I forget mentioning the V3 update also include below 2 feedback: ============================= 4) Rename file PageTableLib.h/.c to CpuPageTable.h/.c file (from Jeff Fan) 5) Remove multi-entrypoint usage (from Liming Gao/Mike Kinney) =============================
Thank you Yao Jiewen > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jiewen > Yao > Sent: Wednesday, February 8, 2017 11:20 PM > To: edk2-devel@lists.01.org > Cc: Tian, Feng <feng.t...@intel.com>; Ard Biesheuvel > <ard.biesheu...@linaro.org>; Leif Lindholm <leif.lindh...@linaro.org>; Kinney, > Michael D <michael.d.kin...@intel.com>; Fan, Jeff <jeff....@intel.com>; Zeng, > Star <star.z...@intel.com> > Subject: [edk2] [PATCH V3 0/4] DXE Memory Protection > > ==== V3 ==== > 1) Add PCD for policy control (feedback from Ard Biesheuvel) > (Discussed with Mike Kinney) > + # BIT0 - Image from unknown device. <BR> > + # BIT1 - Image from firmware volume.<BR> > + # @Prompt Set image protection policy. > + # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F > + > gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UIN > T32|0x00001047 > > 2) Remove unused function in CpuDxe.(feedback from Liming Gao) > 3) Add commit log on link option assumption (feedback from Feng Tian) > > ==== V2 ==== > 1) Clean up ArmPkg, (feedback from Leif Lindholm) > > ==== V1 ==== > This series patch provides capability to protect PE/COFF image > in DXE memory. > If the UEFI image is page aligned, the image code section is set to read > only and the image data section is set to non-executable. > > The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect > the image. > > Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal X64/ > Tested OS: UEFI Win10, UEFI Ubuntu 16.04. > > Untested platform: ARM/AARCH64. > Can ARM/AARCH64 owner help to take a look and try the ARM platform? > > > Cc: Jeff Fan <jeff....@intel.com> > Cc: Michael Kinney <michael.d.kin...@intel.com> > Cc: Leif Lindholm <leif.lindh...@linaro.org> > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > Cc: Star Zeng <star.z...@intel.com> > Cc: Feng Tian <feng.t...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao <jiewen....@intel.com> > > Jiewen Yao (4): > UefiCpuPkg/CpuDxe: Add memory attribute setting. > ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage > MdeModulePkg/dec: add PcdImageProtectionPolicy. > MdeModulePkg/DxeCore: Add UEFI image protection. > > ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 3 +- > ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 14 +- > ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c | 5 +- > ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 3 +- > MdeModulePkg/Core/Dxe/DxeMain.h | 53 ++ > MdeModulePkg/Core/Dxe/DxeMain.inf | 5 +- > MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 3 +- > MdeModulePkg/Core/Dxe/Image/Image.c | 7 +- > MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 735 > ++++++++++++++++++ > MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c | 24 +- > MdeModulePkg/MdeModulePkg.dec | 10 + > UefiCpuPkg/CpuDxe/CpuDxe.c | 141 ++-- > UefiCpuPkg/CpuDxe/CpuDxe.inf | 5 +- > UefiCpuPkg/CpuDxe/CpuPageTable.c | 779 > ++++++++++++++++++++ > UefiCpuPkg/CpuDxe/CpuPageTable.h | 113 +++ > 15 files changed, 1801 insertions(+), 99 deletions(-) > create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c > create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c > create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h > > -- > 2.7.4.windows.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
