Hi, > > The idea is: Improve page fault handler to (a) print a big'n'fat > > warning, and (b) loosening up memory permissions for the faulting > > page address. > > > > No patch for that emerged (yet?). > > Ack. I can work on that.
FYI: There was a patch series on the list last week to move various paging / security related options from compile time (PCD) to runtime (config struct in HOB). All NX settings are in there, also page guard and heap guard. Also some (very basic) support for config profiles. With that in place it would be possible to make this configurable in uefi firmware settings (or via fw_cfg, or both). > Also, what's the situation on this for x86? I assume it's a lot worse there? Currently x86 is less problematic in practice, but only because many of the security features are not (yet) enabled. Note it's not only grub+shim, the linux kernel stub is affected too. The new, uefi-stub-only archs (armv7, armv8,riscv) are fixed meanwhile, and they all use the common zboot code. x86 is wip still, ard has a patch series in flight, it's more tricky there due to hybrid bios/uefi kernels and other legacy cruft ... take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106960): https://edk2.groups.io/g/devel/message/106960 Mute This Topic: https://groups.io/mt/100057351/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
