[PATCH 0/3] AMD/Styx: enable strict memory permissions

List overview All Threads
Download

newer

older

Aspen Project :UEFI GUID Partition...

[PATCH] Treewide: remove...

Ard Biesheuvel

27 Feb 2017 27 Feb '17

6:02 p.m.

This cleans up some dodgy code in the SMBIOS driver, after which it is possible to enable the shiny new memory protection controls.

Note that these patches are still under review, so patch #3 cannot be merged yet.

Ard Biesheuvel (3): Platforms/AMD/Styx/PlatformSmbiosDxe: don't write to string literals Platforms/AMD/Styx: constify/staticize all local functions and variables Platforms/AMD/Styx: enable strict memory permission policy

Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c | 87 ++++++++++++-------- Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc | 15 ++++ 2 files changed, 67 insertions(+), 35 deletions(-)

-- 2.7.4

Show replies by date

Ard Biesheuvel

27 Feb 27 Feb

6:02 p.m.

New subject: [PATCH 1/3] Platforms/AMD/Styx/PlatformSmbiosDxe: don't write to string literals

Remove the code from PlatformSmbiosDxe that writes to a string literal to turn the string 'L# Cache' into L1/L2/L3, and just emit the three versions instead. This is necessary given that string literals are emitted into .rodata by default, which makes them read-only when strict memory permissions are in effect.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org --- Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c | 21 ++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c b/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c index 5ee5d92fdf9c..14e3cc409dbc 100644 --- a/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c +++ b/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c @@ -355,8 +355,16 @@ SMBIOS_TABLE_TYPE7 mCacheInfoType7 = { CacheAssociativity2Way // Associativity }; #if (FixedPcdGetBool (PcdIscpSupport)) -CHAR8 *mCacheInfoType7Strings[] = { - "L# Cache", +CHAR8 *mCacheInfoType7StringsL1[] = { + "L1 Cache", + NULL +}; +CHAR8 *mCacheInfoType7StringsL2[] = { + "L2 Cache", + NULL +}; +CHAR8 *mCacheInfoType7StringsL3[] = { + "L3 Cache", NULL }; #else @@ -710,7 +718,6 @@ CacheInfoUpdateSmbiosType7 ( dstType7.SocketDesignation = 1; // "L# Cache"

// L1 cache settings - mCacheInfoType7Strings[0][1] = '1'; // "L# Cache" --> "L1 Cache" SmbiosT7 = &mSmbiosInfo.SmbiosCpuBuffer.T7L1[0]; dstType7.CacheConfiguration = SmbiosT7->T7CacheCfg; dstType7.MaximumCacheSize = SmbiosT7->T7MaxCacheSize; @@ -723,10 +730,9 @@ CacheInfoUpdateSmbiosType7 ( dstType7.ErrorCorrectionType = SmbiosT7->T7ErrorCorrectionType; dstType7.SystemCacheType = SmbiosT7->T7SystemCacheType; dstType7.Associativity = SmbiosT7->T7Associativity; - LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7Strings); + LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7StringsL1);

// L2 cache settings - mCacheInfoType7Strings[0][1] = '2'; // "L# Cache" --> "L2 Cache" SmbiosT7 = &mSmbiosInfo.SmbiosCpuBuffer.T7L2[0]; dstType7.CacheConfiguration = SmbiosT7->T7CacheCfg; dstType7.MaximumCacheSize = SmbiosT7->T7MaxCacheSize; @@ -739,10 +745,9 @@ CacheInfoUpdateSmbiosType7 ( dstType7.ErrorCorrectionType = SmbiosT7->T7ErrorCorrectionType; dstType7.SystemCacheType = SmbiosT7->T7SystemCacheType; dstType7.Associativity = SmbiosT7->T7Associativity; - LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7Strings); + LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7StringsL2);

// L3 cache settings - mCacheInfoType7Strings[0][1] = '3'; // "L# Cache" --> "L3 Cache" SmbiosT7 = &mSmbiosInfo.SmbiosCpuBuffer.T7L3[0]; dstType7.CacheConfiguration = SmbiosT7->T7CacheCfg; dstType7.MaximumCacheSize = SmbiosT7->T7MaxCacheSize; @@ -755,7 +760,7 @@ CacheInfoUpdateSmbiosType7 ( dstType7.ErrorCorrectionType = SmbiosT7->T7ErrorCorrectionType; dstType7.SystemCacheType = SmbiosT7->T7SystemCacheType; dstType7.Associativity = SmbiosT7->T7Associativity; - LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7Strings); + LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7StringsL3); #else LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&mCacheInfoType7, mCacheInfoType7Strings); #endif

-- 2.7.4

Ard Biesheuvel

8 p.m.

New subject: [PATCH 1/3] Platforms/AMD/Styx/PlatformSmbiosDxe: don't write to string literals

On 27 February 2017 at 18:02, Ard Biesheuvel ard.biesheuvel@linaro.org wrote:

...

Remove the code from PlatformSmbiosDxe that writes to a string literal to turn the string 'L# Cache' into L1/L2/L3, and just emit the three versions instead. This is necessary given that string literals are emitted into .rodata by default, which makes them read-only when strict memory permissions are in effect.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org

Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c | 21 ++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c b/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c index 5ee5d92fdf9c..14e3cc409dbc 100644 --- a/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c +++ b/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c @@ -355,8 +355,16 @@ SMBIOS_TABLE_TYPE7 mCacheInfoType7 = { CacheAssociativity2Way // Associativity }; #if (FixedPcdGetBool (PcdIscpSupport)) -CHAR8 *mCacheInfoType7Strings[] = {

"L# Cache",

+CHAR8 *mCacheInfoType7StringsL1[] = {

"L1 Cache",

NULL

+}; +CHAR8 *mCacheInfoType7StringsL2[] = {

"L2 Cache",

NULL

+}; +CHAR8 *mCacheInfoType7StringsL3[] = {

"L3 Cache", NULL

};

Actually, this is a bit overkill: we can simply keep a single version and assign a different char pointer to element 0 for each of L1, L2 and L3 cache rather than update the digit 3 times.

...

#else @@ -710,7 +718,6 @@ CacheInfoUpdateSmbiosType7 ( dstType7.SocketDesignation = 1; // "L# Cache"

// L1 cache settings

mCacheInfoType7Strings[0][1] = '1'; // "L# Cache" --> "L1 Cache" SmbiosT7 = &mSmbiosInfo.SmbiosCpuBuffer.T7L1[0]; dstType7.CacheConfiguration = SmbiosT7->T7CacheCfg; dstType7.MaximumCacheSize = SmbiosT7->T7MaxCacheSize;

@@ -723,10 +730,9 @@ CacheInfoUpdateSmbiosType7 ( dstType7.ErrorCorrectionType = SmbiosT7->T7ErrorCorrectionType; dstType7.SystemCacheType = SmbiosT7->T7SystemCacheType; dstType7.Associativity = SmbiosT7->T7Associativity;

LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7Strings);

LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7StringsL1);

// L2 cache settings

mCacheInfoType7Strings[0][1] = '2'; // "L# Cache" --> "L2 Cache" SmbiosT7 = &mSmbiosInfo.SmbiosCpuBuffer.T7L2[0]; dstType7.CacheConfiguration = SmbiosT7->T7CacheCfg; dstType7.MaximumCacheSize = SmbiosT7->T7MaxCacheSize;

@@ -739,10 +745,9 @@ CacheInfoUpdateSmbiosType7 ( dstType7.ErrorCorrectionType = SmbiosT7->T7ErrorCorrectionType; dstType7.SystemCacheType = SmbiosT7->T7SystemCacheType; dstType7.Associativity = SmbiosT7->T7Associativity;

LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7Strings);

LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7StringsL2);

// L3 cache settings

mCacheInfoType7Strings[0][1] = '3'; // "L# Cache" --> "L3 Cache" SmbiosT7 = &mSmbiosInfo.SmbiosCpuBuffer.T7L3[0]; dstType7.CacheConfiguration = SmbiosT7->T7CacheCfg; dstType7.MaximumCacheSize = SmbiosT7->T7MaxCacheSize;

@@ -755,7 +760,7 @@ CacheInfoUpdateSmbiosType7 ( dstType7.ErrorCorrectionType = SmbiosT7->T7ErrorCorrectionType; dstType7.SystemCacheType = SmbiosT7->T7SystemCacheType; dstType7.Associativity = SmbiosT7->T7Associativity;

LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7Strings);

LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&dstType7, mCacheInfoType7StringsL3);

#else LogSmbiosData ((EFI_SMBIOS_TABLE_HEADER *)&mCacheInfoType7, mCacheInfoType7Strings);

#endif

2.7.4

Ard Biesheuvel

6:02 p.m.

New subject: [PATCH 2/3] Platforms/AMD/Styx: constify/staticize all local functions and variables

Now that we've made a clean spot, let's clean up this module by making everything we can STATIC and/or CONST.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org --- Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c | 72 ++++++++++++-------- 1 file changed, 42 insertions(+), 30 deletions(-)

diff --git a/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c b/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c index 14e3cc409dbc..51616b2d5f11 100644 --- a/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c +++ b/Platforms/AMD/Styx/Drivers/PlatformSmbiosDxe/PlatformSmbiosDxe.c @@ -57,15 +57,15 @@ extern EFI_BOOT_SERVICES *gBS; * G L O B A L S *---------------------------------------------------------------------------------------- */ -EFI_SMBIOS_PROTOCOL *mSmbiosProtocol; -AMD_ISCP_DXE_PROTOCOL *mIscpDxeProtocol; -ISCP_SMBIOS_INFO mSmbiosInfo; +STATIC EFI_SMBIOS_PROTOCOL *mSmbiosProtocol; +STATIC AMD_ISCP_DXE_PROTOCOL *mIscpDxeProtocol; +STATIC ISCP_SMBIOS_INFO mSmbiosInfo;

/*********************************************************************** SMBIOS data definition TYPE0 BIOS Information ************************************************************************/ -SMBIOS_TABLE_TYPE0 mBIOSInfoType0 = { +STATIC CONST SMBIOS_TABLE_TYPE0 mBIOSInfoType0 = { { EFI_SMBIOS_TYPE_BIOS_INFORMATION, sizeof (SMBIOS_TABLE_TYPE0), 0 }, 1, // Vendor String 2, // BiosVersion String @@ -130,7 +130,7 @@ SMBIOS_TABLE_TYPE0 mBIOSInfoType0 = { 0xFF, // EmbeddedControllerFirmwareMinorRelease };

-CHAR8 *mBIOSInfoType0Strings[] = { +STATIC CHAR8 CONST * CONST mBIOSInfoType0Strings[] = { "edk2.sourceforge.net", // Vendor String __TIME__, // BiosVersion String __DATE__, // BiosReleaseDate String @@ -140,7 +140,7 @@ CHAR8 *mBIOSInfoType0Strings[] = { /*********************************************************************** SMBIOS data definition TYPE1 System Information ************************************************************************/ -SMBIOS_TABLE_TYPE1 mSysInfoType1 = { +STATIC CONST SMBIOS_TABLE_TYPE1 mSysInfoType1 = { { EFI_SMBIOS_TYPE_SYSTEM_INFORMATION, sizeof (SMBIOS_TABLE_TYPE1), 0 }, 1, // Manufacturer String 2, // ProductName String @@ -151,7 +151,7 @@ SMBIOS_TABLE_TYPE1 mSysInfoType1 = { 5, // SKUNumber String 6, // Family String }; -CHAR8 *mSysInfoType1Strings[] = { +STATIC CHAR8 CONST * CONST mSysInfoType1Strings[] = { "AMD", "Seattle", "1.0", @@ -164,7 +164,7 @@ CHAR8 *mSysInfoType1Strings[] = { /*********************************************************************** SMBIOS data definition TYPE2 Board Information ************************************************************************/ -SMBIOS_TABLE_TYPE2 mBoardInfoType2 = { +STATIC CONST SMBIOS_TABLE_TYPE2 mBoardInfoType2 = { { EFI_SMBIOS_TYPE_BASEBOARD_INFORMATION, sizeof (SMBIOS_TABLE_TYPE2), 0 }, 1, // Manufacturer String 2, // ProductName String @@ -185,7 +185,7 @@ SMBIOS_TABLE_TYPE2 mBoardInfoType2 = { 0, // NumberOfContainedObjectHandles; { 0 } // ContainedObjectHandles[1]; }; -CHAR8 *mBoardInfoType2Strings[] = { +STATIC CHAR8 CONST * CONST mBoardInfoType2Strings[] = { "AMD", "Seattle", "1.0", @@ -198,7 +198,7 @@ CHAR8 *mBoardInfoType2Strings[] = { /*********************************************************************** SMBIOS data definition TYPE3 Enclosure Information ************************************************************************/ -SMBIOS_TABLE_TYPE3 mEnclosureInfoType3 = { +STATIC CONST SMBIOS_TABLE_TYPE3 mEnclosureInfoType3 = { { EFI_SMBIOS_TYPE_SYSTEM_ENCLOSURE, sizeof (SMBIOS_TABLE_TYPE3), 0 }, 1, // Manufacturer String MiscChassisTypeLapTop, // Type; @@ -216,7 +216,7 @@ SMBIOS_TABLE_TYPE3 mEnclosureInfoType3 = { 0, // ContainedElementRecordLength; { { 0 } }, // ContainedElements[1]; }; -CHAR8 *mEnclosureInfoType3Strings[] = { +STATIC CHAR8 CONST * CONST mEnclosureInfoType3Strings[] = { "AMD", "1.0", "Chassis Board Serial#", @@ -227,7 +227,7 @@ CHAR8 *mEnclosureInfoType3Strings[] = { /*********************************************************************** SMBIOS data definition TYPE4 Processor Information ************************************************************************/ -SMBIOS_TABLE_TYPE4 mProcessorInfoType4 = { +STATIC SMBIOS_TABLE_TYPE4 mProcessorInfoType4 = { { EFI_SMBIOS_TYPE_PROCESSOR_INFORMATION, sizeof (SMBIOS_TABLE_TYPE4), 0}, 1, // Socket String ProcessorOther, // ProcessorType; ///< The enumeration value from PROCESSOR_TYPE_DATA. @@ -306,7 +306,7 @@ SMBIOS_TABLE_TYPE4 mProcessorInfoType4 = { ProcessorFamilyARM, // ARM Processor Family; };

-CHAR8 *mProcessorInfoType4Strings[] = { +STATIC CHAR8 CONST * CONST mProcessorInfoType4Strings[] = { "Socket", "ARM", #ifdef ARM_CPU_AARCH64 @@ -323,7 +323,7 @@ CHAR8 *mProcessorInfoType4Strings[] = { /*********************************************************************** SMBIOS data definition TYPE7 Cache Information ************************************************************************/ -SMBIOS_TABLE_TYPE7 mCacheInfoType7 = { +STATIC SMBIOS_TABLE_TYPE7 mCacheInfoType7 = { { EFI_SMBIOS_TYPE_CACHE_INFORMATION, sizeof (SMBIOS_TABLE_TYPE7), 0 }, 1, // SocketDesignation String 0x018A, // Cache Configuration @@ -355,20 +355,20 @@ SMBIOS_TABLE_TYPE7 mCacheInfoType7 = { CacheAssociativity2Way // Associativity }; #if (FixedPcdGetBool (PcdIscpSupport)) -CHAR8 *mCacheInfoType7StringsL1[] = { +STATIC CHAR8 CONST * CONST mCacheInfoType7StringsL1[] = { "L1 Cache", NULL }; -CHAR8 *mCacheInfoType7StringsL2[] = { +STATIC CHAR8 CONST * CONST mCacheInfoType7StringsL2[] = { "L2 Cache", NULL }; -CHAR8 *mCacheInfoType7StringsL3[] = { +STATIC CHAR8 CONST * CONST mCacheInfoType7StringsL3[] = { "L3 Cache", NULL }; #else -CHAR8 *mCacheInfoType7Strings[] = { +STATIC CHAR8 CONST * CONST mCacheInfoType7Strings[] = { "Cache1", NULL }; @@ -377,7 +377,7 @@ CHAR8 *mCacheInfoType7Strings[] = { /*********************************************************************** SMBIOS data definition TYPE9 System Slot Information ************************************************************************/ -SMBIOS_TABLE_TYPE9 mSysSlotInfoType9 = { +STATIC CONST SMBIOS_TABLE_TYPE9 mSysSlotInfoType9 = { { EFI_SMBIOS_TYPE_SYSTEM_SLOTS, sizeof (SMBIOS_TABLE_TYPE9), 0 }, 1, // SlotDesignation String SlotTypeOther, // SlotType; ///< The enumeration value from MISC_SLOT_TYPE. @@ -405,7 +405,7 @@ SMBIOS_TABLE_TYPE9 mSysSlotInfoType9 = { 0, // BusNum; 0, // DevFuncNum; }; -CHAR8 *mSysSlotInfoType9Strings[] = { +STATIC CHAR8 CONST * CONST mSysSlotInfoType9Strings[] = { "SD Card", NULL }; @@ -413,7 +413,7 @@ CHAR8 *mSysSlotInfoType9Strings[] = { /*********************************************************************** SMBIOS data definition TYPE16 Physical Memory ArrayInformation ************************************************************************/ -SMBIOS_TABLE_TYPE16 mPhyMemArrayInfoType16 = { +STATIC SMBIOS_TABLE_TYPE16 mPhyMemArrayInfoType16 = { { EFI_SMBIOS_TYPE_PHYSICAL_MEMORY_ARRAY, sizeof (SMBIOS_TABLE_TYPE16), 0 }, MemoryArrayLocationSystemBoard, // Location; ///< The enumeration value from MEMORY_ARRAY_LOCATION. MemoryArrayUseSystemMemory, // Use; ///< The enumeration value from MEMORY_ARRAY_USE. @@ -423,14 +423,14 @@ SMBIOS_TABLE_TYPE16 mPhyMemArrayInfoType16 = { 1, // NumberOfMemoryDevices; 0x3fffffffffffffffULL, // ExtendedMaximumCapacity; }; -CHAR8 *mPhyMemArrayInfoType16Strings[] = { +STATIC CHAR8 CONST * CONST mPhyMemArrayInfoType16Strings[] = { NULL };

/*********************************************************************** SMBIOS data definition TYPE17 Memory Device Information ************************************************************************/ -SMBIOS_TABLE_TYPE17 mMemDevInfoType17 = { +STATIC SMBIOS_TABLE_TYPE17 mMemDevInfoType17 = { { EFI_SMBIOS_TYPE_MEMORY_DEVICE, sizeof (SMBIOS_TABLE_TYPE17), 0 }, 0, // MemoryArrayHandle; 0xFFFE, // MemoryErrorInformationHandle; @@ -471,9 +471,9 @@ SMBIOS_TABLE_TYPE17 mMemDevInfoType17 = { };

#if (FixedPcdGetBool (PcdIscpSupport)) -CHAR8 *mMemDevInfoType17Strings[ 7 ] = {0}; +STATIC CHAR8 CONST *mMemDevInfoType17Strings[ 7 ] = {0}; #else -CHAR8 *mMemDevInfoType17Strings[] = { +STATIC CHAR8 CONST * CONST mMemDevInfoType17Strings[] = { "OS Virtual Memory", "malloc", "OSV", @@ -484,7 +484,7 @@ CHAR8 *mMemDevInfoType17Strings[] = { /*********************************************************************** SMBIOS data definition TYPE19 Memory Array Mapped Address Information ************************************************************************/ -SMBIOS_TABLE_TYPE19 mMemArrMapInfoType19 = { +STATIC SMBIOS_TABLE_TYPE19 mMemArrMapInfoType19 = { { EFI_SMBIOS_TYPE_MEMORY_ARRAY_MAPPED_ADDRESS, sizeof (SMBIOS_TABLE_TYPE19), 0 }, 0x80000000, // StartingAddress; 0xbfffffff, // EndingAddress; @@ -493,20 +493,20 @@ SMBIOS_TABLE_TYPE19 mMemArrMapInfoType19 = { 0, // ExtendedStartingAddress; 0, // ExtendedEndingAddress; }; -CHAR8 *mMemArrMapInfoType19Strings[] = { +STATIC CHAR8 CONST * CONST mMemArrMapInfoType19Strings[] = { NULL };

/*********************************************************************** SMBIOS data definition TYPE32 Boot Information ************************************************************************/ -SMBIOS_TABLE_TYPE32 mBootInfoType32 = { +STATIC CONST SMBIOS_TABLE_TYPE32 mBootInfoType32 = { { EFI_SMBIOS_TYPE_SYSTEM_BOOT_INFORMATION, sizeof (SMBIOS_TABLE_TYPE32), 0 }, { 0, 0, 0, 0, 0, 0 }, // Reserved[6]; BootInformationStatusNoError // BootStatus };

-CHAR8 *mBootInfoType32Strings[] = { +STATIC CHAR8 CONST * CONST mBootInfoType32Strings[] = { NULL };

@@ -541,11 +541,12 @@ CHAR8 *mBootInfoType32Strings[] = { NULL is OK. **/

+STATIC EFI_STATUS EFIAPI LogSmbiosData ( IN EFI_SMBIOS_TABLE_HEADER *Template, - IN CHAR8 **StringPack + IN CONST CHAR8* CONST *StringPack ) { EFI_STATUS Status; @@ -608,6 +609,7 @@ LogSmbiosData ( /*********************************************************************** SMBIOS data update TYPE0 BIOS Information ************************************************************************/ +STATIC VOID BIOSInfoUpdateSmbiosType0 ( VOID @@ -619,6 +621,7 @@ BIOSInfoUpdateSmbiosType0 ( /*********************************************************************** SMBIOS data update TYPE1 System Information ************************************************************************/ +STATIC VOID SysInfoUpdateSmbiosType1 ( VOID @@ -630,6 +633,7 @@ SysInfoUpdateSmbiosType1 ( /*********************************************************************** SMBIOS data update TYPE2 Board Information ************************************************************************/ +STATIC VOID BoardInfoUpdateSmbiosType2 ( VOID @@ -641,6 +645,7 @@ BoardInfoUpdateSmbiosType2 ( /*********************************************************************** SMBIOS data update TYPE3 Enclosure Information ************************************************************************/ +STATIC VOID EnclosureInfoUpdateSmbiosType3 ( VOID @@ -652,6 +657,7 @@ EnclosureInfoUpdateSmbiosType3 ( /*********************************************************************** SMBIOS data update TYPE4 Processor Information ************************************************************************/ +STATIC VOID ProcessorInfoUpdateSmbiosType4 ( VOID @@ -703,6 +709,7 @@ ProcessorInfoUpdateSmbiosType4 ( /*********************************************************************** SMBIOS data update TYPE7 Cache Information ************************************************************************/ +STATIC VOID CacheInfoUpdateSmbiosType7 ( VOID @@ -769,6 +776,7 @@ CacheInfoUpdateSmbiosType7 ( /*********************************************************************** SMBIOS data update TYPE9 System Slot Information ************************************************************************/ +STATIC VOID SysSlotInfoUpdateSmbiosType9 ( VOID @@ -780,6 +788,7 @@ SysSlotInfoUpdateSmbiosType9 ( /*********************************************************************** SMBIOS data update TYPE16 Physical Memory Array Information ************************************************************************/ +STATIC VOID PhyMemArrayInfoUpdateSmbiosType16 ( VOID @@ -802,6 +811,7 @@ PhyMemArrayInfoUpdateSmbiosType16 ( /*********************************************************************** SMBIOS data update TYPE17 Memory Device Information ************************************************************************/ +STATIC VOID MemDevInfoUpdatedstType17 ( VOID @@ -884,6 +894,7 @@ MemDevInfoUpdatedstType17 ( /*********************************************************************** SMBIOS data update TYPE19 Memory Array Map Information ************************************************************************/ +STATIC VOID MemArrMapInfoUpdateSmbiosType19 ( VOID @@ -909,6 +920,7 @@ MemArrMapInfoUpdateSmbiosType19 ( /*********************************************************************** SMBIOS data update TYPE32 Boot Information ************************************************************************/ +STATIC VOID BootInfoUpdateSmbiosType32 ( VOID

-- 2.7.4

Ard Biesheuvel

6:02 p.m.

New subject: [PATCH 3/3] Platforms/AMD/Styx: enable strict memory permission policy

Implement a strict separation between writable and executable memory, by enabling the new core features that - map PE/COFF code and data sections with either executable or writable permissions, but never both; - map all other regions with the XN attributes set.

Note that the former requires 4 KB section alignment, which is not the default when using the tiny code model, so set the section alignment explicitly both for DEBUG and RELEASE builds.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org --- Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc | 15 +++++++++++++++ 1 file changed, 15 insertions(+)

diff --git a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc index a236836db691..03ca1ffae2e5 100644 --- a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc +++ b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc @@ -273,6 +273,9 @@ DEFINE DO_KCS = 1 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000

+[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION] + GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000 + ################################################################################ # # Pcd Section - list of all EDK II PCD Entries defined by this Platform @@ -440,6 +443,18 @@ DEFINE DO_KCS = 1 ## ACPI (no tables < 4GB) gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiExposedTableVersions|0x20

+ # + # Enable strict image permissions for all images. (This applies + # only to images that were built with >= 4 KB section alignment.) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 + + # + # Enable NX memory protection for all non-code regions, including OEM and OS + # reserved ones. + # + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5 + !if $(DO_PSCI) gAmdStyxTokenSpaceGuid.PcdPsciOsSupport|TRUE !else

-- 2.7.4

2770

days inactive

2770

days old

linaro-uefi@lists.linaro.org

4 comments

participants

tags (0)

participants (1)

Ard Biesheuvel