<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Aug 9, 2021, at 7:43 PM, Ni, Ray <<a href="mailto:ray.ni@intel.com" class="">ray.ni@intel.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Acked-by: Ray Ni <</span><a href="mailto:ray.ni@intel.com" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">ray.ni@intel.com</a><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">></span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">I will depend on tool owner to review the tool configuration change making sure that the correct section name is chosen for different C compilers.</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""></div></blockquote><div><br class=""></div><div>Ray,</div><div><br class=""></div><div>I made a detailed response about Mach-O with Xcode/clang and I don’t think patch works. Not sure if it breaks anything, but it puts things in the .data PE/COFF section. </div><div><br class=""></div><div>I’m also worried it is broken for any toolchain that generates ELF and use GenFw. I don’t think the GenFw tool creates a PE/COFF .rodata section [1] so if things work they will end up in the .data section, or things might break? Some one who knows that tool better than me should take a detailed look. </div><div><br class=""></div><div>I’m guessing it likely does the correct thing for toolchains that generate PE/COFF directly? </div><div><br class=""></div><div>My vote is to not add this feature until we can prove it works properly on all the toolchains. For Xcode it may be easier to just dump this stuff in the .text section (see my other mail for more background). It looks like we might have to modify GenFw if we want to create a .rodata section? </div><div><br class=""></div><div>It might be possible to cheat and use this concept to force code into the text section for ELF and Mach-O, but I’m not sure if that hits the correct security bar. But the last thing we want is to claim something is in a read only section when it is in a read write section. </div><div><br class=""></div><div>[1] <font color="#9fa01c" class=""><span style="caret-color: rgb(159, 160, 28);" class=""> </span></font><span style="font-family: Menlo; font-size: 11px; font-variant-ligatures: no-common-ligatures;" class="">git grep CreateSectionHeader</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/Elf32Convert.c</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">602</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">    </span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (".text", mTextOffset, mDataOffset - mTextOffset,</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/Elf32Convert.c</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">612</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">    </span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (".data", mDataOffset, mHiiRsrcOffset - mDataOffset,</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/Elf32Convert.c</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">622</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">    </span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (".rsrc", mHiiRsrcOffset, mRelocOffset - mHiiRsrcOffset,</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/Elf32Convert.c</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">1107</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">    </span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (".reloc", mRelocOffset, mCoffOffset - mRelocOffset,</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/Elf64Convert.c</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">929</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">    </span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (".text", mTextOffset, mDataOffset - mTextOffset,</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/Elf64Convert.c</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">939</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">    </span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (".data", mDataOffset, mHiiRsrcOffset - mDataOffset,</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/Elf64Convert.c</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">949</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">    </span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (".rsrc", mHiiRsrcOffset, mRelocOffset - mHiiRsrcOffset,</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/Elf64Convert.c</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">1641</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">    </span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (".reloc", mRelocOffset, mCoffOffset - mRelocOffset,</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/ElfConvert.c</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">125</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">BaseTools/Source/C/GenFw/ElfConvert.h</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures" class="">74</span><span style="font-variant-ligatures: no-common-ligatures; color: #2eaebb" class="">:</span><span style="font-variant-ligatures: no-common-ligatures; color: #b42419" class=""><b class="">CreateSectionHeader</b></span><span style="font-variant-ligatures: no-common-ligatures" class=""> (</span></div><div class=""><br class=""></div><div>Thanks,</div><div><br class=""></div><div>Andrew Fish</div><br class=""><blockquote type="cite" class=""><div class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Thanks,</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Ray</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><blockquote type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class="">-----Original Message-----<br class="">From: Marvin Häuser <<a href="mailto:mhaeuser@posteo.de" class="">mhaeuser@posteo.de</a>><br class="">Sent: Monday, August 9, 2021 5:51 PM<br class="">To:<span class="Apple-converted-space"> </span><a href="mailto:devel@edk2.groups.io" class="">devel@edk2.groups.io</a><br class="">Cc: Dong, Eric <<a href="mailto:eric.dong@intel.com" class="">eric.dong@intel.com</a>>; Ni, Ray <<a href="mailto:ray.ni@intel.com" class="">ray.ni@intel.com</a>>; Kumar, Rahul1 <<a href="mailto:rahul1.kumar@intel.com" class="">rahul1.kumar@intel.com</a>>; Vitaly Cheptsov<br class=""><<a href="mailto:vit9696@protonmail.com" class="">vit9696@protonmail.com</a>><br class="">Subject: [PATCH v2 2/2] UefiCpuPkg/BaseUefiCpuLib: Use toolchain-specific rodata section name<br class=""><br class="">REF: <a href="https://bugzilla.tianocore.org/show_bug.cgi?id=3318" class="">https://bugzilla.tianocore.org/show_bug.cgi?id=3318</a><br class=""><br class="">Correctly define the read-only data sections with the<br class="">toolchain-specific section name. This hardens image permission<br class="">security and may save image space.<br class=""><br class="">Cc: Eric Dong <<a href="mailto:eric.dong@intel.com" class="">eric.dong@intel.com</a>><br class="">Cc: Ray Ni <<a href="mailto:ray.ni@intel.com" class="">ray.ni@intel.com</a>><br class="">Cc: Rahul Kumar <<a href="mailto:rahul1.kumar@intel.com" class="">rahul1.kumar@intel.com</a>><br class="">Cc: Vitaly Cheptsov <<a href="mailto:vit9696@protonmail.com" class="">vit9696@protonmail.com</a>><br class="">Signed-off-by: Marvin Häuser <<a href="mailto:mhaeuser@posteo.de" class="">mhaeuser@posteo.de</a>><br class="">---<br class="">UefiCpuPkg/Library/BaseUefiCpuLib/Ia32/InitializeFpu.nasm | 2 +-<br class="">UefiCpuPkg/Library/BaseUefiCpuLib/X64/InitializeFpu.nasm  | 2 +-<br class="">2 files changed, 2 insertions(+), 2 deletions(-)<br class=""><br class="">diff --git a/UefiCpuPkg/Library/BaseUefiCpuLib/Ia32/InitializeFpu.nasm<br class="">b/UefiCpuPkg/Library/BaseUefiCpuLib/Ia32/InitializeFpu.nasm<br class="">index 5e27cc325012..cfb8bf4a5ae0 100644<br class="">--- a/UefiCpuPkg/Library/BaseUefiCpuLib/Ia32/InitializeFpu.nasm<br class="">+++ b/UefiCpuPkg/Library/BaseUefiCpuLib/Ia32/InitializeFpu.nasm<br class="">@@ -6,7 +6,7 @@<br class="">;*<br class=""><br class="">;------------------------------------------------------------------------------<br class=""><br class=""><br class=""><br class="">-    SECTION .rodata<br class=""><br class="">+    SECTION RODATA_SECTION_NAME<br class=""><br class=""><br class=""><br class="">;<br class=""><br class="">; Float control word initial value:<br class=""><br class="">diff --git a/UefiCpuPkg/Library/BaseUefiCpuLib/X64/InitializeFpu.nasm<br class="">b/UefiCpuPkg/Library/BaseUefiCpuLib/X64/InitializeFpu.nasm<br class="">index 8485b4713548..3c976a21e391 100644<br class="">--- a/UefiCpuPkg/Library/BaseUefiCpuLib/X64/InitializeFpu.nasm<br class="">+++ b/UefiCpuPkg/Library/BaseUefiCpuLib/X64/InitializeFpu.nasm<br class="">@@ -6,7 +6,7 @@<br class="">;*<br class=""><br class="">;------------------------------------------------------------------------------<br class=""><br class=""><br class=""><br class="">-    SECTION .rodata<br class=""><br class="">+    SECTION RODATA_SECTION_NAME<br class=""><br class="">;<br class=""><br class="">; Float control word initial value:<br class=""><br class="">; all exceptions masked, double-extended-precision, round-to-nearest<br class=""><br class="">--<br class="">2.31.1<br class=""></blockquote><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class=""></span></div></blockquote></div><br class=""></body></html>


 <div width="1" style="color:white;clear:both">_._,_._,_</div> <hr>   Groups.io Links:<p>   You receive all messages sent to this group.    <p> <a target="_blank" href="https://edk2.groups.io/g/devel/message/79016">View/Reply Online (#79016)</a> |    |  <a target="_blank" href="https://groups.io/mt/84764907/1813853">Mute This Topic</a>  | <a href="https://edk2.groups.io/g/devel/post">New Topic</a><br>    <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> |  <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a>  [edk2-devel-archive@redhat.com]<br> <div width="1" style="color:white;clear:both">_._,_._,_</div>