-
Sai Praneeth authored
UEFI v2.6 introduces EFI_MEMORY_ATTRIBUTES_TABLE which describes memory protections that may be applied to EFI Runtime code and data regions by kernel. This enables kernel to map these regions more strictly thereby increasing security. Presently, the only valid bits for attribute field of a memory descriptor are EFI_MEMORY_RO and EFI_MEMORY_XP, hence use these bits to update mappings in efi_pgd. UEFI specification recommends to use this feature instead of EFI_PROPERTIES_TABLE and hence while updating efi mappings we first check for EFI_MEMORY_ATTRIBUTES_TABLE and if it's present we update mappings according to this table and hence disregarding EFI_PROPERTIES_TABLE even if it's published by firmware. We consider EFI_PROPERTIES_TABLE only when EFI_MEMORY_ATTRIBUTES_TABLE is absent. Signed-off-by: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com> Cc: Lee, Chun-Yi <jlee@suse.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Ricardo Neri <ricardo.neri@intel.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ravi Shankar <ravi.v.shankar@intel.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
5f999ed4