diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 356b3e1119..626e479f5e 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1739,7 +1739,7 @@ ## This PCD holds the address mask for page table entries when memory encryption is # enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature. # This mask should be applied when creating 1:1 virtual to physical mapping tables. - # + # @Prompt The address mask when memory encryption is enabled. gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047 [PcdsPatchableInModule] diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index ff0d697078..d6015de75f 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -1089,3 +1089,41 @@ "BIT0 - Image from unknown device.
\n" "BIT1 - Image from firmware volume.
" +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_PROMPT #language en-US "Set DXE memory protection policy." + +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_HELP #language en-US "Set DXE memory protection policy. The policy is bitwise.\n" + "If a bit is set, memory regions of the associated type will be mapped\n" + "non-executable.

\n" + "\n" + "Below is bit mask for this PCD: (Order is same as UEFI spec)
\n" + "EfiReservedMemoryType 0x0001
\n" + "EfiLoaderCode 0x0002
\n" + "EfiLoaderData 0x0004
\n" + "EfiBootServicesCode 0x0008
\n" + "EfiBootServicesData 0x0010
\n" + "EfiRuntimeServicesCode 0x0020
\n" + "EfiRuntimeServicesData 0x0040
\n" + "EfiConventionalMemory 0x0080
\n" + "EfiUnusableMemory 0x0100
\n" + "EfiACPIReclaimMemory 0x0200
\n" + "EfiACPIMemoryNVS 0x0400
\n" + "EfiMemoryMappedIO 0x0800
\n" + "EfiMemoryMappedIOPortSpace 0x1000
\n" + "EfiPalCode 0x2000
\n" + "EfiPersistentMemory 0x4000
\n" + "OEM Reserved 0x4000000000000000
\n" + "OS Reserved 0x8000000000000000
\n" + "\n" + "NOTE: User must NOT set NX protection for EfiLoaderCode / EfiBootServicesCode / EfiRuntimeServicesCode.
\n" + "User MUST set the same NX protection for EfiBootServicesData and EfiConventionalMemory.
\n" + "\n" + "e.g. 0x7FD5 can be used for all memory except Code.
\n" + "e.g. 0x7BD4 can be used for all memory except Code and ACPINVS/Reserved.
\n" + "" + +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOrMask_PROMPT #language en-US "The address mask when memory encryption is enabled." + +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOrMask_HELP #language en-US "This PCD holds the address mask for page table entries when memory encryption is\n" + "enabled on AMD processors supporting the Secure Encrypted Virtualization (SEV) feature.\n" + "This mask should be applied when creating 1:1 virtual to physical mapping tables." +