From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ua0-x232.google.com (mail-ua0-x232.google.com [IPv6:2607:f8b0:400c:c08::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4E30D8039F for ; Mon, 13 Mar 2017 01:53:06 -0700 (PDT) Received: by mail-ua0-x232.google.com with SMTP id 72so148152342uaf.3 for ; Mon, 13 Mar 2017 01:53:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hhkf3rzPX4IXcMI/JtiTQeehZUdGBujZdImps5SPoFY=; b=qLy+24zjUpQi3PUDaMBimGAKBr3fykYt5dr2rG/teY1kSlqHDQB3LR3hZxOQgsCw7N OIqyosRJzzZJo9rp6yPE7uepCDdMpX5rZAJdpJ1mEct9atIoeuw9jZeH1mKjYDa2Ekqx 6O/6dXxwQzMUFBxAE2Hm2w/YbD38fZZqRJZQzUAP1oXhzipqrU3X8S41twI4DWDJUVDo uOsXwIdiQ5nDJ/EUIKggW47yOH5a1dZIPLSDNog3aBTX0M4zWOlnCUHZndUwotAPSAdC RXTYICVUhKPjs00w3ffYPch8t78wfg2iymKgUbH2aKVOoSuVLSQPqnB7B9kudqGz9NFZ jWDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hhkf3rzPX4IXcMI/JtiTQeehZUdGBujZdImps5SPoFY=; b=GDIe5YJlQuHTChfsGykoZbXUeTbPts2121feFgFJgocVzCC9tWwzldNxO8vZ8P4sTQ b1lDNmsWZW3qr2D7tcM4Gfimg9wLnAmWKfszuI35HTYO75bSWAQ8a7/zAjczxTpKZzKc +L2KNVFTGDMHiRGYbnfGSYiHl/OXc+qvUEe5Cp1hYM6ifQeb8s6ZuHnFBDJhhInl9k+8 Ib5kxvWj5rXAg8tR89Hr4IHs/X0Y37cW5/uDXspN6YeE0aeW6m3pqRrH1nJBcQO+vMOM 4NgobyHb4XTHVd/7OyEpX2McdWEdb5y1qe8FzarYKg77tAUc8xBcVmWejwJqWhxUQC7f cgSQ== X-Gm-Message-State: AMke39kOzjVz45HXkTpTD+Z1aDNdb6iRJ5pe54+fgEiQbxBNQPGQMzmbp7qp4HeklqFOzqdTsoTC3kvi53vUuA== X-Received: by 10.176.71.23 with SMTP id h23mr12792319uac.167.1489395185487; Mon, 13 Mar 2017 01:53:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.151.68 with HTTP; Mon, 13 Mar 2017 01:53:05 -0700 (PDT) In-Reply-To: References: <1488206291-25768-1-git-send-email-ard.biesheuvel@linaro.org> <9677ecfd-ab2a-71ea-54e8-b30e6510b202@redhat.com> From: Michael Zimmermann Date: Mon, 13 Mar 2017 09:53:05 +0100 Message-ID: To: Ard Biesheuvel Cc: Laszlo Ersek , Leif Lindholm , "Tian, Feng" , "edk2-devel@lists.01.org" , "afish@apple.com" , "Gao, Liming" , "Yao, Jiewen" , "Kinney, Michael D" , "Zeng, Star" Subject: Re: [PATCH v4 0/7] MdeModulePkg/DxeCore: increased memory protection X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2017 08:53:06 -0000 Content-Type: text/plain; charset=UTF-8 > You are using PrePi, right? yes. Isn't that supported yet? afaik ArmVirtXen uses PrePi too. On Mon, Mar 13, 2017 at 9:50 AM, Ard Biesheuvel wrote: > On 13 March 2017 at 09:43, Michael Zimmermann wrote: >> I fail to get this working on my target. I've enabled the following >> Pcd's like in ArmVirt: >> gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 >> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 >> gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE >> >> but apparently, DxeCore removes the executable permission from it's own code. >> after the BL instruction of the call to gCpu->SetMemoryAttributes I >> get an instruction permission fault: >> >> InitializeDxeNxMemoryProtectionPolicy: applying strict permissions to >> active memory regions >> SetUefiImageMemoryAttributes - 0x0000000080200000 - 0x0000000008C00000 >> (0x0000000000004000) >> SetUefiImageMemoryAttributes - 0x0000000089000000 - 0x0000000004A00000 >> (0x0000000000004000) >> SetUefiImageMemoryAttributes - 0x000000008EC00000 - 0x0000000000400000 >> (0x0000000000004000) >> SetUefiImageMemoryAttributes - 0x000000008F700000 - 0x0000000000700000 >> (0x0000000000004000) >> SetUefiImageMemoryAttributes - 0x000000008FF00000 - 0x000000006E095000 >> (0x0000000000004000) >> SetUefiImageMemoryAttributes - 0x00000000FDFB9000 - 0x0000000000047000 >> (0x0000000000004000) >> SetUefiImageMemoryAttributes - 0x00000000FE400000 - 0x0000000001C00000 >> (0x0000000000004000) >> >> Prefetch Abort Exception PC at 0xFEEA630E CPSR 0x20000033 nzCveaifT_svc >> Build/LittleKernelPkg/DEBUG_GCC5/ARM/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/DxeCore.dll >> loaded at 0xFEEA4000 (PE/COFF offset) 0x230E (ELF or Mach-O offset) 0x130E >> 0xBF00 IT EQ >> R0 0x00000000 R1 0x01C00000 R2 0x00000000 R3 0x00000000 >> R4 0x00000000 R5 0x00026000 R6 0x00000000 R7 0xFE000214 >> R8 0x80000000 R9 0xFE400000 R10 0xFFFEF000 R11 0x00000004 >> R12 0x00000002 SP 0xFFFFEBA0 LR 0xFDF98B4D PC 0xFEEA630E >> DFSR 0x00000000 DFAR 0x00000000 IFSR 0x0000000D IFAR 0xFEEA630E >> Instruction Permission fault on Section at 0xFEEA630E >> >> ASSERT [ArmCpuDxe] >> ArmPkg/Library/DefaultExceptionHandlerLib/Arm/DefaultExceptionHandler.c(268): >> ((BOOLEAN)(0==1)) >> >> ---- >> >> so did I miss anything? >> > > You are using PrePi, right?