On 10/9/23 02:07, Taylor Beebe wrote: > Now that the transition to use SetMemoryProtectionsLib and > GetMemoryProtectionsLib is complete, delete the memory protection PCDs > to avoid confusing the interface. All memory protection settings > will now be set and consumed via the libraries. > > Signed-off-by: Taylor Beebe <taylor.d.be...@gmail.com> > Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org> > Cc: Leif Lindholm <quic_llind...@quicinc.com> > Cc: Sami Mujawar <sami.muja...@arm.com> > Cc: Gerd Hoffmann <kra...@redhat.com> > --- > ArmVirtPkg/ArmVirt.dsc.inc | 15 --------------- > ArmVirtPkg/ArmVirtCloudHv.dsc | 5 ----- > ArmVirtPkg/ArmVirtQemu.dsc | 5 ----- > 3 files changed, 25 deletions(-) > > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc > index f76601503cd9..9b9d18a6e6c1 100644 > --- a/ArmVirtPkg/ArmVirt.dsc.inc > +++ b/ArmVirtPkg/ArmVirt.dsc.inc > @@ -360,21 +360,6 @@ [PcdsFixedAtBuild.common] > gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20 > gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0 > > - # > - # Enable strict image permissions for all images. (This applies > - # only to images that were built with >= 4 KB section alignment.) > - # > - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 > - > - # > - # Enable NX memory protection for all non-code regions, including OEM and > OS > - # reserved ones, with the exception of LoaderData regions, of which OS > loaders > - # (i.e., GRUB) may assume that its contents are executable. > - # > - > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5 > - > - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE > - > [Components.common] > # > # Ramdisk support > diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc > index 2cb89ce10cf6..c87b71ccc28e 100644 > --- a/ArmVirtPkg/ArmVirtCloudHv.dsc > +++ b/ArmVirtPkg/ArmVirtCloudHv.dsc > @@ -140,11 +140,6 @@ [PcdsFixedAtBuild.common] > # > gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 > > - # > - # Enable the non-executable DXE stack. (This gets set up by DxeIpl) > - # > - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE > - > !if $(SECURE_BOOT_ENABLE) == TRUE > # override the default values from SecurityPkg to ensure images from all > sources are verified in secure boot > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 > diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc > index 30e3cfc8b9cc..7dedbd912b2c 100644 > --- a/ArmVirtPkg/ArmVirtQemu.dsc > +++ b/ArmVirtPkg/ArmVirtQemu.dsc > @@ -212,11 +212,6 @@ [PcdsFixedAtBuild.common] > # > gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 > > - # > - # Enable the non-executable DXE stack. (This gets set up by DxeIpl) > - # > - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE > - > !if $(SECURE_BOOT_ENABLE) == TRUE > # override the default values from SecurityPkg to ensure images from all > sources are verified in secure boot > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04
I'll leave this to Ard :) -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109452): https://edk2.groups.io/g/devel/message/109452 Mute This Topic: https://groups.io/mt/101843371/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/9847357/21656/1706620634/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
