Limitation

The protection in the UEFI is limited to the PE image and the stack at this moment because of the compatibility concerns. The limitations of the UEFI memory protection are:

  1. Not all images are protected to be NX and RO. The protection is based upon the policy.

  2. Not all heap regions are protected to be NX due to the compatibility concern. We observed that both Windows boot loader and Linux boot loader may use the LoaderData type for the code. The heap protection is based upon the policy.

  3. [Same as SMM] The protection cannot resist ROP attack.

  4. [Same as SMM] Not all important data structures are set to ReadOnly.

results matching ""

    No results matching ""