On Tue, 2021-11-23 at 15:10 +0000, Yao, Jiewen wrote: > I would say the PEI owns the system and all memory (including the > DXE). > > A bug in PEI may override the loaded DXE memory or the whole system.
That's not the correct way to analyse the security properties. From the security point of view this is a trapdoor system: once you go through the door, you can't go back (the trapdoor being the jump from PEI to DXE). The trapdoor isolates the domains and allows you to analyse the security properties of each separately. It also allows separation of exposure ... which is what we use in this case: the PEI domain has very limited exposure, it's the DXE domain that has full exposure but, because of the trapdoor, bugs in PEI code can't be used to exploit the system when it has transitioned to the DXE domain. > In history I did see PEI security issues. > Some security issue in PEI caused system compromised completely. You > even have no chance to run DXE. The security domain analysis above doesn't mean no bug in PEI is ever exploitable but it does mean that there are fewer exploitability classes in PEI than DXE because the security domain is much less exposed. James -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#83951): https://edk2.groups.io/g/devel/message/83951 Mute This Topic: https://groups.io/mt/86739864/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
