Now that we are getting more serious about implementing secure boot on ARM systems, by putting the code that manipulated the variable store in a secure partition, it makes sense to give some attention to the non-secure side as well, since having secure authenticated variables is moot if we can just nop out the authentication check in the image loader.
Patch #1 fixes an issue in ArmMmuLib that is triggered when HeapGuard is enabled. Patch #2 optimizes TLB management so that we don't flush all of it every time. This is a performance optimization as well as a hardening measure, since it makes it more difficult to trigger a flush of all TLBs, which is needed when abusing a write exploit to change memory permissions. Patch #3 is a prerequisite for enabling StackGuard and HeapGuard, which make use of the EFI_MEMORY_RP attribute and this wasn't wired up yet. Patch #4 adds support to ArmMmuLib to remap all page tables read-only, so that they are no longer vulnerable to rogue writes. Patch #5 enables the feature added in #4 at EndOfDxe. Ard Biesheuvel (5): ArmPkg/ArmMmuLib AARCH64: fix out of bounds access ArmPkg/ArmMmuLib AARCH64: get rid of needless TLB invalidation ArmPkg/ArmMmuLib AARCH64: implement support for EFI_MEMORY_RP permissions ArmPkg/ArmMmuLib AARCH64: add support for read-only page tables ArmPkg/CpuDxe: switch to read-only page tables at EndOfDxe ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 5 +- ArmPkg/Drivers/CpuDxe/CpuDxe.c | 23 +++ ArmPkg/Drivers/CpuDxe/CpuDxe.inf | 1 + ArmPkg/Include/Library/ArmMmuLib.h | 9 +- ArmPkg/Library/ArmLib/AArch64/ArmLibSupport.S | 6 +- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 149 +++++++++++++++++--- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibReplaceEntry.S | 14 +- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibCore.c | 8 ++ 8 files changed, 181 insertions(+), 34 deletions(-) -- 2.20.1 _______________________________________________ edk2-devel mailing list firstname.lastname@example.org https://lists.01.org/mailman/listinfo/edk2-devel