Now that the transition to use SetMemoryProtectionsLib and GetMemoryProtectionsLib is complete, delete the memory protection PCDs to avoid confusing the interface. All memory protection settings will now be set and consumed via the libraries.
Signed-off-by: Taylor Beebe <taylor.d.be...@gmail.com> Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org> Cc: Jiewen Yao <jiewen....@intel.com> Cc: Jordan Justen <jordan.l.jus...@intel.com> Cc: Gerd Hoffmann <kra...@redhat.com> Cc: Rebecca Cran <rebe...@bsdio.com> Cc: Peter Grehan <gre...@freebsd.org> Cc: Corvin Köhne <corv...@freebsd.org> Cc: Jianyong Wu <jianyong...@arm.com> Cc: Anatol Belski <anbel...@linux.microsoft.com> Cc: Anthony Perard <anthony.per...@citrix.com> Cc: Julien Grall <jul...@xen.org> Cc: Erdem Aktas <erdemak...@google.com> Cc: James Bottomley <j...@linux.ibm.com> Cc: Min Xu <min.m...@intel.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: Michael Roth <michael.r...@amd.com> Cc: Sunil V L <suni...@ventanamicro.com> Cc: Andrei Warkentin <andrei.warken...@intel.com> --- OvmfPkg/AmdSev/AmdSevX64.dsc | 3 --- OvmfPkg/Bhyve/BhyveX64.dsc | 3 --- OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf | 1 - OvmfPkg/CloudHv/CloudHvX64.dsc | 3 --- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 3 --- OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf | 1 - OvmfPkg/Microvm/MicrovmX64.dsc | 3 --- OvmfPkg/OvmfPkgIa32.dsc | 3 --- OvmfPkg/OvmfPkgIa32X64.dsc | 3 --- OvmfPkg/OvmfPkgX64.dsc | 3 --- OvmfPkg/OvmfXen.dsc | 3 --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 - OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 13 ------------- OvmfPkg/TdxDxe/TdxDxe.inf | 1 - 14 files changed, 44 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index b67b50b833b9..46a74e4f8ee8 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -516,9 +516,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 5af5831196f6..21baa47d2526 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -550,9 +550,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 diff --git a/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf b/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf index 07570d4e30ca..07f032941404 100644 --- a/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/Bhyve/PlatformPei/PlatformPei.inf @@ -89,7 +89,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index c550ebcd659e..b8d643dfda3c 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -600,9 +600,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index a3370f45940c..513727ae98ff 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -511,9 +511,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf index a6d7b53f52cf..009bee69e405 100644 --- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf +++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf @@ -79,7 +79,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplBuildPageTables ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## CONSUMES gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvSize gUefiOvmfPkgTokenSpaceGuid.PcdSecureBootSupported diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index da5a4862bfdc..78f2ab64a60d 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -623,9 +623,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index d4d14b69ef1d..0f2b1812a821 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -634,9 +634,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 674010323df1..6180d267067a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -652,9 +652,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 08b70d76d292..937488b043f4 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -670,9 +670,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # UefiCpuPkg PCDs related to initial AP bringup and general AP management. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuBootLogicalProcessorNumber|0 diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index d80e20a151d7..e3631202238b 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -506,9 +506,6 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - # Noexec settings for DXE. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE - # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf index fbaa6bdc8ee5..3085f4f46a50 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -104,7 +104,6 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase diff --git a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc index fe320525153f..57304c40766a 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc +++ b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc @@ -271,19 +271,6 @@ [PcdsFixedAtBuild.common] gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0 - # - # Enable strict image permissions for all images. (This applies - # only to images that were built with >= 4 KB section alignment.) - # - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 - - # - # Enable NX memory protection for all non-code regions, including OEM and OS - # reserved ones, with the exception of LoaderData regions, of which OS loaders - # (i.e., GRUB) may assume that its contents are executable. - # - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5 - [Components.common] # # Ramdisk support diff --git a/OvmfPkg/TdxDxe/TdxDxe.inf b/OvmfPkg/TdxDxe/TdxDxe.inf index 9793562884c7..42317228c1aa 100644 --- a/OvmfPkg/TdxDxe/TdxDxe.inf +++ b/OvmfPkg/TdxDxe/TdxDxe.inf @@ -68,6 +68,5 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptPageSize -- 2.42.0.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#108888): https://edk2.groups.io/g/devel/message/108888 Mute This Topic: https://groups.io/mt/101469966/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
