• Sai Praneeth's avatar
    x86/efi: Add support for EFI_MEMORY_ATTRIBUTES_TABLE · 18141e89
    Sai Praneeth authored
    UEFI v2.6 introduces EFI_MEMORY_ATTRIBUTES_TABLE which describes memory
    protections that may be applied to the EFI Runtime code and data regions by
    the kernel. This enables the kernel to map these regions more strictly thereby
    increasing security.
    
    Presently, the only valid bits for the attribute field of a memory descriptor
    are EFI_MEMORY_RO and EFI_MEMORY_XP, hence use these bits to update the
    mappings in efi_pgd.
    
    The UEFI specification recommends to use this feature instead of
    EFI_PROPERTIES_TABLE and hence while updating EFI mappings we first
    check for EFI_MEMORY_ATTRIBUTES_TABLE and if it's present we update
    the mappings according to this table and hence disregarding
    EFI_PROPERTIES_TABLE even if it's published by the firmware. We consider
    EFI_PROPERTIES_TABLE only when EFI_MEMORY_ATTRIBUTES_TABLE is absent.
    Signed-off-by: default avatarSai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
    Signed-off-by: default avatarMatt Fleming <matt@codeblueprint.co.uk>
    Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: Fenghua Yu <fenghua.yu@intel.com>
    Cc: Lee, Chun-Yi <jlee@suse.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Ravi Shankar <ravi.v.shankar@intel.com>
    Cc: Ricardo Neri <ricardo.neri@intel.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: linux-efi@vger.kernel.org
    Link: http://lkml.kernel.org/r/1485868902-20401-6-git-send-email-ard.biesheuvel@linaro.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    18141e89
memattr.c 4.9 KB