On Mon, Jul 17, 2023 at 5:26 PM Ard Biesheuvel <a...@kernel.org> wrote: > > On Mon, 17 Jul 2023 at 18:15, Pedro Falcato <pedro.falc...@gmail.com> wrote: > > > > On Wed, Jul 12, 2023 at 12:53 AM Taylor Beebe <t...@taylorbeebe.com> wrote: > > > > > > In the past, memory protection settings were configured via FixedAtBuild > > > PCDs, > > > which resulted in a build-time configuration of memory mitigations. This > > > approach limited the flexibility of applying mitigations to the > > > system and made it difficult to update or adjust the settings post-build. > > > > How do you mitigate the possibility of an attack overwriting the > > dynamic configuration data (the HOBs)? > > It seems most dangerous to me to publish this sort of > > security-sensitive configuration knobs dynamically such that an > > attacker can change them. > > > > That is a very good point. One of the things I have on my TODO list > for the memory attributes PEI work is to remap HOB memory read-only > before entering DXE. They are conceptually read-only anyway when PEI > completes, so they should never be modified afterwards.
I agree, but it also seems that this patch set needs some sort of __ro_after_init capabilities. For example, in https://github.com/tianocore/edk2/pull/4566/commits/e485459b6efb1e49591c6f3011d9da14746c52bc#diff-02c0ef19d024b43162043efdd9ed95e0eef1653bcb5bef1e2f2b77587aee2622R101 (DxeMemoryProtectionHobLibConstructor), a copy of this same HOB is made onto .data, while it should be RO-protected as well. With both the HOB list and this sort of __ro_after_init protected, the only remaining exploits would be to DMA over those pages (addressed by IOMMU, not in this scope), to remap those pages (requires ring 0 access, therefore irrelevant) or to toggle some sort of WP-like bit (CR0.WP, other archs may have equivalents), which already bypasses most of the memory protections and therefore isn't all that concerning to me. -- Pedro -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106967): https://edk2.groups.io/g/devel/message/106967 Mute This Topic: https://groups.io/mt/100090629/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
