On Fri, 10 Jul, at 04:23:58PM, Ard Biesheuvel wrote:
>
> Is there a reason to set strict permissions at all on the 1:1 mapping?
> Does it stick around after having called SVAM () ?
>
> My (naive) suggestion would be to apply the strict permissions only to
> the virtual remapping of the runtime services, but perhaps it doesn't
> work like that on x86.
Yeah, that was my intention. The problem is that we need to inform
SetVirtualAddressMap() where those virtual mappings live before we
enforce the strict permissions (the layout is not static).
So for x86 we effectively need to do,
virt_map_efi_regions(map);
set_virtual_address_map(map);
virt_map_efi_regions_harder(map);
With all the resultant TLB flushing that's involved with rewriting the
page table bits.
Anyway, I've got something working now that correctly detects if the
firmware writes to a read-only runtime region or executes an NX region.
I'd just like to do a bit of performance analysis on it first.
--
Matt Fleming, Intel Open Source Technology Center
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
