Re: [edk2-devel] [PATCH v5 21/38] ArmPkg: Implement ArmSetMemoryOverrideLib

On Thu, 16 Mar 2023 at 14:27, Leif Lindholm wrote: > > On Mon, Mar 13, 2023 at 18:16:57 +0100, Ard Biesheuvel wrote: > > Implement the ARM version of a NULL class library that can be overlaid > > on top of the DXE core to equip it right from its launch with an > > implem

Re: [edk2-devel] [PATCH v5 32/38] MdeModulePkg/DxeCore: Update memory protections before freeing a region

On Thu, 16 Mar 2023 at 14:51, Leif Lindholm wrote: > > On Mon, Mar 13, 2023 at 18:17:08 +0100, Ard Biesheuvel wrote: > > Currently, we invoke ApplyMemoryProtectionPolicy() after > > CoreInternalFreePages() has returned successfully, in order to update > > the memo

Re: [edk2-devel] [PATCH v5 23/38] EmbeddedPkg/PrePiLib AARCH64: Remap DXE core before execution

On Thu, 16 Mar 2023 at 14:33, Leif Lindholm wrote: > > On Mon, Mar 13, 2023 at 18:16:59 +0100, Ard Biesheuvel wrote: > > Deal with DRAM memory potentially being mapped with non-executable > > permissions, by mapping the DXE core code sections explicitly before > > launch.

Re: [edk2-devel] [PATCH v5 11/38] ArmPkg/CpuDxe: Implement EFI memory attributes protocol

On Thu, 16 Mar 2023 at 08:19, Ard Biesheuvel wrote: > > On Wed, 15 Mar 2023 at 19:31, Leif Lindholm wrote: > > > > On Mon, Mar 13, 2023 at 18:16:47 +0100, Ard Biesheuvel wrote: > > > Expose the protocol introduced in v2.10 that permits the caller to > > > ma

Re: [edk2-devel] [PATCH v5 11/38] ArmPkg/CpuDxe: Implement EFI memory attributes protocol

On Wed, 15 Mar 2023 at 19:31, Leif Lindholm wrote: > > On Mon, Mar 13, 2023 at 18:16:47 +0100, Ard Biesheuvel wrote: > > Expose the protocol introduced in v2.10 that permits the caller to > > manage mapping permissions in the page tables. > > Nitpicks and a question:

Re: [edk2-devel] [PATCH 1/3] BaseTools/Conf/tools_def: Fix linking using CLANGDWARF_IA32_X64

On Wed, 15 Mar 2023 at 23:57, Marvin Häuser wrote: > > > > On 15. Mar 2023, at 23:51, Ard Biesheuvel wrote: > > > > On Wed, 15 Mar 2023 at 23:16, Marvin Häuser wrote: > >> > >> Hi, > >> > >> Why does the title mention X64? From wh

Re: [edk2-devel] [PATCH 1/3] BaseTools/Conf/tools_def: Fix linking using CLANGDWARF_IA32_X64

On Wed, 15 Mar 2023 at 23:16, Marvin Häuser wrote: > > Hi, > > Why does the title mention X64? From what I can see, PIE is unaffected for > X64 (and we really want it to be). > Why? -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online

Re: [edk2-devel] [PATCH v5 08/38] ArmPkg/ArmMmuLib: Avoid splitting block entries if possible

On Tue, 14 Mar 2023 at 19:13, Leif Lindholm wrote: > > On Mon, Mar 13, 2023 at 18:16:44 +0100, Ard Biesheuvel wrote: > > Currently, the ARM MMU page table logic will break down any block entry > > that overlaps with the region being mapped, even if the block entry in >

Re: [edk2-devel] [PATCH 01/22] CryptoPkg/openssl: update submodule to openssl-3.0.8

On Tue, 14 Mar 2023 at 09:16, kra...@redhat.com wrote: > > On Mon, Mar 13, 2023 at 03:13:28PM +, Li, Yi wrote: > > Hi Gerd, > > > > I also have some work on Openssl3, mainly to research how to reduce the > > binary size increase after the upgrade: > > > >

Re: [edk2-devel] [PATCH] EmbeddedPkg/PrePiHobLib: Get rid of PeCoffLoaderProtocol

are binary. commit b7505f9c27f11064373ce3359ec312f48b265643 Author: Ard Biesheuvel Date: Sun Feb 12 23:50:39 2023 +0100 Platform/BeagleBoard: Drop PeCoff protocol BeagleBoard is the only user of the so-called 'PE/COFF protocol', which just exposes the PE/COFF loader library API via a protocol, pr

[edk2-devel] [PATCH v5 38/38] MdeModulePkg DEC: Remove inaccurate comment

in the memory map, so the NX protection policy for data regions has no bearing on this whatsoever. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/MdeModulePkg.dec | 4 1 file changed, 4 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 720dec58dfc4

[edk2-devel] [PATCH v5 37/38] MdeModulePkg/DxeCore: Check NX compat when using restricted code regions

that the images in question are compatible with such a policy, and have the NX_COMPAT DLL flag set in the PE/COFF header. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 38 ++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git

[edk2-devel] [PATCH v5 36/38] MdeModulePkg/DxeCore: Permit NX protection for code regions

-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 35 +++- MdeModulePkg/MdeModulePkg.dec | 3 +- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc

[edk2-devel] [PATCH v5 35/38] MdeModulePkg/DxeCore: Clear NX permissions on non-protected images

to be able to tighten this, let's update the image protection policy handling so that images that should not be mapped with strict separation of RW- and R-X are remapped RWX explicitly if the memory type used for loading the images is marked as NX by default. Signed-off-by: Ard Biesheuvel

[edk2-devel] [PATCH v5 34/38] MdeModulePkg/DxeCore: Deal with failure in UefiProtectImage()

is dispatched, so in those cases, an ASSERT() is sufficient. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/DxeMain.h | 6 +- MdeModulePkg/Core/Dxe/Image/Image.c | 8 ++-- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 21 3 files

[edk2-devel] [PATCH v5 33/38] MdeModulePkg/DxeCore: Disregard runtime alignment for image protection

alignment directly. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 49 +--- 1 file changed, 1 insertion(+), 48 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c index 85c5a6a7c758

[edk2-devel] [PATCH v5 32/38] MdeModulePkg/DxeCore: Update memory protections before freeing a region

mapped with read-only or read-protect attributes. Let's address both issues, by updating the permissions before performing the actual conversion. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Mem/Page.c | 15 --- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git

[edk2-devel] [PATCH v5 31/38] MdeModulePkg/DxeCore: Remove redundant DEBUG statements

The image name is printed at DEBUG_VERBOSE level already when entering the routine that enables the memory protections, so printing it again after issuing a warning is unnecessary - let's remove it. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 10

[edk2-devel] [PATCH v5 30/38] MdePkg/IndustryStandard: PeImage.h: Import DLL characteristics

Add the various symbolic constants that the PE/COFF spec v8.3 defines for the DllCharacteristics field of the PE optional header as preprocessor macros so we can test for them in C code. Signed-off-by: Ard Biesheuvel --- MdePkg/Include/IndustryStandard/PeImage.h | 15 +++ 1 file

[edk2-devel] [PATCH v5 29/38] MdePkg/PeCoffLib: Capture DLL characteristics field in image context

When loading a PE/COFF image, capture the DLL characteristics field of the header into our image context structure so we can refer to it when mapping the image. Signed-off-by: Ard Biesheuvel --- MdePkg/Include/Library/PeCoffLib.h| 4 MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 23

[edk2-devel] [PATCH v5 28/38] ArmVirtPkg/ArmVirtQemu: Enable hardware enforced W^X memory permissions

the invocation of SetVirtualAddressMap()) could result in code mappings losing their executable permissions. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc| 1 + ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S | 2 +- 2 files changed

[edk2-devel] [PATCH v5 27/38] BaseTools/GccBase AARCH64: Avoid page sharing between code and data

the same page to lose its executable permissions. Let's avoid this, by moving all quantities that are subject to relocation fixups to a separate page if the build is using 64k section alignment, which is only the case when building a runtime driver for AArch64. Signed-off-by: Ard Biesheuvel

[edk2-devel] [PATCH v5 26/38] ArmVirtPkg/ArmVirtQemu: Use read-only memory region type for code flash

Map the code flash with read-only attributes so we can execute from it even under a memory protection regime that enables WXN, making all writable memory regions non-executable by default. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 2 +- 1

[edk2-devel] [PATCH v5 25/38] ArmVirtPkg/ArmVirtQemu: Use PEI flavor of ArmMmuLib for all PEIMs

not unmap the code that is performing the split. However, the BASE variety of ArmMmuLib discovers the HOB and sets a global pointer to refer to it, which is not possible in PEIMs, and so all PEIMs must use the PEI variety of this library if one does. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg

[edk2-devel] [PATCH v5 24/38] ArmVirtPkg/ArmVirtQemu: Use XP memory mappings by default

to the DXE core, as otherwise, it will not be able to dispatch the CPU arch protocol DXE driver (or any other DXE driver for that matter), as it would lack the ability to grant executable permissions to those executables. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirtQemu.dsc

[edk2-devel] [PATCH v5 23/38] EmbeddedPkg/PrePiLib AARCH64: Remap DXE core before execution

Deal with DRAM memory potentially being mapped with non-executable permissions, by mapping the DXE core code sections explicitly before launch. Signed-off-by: Ard Biesheuvel --- EmbeddedPkg/Include/Library/PrePiLib.h | 16 -- EmbeddedPkg/Library/PrePiLib/Arm/RemapDxeCore.c | 51

[edk2-devel] [PATCH v5 22/38] MdeModulePkg/PcdPeim: Permit unshadowed execution

-off-by: Ard Biesheuvel --- MdeModulePkg/Universal/PCD/Pei/Pcd.c | 112 ++-- MdeModulePkg/Universal/PCD/Pei/Pcd.inf | 1 + 2 files changed, 58 insertions(+), 55 deletions(-) diff --git a/MdeModulePkg/Universal/PCD/Pei/Pcd.c b/MdeModulePkg/Universal/PCD/Pei/Pcd.c index

[edk2-devel] [PATCH v5 21/38] ArmPkg: Implement ArmSetMemoryOverrideLib

and dispatch of the DXE driver that implements the CPU arch protocol, removing the need to rely on memory mappings that are writable and executable at the same time. Signed-off-by: Ard Biesheuvel --- ArmPkg/ArmPkg.dsc | 1 + ArmPkg/Library

[edk2-devel] [PATCH v5 20/38] MdeModulePkg/DxeCore: Permit preliminary CPU arch fallback

the DXE core to enforce strict memory permissions even before dispatching the CPU arch protocol driver itself. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Core/Dxe

[edk2-devel] [PATCH v5 19/38] MdeModulePkg/DxeCore: Reduce range of W+X remaps at EBS time

- 0x4410 - 0x1000 (0x0008) Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 19 ++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core

[edk2-devel] [PATCH v5 18/38] MdeModulePkg/DxeIpl AARCH64: Remap DXE core code section before launch

to manage the executable permissions on other DXE and UEFI drivers and applications that it dispatches. Note that this requires that the DXE IPL executes non-shadowed from a FV that is mapped executable. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c | 73

[edk2-devel] [PATCH v5 17/38] MdeModulePkg/DxeIpl: Avoid shadowing IPL PEIM by default

is strictly redundant (as the IPL PEIM will be shadowed anyway, even if RegisterForShadow() is not called), let's test it anyway to avoid modifying the behavior on existing platforms. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 +++- MdeModulePkg/Core/DxeIplPeim

[edk2-devel] [PATCH v5 16/38] MdePkg/BasePeCoffLib: Add API to keep track of relocation range

Add a library call to obtain the start and end of the region covered by relocation fixups. This will be used in a future patch to limit the range of memory that needs to be remapped with read-write-execute permissions at ExitBootServices() time. Signed-off-by: Ard Biesheuvel --- MdePkg/Include

[edk2-devel] [PATCH v5 15/38] ArmPkg/ArmMmuLib: Introduce region types for RO/XP WB cached memory

if these are implicitly read-only due to the ROM nature, they need to be mapped with read-only attributes in the page tables to be able to execute from them. Also add the XP counterpart which will be used for all normal DRAM right at the outset. Signed-off-by: Ard Biesheuvel --- ArmPkg/Include/Library

[edk2-devel] [PATCH v5 14/38] ArmPkg/Mmu: Remove handling of NONSECURE memory regions

memory region types that mark memory as 'non-secure' explicitly. Signed-off-by: Ard Biesheuvel --- ArmPkg/Include/Chipset/ArmV7Mmu.h| 51 +++- ArmPkg/Include/Library/ArmLib.h | 11 - ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 5

[edk2-devel] [PATCH v5 13/38] MdeModulePkg/DxeCore: Unconditionally set memory protections

potential recursion due to NX policies being applied to newly allocated page tables. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 12 1 file changed, 12 deletions(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core

[edk2-devel] [PATCH v5 12/38] ArmPkg/CpuDxe: Perform preliminary NX remap of free memory

to the DXE core and other drivers. This ensures that creating EfiBootServicesData allocations does not result in memory attribute changes, and therefore no recursion. Signed-off-by: Ard Biesheuvel --- ArmPkg/ArmPkg.dec| 5 ++ ArmPkg/Drivers/CpuDxe/CpuDxe.c | 85

[edk2-devel] [PATCH v5 11/38] ArmPkg/CpuDxe: Implement EFI memory attributes protocol

Expose the protocol introduced in v2.10 that permits the caller to manage mapping permissions in the page tables. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/CpuDxe.c | 2 + ArmPkg/Drivers/CpuDxe/CpuDxe.h | 3 + ArmPkg/Drivers/CpuDxe/CpuDxe.inf| 2

[edk2-devel] [PATCH v5 10/38] MdePkg: Add Memory Attribute Protocol definition

Add the Memory Attribute Protocol definition, which was adopted and included in version 2.10 of the UEFI specification. Link: https://bugzilla.tianocore.org/show_bug.cgi?id=3519 Signed-off-by: Ard Biesheuvel Reviewed-by: Liming Gao --- MdePkg/Include/Protocol/MemoryAttribute.h | 142

[edk2-devel] [PATCH v5 08/38] ArmPkg/ArmMmuLib: Avoid splitting block entries if possible

attributes. Signed-off-by: Ard Biesheuvel --- ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 10 ++ ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 11 +++ 2 files changed, 21 insertions(+) diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib

[edk2-devel] [PATCH v5 09/38] ArmPkg/CpuDxe: Expose unified region-to-EFI attribute conversion

In preparation for introducing an implementation of the EFI memory attributes protocol that is shared between ARM and AArch64, unify the existing code that converts a page table descriptor into a EFI_MEMORY_xxx bitfield, so it can be called from the generic code. Signed-off-by: Ard Biesheuvel

[edk2-devel] [PATCH v5 07/38] ArmVirtPkg: Enable stack guard

Enable the stack guard in ArmVirtPkg builds, so that stack overflows are caught as they occur, rather than when they happen to hit a read-only memory region. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ArmVirtPkg

[edk2-devel] [PATCH v5 06/38] ArmPkg/ArmMmuLib: Implement EFI_MEMORY_RP using access flag

without read permissions. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c | 8 ++- ArmPkg/Include/Library/ArmMmuLib.h | 34 ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 58 +++- ArmPkg/Library/ArmMmuLib/Arm

[edk2-devel] [PATCH v5 05/38] ArmPkg/ArmMmuLib ARM: Clear individual permission bits

attributes when clearing RO or XP. Signed-off-by: Ard Biesheuvel --- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 94 +--- 1 file changed, 81 insertions(+), 13 deletions(-) diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c b/ArmPkg/Library/ArmMmuLib/Arm

[edk2-devel] [PATCH v5 04/38] ArmPkg/ArmMmuLib ARM: Isolate the access flag from AP mask

-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 47 ++-- ArmPkg/Include/Chipset/ArmV7Mmu.h | 40 +++-- ArmPkg/Library/ArmLib/Arm/ArmV7Support.S| 2 + ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c | 1 + ArmPkg/Library

[edk2-devel] [PATCH v5 03/38] ArmPkg/CpuDxe ARM: Fix page-to-section attribute conversion

. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 3 +++ ArmPkg/Include/Chipset/ArmV7Mmu.h | 2 ++ 2 files changed, 5 insertions(+) diff --git a/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c b/ArmPkg/Drivers/CpuDxe/Arm/Mmu.c index ea856f5cdd26..8eb1f71395f5 100644 --- a/ArmPkg/Drivers/CpuDxe

[edk2-devel] [PATCH v5 02/38] ArmPkg/ArmMmuLib ARM: Split off XN page descriptor bit from type field

, and this is beneficial for maintainability. Signed-off-by: Ard Biesheuvel --- ArmPkg/Include/Chipset/ArmV7Mmu.h | 8 +++- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibUpdate.c | 12 ++-- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/ArmPkg/Include/Chipset/ArmV7Mmu.h b

[edk2-devel] [PATCH v5 01/38] ArmPkg/ArmMmuLib ARM: Remove half baked large page support

or large), let's just rip it out. Signed-off-by: Ard Biesheuvel --- ArmPkg/Drivers/CpuDxe/Arm/Mmu.c | 8 ++--- ArmPkg/Include/Chipset/ArmV7Mmu.h | 38 ++-- ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibConvert.c | 7 ++-- ArmPkg/Library/ArmMmuLib/Arm

[edk2-devel] [PATCH v5 00/38] Implement strict memory permissions throughout

: Sean Brogan Cc: Rebecca Cran Cc: Leif Lindholm Cc: Sami Mujawar Cc: Taylor Beebe Ard Biesheuvel (38): ArmPkg/ArmMmuLib ARM: Remove half baked large page support ArmPkg/ArmMmuLib ARM: Split off XN page descriptor bit from type field ArmPkg/CpuDxe ARM: Fix page-to-section attribute

Re: [edk2-devel] [PATCH v4 00/11] ArmPkg: implement EFI memory attributes protocol

where we may remap fewer pages than what we actually freed. I'll add a patch to my series for this. > > On 3/1/2023 1:57 PM, Ard Biesheuvel wrote: > > On Wed, 1 Mar 2023 at 21:43, Taylor Beebe wrote: > >> > >> > >> > >> On 2/11/2023 2:05 AM, Ard B

[edk2-devel] [PATCH] EmbeddedPkg/PrePiHobLib: Get rid of PeCoffLoaderProtocol

Signed-off-by: Ard Biesheuvel --- EmbeddedPkg/EmbeddedPkg.dec | 1 - EmbeddedPkg/Include/Library/PrePiLib.h | 6 - EmbeddedPkg/Include/Protocol/PeCoffLoader.h | 220 EmbeddedPkg/Library/PrePiHobLib/Hob.c | 22 -- EmbeddedPkg/Library/PrePiLib

Re: [edk2-devel] [PATCH] Platform/RPi4: fix build

On Mon, 13 Mar 2023 at 13:12, Gerd Hoffmann wrote: > > MpServicesTest was dropped in favor of EfiMpServiceProtocolShellUnitTest. > Update the dsc file accordingly. > > Signed-off-by: Gerd Hoffmann Thanks Gerd, Pushed as 95b58f71d9ee..0d558830c3af > --- > Platform/RaspberryPi/RPi4/RPi4.dsc |

Re: [edk2-devel] [PATCH v1 0/6] Add Raspberry Pi Support to EmulatorPkg

systems, but I only specifically tested on > Raspberry Pi OS (formerly Raspbian.) > It works fine on 64-bit ARM systems that support 32-bit user space as well. I managed to build and run this on my Qualcomm Snapdragon based Lenovo Yoga C630 laptop running Debian Linux. So Tested-by: Ard Bieshe

Re: [edk2-devel] [PATCH 1/1] OvmfPkg/SmbiosPlatformDxe: tweak fallback release date

On Thu, 9 Mar 2023 at 10:02, Gerd Hoffmann wrote: > > In case PcdFirmwareReleaseDateString is not set use a valid date > as fallback. Using "unknown" makes Windows unhappy. > > Fixes: 4cb94f20b002 ("OvmfPkg/SmbiosPlatformDxe: use PcdFirmware*") > Reported-by: ruifeng@intel.com >

Re: [edk2-devel] [PATCH 1/1] ArmPkg/SemihostFs: replace SetMem with ZeroMem

On Thu, 9 Mar 2023 at 10:16, Gerd Hoffmann wrote: > > Ping. Two reviews and the freeze is over. Merge this now? > Pong. Thanks for the reminder - I'll go and merge this. > On Wed, Feb 15, 2023 at 03:37:32PM +0100, Gerd Hoffmann wrote: > > SetMem arguments 2+3 are in the wrong order, resulting

Re: [edk2-devel] [PATCH v3 0/4] ArmPkg/SecurityPkg: Fixes for ArmTrngLib/RngDxe

available to it. > > -Original Message- > > From: devel@edk2.groups.io On Behalf Of Ard > > Biesheuvel > > Sent: Tuesday, March 7, 2023 12:22 AM > > To: Yao, Jiewen > > Cc: Pierre Gondois ; devel@edk2.groups.io; Leif > > Lindholm ; Sami Mujawar ; > >

Re: [edk2-devel] [PATCH 5/7] OvmfPkg/VirtNorFlashDxe: Not add memory space if it exists

On Mon, 6 Mar 2023 at 18:33, Tuan Phan wrote: > > The flash base address can be added to GCD before this driver run. > So only add it if it has not been done. > How do you end up in this situation? You cannot skip this registration, as it is required to get the region marked as

Re: [edk2-devel] [PATCH v3 0/4] ArmPkg/SecurityPkg: Fixes for ArmTrngLib/RngDxe

On Mon, 6 Mar 2023 at 18:09, Pierre Gondois wrote: > > Hello Jiewen, Ard, > Thanks for the review. > > On 3/6/23 17:22, Ard Biesheuvel wrote: > > On Mon, 6 Mar 2023 at 16:42, Yao, Jiewen wrote: > >> > >> Hi Pierre > >> I don’t have strong opin

Re: [edk2-devel] [PATCH v3 0/4] ArmPkg/SecurityPkg: Fixes for ArmTrngLib/RngDxe

RngDxe: Correctly update mAvailableAlgoArrayCount SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL Reviewed-by: Ard Biesheuvel Jiewen, if you don't mind, I will merge those right away. For the remaining patch, I am not sure I understand why the behavior regarding the zero GUID is correct.

Re: [edk2-devel] [PATCH v2 2/2] ArmVirtPkg/ArmVirtQemu: Avoid early ID map on ThunderX

On Thu, 9 Feb 2023 at 16:15, Ard Biesheuvel wrote: > > On Tue, 7 Feb 2023 at 13:58, Oliver Steffen wrote: > > > > On Tue, Feb 7, 2023 at 12:57 PM Ard Biesheuvel wrote: > >> > >> On Tue, 7 Feb 2023 at 11:51, Oliver Steffen wrote: > >> > >

Re: [edk2-devel] [PATCH v2 1/1] Add a .editorconfig file to tell editors basic formatting details

On Wed, 1 Mar 2023 at 19:19, Rebecca Cran wrote: > > Add a .editorconfig file which editors can use for basic formatting > details of files, such as tabs/spaces, line endings etc. > > Signed-off-by: Rebecca Cran Reviewed-by: Ard Biesheuvel Thanks! > --- >

Re: [edk2-devel] [PATCH v4 00/11] ArmPkg: implement EFI memory attributes protocol

On Wed, 1 Mar 2023 at 21:43, Taylor Beebe wrote: > > > > On 2/11/2023 2:05 AM, Ard Biesheuvel wrote: > > On Sat, 11 Feb 2023 at 01:56, Taylor Beebe wrote: > >> > >> Hey Ard, > >> > >> Once the Memory Attribute Protocol is made availab

Re: [edk2-devel] [PATCH 1/1] Add a .editorconfig file to tell editors basic formatting details

tf-8 > + > +[Makefile,GNUmakefile] > +indent_style = tab > > > -- > Rebecca Cran > > > On 2/27/23 11:23 AM, Kinney, Michael D wrote: > > .gitmodules also must also use tabs. > > > >> -Original Message- > >> From: Kinney, Michael D > &

Re: [edk2-devel][PATCH V1 1/1] BaseTools: Generate compile information in build report

On Mon, 27 Feb 2023 at 18:40, Guillermo Antonio Palomino Sosa wrote: > > Hi. I have submitted a pull request to edk2-basetools repository: > https://github.com/tianocore/edk2-basetools/pull/88 > This is the feature request for it: > https://github.com/tianocore/edk2-basetools/issues/87 > I'm

Re: [edk2-devel] [PATCH 1/1] Add a .editorconfig file to tell editors basic formatting details

tead of crlf. Can those be > > added as well? > > > > Mike > > > >> -Original Message- > >> From: devel@edk2.groups.io On Behalf Of Rebecca Cran > >> Sent: Monday, February 27, 2023 5:03 AM > >> To: Ard Biesheuvel ; devel@edk2.groups.io >

Re: [edk2-devel] [PATCH 1/1] Add a .editorconfig file to tell editors basic formatting details

On Mon, 27 Feb 2023 at 04:47, Rebecca Cran wrote: > > Add a .editorconfig file which editors can use for basic formatting > details of files, such as tabs/spaces, line endings etc. > > Signed-off-by: Rebecca Cran Thank you very much for this - this is very useful. Acked-by:

Re: [edk2-devel] [Patch V2 2/5] UefiCpuPkg: Contiguous memory allocation and code clean-up.

On Thu, 23 Feb 2023 at 06:53, Yuanhao Xie wrote: > > Hi, > > Set "Address= BASE_4GB - 1" first is to ensure the maximum address value > is 4GB, since APs will be switched to 32 bit before OS, I mean in the > original implementation. > By the way, in patch 5, only SEV-ES processor keep this

Re: [edk2-devel] [PATCH 1/1] ShellPkg: Improve "ping" output by adding equals sign after time

On Tue, 21 Feb 2023 at 14:58, Gao, Zhichao wrote: > > Sorry, I forgot this patch. Now it is the hard freeze for edk2. Would create > the PR after edk2 202302 release. > The hard freeze has been deferred until early march, so you can go ahead and merge this patch. -- Ard. > > -Original

Re: [edk2-devel] [PATCH edk2-platforms 0/2] Silicon/Qemu: SbsaQemu ACPI formatting improvements

On Tue, 21 Feb 2023 at 02:09, Rebecca Cran wrote: > > Improve the readability of the SbsaQemu SPCR and DSDT. > > Rebecca Cran (2): > Silicon/Qemu: Convert DSDT ASL from legacy to ASL 2.0 syntax > Silicon/Qemu: Use the symbolic value for the SPCR table revision. > Review

Re: [edk2-devel] [PATCH edk2-platforms v2 0/2] Platform/ARM/JunoPkg: Timer fixes

t. > > Changes in v2: > > Dropped the patch to set PcdTimerPeriod. > > Rebecca Cran (2): > Platform/ARM/JunoPkg: Switch to MdeModulePkg/Universal/Metronome > driver > Platform/ARM/JunoPkg: Set PcdArmArchTimerFreqInHz to 0 to read from > CNTFRQ_EL0 >

Re: [edk2-devel] [PATCH edk2-platforms v2 1/2] Platform/ARM/JunoPkg: Switch to MdeModulePkg/Universal/Metronome driver

Hi Rebecca, Thanks for the effort to fix this. On Tue, 21 Feb 2023 at 02:03, Rebecca Cran wrote: > > The MetronomeDxe driver uses the PCD PcdMetronomeTickPeriod to calculate > how many ticks to wait in MicroSecondDelay. Given that the timer clock > on Juno runs at 50 MHz, it ticks every 20 ns;

Re: [edk2-devel] [PATCH 1/1] Ext4Pkg: Move unicode collation initialization to Start()

in > FatPkg/EnhancedFatDxe. By doing so, we move collation initialization > to BDS, where the module responsible for protocol installation should > have already been loaded and ran. > > [1]: https://edk2.groups.io/g/devel/message/100312 > > Cc: Ard Biesheuvel > Cc: Marvin Häuser

Re: [edk2-devel] [PATCH edk2-platforms 1/4] Ext4Pkg: Use depex for unicode collation protocols

On Fri, 17 Feb 2023 at 18:31, Pedro Falcato wrote: > > On Fri, Feb 17, 2023 at 3:38 PM Marvin Häuser wrote: > > > > > > > On 17. Feb 2023, at 16:17, Ard Biesheuvel wrote: > > > > > > So the FAT driver will happily load, but then fail in an obscure &g

Re: [edk2-devel] [PATCH edk2-platforms 1/4] Ext4Pkg: Use depex for unicode collation protocols

On Fri, 17 Feb 2023 at 15:55, Marvin Häuser wrote: > > > > On 17. Feb 2023, at 15:29, Ard Biesheuvel wrote: > > > > On Fri, 17 Feb 2023 at 15:05, Marvin Häuser wrote: > >> > >> Hi Ard, > >> > >> Thank you! Is "1/4" a m

Re: [edk2-devel] [PATCH edk2-platforms 1/4] Ext4Pkg: Use depex for unicode collation protocols

On Fri, 17 Feb 2023 at 15:05, Marvin Häuser wrote: > > Hi Ard, > > Thank you! Is "1/4" a mistake or did I miss the other 3? :) Oops. It was part of some RPi4 patches but I decided to send it out by itself. > Comments inline. > > On 17. Feb 2023,

[edk2-devel] [PATCH edk2-platforms 1/4] Ext4Pkg: Use depex for unicode collation protocols

: Pedro Falcato Cc: Marvin Häuser Signed-off-by: Ard Biesheuvel --- This fixes an observed failure when attempting to use this driver Raspberry Pi4 as a builtin. Features/Ext4Pkg/Ext4Dxe/Ext4Dxe.inf | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Features/Ext4Pkg

Re: [edk2-devel] [PATCH edk2-platforms 0/2] Couple of ARM cleanups

On Wed, 15 Feb 2023 at 11:53, Leif Lindholm wrote: > > On Mon, Feb 13, 2023 at 12:13:37 +0100, Ard Biesheuvel wrote: > > A pair of cleanups regarding the use of code that I will propose to > > remove from the core EDK2 in an upcoming series. > > > > Cc: Leif Lindholm

Re: [edk2-devel] [PATCH] OvmfPkg: Close mAcceptAllMemoryEvent

On Wed, 15 Feb 2023 at 00:07, Dionna Glaze wrote: > > This event should only trigger once. It should be idempotent, but the > allocation of the memory map itself is observable and can cause > ExitBootServices to fail with a modified map key. > > Cc: Ard Biesheuvel > Cc:

Re: [edk2-devel] [PATCH] OvmfPkg: Remove gbs FreePool in AcceptAllMemory()

On Tue, 14 Feb 2023 at 23:35, Ard Biesheuvel wrote: > > On Tue, 14 Feb 2023 at 23:15, Pankaj Gupta wrote: > > > > System Memory map is changed when a memory range is Accepted. > > While returning from AcceptAllMemory(), "gBS->FreePool" is wrongly > >

Re: [edk2-devel] [PATCH] OvmfPkg: Fix SevMemoryAcceptance memory attributes

On Thu, 2 Feb 2023 at 21:42, Dionna Amalie Glaze wrote: > > > > > > > This change is made given a request from Ard. The CC capability is not > > > applied to other system memory ranges that probably should also have > > > that capability, given that it's encrypted and accepted. I haven't > > >

Re: [edk2-devel] [PATCH] OvmfPkg: Remove gbs FreePool in AcceptAllMemory()

On Tue, 14 Feb 2023 at 23:15, Pankaj Gupta wrote: > > System Memory map is changed when a memory range is Accepted. > While returning from AcceptAllMemory(), "gBS->FreePool" is wrongly > used which results in changing memory map and hence return an error. > Fix this by removing the

Re: [edk2-devel] [RFC 13/13] ArmVirtPkg/ArmVirtQemu: Enable hardware enforced W^X memory permissions

On Mon, 13 Feb 2023 at 23:23, Marvin Häuser wrote: > > > On 13. Feb 2023, at 22:59, Ard Biesheuvel wrote: > > No, the only reason for adding -fpie here is to ensure that statically > initialized CONST pointers are emitted into .data.rel.ro and not into > .rodata, as this

Re: [edk2-devel] [RFC 07/13] MdeModulePkg/DxeCore: Permit preliminary CPU arch fallback

On Mon, 13 Feb 2023 at 22:32, Marvin Häuser wrote: > > Without wanting to blow up your RFC with another one - I discussed this with > various people, including Bret when he was still at Project Mu, and there was > a consensus among them that integrating the whole CPU arch code right into >

Re: [edk2-devel] [RFC 13/13] ArmVirtPkg/ArmVirtQemu: Enable hardware enforced W^X memory permissions

On Mon, 13 Feb 2023 at 22:16, Marvin Häuser wrote: > > Hey Ard, > > *Praise* to you for this series. Comments inline. > Thanks :-) > On Mon, Feb 13, 2023 at 07:19 AM, Ard Biesheuvel wrote: > > Enable the WXN system control bit straight out of reset when running in >

[edk2-devel] [RFC 13/13] ArmVirtPkg/ArmVirtQemu: Enable hardware enforced W^X memory permissions

the invocation of SetVirtualAddressMap()) could result in code mappings losing their executable permissions. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc| 1 + ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S | 2 +- 2 files changed

[edk2-devel] [RFC 12/13] BaseTools/GccBase AARCH64: Avoid page sharing between code and data

the same page to lose its executable permissions. Let's avoid this, by moving all quantities that are subject to relocation fixups to a separate page if the build is using 64k section alignment, which is only the case when building a runtime driver for AArch64. Signed-off-by: Ard Biesheuvel

[edk2-devel] [RFC 11/13] ArmVirtPkg/ArmVirtQemu: Use read-only memory region type for code flash

Map the code flash with read-only attributes so we can execute from it even under a memory protection regime that enables WXN, making all writable memory regions non-executable by default. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 2 +- 1

[edk2-devel] [RFC 10/13] ArmVirtPkg/ArmVirtQemu: Use PEI flavor of ArmMmuLib for all PEIMs

not unmap the code that is performing the split. However, the BASE variety of ArmMmuLib discovers the HOB and sets a global pointer to refer to it, which is not possible in PEIMs, and so all PEIMs must use the PEI variety of this library if one does. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg

[edk2-devel] [RFC 09/13] ArmVirtPkg/ArmVirtQemu: Use XP memory mappings by default

to the DXE core, as otherwise, it will not be able to dispatch the CPU arch protocol DXE driver (or any other DXE driver for that matter), as it would lack the ability to grant executable permissions to those executables. Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirtQemu.dsc

[edk2-devel] [RFC 08/13] ArmPkg: Implement ArmSetMemoryOverrideLib

and dispatch of the DXE driver that implements the CPU arch protocol, removing the need to rely on memory mappings that are writable and executable at the same time. Signed-off-by: Ard Biesheuvel --- ArmPkg/Library/ArmSetMemoryOverrideLib/ArmSetMemoryOverrideLib.c | 56 ArmPkg

[edk2-devel] [RFC 07/13] MdeModulePkg/DxeCore: Permit preliminary CPU arch fallback

the DXE core to enforce strict memory permissions even before dispatching the CPU arch protocol driver itself. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Core/Dxe

[edk2-devel] [RFC 06/13] MdeModulePkg/DxeCore: Reduce range of W+X remaps at EBS time

- 0x4410 - 0x1000 (0x0008) Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 19 ++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core

[edk2-devel] [RFC 05/13] MdeModulePkg/DxeIpl AARCH64: Remap DXE core code section before launch

to manage the executable permissions on other DXE and UEFI drivers and applications that it dispatches. Note that this requires that the DXE IPL executes non-shadowed from a FV that is mapped executable. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c | 69

[edk2-devel] [RFC 04/13] MdeModulePkg/DxeIpl: Avoid shadowing IPL PEIM by default

is strictly redundant (as the IPL PEIM will be shadowed anyway, even if RegisterForShadow() is not called), let's test it anyway to avoid modifying the behavior on existing platforms. Signed-off-by: Ard Biesheuvel --- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 +++- MdeModulePkg/Core/DxeIplPeim

[edk2-devel] [RFC 03/13] MdePkg/BasePeCoffLib: Add API to keep track of relocation range

Add a library call to obtain the start and end of the region covered by relocation fixups. This will be used in a future patch to limit the range of memory that needs to be remapped with read-write-execute permissions at ExitBootServices() time. Signed-off-by: Ard Biesheuvel --- MdePkg/Include

[edk2-devel] [RFC 02/13] ArmPkg/ArmMmuLib: Introduce region types for RO/XP WB cached memory

if these are implicitly read-only due to the ROM nature, they need to be mapped with read-only attributes in the page tables to be able to execute from them. Also add the XP counterpart which will be used for all normal DRAM right at the outset. Signed-off-by: Ard Biesheuvel --- ArmPkg/Include/Library

[edk2-devel] [RFC 01/13] ArmPkg/Mmu: Remove handling of NONSECURE memory regions

memory region types that mark memory as 'non-secure' explicitly. Signed-off-by: Ard Biesheuvel --- ArmPkg/Include/Chipset/ArmV7Mmu.h| 51 +++- ArmPkg/Include/Library/ArmLib.h | 11 - ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 5

Re: [edk2-devel] [PATCH v2 00/10] OvmfPkg: add Crypto Driver support

On Mon, 13 Feb 2023 at 12:39, Gerd Hoffmann wrote: > > On Fri, Feb 10, 2023 at 02:46:34PM +0100, Ard Biesheuvel wrote: > > On Fri, 10 Feb 2023 at 14:42, Ard Biesheuvel wrote: > > > > > > > Can LTO be enabled for the NOOPT build? Or depends that on &

[edk2-devel] [PATCH edk2-platforms 1/2] Platform/BeagleBoard: Drop PeCoff protocol

this code so we can remove it from the EDK2 main repo as well. Signed-off-by: Ard Biesheuvel --- Platform/BeagleBoard/BeagleBoardPkg/BeagleBoardPkg.dsc | 6 +-- Platform/BeagleBoard/BeagleBoardPkg/Library/DxeHobPeCoffLib/DxeHobPeCoffLib.inf | 39

[edk2-devel] [PATCH edk2-platforms 2/2] Silicon/Marvell: Drop use of NONSECURE ARM memory region type

be dropped. Signed-off-by: Ard Biesheuvel --- Silicon/Marvell/Armada7k8k/Library/Armada7k8kLib/Armada7k8kLibMem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Silicon/Marvell/Armada7k8k/Library/Armada7k8kLib/Armada7k8kLibMem.c b/Silicon/Marvell/Armada7k8k/Library/Armada7k8kLib

<    4   5   6   7   8   9   10   11   12   13   >