[edk2-devel] [PATCH 14/14] MdeModulePkg: Delete Memory Protection PCDs
Taylor Beebe
t at taylorbeebe.com
Wed Jul 12 00:01:50 UTC 2023
Looks like the title of this patch in the series was mixed up
with the title of the following patch. I'll wait for feedback
before sending out a v2, but the title of this patch
should be:
[PATCH 13/14] ArmVirtPkg: Delete Memory Protection PCDs
On 7/11/2023 4:52 PM, Taylor Beebe via groups.io wrote:
> From: Taylor Beebe <tabeebe at microsoft.com>
>
> Now that references in the rest of the codebase have been updated
> to reference the memory protection HOB, delete the memory protection PCDs.
>
> Signed-off-by: Taylor Beebe <t at taylorbeebe.com>
> Cc: Ard Biesheuvel <ardb+tianocore at kernel.org>
> Cc: Leif Lindholm <quic_llindhol at quicinc.com>
> Cc: Sami Mujawar <sami.mujawar at arm.com>
> Cc: Gerd Hoffmann <kraxel at redhat.com>
> ---
> ArmVirtPkg/ArmVirt.dsc.inc | 15 ---------------
> ArmVirtPkg/ArmVirtCloudHv.dsc | 5 -----
> ArmVirtPkg/ArmVirtQemu.dsc | 5 -----
> 3 files changed, 25 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index 3174b19e51..e1eb189077 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -363,21 +363,6 @@
> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20
> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0
>
> - #
> - # Enable strict image permissions for all images. (This applies
> - # only to images that were built with >= 4 KB section alignment.)
> - #
> - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3
> -
> - #
> - # Enable NX memory protection for all non-code regions, including OEM and OS
> - # reserved ones, with the exception of LoaderData regions, of which OS loaders
> - # (i.e., GRUB) may assume that its contents are executable.
> - #
> - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5
> -
> - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE
> -
> [Components.common]
> #
> # Ramdisk support
> diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc
> index c975e139a2..c4c3e0da44 100644
> --- a/ArmVirtPkg/ArmVirtCloudHv.dsc
> +++ b/ArmVirtPkg/ArmVirtCloudHv.dsc
> @@ -140,11 +140,6 @@
> #
> gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16
>
> - #
> - # Enable the non-executable DXE stack. (This gets set up by DxeIpl)
> - #
> - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
> -
> !if $(SECURE_BOOT_ENABLE) == TRUE
> # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
> gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
> diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
> index 1e0225951a..214e08b789 100644
> --- a/ArmVirtPkg/ArmVirtQemu.dsc
> +++ b/ArmVirtPkg/ArmVirtQemu.dsc
> @@ -212,11 +212,6 @@
> #
> gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16
>
> - #
> - # Enable the non-executable DXE stack. (This gets set up by DxeIpl)
> - #
> - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE
> -
> !if $(SECURE_BOOT_ENABLE) == TRUE
> # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
> gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
--
Taylor Beebe
Software Engineer @ Microsoft
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106838): https://edk2.groups.io/g/devel/message/106838
Mute This Topic: https://groups.io/mt/100090808/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list