Hi Tom, On Sun, 9 Feb 2025 at 09:39, Tom Rini <[email protected]> wrote: > > On Thu, Feb 06, 2025 at 08:47:47AM -0700, Simon Glass wrote: > > [snip] > > Perhaps make EFI_LOADER select CPU, or depend on CPU? If that's the > > way you want to go, I'd be happy to do a precursor series to deal with > > the fallout. > > I'm not sure what EFI_LOADER has to do with the generic security feature > of enforcing permissions on pages. That's something we want everywhere > that can enable it as it's a good defensive security measure and also > catches code bugs.
Yes, it's a good thing to have. I assumed it was related to EFI because of all the mention of EFI, SetVirtualAddressMap() and the like. It doesn't have to be DM. I was reacting to the idea that we cannot add it to the CPU driver because hardly any boards have one. How about mapping arch-specific stuff to generic functions, like we try to do with the CPU uclass. The enforcement happens before initr_dm() although I suppose it could be moved later, or a CPU driver could be started up before relocation. Or just don't use a CPU driver, use something else. WIth all the pain I've just been through with the EFI link scripts, I would have rather seen some effort to follow the existing convention, e.g. text_start rather than start_text. We already have __image_copy_start - there is so much arch-specific variability here already. Anyway, I'll stay away from this series in future. Regards, Simon
