From: Laszlo Ersek <lersek@redhat.com>
To: Michael Zimmermann <sigmaepsilon92@gmail.com>,
"edk2-devel@lists.01.org" <edk2-devel@ml01.01.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: post-ExitBootServices memory protection of RT_Data (ARM)
Date: Fri, 2 Sep 2016 22:30:00 +0200 [thread overview]
Message-ID: <ab4e3ef5-8f59-b9a8-5ca9-3b7fde7e0d69@redhat.com> (raw)
In-Reply-To: <CAN9vWD+R=qDjNAWNB2OEy3T+K8Dk0QPnzyJkCAJ6pZW2=4O=1Q@mail.gmail.com>
On 09/02/16 15:08, Michael Zimmermann wrote:
> Hi,
>
> a friend of mine works with a hacked Luma WP device. he can already boot
> Android by replacing UEFI with a linux bootloader.
> What would be nice however is using UEFI's LinuxLoader. The problem with
> that seems to be that even after ExitBootServices, booting linux from
> addresses previously allocated as RT_Data seems to just not work(no UART
> output etc and we don't have jtag).
>
> So, how can UEFI have such an influence at that point? Is there a ARM/TZ
> feature for that? Can it be disabled?
> I thought respecting the memory map would just be needed in case you want
> to be able to call RuntimeServices and that you don't need to do that if
> you don't need them.
You most likely don't have execution rights for those pages.
Refer to
4.6 EFI Configuration Table & Properties Table
EFI_MEMORY_ATTRIBUTES_TABLE
in the UEFI 2.6 spec.
See also git commit range 868d614a8532..47eb798d3619 for the
implementation of the feature in the DXE Core.
If you build the DXE Core with the DEBUG_VERBOSE bit (0x00400000)
enabled in gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel, then the
DXE Core will print the table at Ready-to-Boot.
In my case, on aarch64 (Mustang), I can see two different attributes in
total:
- 0x8000000000004000 == EFI_MEMORY_RUNTIME | EFI_MEMORY_XP
(Read/Write Data)
- 0x8000000000020000 == EFI_MEMORY_RUNTIME | EFI_MEMORY_RO
(Write-protected Code)
which maps pretty well to runtime services data / runtime services code.
For example, EFI_MEMORY_XP maps to TT_PXN_MASK in
"ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c".
Now, what is ultimately responsible for setting these attributes (mapped
to the architecture) in the MMU is another question... I vaguely recall
ties to the now-deprecated properties table /
EFI_PROPERTIES_RUNTIME_MEMORY_PROTECTION_NON_EXECUTABLE_PE_DATA (see
them in the same chapter in the UEFI spec). I don't think I can tell you
what is the thing that ultimately decides about setting up these page
attributes.
Thanks
Laszlo
next prev parent reply other threads:[~2016-09-02 20:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-02 13:08 post-ExitBootServices memory protection of RT_Data (ARM) Michael Zimmermann
2016-09-02 20:30 ` Laszlo Ersek [this message]
2016-09-02 20:45 ` Michael Zimmermann
2016-09-02 21:02 ` Ard Biesheuvel
2016-09-03 4:04 ` Michael Zimmermann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ab4e3ef5-8f59-b9a8-5ca9-3b7fde7e0d69@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox