I would say the PEI owns the system and all memory (including the DXE). A bug in PEI may override the loaded DXE memory or the whole system.
In history I did see PEI security issues. Some security issue in PEI caused system compromised completely. You even have no chance to run DXE. thank you! Yao, Jiewen > 在 2021年11月23日,下午10:52,James Bottomley <j...@linux.ibm.com> 写道: > > On Tue, 2021-11-23 at 14:36 +0000, Yao, Jiewen wrote: >>> This strict isolation between DXE and PEI means that once we're in >>> DXE, any bugs in PEI can't be exploited to attack the DXE >>> environment. >> >> [jiewen] I would disagree the statement above. >> There is not strict isolation. Actually no isolation at all. >> The DXE is loaded by PEI. > > Not in OVMF ... DXE and PEI are actually loaded by SEC. PEI eventually > jumps to execute DXE but that's after all its own tasks are completed. > >> A bug in PEI has global impact and it can definitely be used to >> attack the DXE. > > Only if it can be exploited. Moving things to PEI is mitigating the > exploitability not the bugs. The point about exploitability and PEI is > that it doesn't read any config files, it can't execute any EFI > binaries and it has no Human Interface modules so can't be influenced > even by a physically present attacker. No ability to influence is what > removes the ability to exploit. > > James > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#83950): https://edk2.groups.io/g/devel/message/83950 Mute This Topic: https://groups.io/mt/86739864/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
