1. Patchew
  2. EDK2
  3. View series

[edk2] [PATCH v2 0/4] ArmPkg: add groundwork for DXE image protection

Ard Biesheuvel posted 4 patches 7 years, 2 months ago
Failed in applying to current master (apply log)
ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c              |  7 +-
ArmPkg/Drivers/CpuDxe/Arm/Mmu.c                  | 24 ++---
ArmPkg/Drivers/CpuDxe/CpuDxe.h                   |  8 --
ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c             |  5 +-
ArmPkg/Include/Library/ArmLib.h                  |  4 +
ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 94 ++++++++++++++------
6 files changed, 88 insertions(+), 54 deletions(-)
[edk2] [PATCH v2 0/4] ArmPkg: add groundwork for DXE image protection
Posted by Ard Biesheuvel 7 years, 2 months ago 
The upcoming DXE image protection feature expects the EFI_CPU_ARCH_PROTOCOL
method SetMemoryAttributes() to deal with invocations that only modify
permission attributes, but leave the cacheability attributes alone. This
requires some groundwork to be performed in the MMU code for ARM.

Patch #1 is Jiewen's patch to retire EFI_MEMORY_WP, which is no longer
used as a permission attribute.

Patch #2 updates EfiAttributeToArmAttribute () so it can deal with
unspecified caching modes.

Patch #3 makes ARM deal with EFI_CPU_ARCH_PROTOCOL.SetMemoryAttributes()
calls that do not specify memory attributes. On ARM, we don't have code
that manages the permission bits in the page tables, so this does little
more than ignore such attributes.

Patch #4 implements the handling for AARCH64 to manage the permissions
bits without touching or caring about the memory type attributes.

Changes since v1:
- add Leif's and my R-b to #1
- add Leif's R-b to #3
- fix reference to TT_ATTR_INDX_MASK in commit log (#2)
- move rather than redefine EFI_MEMORY_CACHETYPE_MASK macro (#4)

Ard Biesheuvel (3):
  ArmPkg/CpuDxe: translate invalid memory types in
    EfiAttributeToArmAttribute
  ArmPkg/CpuDxe: ARM: ignore page table updates that only change
    permissions
  ArmPkg/ArmMmuLib: AARCH64: add support for modifying only permissions

Jiewen Yao (1):
  ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage

 ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c              |  7 +-
 ArmPkg/Drivers/CpuDxe/Arm/Mmu.c                  | 24 ++---
 ArmPkg/Drivers/CpuDxe/CpuDxe.h                   |  8 --
 ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c             |  5 +-
 ArmPkg/Include/Library/ArmLib.h                  |  4 +
 ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 94 ++++++++++++++------
 6 files changed, 88 insertions(+), 54 deletions(-)

-- 
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v2 0/4] ArmPkg: add groundwork for DXE image protection
Posted by Ard Biesheuvel 7 years, 1 month ago 
Hi Leif,

On 15 February 2017 at 17:11, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> The upcoming DXE image protection feature expects the EFI_CPU_ARCH_PROTOCOL
> method SetMemoryAttributes() to deal with invocations that only modify
> permission attributes, but leave the cacheability attributes alone. This
> requires some groundwork to be performed in the MMU code for ARM.
>
> Patch #1 is Jiewen's patch to retire EFI_MEMORY_WP, which is no longer
> used as a permission attribute.
>
> Patch #2 updates EfiAttributeToArmAttribute () so it can deal with
> unspecified caching modes.
>
> Patch #3 makes ARM deal with EFI_CPU_ARCH_PROTOCOL.SetMemoryAttributes()
> calls that do not specify memory attributes. On ARM, we don't have code
> that manages the permission bits in the page tables, so this does little
> more than ignore such attributes.
>
> Patch #4 implements the handling for AARCH64 to manage the permissions
> bits without touching or caring about the memory type attributes.
>
> Changes since v1:
> - add Leif's and my R-b to #1
> - add Leif's R-b to #3
> - fix reference to TT_ATTR_INDX_MASK in commit log (#2)
> - move rather than redefine EFI_MEMORY_CACHETYPE_MASK macro (#4)
>

I'm aware that you have been off sick, so I'm sure you have quite the
todo list, but could you have a look this, please? Jiewen sent out the
next version of the DXE memory protection feature, which looks
finished to me, and I'd like to get this in first.

Cheers,

> Ard Biesheuvel (3):
>   ArmPkg/CpuDxe: translate invalid memory types in
>     EfiAttributeToArmAttribute
>   ArmPkg/CpuDxe: ARM: ignore page table updates that only change
>     permissions
>   ArmPkg/ArmMmuLib: AARCH64: add support for modifying only permissions
>
> Jiewen Yao (1):
>   ArmPkg/CpuDxe: Correct EFI_MEMORY_RO usage
>
>  ArmPkg/Drivers/CpuDxe/AArch64/Mmu.c              |  7 +-
>  ArmPkg/Drivers/CpuDxe/Arm/Mmu.c                  | 24 ++---
>  ArmPkg/Drivers/CpuDxe/CpuDxe.h                   |  8 --
>  ArmPkg/Drivers/CpuDxe/CpuMmuCommon.c             |  5 +-
>  ArmPkg/Include/Library/ArmLib.h                  |  4 +
>  ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 94 ++++++++++++++------
>  6 files changed, 88 insertions(+), 54 deletions(-)
>
> --
> 2.7.4
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-8c64711

© 2016 - 2024 Red Hat, Inc.