On Thu, Oct 05, 2023 at 10:23:25AM +0200, Laszlo Ersek wrote: > On 10/5/23 08:31, Nhi Pham via groups.io wrote: > > Hi Ard, Oliver, > > > > I'm investigating the crash on grub2/shim loader due to the added > > EFI_MEMORY_ATTRIBUTE_PROTOCOL when rebasing. I found this interesting > > patch and went through on the discussion, I am still not sure the > > conclusion on this patch. > > > > This issue impacts many platforms, and any downstream edk2 has to clone > > this patch to disable the EFI_MEMORY_ATTRIBUTE_PROTOCOL until we have > > the loader fixed, maybe years. So, I wonder whether we can merge this > > patch with changing PcdEnableEfiMemoryAttributeProtocol to be disabled > > by default in DEC? This provides downstream platforms with the > > flexibility to enable/disable it as per their preference, rather than > > having to clone this path to their local repository. Furthermore, it > > does not impact the default installation of the > > EFI_MEMORY_ATTRIBUTE_PROTOCOL in the mainline. > > I think a more general approach is being discussed in the "MdeModulePkg: > Add Additional Profiles to SetMemoryProtectionsLib" thread. I do agree > the "--pcd" build flag would be best to configure a default platform > profile.
I think the memory protection profiles do not configure whenever EFI_MEMORY_ATTRIBUTE_PROTOCOL is exposed or not. Adding a switch there makes sense to me though. I do not expect fixing shim will take years. Right now shim updates are blocked by microsoft being strict on w^x when it comes to secure boot signing and the x86 linux kernels not being w^x clean yet. Fixes are underway (thanks Ard!) and should land in the next (6.7) merge window. shim updates should follow shortly thereafter. New distro releases and boot media updates for LTS distros are the final steps in fixing the current linux boot loader mess. I expect the need for these tweaks goes away for supported linux distros in the first half of next year. Of course there are use cases where you want boot older (buggy) distro boot media, so having a runtime switch for this would be nice. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109348): https://edk2.groups.io/g/devel/message/109348 Mute This Topic: https://groups.io/mt/99631663/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
