > # BIT3 - Image from removable media which includes CD-ROM, > Floppy, USB and network.
> > # BIT4 - Image from fixed media device which includes hard > disk.
> > # @Prompt Set Image protection policy. > > # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F > > > gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x30001047 > > > > I will use 0x2 as default policy, to maximize the compatibility. And you can > set 0x1A or 0x1F for ARM. Is that OK? > Yes, that would be perfect. Thanks!