On 14 March 2018 at 19:34, Evan Lloyd <evan.ll...@arm.com> wrote: > Hi Ard. > We still have a minor problem in that the spec disqualifies EFI_MEMORY_XP for > AARCH64. > Do you have any thoughts on this? > How should we proceed here? I assume the specification statement was a > considered decision. > Do we need to get it changed, or is EFI_MEMORY_XP unnecessary? >
No, that is a spec bug EFI_MEMORY_RO and EFI_MEMORY_XP are essential for things like the memory attributes table, which prevents UEFI memory regions from being an exploit walhalla consisting only of memory regions that are writable and executable at the same time, which would defeat all the hard work OS engineers are doing to tighten memory permissions in privileged execution contexts. In this particular case, having a read-write-execute framebuffer could be a security hazard as well, so I'd prefer to strip the executable permissions here. >> -----Original Message----- >> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of >> Evan Lloyd >> Sent: 08 January 2018 18:51 >> To: Ard Biesheuvel <ard.biesheu...@linaro.org> >> Cc: "matteo.carl...@arm.com"@arm.com; >> "leif.lindh...@linaro.org"@arm.com; "n...@arm.com"@arm.com; edk2- >> de...@lists.01.org; Arvind Chauhan <arvind.chau...@arm.com>; >> "ard.biesheu...@linaro.org"@arm.com; Thomas Abraham >> <thomas.abra...@arm.com> >> Subject: Re: [edk2] [PATCH edk2-platforms v2 15/18] ARM/VExpressPkg: >> New DP500/DP550/DP650 platform library. >> >> >> >> > -----Original Message----- >> > From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] >> > Sent: 23 December 2017 16:07 >> > To: Evan Lloyd <evan.ll...@arm.com> >> > Cc: edk2-devel@lists.01.org; Arvind Chauhan >> <arvind.chau...@arm.com>; >> > Daniil Egranov <daniil.egra...@arm.com>; Thomas Abraham >> > <thomas.abra...@arm.com>; "ard.biesheu...@linaro.org"@arm.com; >> > "leif.lindh...@linaro.org"@arm.com; >> > "matteo.carl...@arm.com"@arm.com; "n...@arm.com"@arm.com >> > Subject: Re: [PATCH edk2-platforms v2 15/18] ARM/VExpressPkg: New >> > DP500/DP550/DP650 platform library. >> > > ... >> > > + // Mark the VRAM as write-combining. The VRAM is inside the DRAM, >> > > + which is // cacheable, for ARM/AArch64 EFI_MEMORY_WC memory >> is >> > actually uncached. >> > > + Status = gDS->SetMemorySpaceAttributes ( >> > > + *VramBaseAddress, >> > > + *VramSize, >> > > + EFI_MEMORY_WC >> > >> > Please add EFI_MEMORY_XP here >> > >> >> [[Evan Lloyd]] We can do that, happily. However, in looking at this we >> found that the UEFI spec has in "2.3.6 AArch64 Platforms", section "2.3.6.1 >> Memory types": >> EFI_MEMORY_XP, ... >> Not used >> or defined >> >> Does that suggest we need a minor spec update? >> >> > > + ); > ... > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
