search

tianocore / projects

Empty repository to track all issues associated with TianoCore Projects
1 stars 0 forks source link

Memory Protections: Make configuration dynamically configurable #9

Open makubacki opened 1 year ago

makubacki commented 1 year ago

Overview

In the past, memory protection settings were configured via FixedAtBuild PCDs (Platform Configuration Database), which resulted in a build-time configuration of memory mitigations. This approach limited the flexibility of applying mitigations to the system and made it difficult to update or adjust the settings post-build.

This issue proposes making configuration interface dynamic. achieved with Handoff Blocks (HOBs) that are published prior to invocation of the HandoffToDxe() function. This new approach enables the system to adjust memory protection settings at runtime, providing greater flexibility and the ability to quickly respond to security threats and adjust strictness according to compatibility and security goals of a given boot profile.

image

An example use case for dynamic configuration is to allow a platform to respond to changes in security state, thus ensuring that memory protection settings are properly configured in each unique scenario. For example, given devices present, manufacturing mode enabled/disabled, firmware configuration menu selections, etc.

Versioning

To account for possible future changes to the memory protection HOB and submodule configurations which cause a desync between the expected and actual definition of the memory protection HOB, a version number is included in the HOB.

A Note on PEI

This issue does not propose using HOBs to configure memory protection settings before DXE. Instead, it is proposed that PEI has a fixed configuration resulting in the page table always being built, the NULL page being invalidated, a stack guard being reserved for each processor, each stack being marked non-executable, and stack switching being initialized in case of stack corruption.

It is possible that the PEI configuration may be updated to be dynamically configurable in the future if future use cases require this functionality.

TaylorBeebe commented 1 year ago

https://github.com/tianocore/edk2/pull/4566 hits an issue where attempts to map unmapped regions via a SetAttributes() call result in an unrelated ASSERT on Arm platforms. The following will fix that issue allowing this issue to move forward: https://github.com/tianocore/edk2/pull/4583

TaylorBeebe commented 1 year ago

https://github.com/tianocore/edk2/pull/4583 changes have been merged, moving back to working on https://github.com/tianocore/edk2/pull/4566

TaylorBeebe commented 1 year ago

V1 of the patch series has been sent to the mailing list