On Fri, Aug 18, 2023 at 11:57 PM Taylor Beebe <taylor.d.be...@gmail.com> wrote: > > In the past, memory protection settings were configured via FixedAtBuild PCDs, > which resulted in a build-time configuration of memory mitigations. This > approach limited the flexibility of applying mitigations to the > system and made it difficult to update or adjust the settings post-build. > > In a design, the configuration interface has been revised to allow for dynamic > configuration. This is achieved by setting memory protections via a library > interface which stores/updates the memory protection settings in > a GUIDed HOB, which is then consumed during and after DXE handoff. > > This patch series adds two libraries: > SetMemoryProtectionsLib: A PEIM that allows for setting/fetching memory > protections and "locking" to prevent further updates via the library > interface. > The backing for the settings are a GUIDed HOB that is created by the library > whenever its API is invoked. > > GetMemoryProtectionsLib: A DXE library that allows for getting the memory > protection settings for the current boot. This library populates a global > with the settings from the HOB entry (if present) for access in the module. > Previous references to the PCDs are replaced with references to the global. > > OvmfPkg has been updated to allow the setting of the memory protection profile > via QemuCfg instead of just the NxForStack setting. If no profile is passed, > the platform will default to the Debug profile for DXE and Off profile for MM. > > ArmVirtPkg will use the Release profile. > > Reference: https://github.com/tianocore/edk2/pull/4566
Hi Taylor, Would you mind stating what changed between v1 and v2? It would help reviewing :) -- Pedro -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107896): https://edk2.groups.io/g/devel/message/107896 Mute This Topic: https://groups.io/mt/100830898/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
