On Thu, 1 Jun 2023 at 16:53, Oliver Smith-Denny
wrote:
>
> Thanks for sending out this RFC, great to see more work on the memory
> protections front. A few questions and thoughts:
>
> This seems a good effort (in conjunction with your last RFC) to close
> the protection gap between DxeCore launch
On 5/29/2023 3:16 AM, Ard Biesheuvel wrote:
TL;DR - allow DXE drivers to execute in place from the decompressed FV
loaded into memory by DxeIpl so we can apply strict permissions before
dispatching DXE core.
Currently, executable images loaded from firmware volumes are copied at
least three
TL;DR - allow DXE drivers to execute in place from the decompressed FV
loaded into memory by DxeIpl so we can apply strict permissions before
dispatching DXE core.
Currently, executable images loaded from firmware volumes are copied at
least three times: once in the firmware volume driver, once in
