[edk2-devel] [PATCH v3 03/16] ArmVirtPkg: make EFI_LOADER_DATA non-executable
Gerd Hoffmann
kraxel at redhat.com
Wed Jan 4 12:56:28 UTC 2023
On Wed, Jan 04, 2023 at 01:04:41PM +0100, Ard Biesheuvel wrote:
> On Wed, 4 Jan 2023 at 12:11, Gerd Hoffmann <kraxel at redhat.com> wrote:
> >
> > Hi,
> >
> > > > > > --pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1
> >
> > Can this also be flipped at runtime?
>
> Currently, it is fixed or patchable, which means that you can override
> it at build time only. I don't think making this a dynamic PCD would
> be difficult, and on QEMU, we can set the value early enough if we key
> it off fw_cfg or something like that.
>
> But that implies that you need a 'permissive' mode to invoke QEMU,
> which ends up being always enabled, most likely, so I'm not sure this
> is an improvement.
It works both ways. Being able to enable nx protection at runtime on
builds which have it disabled by default would be quite useful. Write
test cases. Write reproducer instructions which don't include building
edk2 yourself.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#97936): https://edk2.groups.io/g/devel/message/97936
Mute This Topic: https://groups.io/mt/93922691/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list