From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 14D0F941D83 for ; Mon, 17 Jul 2023 16:26:04 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Z192CJi+Rhk91wJWpmUjb+HccJrKYJaqJONy20lAE9Q=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:X-Received:X-Gm-Message-State:X-Google-Smtp-Source:X-Received:MIME-Version:References:In-Reply-To:From:Date:X-Gmail-Original-Message-ID:Message-ID:Subject:To:Cc:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:Content-Type:Content-Transfer-Encoding; s=20140610; t=1689611163; v=1; b=G1FowUuD+jCzmA/hC2j9LiM4MTqU4zNlx1Lc0rO5cJvYiJ27nGbQ7gV+t1xth2u4LiCrvcoh kKkWMCDurBbWACUJaof61q7SsAP5PMFTtHrAnpPkUSaccMALgrvMtqcNhx+ZP2vTxoNMkifbKvu 1I832AxMlBt8FuZ19ivhRlNo= X-Received: by 127.0.0.2 with SMTP id pBCZYY7687511xrBLMw21IJT; Mon, 17 Jul 2023 09:26:03 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.945.1689611163012471301 for ; Mon, 17 Jul 2023 09:26:03 -0700 X-Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7A22261011 for ; Mon, 17 Jul 2023 16:26:02 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id DC422C433C7 for ; Mon, 17 Jul 2023 16:26:01 +0000 (UTC) X-Received: by mail-lf1-f54.google.com with SMTP id 2adb3069b0e04-4fb5bcb9a28so7390353e87.3 for ; Mon, 17 Jul 2023 09:26:01 -0700 (PDT) X-Gm-Message-State: jxuGsEUSKsdCAq6qg8FhACmvx7686176AA= X-Google-Smtp-Source: APBJJlGskTFQLAAqDcESaBpkpMRkZ1K4zFvp34ynoBxQkvlGtdXj8UKcz8Wc10vdkYPxHgZSqVi6UzIVVq/FcM+iDdc= X-Received: by 2002:ac2:5921:0:b0:4fb:85ad:b6e2 with SMTP id v1-20020ac25921000000b004fb85adb6e2mr8262270lfi.50.1689611159907; Mon, 17 Jul 2023 09:25:59 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Ard Biesheuvel" Date: Mon, 17 Jul 2023 18:25:48 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [PATCH 00/14] Implement Dynamic Memory Protections To: Pedro Falcato Cc: devel@edk2.groups.io, t@taylorbeebe.com, Jian J Wang , Liming Gao , Dandan Bi , Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Leif Lindholm , Sami Mujawar , Andrew Fish , Ray Ni , Eric Dong , Rahul Kumar , Guo Dong , Sean Rhodes , James Lu , Gua Guo Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ardb@kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=G1FowUuD; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On Mon, 17 Jul 2023 at 18:15, Pedro Falcato wrote= : > > On Wed, Jul 12, 2023 at 12:53=E2=80=AFAM Taylor Beebe = wrote: > > > > In the past, memory protection settings were configured via FixedAtBuil= d PCDs, > > which resulted in a build-time configuration of memory mitigations. Thi= s > > approach limited the flexibility of applying mitigations to the > > system and made it difficult to update or adjust the settings post-buil= d. > > How do you mitigate the possibility of an attack overwriting the > dynamic configuration data (the HOBs)? > It seems most dangerous to me to publish this sort of > security-sensitive configuration knobs dynamically such that an > attacker can change them. > That is a very good point. One of the things I have on my TODO list for the memory attributes PEI work is to remap HOB memory read-only before entering DXE. They are conceptually read-only anyway when PEI completes, so they should never be modified afterwards. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106966): https://edk2.groups.io/g/devel/message/106966 Mute This Topic: https://groups.io/mt/100090629/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-