On Wed, 4 Jan 2023 at 12:11, Gerd Hoffmann <kra...@redhat.com> wrote: > > Hi, > > > > > > You can override PCDs on the build command line, so I suggest you use > > > > > that for building these images as long as it is needed. > > > > > > > > > > E.g,, append this to the build.sh command line > > > > > > > > > > --pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1 > > > > > > > > > > to undo the effects of this patch. > > Can this also be flipped at runtime?
Currently, it is fixed or patchable, which means that you can override it at build time only. I don't think making this a dynamic PCD would be difficult, and on QEMU, we can set the value early enough if we key it off fw_cfg or something like that. But that implies that you need a 'permissive' mode to invoke QEMU, which ends up being always enabled, most likely, so I'm not sure this is an improvement. > Does this pcd work the same way on all architectures? > In principle, yes. However, I cannot vouch for the X86 code not doing dodgy things with data regions, so whether the same *value* works reliably across all architectures is a separate matter. > > I don't think having different versions of the image makes sense, tbh, > > but of course, this is up to the distros. > > Fedora has reverted the patch for now, and I don't see how we can enable > that anytime soon given that RHEL-8,9 with loooooong support times ship > broken grub binaries today. > Yeah. This is really disappointing. > > Compatibility with ancient downstream GRUB builds is not a goal of the > > EDK2 upstream, so as long as distros can tweak the build to their > > needs, I don't see a reason to revert this change upstream. > > The versions are not that ancient. The problem is more that upstream > grub is really slow on integrating patches so every distro does carry > a huge pile of downstream patches. And they seem to re-introduce the > bug ... > > But, yes, just reverting upstream too doesn't look like a good option > either, we need at least a little pressure to get things fixed. > Indeed. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97934): https://edk2.groups.io/g/devel/message/97934 Mute This Topic: https://groups.io/mt/93922691/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
