Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: Leo Duran <leo.du...@amd.com>
Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>
Cc: Star Zeng <star.z...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Dandan Bi <dandan...@intel.com>
---
MdeModulePkg/MdeModulePkg.dec | 2 +-
MdeModulePkg/MdeModulePkg.uni | 38 ++++++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 356b3e1..626e479 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1737,11 +1737,11 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic,
PcdsDynamicEx]
gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x0}|VOID*|0x30001046
## This PCD holds the address mask for page table entries when memory
encryption is
# enabled on AMD processors supporting the Secure Encrypted Virtualization
(SEV) feature.
# This mask should be applied when creating 1:1 virtual to physical mapping
tables.
- #
+ # @Prompt The address mask when memory encryption is enabled.
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047
[PcdsPatchableInModule]
## Specify memory size with page number for PEI code when
# Loading Module at Fixed Address feature is enabled.
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index ff0d697..d6015de 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -1087,5 +1087,43 @@
"The code section becomes read-only, and the data section becomes
non-executable.\n"
"If a bit is clear, the image will not be protected.<BR><BR>\n"
"BIT0 - Image from unknown device. <BR>\n"
"BIT1 - Image from firmware volume.<BR>"
+#string
STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_PROMPT
#language en-US "Set DXE memory protection policy."
+
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_HELP
#language en-US "Set DXE memory protection policy. The policy is bitwise.\n"
+
"If a bit is set, memory regions of the associated type will
be mapped\n"
+
"non-executable.<BR><BR>\n"
+
"\n"
+
"Below is bit mask for this PCD: (Order is same as UEFI
spec)<BR>\n"
+
"EfiReservedMemoryType 0x0001<BR>\n"
+
"EfiLoaderCode 0x0002<BR>\n"
+
"EfiLoaderData 0x0004<BR>\n"
+
"EfiBootServicesCode 0x0008<BR>\n"
+
"EfiBootServicesData 0x0010<BR>\n"
+
"EfiRuntimeServicesCode 0x0020<BR>\n"
+
"EfiRuntimeServicesData 0x0040<BR>\n"
+
"EfiConventionalMemory 0x0080<BR>\n"
+
"EfiUnusableMemory 0x0100<BR>\n"
+
"EfiACPIReclaimMemory 0x0200<BR>\n"
+
"EfiACPIMemoryNVS 0x0400<BR>\n"
+
"EfiMemoryMappedIO 0x0800<BR>\n"
+
"EfiMemoryMappedIOPortSpace 0x1000<BR>\n"
+
"EfiPalCode 0x2000<BR>\n"
+
"EfiPersistentMemory 0x4000<BR>\n"
+
"OEM Reserved 0x4000000000000000<BR>\n"
+
"OS Reserved 0x8000000000000000<BR>\n"
+
"\n"
+
"NOTE: User must NOT set NX protection for EfiLoaderCode /
EfiBootServicesCode / EfiRuntimeServicesCode. <BR>\n"
+
"User MUST set the same NX protection for EfiBootServicesData
and EfiConventionalMemory. <BR>\n"
+
"\n"
+
"e.g. 0x7FD5 can be used for all memory except Code. <BR>\n"
+
"e.g. 0x7BD4 can be used for all memory except Code and
ACPINVS/Reserved. <BR>\n"
+
""
+
+#string
STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOrMask_PROMPT
#language en-US "The address mask when memory encryption is enabled."
+
+#string
STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOrMask_HELP
#language en-US "This PCD holds the address mask for page table entries when
memory encryption is\n"
+
"enabled on AMD processors supporting the Secure
Encrypted Virtualization (SEV) feature.\n"
+
"This mask should be applied when creating 1:1 virtual to
physical mapping tables."
+
--
1.9.5.msysgit.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
