public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: devel@edk2.groups.io, nhi@os.amperecomputing.com,
	 Ard Biesheuvel <ardb@kernel.org>,
	Oliver Steffen <osteffen@redhat.com>,
	 Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Daniel Schaefer <git@danielschaefer.me>,
	 Eric Dong <eric.dong@intel.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	 Liming Gao <gaoliming@byosoft.com.cn>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	 Rahul Kumar <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	 Sunil V L <sunilvl@ventanamicro.com>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	 Taylor Beebe <t@taylorbeebe.com>,
	Oliver Smith-Denny <osd@smith-denny.com>,
	 Michael Kubacki <mikuback@linux.microsoft.com>
Subject: Re: [edk2-devel] [PATCH 1/1] ArmPkg: Add Pcd to disable EFI_MEMORY_ATTRIBUTE_PROTOCOL
Date: Thu, 5 Oct 2023 12:01:39 +0200	[thread overview]
Message-ID: <lut67wuy6dqhozmownlhf7jozzljij76mauygfqjavnjsprkl3@nf2u3a6ke3er> (raw)
In-Reply-To: <254cfe1b-3b28-419e-c5ef-9907938536c5@redhat.com>

On Thu, Oct 05, 2023 at 10:23:25AM +0200, Laszlo Ersek wrote:
> On 10/5/23 08:31, Nhi Pham via groups.io wrote:
> > Hi Ard, Oliver,
> > 
> > I'm investigating the crash on grub2/shim loader due to the added
> > EFI_MEMORY_ATTRIBUTE_PROTOCOL when rebasing. I found this interesting
> > patch and went through on the discussion, I am still not sure the
> > conclusion on this patch.
> > 
> > This issue impacts many platforms, and any downstream edk2 has to clone
> > this patch to disable the EFI_MEMORY_ATTRIBUTE_PROTOCOL until we have
> > the loader fixed, maybe years. So, I wonder whether we can merge this
> > patch with changing PcdEnableEfiMemoryAttributeProtocol to be disabled
> > by default in DEC? This provides downstream platforms with the
> > flexibility to enable/disable it as per their preference, rather than
> > having to clone this path to their local repository. Furthermore, it
> > does not impact the default installation of the
> > EFI_MEMORY_ATTRIBUTE_PROTOCOL in the mainline.
> 
> I think a more general approach is being discussed in the "MdeModulePkg:
> Add Additional Profiles to SetMemoryProtectionsLib" thread. I do agree
> the "--pcd" build flag would be best to configure a default platform
> profile.

I think the memory protection profiles do not configure whenever
EFI_MEMORY_ATTRIBUTE_PROTOCOL is exposed or not.  Adding a switch
there makes sense to me though.

I do not expect fixing shim will take years.  Right now shim updates are
blocked by microsoft being strict on w^x when it comes to secure boot
signing and the x86 linux kernels not being w^x clean yet.  Fixes are
underway (thanks Ard!) and should land in the next (6.7) merge window.
shim updates should follow shortly thereafter.  New distro releases and
boot media updates for LTS distros are the final steps in fixing the
current linux boot loader mess.  I expect the need for these tweaks
goes away for supported linux distros in the first half of next year.

Of course there are use cases where you want boot older (buggy) distro
boot media, so having a runtime switch for this would be nice.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109348): https://edk2.groups.io/g/devel/message/109348
Mute This Topic: https://groups.io/mt/99631663/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



      reply	other threads:[~2023-10-05 10:01 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-19 20:32 [PATCH 1/1] ArmPkg: Add Pcd to disable EFI_MEMORY_ATTRIBUTE_PROTOCOL Oliver Steffen
2023-06-20  9:32 ` Gerd Hoffmann
2023-06-20 13:16   ` Ard Biesheuvel
2023-06-20 14:53     ` [edk2-devel] " Michael Kubacki
2023-06-20 16:03     ` Gerd Hoffmann
2023-06-20 17:06       ` [edk2-devel] " Sean
2023-06-23 16:26         ` Ard Biesheuvel
2023-06-23 19:32           ` Sean
2023-10-05  6:31       ` Nhi Pham via groups.io
2023-10-05  8:23         ` Laszlo Ersek
2023-10-05 10:01           ` Gerd Hoffmann [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=lut67wuy6dqhozmownlhf7jozzljij76mauygfqjavnjsprkl3@nf2u3a6ke3er \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox