Cc: Brijesh Singh <brijesh.si...@amd.com> Cc: Leo Duran <leo.du...@amd.com> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Cc: Star Zeng <star.z...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan...@intel.com> --- MdeModulePkg/MdeModulePkg.dec | 2 +- MdeModulePkg/MdeModulePkg.uni | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 356b3e1..626e479 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1737,11 +1737,11 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid|{0x0}|VOID*|0x30001046 ## This PCD holds the address mask for page table entries when memory encryption is # enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. # This mask should be applied when creating 1:1 virtual to physical mapping tables. - # + # @Prompt The address mask when memory encryption is enabled. gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047 [PcdsPatchableInModule] ## Specify memory size with page number for PEI code when # Loading Module at Fixed Address feature is enabled. diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index ff0d697..d6015de 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -1087,5 +1087,43 @@ "The code section becomes read-only, and the data section becomes non-executable.\n" "If a bit is clear, the image will not be protected.<BR><BR>\n" "BIT0 - Image from unknown device. <BR>\n" "BIT1 - Image from firmware volume.<BR>" +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_PROMPT #language en-US "Set DXE memory protection policy." + +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_HELP #language en-US "Set DXE memory protection policy. The policy is bitwise.\n" + "If a bit is set, memory regions of the associated type will be mapped\n" + "non-executable.<BR><BR>\n" + "\n" + "Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\n" + "EfiReservedMemoryType 0x0001<BR>\n" + "EfiLoaderCode 0x0002<BR>\n" + "EfiLoaderData 0x0004<BR>\n" + "EfiBootServicesCode 0x0008<BR>\n" + "EfiBootServicesData 0x0010<BR>\n" + "EfiRuntimeServicesCode 0x0020<BR>\n" + "EfiRuntimeServicesData 0x0040<BR>\n" + "EfiConventionalMemory 0x0080<BR>\n" + "EfiUnusableMemory 0x0100<BR>\n" + "EfiACPIReclaimMemory 0x0200<BR>\n" + "EfiACPIMemoryNVS 0x0400<BR>\n" + "EfiMemoryMappedIO 0x0800<BR>\n" + "EfiMemoryMappedIOPortSpace 0x1000<BR>\n" + "EfiPalCode 0x2000<BR>\n" + "EfiPersistentMemory 0x4000<BR>\n" + "OEM Reserved 0x4000000000000000<BR>\n" + "OS Reserved 0x8000000000000000<BR>\n" + "\n" + "NOTE: User must NOT set NX protection for EfiLoaderCode / EfiBootServicesCode / EfiRuntimeServicesCode. <BR>\n" + "User MUST set the same NX protection for EfiBootServicesData and EfiConventionalMemory. <BR>\n" + "\n" + "e.g. 0x7FD5 can be used for all memory except Code. <BR>\n" + "e.g. 0x7BD4 can be used for all memory except Code and ACPINVS/Reserved. <BR>\n" + "" + +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOrMask_PROMPT #language en-US "The address mask when memory encryption is enabled." + +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOrMask_HELP #language en-US "This PCD holds the address mask for page table entries when memory encryption is\n" + "enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.\n" + "This mask should be applied when creating 1:1 virtual to physical mapping tables." + -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel