AARCH64:Use of EFI_MEMORY_XP

AARCH64:Use of EFI_MEMORY_XP

[Evan Lloyd]

Hi Ard.
We still have a minor problem in that the spec disqualifies EFI_MEMORY_XP for AARCH64.
Do you have any thoughts on this?
How should we proceed here?  I assume the specification statement was a considered decision.
Do we need to get it changed, or is EFI_MEMORY_XP unnecessary?

Regards,
Evan

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Evan Lloyd
> Sent: 08 January 2018 18:51
> To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: "Matteo.Carlini@arm.com"@arm.com;
> "leif.lindholm@linaro.org"@arm.com; "nd@arm.com"@arm.com; edk2-
> devel@lists.01.org; Arvind Chauhan <Arvind.Chauhan@arm.com>;
> "ard.biesheuvel@linaro.org"@arm.com; Thomas Abraham
> <thomas.abraham@arm.com>
> Subject: Re: [edk2] [PATCH edk2-platforms v2 15/18] ARM/VExpressPkg:
> New DP500/DP550/DP650 platform library.
>
>
>
> > -----Original Message-----
> > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> > Sent: 23 December 2017 16:07
> > To: Evan Lloyd <Evan.Lloyd@arm.com>
> > Cc: edk2-devel@lists.01.org; Arvind Chauhan
> <Arvind.Chauhan@arm.com>;
> > Daniil Egranov <Daniil.Egranov@arm.com>; Thomas Abraham
> > <thomas.abraham@arm.com>; "ard.biesheuvel@linaro.org"@arm.com;
> > "leif.lindholm@linaro.org"@arm.com;
> > "Matteo.Carlini@arm.com"@arm.com; "nd@arm.com"@arm.com
> > Subject: Re: [PATCH edk2-platforms v2 15/18] ARM/VExpressPkg: New
> > DP500/DP550/DP650 platform library.
> >
...
> > > +  // Mark the VRAM as write-combining. The VRAM is inside the DRAM,
> > > + which is  // cacheable, for ARM/AArch64 EFI_MEMORY_WC memory
> is
> > actually uncached.
> > > +  Status = gDS->SetMemorySpaceAttributes (
> > > +                  *VramBaseAddress,
> > > +                  *VramSize,
> > > +                  EFI_MEMORY_WC
> >
> > Please add EFI_MEMORY_XP here
> >
>
>  [[Evan Lloyd]] We can do that, happily.  However, in looking at this we
> found that the UEFI spec has in "2.3.6 AArch64 Platforms", section "2.3.6.1
> Memory types":
> EFI_MEMORY_XP, ...                                                                             Not used
> or defined
>
> Does that suggest we need a minor spec update?
>
> > > +                  );
...
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Re: AARCH64:Use of EFI_MEMORY_XP

[Ard Biesheuvel]

On 14 March 2018 at 19:34, Evan Lloyd <Evan.Lloyd@arm.com> wrote:
> Hi Ard.
> We still have a minor problem in that the spec disqualifies EFI_MEMORY_XP for AARCH64.
> Do you have any thoughts on this?
> How should we proceed here?  I assume the specification statement was a considered decision.
> Do we need to get it changed, or is EFI_MEMORY_XP unnecessary?
>

No, that is a spec bug

EFI_MEMORY_RO and EFI_MEMORY_XP are essential for things like the
memory attributes table, which prevents UEFI memory regions from being
an exploit walhalla consisting only of memory regions that are
writable and executable at the same time, which would defeat all the
hard work OS engineers are doing to tighten memory permissions in
privileged execution contexts.

In this particular case, having a read-write-execute framebuffer could
be a security hazard as well, so I'd prefer to strip the executable
permissions here.


>> -----Original Message-----
>> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>> Evan Lloyd
>> Sent: 08 January 2018 18:51
>> To: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: "Matteo.Carlini@arm.com"@arm.com;
>> "leif.lindholm@linaro.org"@arm.com; "nd@arm.com"@arm.com; edk2-
>> devel@lists.01.org; Arvind Chauhan <Arvind.Chauhan@arm.com>;
>> "ard.biesheuvel@linaro.org"@arm.com; Thomas Abraham
>> <thomas.abraham@arm.com>
>> Subject: Re: [edk2] [PATCH edk2-platforms v2 15/18] ARM/VExpressPkg:
>> New DP500/DP550/DP650 platform library.
>>
>>
>>
>> > -----Original Message-----
>> > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
>> > Sent: 23 December 2017 16:07
>> > To: Evan Lloyd <Evan.Lloyd@arm.com>
>> > Cc: edk2-devel@lists.01.org; Arvind Chauhan
>> <Arvind.Chauhan@arm.com>;
>> > Daniil Egranov <Daniil.Egranov@arm.com>; Thomas Abraham
>> > <thomas.abraham@arm.com>; "ard.biesheuvel@linaro.org"@arm.com;
>> > "leif.lindholm@linaro.org"@arm.com;
>> > "Matteo.Carlini@arm.com"@arm.com; "nd@arm.com"@arm.com
>> > Subject: Re: [PATCH edk2-platforms v2 15/18] ARM/VExpressPkg: New
>> > DP500/DP550/DP650 platform library.
>> >
> ...
>> > > +  // Mark the VRAM as write-combining. The VRAM is inside the DRAM,
>> > > + which is  // cacheable, for ARM/AArch64 EFI_MEMORY_WC memory
>> is
>> > actually uncached.
>> > > +  Status = gDS->SetMemorySpaceAttributes (
>> > > +                  *VramBaseAddress,
>> > > +                  *VramSize,
>> > > +                  EFI_MEMORY_WC
>> >
>> > Please add EFI_MEMORY_XP here
>> >
>>
>>  [[Evan Lloyd]] We can do that, happily.  However, in looking at this we
>> found that the UEFI spec has in "2.3.6 AArch64 Platforms", section "2.3.6.1
>> Memory types":
>> EFI_MEMORY_XP, ...                                                                             Not used
>> or defined
>>
>> Does that suggest we need a minor spec update?
>>
>> > > +                  );
> ...
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.