On 07/22/20 10:36, Guomin Jiang wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 > > The security researcher found that we can get control after NEM disable. > > The reason is that the flash content reside in NEM at startup and the > code will get the content from flash directly after disable NEM. > > To avoid this vulnerability, the feature will copy the PEIMs from > temporary memory to permanent memory and only execute the code in > permanent memory. > > The vulnerability is exist in physical platform and haven't report in > virtual platform, so the virtual can disable the feature currently. > > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Hao A Wu <hao.a...@intel.com> > Signed-off-by: Guomin Jiang <guomin.ji...@intel.com> > Acked-by: Laszlo Ersek <ler...@redhat.com> > Reviewed-by: Jian J Wang <jian.j.w...@intel.com> > --- > MdeModulePkg/MdeModulePkg.dec | 8 ++++++++ > MdeModulePkg/MdeModulePkg.uni | 6 ++++++ > 2 files changed, 14 insertions(+)
Comparing this against v5 (which I last checked), my ACK stands. Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63153): https://edk2.groups.io/g/devel/message/63153 Mute This Topic: https://groups.io/mt/75720846/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
