Note: I'll be accepting feedback on this until Friday after which I will
submit a patch series.
On 7/22/2021 5:32 PM, Taylor Beebe via groups.io wrote:
Current memory protection settings rely on FixedAtBuild PCD values
(minus PcdSetNxForStack). Because of this, the memory protection
configuration interface is fixed in nature. Cases arise in which memory
protections might need to be adjusted between boots (if platform design
allows) to avoid disabling a system. For example, platforms might choose
to allow the user to control their protection policies such as allow
execution of critical 3rd party software that might violate memory
protections.
This RFC seeks your feedback regarding introducing an interface that
allows dynamic configuration of memory protection settings.
I would like to propose two options:
1. Describing the memory protection setting configuration in a HOB that
is produced by the platform.
2. Introducing a library class (e.g. MemoryProtectionLib) that allows
abstraction of the memory protection setting configuration data source.
In addition, I would like to know if the memory protection FixedAtBuild
PCDs currently in MdeModulePkg can be removed so we can move the
configuration interface entirely to an option above.
In any case, I would like the settings to be visible to environments
such as Standalone MM where dynamic PCDs are not accessible.
I am seeking your feedback on this proposal in preparation for sending
an edk2 patch series.
--
Taylor Beebe
Software Engineer @ Microsoft
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78307): https://edk2.groups.io/g/devel/message/78307
Mute This Topic: https://groups.io/mt/84392478/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
