From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 494BE94148A for ; Mon, 11 Dec 2023 09:06:08 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=bF9LJjY39byQv7sQmvpp7lup2K6qR84UxR8V2geN3SU=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20140610; t=1702285566; v=1; b=JS9psnY4boD2j0qMkV5MITHxPlwz+ySfebCMT+HaswqI/DxoSvVvA4+cn9xbI0O/cO//OZu4 73tOjDqFKjateiq4QkNDHZrZ2t05UFhH/D5jkNWLq3ojYvZvVjD03NqUJhLK4pETxQq8FzI0hdi yisdwBtL3ZFE5xQM+paJ9Qos= X-Received: by 127.0.0.2 with SMTP id dUo1YY7687511xGIaxTHiJ20; Mon, 11 Dec 2023 01:06:06 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.4355.1702285566325528970 for ; Mon, 11 Dec 2023 01:06:06 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-674-lvRGBNfdP9WdqnxKhDKH1Q-1; Mon, 11 Dec 2023 04:06:00 -0500 X-MC-Unique: lvRGBNfdP9WdqnxKhDKH1Q-1 X-Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 756A985A58E; Mon, 11 Dec 2023 09:05:59 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.193.79]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2C6C9C15880; Mon, 11 Dec 2023 09:05:59 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C621B180039F; Mon, 11 Dec 2023 10:05:57 +0100 (CET) Date: Mon, 11 Dec 2023 10:05:57 +0100 From: "Gerd Hoffmann" To: Ard Biesheuvel Cc: devel@edk2.groups.io, Ard Biesheuvel , Laszlo Ersek , Oliver Steffen , Alexander Graf , Oliver Smith-Denny , Taylor Beebe , Peter Jones , Leif Lindholm Subject: Re: [edk2-devel] [PATCH v2] ArmVirt: Allow memory attributes protocol to be disabled on first boot Message-ID: References: <20231207100603.2654084-1-ardb@google.com> MIME-Version: 1.0 In-Reply-To: <20231207100603.2654084-1-ardb@google.com> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 0xprn5rBkFsUNS37GqbGvBNMx7686176AA= Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=JS9psnY4; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On Thu, Dec 07, 2023 at 11:06:03AM +0100, Ard Biesheuvel wrote: > From: Ard Biesheuvel > > Shim's PE loader uses the EFI memory attributes protocol in a way that > results in an immediate crash when invoking the loaded image, unless the > base and size of its executable segment are both aligned to 4k. > > If this is not the case, it will strip the memory allocation of its > executable permissions, but fail to add them back for the executable > region, resulting in non-executable code. Unfortunately, the PE loader > does not even bother invoking the protocol in this case (as it notices > the misalignment), making it very hard for system firmware to work > around this by attempting to infer the intent of the caller. > > So let's introduce a QEMU command line option to indicate that the > protocol should not be exposed at all on the first boot, which is when > the issue is triggered. (fbaa64.efi is broken but grubaa64.efi boots > fine) > > -fw_cfg opt/org.tianocore/UninstallMemAttrProtocolOnFirstBoot,string=y > > Also introduce a fixed boolean PCD that sets the default. Did some more testing meanwhile with latest shim. Noticed things can explode in other ways as well in case the memory attribute protocol is present. Specifically rhel-9.3 grub on aa64 crashes with latest shim. Which I suspect is that grub version not being NX-clean, and shim setting page permissions via memory attribute protocol triggers that bug. Didn't analyze it yet though. So, while I'd love to see some automatic way here I suspect trying to be too clever does more harm than good. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112275): https://edk2.groups.io/g/devel/message/112275 Mute This Topic: https://groups.io/mt/103031504/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-