mirror of https://github.com/acidanthera/audk.git
1facb8fdef
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 The security researcher found that we can get control after NEM disable. The reason is that the flash content reside in NEM at startup and the code will get the content from flash directly after disable NEM. To avoid this vulnerability, the feature will copy the PEIMs from temporary memory to permanent memory and only execute the code in permanent memory. The vulnerability is exist in physical platform and haven't report in virtual platform, so the virtual can disable the feature currently. When enable the PcdMigrateTemporaryRamFirmwareVolumes, always shadow all PEIMs no matter the condition of PcdShadowPeimOnBoot or PcdShadowPeimOnS3Boot. Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Hao A Wu <hao.a.wu@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> |
||
|---|---|---|
| .. | ||
| Application | ||
| Bus | ||
| Core | ||
| Include | ||
| Library | ||
| Logo | ||
| Test | ||
| Universal | ||
| MdeModulePkg.ci.yaml | ||
| MdeModulePkg.dec | ||
| MdeModulePkg.dsc | ||
| MdeModulePkg.uni | ||
| MdeModulePkgExtra.uni | ||