Re: [edk2-devel] [PATCH 1/1] ArmPkg: Add Pcd to disable EFI_MEMORY_ATTRIBUTE_PROTOCOL

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Ard Biesheuvel" <ardb@kernel.org>
To: Sean Brogan <spbrogan@outlook.com>
Cc: devel@edk2.groups.io, kraxel@redhat.com,
	 Oliver Steffen <osteffen@redhat.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	 Daniel Schaefer <git@danielschaefer.me>,
	Eric Dong <eric.dong@intel.com>,
	 Leif Lindholm <quic_llindhol@quicinc.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	 Michael D Kinney <michael.d.kinney@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,  Ray Ni <ray.ni@intel.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	 Sunil V L <sunilvl@ventanamicro.com>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	 Taylor Beebe <t@taylorbeebe.com>,
	Oliver Smith-Denny <osd@smith-denny.com>,
	 Michael Kubacki <mikuback@linux.microsoft.com>
Subject: Re: [edk2-devel] [PATCH 1/1] ArmPkg: Add Pcd to disable EFI_MEMORY_ATTRIBUTE_PROTOCOL
Date: Fri, 23 Jun 2023 18:26:59 +0200	[thread overview]
Message-ID: <CAMj1kXGxpX6FCgFwO69sSi3jW8bhm_r7dM_u6LEd3MfX-bo5EA@mail.gmail.com> (raw)
In-Reply-To: <BY3PR19MB4900475B45F5FCA20A31C71EC85CA@BY3PR19MB4900.namprd19.prod.outlook.com>

On Tue, 20 Jun 2023 at 19:07, Sean Brogan <spbrogan@outlook.com> wrote:
>
> I don't think a MemoryAttributes2Protocol with a single API would have avoided the errors.
>
> The programming pattern that triggered this would still need multiple calls to any API and in the future where all memory is allocated as NX this possibility would still exist.
>
> A short term effort to minimize the compatibility problem in the ecosystem is documented here Memory Protections: Document compatibility challenges · Issue #18 · tianocore/projects (github.com)  It does not address (and i don't see any reason to try to) a loader that uses the protocol incorrectly.
>
> We have provided virtual reference platforms with these features enabled (both arm and x86) and have been working with the relevant communities for multiple years now.  The UEFI CA for option roms already have compliance requirements (UPDATED: UEFI Signing Requirements - Microsoft Community Hub).  But there are and will continue to be compatibility challenges when enabling a more restrictive execution environment in uefi and the uefi ecosystem.  The more things we make optional the longer this transition period will take.    "Memory Mitigations" were proposed and mostly coded over a decade ago.  The code changes are not that difficult. To change our vast and unwieldy ecosystem is the hard part.   Please help to "stay the course" for this very necessary industry change.   If a production platform has requirements that force such a configuration option that is understandable but it is counter productive in open-source industry standard reference Edk2 code.
>

Fair enough.

But I will note that the only reason we are in this situation in the
first place is because shim has to re-implement the PE loader, cert
handling and all related crypto, and needs the memory attributes
protocol to manipulate the RO/NX permissions.

Now that we are taking these things seriously, wouldn't it be *much*
better to get rid of all this cruft, and specify a method by which a
loader can provide an ephemeral DB that the system firmware will
authenticate against? That way, we can reduce shim to a single
SetVariable() call that creates the ephemeral DB (and perhaps a call
into the TPM code to measure it), which is arguably a lot easier to
audit than the code we have today.

next prev parent reply	other threads:[~2023-06-23 16:27 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-19 20:32 [PATCH 1/1] ArmPkg: Add Pcd to disable EFI_MEMORY_ATTRIBUTE_PROTOCOL Oliver Steffen
2023-06-20  9:32 ` Gerd Hoffmann
2023-06-20 13:16   ` Ard Biesheuvel
2023-06-20 14:53     ` [edk2-devel] " Michael Kubacki
2023-06-20 16:03     ` Gerd Hoffmann
2023-06-20 17:06       ` [edk2-devel] " Sean
2023-06-23 16:26         ` Ard Biesheuvel [this message]
2023-06-23 19:32           ` Sean
2023-10-05  6:31       ` Nhi Pham via groups.io
2023-10-05  8:23         ` Laszlo Ersek
2023-10-05 10:01           ` Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMj1kXGxpX6FCgFwO69sSi3jW8bhm_r7dM_u6LEd3MfX-bo5EA@mail.gmail.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox