From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail04.groups.io (mail04.groups.io [45.79.224.9]) by spool.mail.gandi.net (Postfix) with ESMTPS id DF32BD8027A for ; Wed, 17 Apr 2024 21:53:54 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=YwnoSbsNF1KTM/qyd3Ew1xdy4t5sGt5FpvrmcYiPOhw=; c=relaxed/simple; d=groups.io; h=DKIM-Filter:Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713390833; v=1; b=VdgsmujOYpaAL0PywAqu2lQgaBvVX6xuV1zwAC7KI75Iv4jlYNpWwpQI11/KS6Tc5Rh3ZMrY 62K/tl+OiPmT7wsXGmB9kxtUoufrVWmyKVb2i8qrbVgbGrPwCj8fHxfzU9rxRUH0CEuwy6hwBBV jpvIppbymY26aJgpnmna5EL9mrzONUdUGmBhkDPNNc/i15sUZNNw1NJaNYwEosjRihOWI/KuAhg I9qLsDBO1WavOeUHBg5sYU4jQJb7iVYx63D83O2i2JJdFq+MmZILHR30VqLQH4q0lcYrDSuV+c8 I/TiK93R5Q5ODr7l3HPT0Fk7E/ulPZpf8gOpHZx8mmCtA== X-Received: by 127.0.0.2 with SMTP id 4IswYY7687511xAEkeFUyadW; Wed, 17 Apr 2024 14:53:53 -0700 X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web10.547.1713390833011855129 for ; Wed, 17 Apr 2024 14:53:53 -0700 X-Received: from [10.137.194.171] (unknown [131.107.159.43]) by linux.microsoft.com (Postfix) with ESMTPSA id 586B520FD4B8; Wed, 17 Apr 2024 14:53:52 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 586B520FD4B8 Message-ID: Date: Wed, 17 Apr 2024 14:53:52 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH v1] MdeModulePkg: Fixup MAT Attributes After Splitting EFI Memory Map To: devel@edk2.groups.io, ardb@kernel.org, Taylor Beebe Cc: Liming Gao References: <20240417022836.1593-1-taylor.d.beebe@gmail.com> <2644bcd1-29c7-4cc0-9600-ae2a2eca9927@gmail.com> From: "Oliver Smith-Denny" In-Reply-To: Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 17 Apr 2024 14:53:53 -0700 Resent-From: osde@linux.microsoft.com Reply-To: devel@edk2.groups.io,osde@linux.microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: g7ALjt9nRL9SgXaqCdgHhJbdx7686176AA= Content-Language: en-CA Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=VdgsmujO; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.9 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linux.microsoft.com (policy=none) On 4/17/2024 9:52 AM, Ard Biesheuvel wrote: > So the purpose of the MAT is to describe RT code (and to a lesser > extent, RT data) regions where we cannot apply either RO or XP to the > whole thing. IIRC there was never an intent to exhaustively describe > all memory runtime regions. Also note that RO was introduced at this > point, because WP was already being used in the ordinary memory map in > a deviating manner. RO is defined both for the memory map and the MAT, > and so it can occur in either. >=20 At the principle level, I think we can say that we want all runtime code regions to RO and all runtime data regions to be XP. Regardless of whatever situation we have today, I think this is a reasonable principle to maintain. If you don't want those attributes, a different memory type should be allocated. If we agree on this principle, I think we should put it into practice. Again, the UEFI spec calls out that EfiRuntimeServicesCode is for image code. From a security and safety standpoint, we know we want image code to be RO. To help with any existing (mis)use of EfiRuntimeServicesCode, I do think we should put a big old assert in the MAT generation logic that says I found a EfiRuntimeServicesCode section that is not described in an image record, something is wrong with your configuration, you are not using EfiRuntimeServicesCode correctly. If I am missing a legitimate use of EfiRuntimeServicesCode, please help educate me. Also, I know that modern Windows security features rely on the MAT describing all EfiRuntimeServicesCode and EfiRuntimeServicesData regions. Here is an MSDN link that makes a statement towards that: https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/unified-= extensible-firmware-interface In a more actionable way, the Windows testing infrastructure will test to ensure that there are no EfiRuntimeServices[Code|Data] sections in the EFI memory map that are not described in the MAT. Again, there are various security features that rely on this. Thanks, Oliver -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117935): https://edk2.groups.io/g/devel/message/117935 Mute This Topic: https://groups.io/mt/105570114/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-