From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id CC62D9415FA for ; Thu, 5 Oct 2023 10:01:48 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=peUETRhf5uxA1F6A/TWH0247sMBa12vpIZD94mwkOUg=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20140610; t=1696500107; v=1; b=rStXY3+ljdclwauEv+ZoP8s8RU/JEuONhVxWef+gVFvhASeIXqS/CUgNJVKWd28cVDyhIpag MyBVXkkY9MwXBfG8syZEC/9tMjYd2Lll776u2E+EEvPOz2zxnx6pFx30Spxjpi5hibSEChT7QSg LZj/AU2gUkg2XhiRJXxoC3+c= X-Received: by 127.0.0.2 with SMTP id pSTlYY7687511xknGubXuqNw; Thu, 05 Oct 2023 03:01:47 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web10.11641.1696500106770217407 for ; Thu, 05 Oct 2023 03:01:46 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-183-hKwUqQ6RM72Apsf5AL-X5g-1; Thu, 05 Oct 2023 06:01:42 -0400 X-MC-Unique: hKwUqQ6RM72Apsf5AL-X5g-1 X-Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 970AD1875056; Thu, 5 Oct 2023 10:01:41 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.193.95]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0337D40C6EA8; Thu, 5 Oct 2023 10:01:40 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 7637D1800931; Thu, 5 Oct 2023 12:01:39 +0200 (CEST) Date: Thu, 5 Oct 2023 12:01:39 +0200 From: "Gerd Hoffmann" To: Laszlo Ersek Cc: devel@edk2.groups.io, nhi@os.amperecomputing.com, Ard Biesheuvel , Oliver Steffen , Ard Biesheuvel , Daniel Schaefer , Eric Dong , Leif Lindholm , Liming Gao , Michael D Kinney , Rahul Kumar , Ray Ni , Sami Mujawar , Sunil V L , Zhiguang Liu , Taylor Beebe , Oliver Smith-Denny , Michael Kubacki Subject: Re: [edk2-devel] [PATCH 1/1] ArmPkg: Add Pcd to disable EFI_MEMORY_ATTRIBUTE_PROTOCOL Message-ID: References: <20230619203244.228933-1-osteffen@redhat.com> <4f7bcd27-35a6-33bf-61b4-4cafc6d23d5c@os.amperecomputing.com> <254cfe1b-3b28-419e-c5ef-9907938536c5@redhat.com> MIME-Version: 1.0 In-Reply-To: <254cfe1b-3b28-419e-c5ef-9907938536c5@redhat.com> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 4DcXfeq0IMu4WUsB5J0r3Vn0x7686176AA= Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=rStXY3+l; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On Thu, Oct 05, 2023 at 10:23:25AM +0200, Laszlo Ersek wrote: > On 10/5/23 08:31, Nhi Pham via groups.io wrote: > > Hi Ard, Oliver, > > > > I'm investigating the crash on grub2/shim loader due to the added > > EFI_MEMORY_ATTRIBUTE_PROTOCOL when rebasing. I found this interesting > > patch and went through on the discussion, I am still not sure the > > conclusion on this patch. > > > > This issue impacts many platforms, and any downstream edk2 has to clone > > this patch to disable the EFI_MEMORY_ATTRIBUTE_PROTOCOL until we have > > the loader fixed, maybe years. So, I wonder whether we can merge this > > patch with changing PcdEnableEfiMemoryAttributeProtocol to be disabled > > by default in DEC? This provides downstream platforms with the > > flexibility to enable/disable it as per their preference, rather than > > having to clone this path to their local repository. Furthermore, it > > does not impact the default installation of the > > EFI_MEMORY_ATTRIBUTE_PROTOCOL in the mainline. > > I think a more general approach is being discussed in the "MdeModulePkg: > Add Additional Profiles to SetMemoryProtectionsLib" thread. I do agree > the "--pcd" build flag would be best to configure a default platform > profile. I think the memory protection profiles do not configure whenever EFI_MEMORY_ATTRIBUTE_PROTOCOL is exposed or not. Adding a switch there makes sense to me though. I do not expect fixing shim will take years. Right now shim updates are blocked by microsoft being strict on w^x when it comes to secure boot signing and the x86 linux kernels not being w^x clean yet. Fixes are underway (thanks Ard!) and should land in the next (6.7) merge window. shim updates should follow shortly thereafter. New distro releases and boot media updates for LTS distros are the final steps in fixing the current linux boot loader mess. I expect the need for these tweaks goes away for supported linux distros in the first half of next year. Of course there are use cases where you want boot older (buggy) distro boot media, so having a runtime switch for this would be nice. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109348): https://edk2.groups.io/g/devel/message/109348 Mute This Topic: https://groups.io/mt/99631663/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-