The comment regarding the configured image protection policy states that data regions of a loaded image may be mapped NX based on the configured NX memory policy for boot/runtime services or loader data regions.
This is inaccurate: all image sections will be covered by the same code region in the memory map, so the NX protection policy for data regions has no bearing on this whatsoever. Signed-off-by: Ard Biesheuvel <a...@kernel.org> --- MdeModulePkg/MdeModulePkg.dec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 720dec58dfc4..b42af1faee25 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1356,10 +1356,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] # BIT0 - Image from unknown device. <BR> # BIT1 - Image from firmware volume.<BR> # <BR> - # Note: If a bit is cleared, the data section could be still non-executable if - # PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData - # and/or EfiRuntimeServicesData.<BR> - # <BR> # @Prompt Set image protection policy. # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047 -- 2.39.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#101142): https://edk2.groups.io/g/devel/message/101142 Mute This Topic: https://groups.io/mt/97586061/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-