From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Ard Biesheuvel <ardb@google.com>
Cc: devel@edk2.groups.io, Ard Biesheuvel <ardb@kernel.org>,
Laszlo Ersek <lersek@redhat.com>,
Oliver Steffen <osteffen@redhat.com>,
Alexander Graf <graf@amazon.com>,
Oliver Smith-Denny <osde@linux.microsoft.com>,
Taylor Beebe <taylor.d.beebe@gmail.com>,
Peter Jones <pjones@redhat.com>,
Leif Lindholm <quic_llindhol@quicinc.com>
Subject: Re: [edk2-devel] [PATCH v2] ArmVirt: Allow memory attributes protocol to be disabled on first boot
Date: Mon, 11 Dec 2023 10:05:57 +0100 [thread overview]
Message-ID: <iw2dlftckbw7dnntzu45bk6cwtzb4nnovwcshpr3klvbpcuvtz@olelkc2hjctz> (raw)
In-Reply-To: <20231207100603.2654084-1-ardb@google.com>
On Thu, Dec 07, 2023 at 11:06:03AM +0100, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
>
> Shim's PE loader uses the EFI memory attributes protocol in a way that
> results in an immediate crash when invoking the loaded image, unless the
> base and size of its executable segment are both aligned to 4k.
>
> If this is not the case, it will strip the memory allocation of its
> executable permissions, but fail to add them back for the executable
> region, resulting in non-executable code. Unfortunately, the PE loader
> does not even bother invoking the protocol in this case (as it notices
> the misalignment), making it very hard for system firmware to work
> around this by attempting to infer the intent of the caller.
>
> So let's introduce a QEMU command line option to indicate that the
> protocol should not be exposed at all on the first boot, which is when
> the issue is triggered. (fbaa64.efi is broken but grubaa64.efi boots
> fine)
>
> -fw_cfg opt/org.tianocore/UninstallMemAttrProtocolOnFirstBoot,string=y
>
> Also introduce a fixed boolean PCD that sets the default.
Did some more testing meanwhile with latest shim. Noticed things can
explode in other ways as well in case the memory attribute protocol is
present.
Specifically rhel-9.3 grub on aa64 crashes with latest shim. Which I
suspect is that grub version not being NX-clean, and shim setting page
permissions via memory attribute protocol triggers that bug. Didn't
analyze it yet though.
So, while I'd love to see some automatic way here I suspect trying to be
too clever does more harm than good.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112275): https://edk2.groups.io/g/devel/message/112275
Mute This Topic: https://groups.io/mt/103031504/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-12-11 9:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 10:06 [edk2-devel] [PATCH v2] ArmVirt: Allow memory attributes protocol to be disabled on first boot Ard Biesheuvel
2023-12-08 11:20 ` Ard Biesheuvel
2023-12-11 0:02 ` Alexander Graf via groups.io
2023-12-08 14:34 ` Laszlo Ersek
2023-12-08 14:49 ` Laszlo Ersek
2023-12-08 15:34 ` Ard Biesheuvel
2023-12-11 14:27 ` Laszlo Ersek
2023-12-11 9:05 ` Gerd Hoffmann [this message]
2023-12-11 9:25 ` Ard Biesheuvel
2023-12-11 9:59 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=iw2dlftckbw7dnntzu45bk6cwtzb4nnovwcshpr3klvbpcuvtz@olelkc2hjctz \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox