Call for action

In order to support UEFI memory protection, the firmware need configure UEFI driver to be page aligned:

  1. Override link flags below to support UEFI runtime attribute table, so that OS can protect the runtime memory.
    [BuildOptions.IA32.EDKII.DXE_RUNTIME_DRIVER,  
BuildOptions.X64.EDKII.DXE_RUNTIME_DRIVER]
MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096 
GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000

  2. Override link flags below to support UEFI memory protection.

    [BuildOptions.common.EDKII.DXE_DRIVER, 
BuildOptions.common.EDKII.DXE_CORE, 
BuildOptions.common.EDKII.UEFI_DRIVER,
BuildOptions.common.EDKII.UEFI_APPLICATION]
MSFT:*_*_*_DLINK_FLAGS = /ALIGN:4096 
GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000

  3. Evaluate if the UEFI memory size is big enough to hold the split page table.

  4. Evaluate if the DXE image can be protected.
  5. Set proper gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy.
  6. Set proper gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy.

Summary

This section introduces the memory protection in UEFI.

results matching ""

    No results matching ""