> On Oct 20, 2014, at 9:27 AM, Ard Biesheuvel wrote:
>
>> Thanks for your reply.
>>
>> However, the question was about write-protected and execute-protected
>> data. While the UEFI spec describes those bits, it is unclear to me if
>> I can legally map the runtime code sections as read-only and
On 20 October 2014 18:25, Ard Biesheuvel wrote:
> On 20 October 2014 18:16, Andrew Fish wrote:
>>
>>> On Oct 20, 2014, at 4:36 AM, Ard Biesheuvel
>>> wrote:
>>>
>>> Hello all,
>>>
>>> I am currently investigating what would be the best way to make sure
>>> Runtime Services regions are never map
On 20 October 2014 18:16, Andrew Fish wrote:
>
>> On Oct 20, 2014, at 4:36 AM, Ard Biesheuvel
>> wrote:
>>
>> Hello all,
>>
>> I am currently investigating what would be the best way to make sure
>> Runtime Services regions are never mapped both writable and executable
>> by the arm64 Linux kern
> On Oct 20, 2014, at 4:36 AM, Ard Biesheuvel wrote:
>
> Hello all,
>
> I am currently investigating what would be the best way to make sure
> Runtime Services regions are never mapped both writable and executable
> by the arm64 Linux kernel, as a security enhancement. This is
> especially impo
Hello all,
I am currently investigating what would be the best way to make sure
Runtime Services regions are never mapped both writable and executable
by the arm64 Linux kernel, as a security enhancement. This is
especially important under kexec, as the UEFI memory ranges may
survive many reboots.