Hi all, During the EDK2 design meeting on 5/17, Project Mu developers presented memory protection and DXE Core revisions.
The presentation covered the following topics: 1. The motivation for improving memory protections 2. Specifics on Microsoft's requirements for memory protection in UEFI 3. Changes Project Mu has made to the EDK2 memory protection logic to meet the requirements 4. A proposal of changes to DXE Core which will improve consistency and protection in EDK2 The link below contains the presentation and supplementary files from the meeting. <https://github.com/TaylorBeebe/edk2/tree/edk2_design_meeting_5_17_documents> https://github.com/TaylorBeebe/edk2/tree/edk2_design_meeting_5_17_documents Below is an EDK2 branch containing the changes described in the design meeting tested using OvmfPkg. Two paging audits were collected from the branch to help illustrate the difference in memory protections. The file labeled ovmf_protected_base is the base X64 OVMF from May 5, 2023 with the protection PCDs set to the values in the "Basic Info" tab of the audit. The file ovmf_protected_updated was created with nearly identical settings at the same hash but with the updates from Project Mu. The EKD2 branch which created the ovmf_protected_updated paging audit is linked below. IMPORTANT: This implementation is not going to be converted to patch series, and is only offered as a sandbox/reference for the above audits. https://github.com/TaylorBeebe/edk2/tree/revisiting_memory_protections The protection issues discussed in the design meeting indicate work which can be done to refocus DXE Core to contain all necessary services required for the initialization of modern platforms and to close protection gaps which currently exist in EDK2. To explore this topic with the community, a new GitHub Project will be created in the Tianocore organization to help track progress and drive engagement. A follow-up email will be sent when the project is made public to provide more info and enable community members to get involved. Thanks! -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105102): https://edk2.groups.io/g/devel/message/105102 Mute This Topic: https://groups.io/mt/99059931/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
