Sorry for the slow reply :)
Additional profiles which fit general use cases can be added to
SetMemoryProtectionsLib, but because this is a profile for grub
compatibility I'd say it's better suited for platform code making
MemoryProtectionConfigLib in OvmfPkg the best spot.
I'll add an additional static profile array to MemoryProtectionConfigLib
and have logic loop through both to see if a profile matches. I'll
add the GrubCompat profile you outlined to this new profile array.
I can also update ArmVirtPkg to disable execution protection
for EfiLoaderData by default until fw_cfg parsing
support is added to ArmVirtPkg. Let me know if you think
this is necessary.
Thanks for the feedback :)
-Taylor
On 9/27/23 1:19 AM, Gerd Hoffmann wrote:
On Tue, Sep 19, 2023 at 05:57:43PM -0700, Taylor Beebe wrote:
Now that the EDK2 tree uses GetMemoryProtectionsLib to query
the platform memory protection settings, we can add additional
profiles to SetMemoryProtectionsLib to give plaforms more options
for setting memory protections.
What is the recommended way to add more profiles?
Specifically I have a bunch of linux test cases failing when testing
this series, which is most likely causes by older + broken grub versions
(which are known to use EfiLoaderData for code).
So I think I need a "GrubCompat" profile which has
ExecutionProtection.EnabledForType[EfiLoaderData] = FALSE
but is otherwise identical to the production profile.
Should that go into SetMemoryProtectionsLib?
Or MemoryProtectionConfigLib?
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109215): https://edk2.groups.io/g/devel/message/109215
Mute This Topic: https://groups.io/mt/101469960/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
