[edk2] [PATCH 1/2] UefiCpuPkg: change PcdCpuSmmStackGuard default to TRUE

Wed, 01 Jun 2016 12:04:00 -0700 

This Feature PCD causes PiSmmCpuDxe to catch SMM stack overflow at
runtime, logging a clear error message, and entering a CPU dead loop.
Compared to the chaotic and catastrophic consequences of the stack leaking
into, and corrupting, the SMM page table, a stack guard that is enabled by
default is vastly superior.

We should not require sane platforms to explicitly opt in to this
safeguard; instead, we should require platforms that prefer to live
dangerously to opt out of it.

Stack overflow in SMM might even give rise to security vulnerabilities.

Cc: Jeff Fan <[email protected]>
Cc: Jiewen Yao <[email protected]>
Cc: Jordan Justen <[email protected]>
Cc: Michael D Kinney <[email protected]>
Ref: http://thread.gmane.org/gmane.comp.bios.edk2.devel/12864
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1341733
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <[email protected]>
---
 UefiCpuPkg/UefiCpuPkg.dec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index 16637dfdc14b..ef46318a8935 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -85,11 +85,11 @@ [PcdsFeatureFlag]
   
gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmBlockStartupThisAp|FALSE|BOOLEAN|0x32132108
 
   ## Indicates if SMM Stack Guard will be enabled.
-  #  If enabled, stack overflow in SMM can be caught which eases 
debugging.<BR><BR>
+  #  If enabled, stack overflow in SMM can be caught, preventing chaotic 
consequences.<BR><BR>
   #   TRUE  - SMM Stack Guard will be enabled.<BR>
   #   FALSE - SMM Stack Guard will be disabled.<BR>
   # @Prompt Enable SMM Stack Guard.
-  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|FALSE|BOOLEAN|0x1000001C
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|TRUE|BOOLEAN|0x1000001C
 
   ## Indicates if BSP election in SMM will be enabled.
   #  If enabled, a BSP will be dynamically elected among all processors in 
each SMI.
-- 
1.8.3.1


_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to