tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/MdeModulePkg/Core/Dxe
History
Jiewen Yao d0e92aad46 MdeModulePkg/DxeCore: Add UEFI image protection. 
If the UEFI image is page aligned, the image code section is set to read
only and the image data section is set to non-executable.

1) This policy is applied for all UEFI image including boot service driver,
runtime driver or application.
2) This policy is applied only if the UEFI image meets the page alignment
requirement.
3) This policy is applied only if the Source UEFI image matches the
PcdImageProtectionPolicy definition.
4) This policy is not applied to the non-PE image region.

The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
the image. If the CpuArch protocol is not installed yet, the DxeCore
enqueues the protection request. Once the CpuArch is installed, the
DxeCore dequeues the protection request and applies policy.

Once the image is unloaded, the protection is removed automatically.

The UEFI runtime image protection is teared down at ExitBootServices(),
the runtime image code relocation need write code segment at
SetVirtualAddressMap(). We cannot assume OS/Loader has taken over
page table at that time.

NOTE: It is per-requisite that code section and data section
should not be not merged. That is same criteria for SMM/runtime driver.

We are not able to detect during BIOS boot, because
we can only get LINK warning below:
"LINK : warning LNK4254: section '.data' (C0000040) merged into
'.text' (60000020) with different attributes"
But final attribute in PE code section is same.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
 		2017-02-22 14:07:04 +08:00
..
Dispatcher MdeModulePkg: Use EfiEventEmptyFunction from UefiLib 2017-01-20 15:51:18 +08:00
DxeMain MdeModulePkg/DxeCore: Add UEFI image protection. 2017-02-22 14:07:04 +08:00
Event MdeModulePkg: Use EfiEventEmptyFunction from UefiLib 2017-01-20 15:51:18 +08:00
FwVol MdeModulePkg/Core: Fix typos in comments 2016-10-27 09:11:17 +08:00
FwVolBlock MdeModulePkg DxeCore: Show error message on unaligned FvImage issue 2016-11-17 09:27:11 +08:00
Gcd MdeModulePkg/DxeCore:Clear RT attribute on SetCapabilities. 2017-01-12 15:58:13 +08:00
Hand MdeModulePkg/Core: Fix typos in comments 2016-10-27 09:11:17 +08:00
Image MdeModulePkg/DxeCore: Add UEFI image protection. 2017-02-22 14:07:04 +08:00
Library Update the copyright notice format 2010-04-24 09:49:11 +00:00
Mem MdeModulePkg/Core/Dxe: rebase to ARRAY_SIZE() 2016-10-27 11:10:56 +02:00
Misc MdeModulePkg/DxeCore: Add UEFI image protection. 2017-02-22 14:07:04 +08:00
SectionExtraction MdeModulePkg: Fix typos in comments and variables 2016-07-11 10:29:48 +08:00
DxeCore.uni MdeModulePkg: Convert all .uni files to utf-8 2015-12-15 04:56:23 +00:00
DxeCoreExtra.uni MdeModulePkg: Convert all .uni files to utf-8 2015-12-15 04:56:23 +00:00
DxeMain.h MdeModulePkg/DxeCore: Add UEFI image protection. 2017-02-22 14:07:04 +08:00
DxeMain.inf MdeModulePkg/DxeCore: Add UEFI image protection. 2017-02-22 14:07:04 +08:00