Hi, > > - modify the SecPei version of CpuExceptionHandlerLib to put the > > vector templates in .data, as I proposed before. This works around the > > issue, and given that SEC/PEI is assumed to be read-only anyway (as it > > may execute in place from flash) and does not use page alignment for > > the sections due to size constraints, it is reasonable to assume that > > .text and .data will be mapped executable anyway. > > Well, that assumption is more than fair to make for the status quo > platforms, but this is just another rock in the way of doing things > the right way (even if it’s just VMs). > > Cc Gerd for an OVMF security perspective. Is PEI-time memory > protection something you’d be interested in in the future?
Given that PEI is expected to be able to run from read-only storage the easiest way to apply X^W rules would be to just map the whole PEI firmware volume as R-X when executing from RAM (which is the case for OVMF). I've fixed OVMF PEI modules last year to *not* use global variables, so OVMF is not a special case any more and mapping OVMF PEI readonly should work just fine. So Ard's approach looks sane to me. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102261): https://edk2.groups.io/g/devel/message/102261 Mute This Topic: https://groups.io/mt/97960758/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
