On Fri, 2013-03-08 at 10:52 -0600, Brian J. Johnson wrote: > We've implemented a similar "safety" check in our BIOS by modifying the > segment descriptors (in 32-bit mode) and the 1:1 page tables (in 64-bit > mode) to prohibit access to addresses 0-4095. That caught some bugs and > unforseen end cases in our code. > > Unfortunately this check interfered with the CSM, so we were not able to > use it in production. But it might be a handy option (under a PCD > feature flag, of course) to have available in EDK2.
Surely it wouldn't affect the CSM itself, which will run in 16-bit mode and not care about the segment descriptors? It'll affect the UEFI-side CSM support code, but only when it's trying to access that first 4KiB of memory. That's relatively few call sites, and you could fix them up in a number of ways — temporarily loading a different segment selector which would allow access, perhaps. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ edk2-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/edk2-devel
