On Wed, Jan 04, 2023 at 01:04:41PM +0100, Ard Biesheuvel wrote: > On Wed, 4 Jan 2023 at 12:11, Gerd Hoffmann <kra...@redhat.com> wrote: > > > > Hi, > > > > > > > > --pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1 > > > > Can this also be flipped at runtime? > > Currently, it is fixed or patchable, which means that you can override > it at build time only. I don't think making this a dynamic PCD would > be difficult, and on QEMU, we can set the value early enough if we key > it off fw_cfg or something like that. > > But that implies that you need a 'permissive' mode to invoke QEMU, > which ends up being always enabled, most likely, so I'm not sure this > is an improvement.
It works both ways. Being able to enable nx protection at runtime on builds which have it disabled by default would be quite useful. Write test cases. Write reproducer instructions which don't include building edk2 yourself. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#97936): https://edk2.groups.io/g/devel/message/97936 Mute This Topic: https://groups.io/mt/93922691/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
