On Wed, Jul 12, 2023 at 12:53 AM Taylor Beebe <t...@taylorbeebe.com> wrote:
>
> In the past, memory protection settings were configured via FixedAtBuild PCDs,
> which resulted in a build-time configuration of memory mitigations. This
> approach limited the flexibility of applying mitigations to the
> system and made it difficult to update or adjust the settings post-build.

How do you mitigate the possibility of an attack overwriting the
dynamic configuration data (the HOBs)?
It seems most dangerous to me to publish this sort of
security-sensitive configuration knobs dynamically such that an
attacker can change them.

-- 
Pedro


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106965): https://edk2.groups.io/g/devel/message/106965
Mute This Topic: https://groups.io/mt/100090629/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-


Reply via email to