From nobody Sun Feb 8 13:53:35 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+106837+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106837+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1689119594; cv=none; d=zohomail.com; s=zohoarc; b=ZR3RXOJUC6zaeFPB7Ycym+0+cMVb5jCNXW1ana5Q9AGnEZVbFC3YdWW7zXlfyPQQaM1A7DbFM8HzQTXeoKcLuzNpebmxzRWmi9DV1tqnnOtLUcP4kDIoHz/e6b1PJOjKrCWcZmfjCe9pV2w/UjDyUThLTusou8rYOwkNPL6hmeQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689119594; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qfSMEyGpsJC00i2Tpl66KBgY3GlwNyL++2wyVOlJ1t4=; b=m5jRuls92f1y4J5QDVXua6r8M9hqbnpbueVh2ncotu2DFkAbkOBPV+PkwnMcFrSK9EULPqbcEQJzX1MX64huR1WETpE2z+1Um3pIDpx4rqUsF1qp4NG4Zn123P9QWZc3XBSKWDQ+i9djOijOFRPyv8S6DA9Qj83H1byKuoWZ7nE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106837+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689119594145897.4210988776532; Tue, 11 Jul 2023 16:53:14 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=UZ+znawC5en4SuViRS6XcwyKaClE1YNljSKOgm/9py8=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Gm-Message-State:X-Google-Smtp-Source:X-Received:X-Received:From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:Content-Transfer-Encoding; s=20140610; t=1689119593; v=1; b=ZC/DCkj+pE1RF8St4jaUBW1IGWhxc5hBz2CPmxJZfDNP3/VeJZYdCE5VKi580k3fs3Z5B/1k 5ZqiDqgxh6YTxd1DVypdViOUMwnu4Mk1Vltg2j67/AJu2fCzrmXYQNk/i3K9zfBHF/X2wOG1fjz HRDqKsTILXJqS7lOcBrgLrwk= X-Received: by 127.0.0.2 with SMTP id QBg2YY1788612xsBI1Z1irQn; Tue, 11 Jul 2023 16:53:13 -0700 X-Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.1768.1689119592950563085 for ; Tue, 11 Jul 2023 16:53:13 -0700 X-Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-66f3fc56ef4so110472b3a.0 for ; Tue, 11 Jul 2023 16:53:12 -0700 (PDT) X-Gm-Message-State: 8E967SiyPc0Tasm7qwofVBJGx1787277AA= X-Google-Smtp-Source: APBJJlHjj0sLmjoda/igL5tbKd2d0JFmWxpjptQtg73QjCq/AHKzMmOht69Ru3TgHD7Xjps0nSC/jA== X-Received: by 2002:a05:6a20:734d:b0:12e:44:a1a6 with SMTP id v13-20020a056a20734d00b0012e0044a1a6mr393765pzc.11.1689119592224; Tue, 11 Jul 2023 16:53:12 -0700 (PDT) X-Received: from localhost.localdomain ([50.46.230.135]) by smtp.gmail.com with ESMTPSA id a13-20020a62e20d000000b00660d80087a8sm2232677pfi.187.2023.07.11.16.53.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Jul 2023 16:53:11 -0700 (PDT) From: "Taylor Beebe" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Dandan Bi Subject: [edk2-devel] [PATCH 14/14] MdeModulePkg: Delete Memory Protection PCDs Date: Tue, 11 Jul 2023 16:52:51 -0700 Message-ID: <02fb39cc6935f70b735a8d2a3e7838aa8b97255b.1689101263.git.t@taylorbeebe.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,t@taylorbeebe.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689119595275100059 Content-Type: text/plain; charset="utf-8" From: Taylor Beebe Delete the memory protection PCDs Signed-off-by: Taylor Beebe Cc: Jian J Wang Cc: Liming Gao Cc: Dandan Bi --- MdeModulePkg/MdeModulePkg.dec | 169 ---------------------------------- MdeModulePkg/MdeModulePkg.uni | 153 ------------------------------ 2 files changed, 322 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 2541b2b044..9456e5cdfb 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1006,119 +1006,12 @@ # @ValidList 0x80000006 | 0x03058002 gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable|0x03058002|UINT32= |0x30001040 =20 - ## Mask to control the NULL address detection in code for different phas= es. - # If enabled, accessing NULL address in UEFI or SMM code can be caught.=

- # BIT0 - Enable NULL pointer detection for UEFI.
- # BIT1 - Enable NULL pointer detection for SMM.
- # BIT2..5 - Reserved for future uses.
- # BIT6 - Enable non-stop mode.
- # BIT7 - Disable NULL pointer detection just after EndOfDxe.
- # This is a workaround for those unsolvable NULL access iss= ues in - # OptionROM, boot loader, etc. It can also help to avoid un= necessary - # exception caused by legacy memory (0-4095) access after E= ndOfDxe, - # such as Windows 7 boot on Qemu.
- # @Prompt Enable NULL address detection. - gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask|0x0|U= INT8|0x30001050 - ## Init Value in Temp Stack to be shared between SEC and PEI_CORE # SEC fills the full temp stack with this values. When switch stack, Pei= Core can check # this value in the temp stack to know how many stack has been used. # @Prompt Init Value in Temp Stack gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack|0x5AA55AA5|UINT32= |0x30001051 =20 - ## Indicates which type allocation need guard page. - # - # If a bit is set, a head guard page and a tail guard page will be added= just - # before and after corresponding type of pages allocated if there's enou= gh - # free pages for all of them. The page allocation for the type related to - # cleared bits keeps the same as ususal. - # - # This PCD is only valid if BIT0 and/or BIT2 are set in PcdHeapGuardProp= ertyMask. - # - # Below is bit mask for this PCD: (Order is same as UEFI spec)
- # EfiReservedMemoryType 0x0000000000000001
- # EfiLoaderCode 0x0000000000000002
- # EfiLoaderData 0x0000000000000004
- # EfiBootServicesCode 0x0000000000000008
- # EfiBootServicesData 0x0000000000000010
- # EfiRuntimeServicesCode 0x0000000000000020
- # EfiRuntimeServicesData 0x0000000000000040
- # EfiConventionalMemory 0x0000000000000080
- # EfiUnusableMemory 0x0000000000000100
- # EfiACPIReclaimMemory 0x0000000000000200
- # EfiACPIMemoryNVS 0x0000000000000400
- # EfiMemoryMappedIO 0x0000000000000800
- # EfiMemoryMappedIOPortSpace 0x0000000000001000
- # EfiPalCode 0x0000000000002000
- # EfiPersistentMemory 0x0000000000004000
- # OEM Reserved 0x4000000000000000
- # OS Reserved 0x8000000000000000
- # e.g. LoaderCode+LoaderData+BootServicesCode+BootServicesData are neede= d, 0x1E should be used.
- # @Prompt The memory type mask for Page Guard. - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPageType|0x0|UINT64|0x30001052 - - ## Indicates which type allocation need guard page. - # - # If a bit is set, a head guard page and a tail guard page will be added= just - # before and after corresponding type of pages which the allocated pool = occupies, - # if there's enough free memory for all of them. The pool allocation for= the - # type related to cleared bits keeps the same as ususal. - # - # This PCD is only valid if BIT1 and/or BIT3 are set in PcdHeapGuardProp= ertyMask. - # - # Below is bit mask for this PCD: (Order is same as UEFI spec)
- # EfiReservedMemoryType 0x0000000000000001
- # EfiLoaderCode 0x0000000000000002
- # EfiLoaderData 0x0000000000000004
- # EfiBootServicesCode 0x0000000000000008
- # EfiBootServicesData 0x0000000000000010
- # EfiRuntimeServicesCode 0x0000000000000020
- # EfiRuntimeServicesData 0x0000000000000040
- # EfiConventionalMemory 0x0000000000000080
- # EfiUnusableMemory 0x0000000000000100
- # EfiACPIReclaimMemory 0x0000000000000200
- # EfiACPIMemoryNVS 0x0000000000000400
- # EfiMemoryMappedIO 0x0000000000000800
- # EfiMemoryMappedIOPortSpace 0x0000000000001000
- # EfiPalCode 0x0000000000002000
- # EfiPersistentMemory 0x0000000000004000
- # OEM Reserved 0x4000000000000000
- # OS Reserved 0x8000000000000000
- # e.g. LoaderCode+LoaderData+BootServicesCode+BootServicesData are neede= d, 0x1E should be used.
- # @Prompt The memory type mask for Pool Guard. - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053 - - ## This mask is to control Heap Guard behavior. - # - # Note: - # a) Heap Guard is for debug purpose and should not be enabled in prod= uct - # BIOS. - # b) Due to the limit of pool memory implementation and the alignment - # requirement of UEFI spec, BIT7 is a try-best setting which cannot - # guarantee that the returned pool is exactly adjacent to head guard - # page or tail guard page. - # c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled - # at the same time. - # - # BIT0 - Enable UEFI page guard.
- # BIT1 - Enable UEFI pool guard.
- # BIT2 - Enable SMM page guard.
- # BIT3 - Enable SMM pool guard.
- # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detecti= on).
- # BIT6 - Enable non-stop mode.
- # BIT7 - The direction of Guard Page for Pool Guard. - # 0 - The returned pool is near the tail guard page.
- # 1 - The returned pool is near the head guard page.
- # @Prompt The Heap Guard feature mask - gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask|0x0|UINT8|0x3000= 1054 - - ## Indicates if UEFI Stack Guard will be enabled. - # If enabled, stack overflow in UEFI can be caught, preventing chaotic = consequences.

- # TRUE - UEFI Stack Guard will be enabled.
- # FALSE - UEFI Stack Guard will be disabled.
- # @Prompt Enable UEFI Stack Guard. - gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|FALSE|BOOLEAN|0x30001055 - ## Indicate debug level of Trace Hub. # 0x0 - TraceHubDebugLevelError.
# 0x1 - TraceHubDebugLevelErrorWarning.
@@ -1395,54 +1288,6 @@ # @Prompt Memory profile driver path. gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath|{0x0}|VOID*|0x= 00001043 =20 - ## Set image protection policy. The policy is bitwise. - # If a bit is set, the image will be protected by DxeCore if it is alig= ned. - # The code section becomes read-only, and the data section becomes non= -executable. - # If a bit is clear, nothing will be done to image code/data sections.<= BR>
- # BIT0 - Image from unknown device.
- # BIT1 - Image from firmware volume.
- #
- # Note: If a bit is cleared, the data section could be still non-execut= able if - # PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootS= ervicesData - # and/or EfiRuntimeServicesData.
- #
- # @Prompt Set image protection policy. - # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F - gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT3= 2|0x00001047 - - ## Set DXE memory protection policy. The policy is bitwise. - # If a bit is set, memory regions of the associated type will be mapped - # non-executable.
- # If a bit is cleared, nothing will be done to associated type of memor= y.
- #
- # Below is bit mask for this PCD: (Order is same as UEFI spec)
- # EfiReservedMemoryType 0x0001
- # EfiLoaderCode 0x0002
- # EfiLoaderData 0x0004
- # EfiBootServicesCode 0x0008
- # EfiBootServicesData 0x0010
- # EfiRuntimeServicesCode 0x0020
- # EfiRuntimeServicesData 0x0040
- # EfiConventionalMemory 0x0080
- # EfiUnusableMemory 0x0100
- # EfiACPIReclaimMemory 0x0200
- # EfiACPIMemoryNVS 0x0400
- # EfiMemoryMappedIO 0x0800
- # EfiMemoryMappedIOPortSpace 0x1000
- # EfiPalCode 0x2000
- # EfiPersistentMemory 0x4000
- # OEM Reserved 0x4000000000000000
- # OS Reserved 0x8000000000000000
- # - # NOTE: User must NOT set NX protection for EfiLoaderCode / EfiBootServi= cesCode / EfiRuntimeServicesCode.
- # User MUST set the same NX protection for EfiBootServicesData and= EfiConventionalMemory.
- # - # e.g. 0x7FD5 can be used for all memory except Code.
- # e.g. 0x7BD4 can be used for all memory except Code and ACPINVS/Reserve= d.
- # - # @Prompt Set DXE memory protection policy. - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0x0000000|= UINT64|0x00001048 - ## PCI Serial Device Info. It is an array of Device, Function, and Power= Management # information that describes the path that contains zero or more PCI to= PCI bridges # followed by a PCI serial device. Each array entry is 4-bytes in leng= th. The @@ -2031,20 +1876,6 @@ # @Prompt Default Creator Revision for ACPI table creation. gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision|0x01000013|= UINT32|0x30001038 =20 - ## Indicates if to set NX for stack.

- # For the DxeIpl and the DxeCore are both X64, set NX for stack feature= also require PcdDxeIplBuildPageTables be TRUE.
- # For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMo= de is FALSE), set NX for stack feature also require - # IA32 PAE is supported and Execute Disable Bit is available.
- #
- # TRUE - Set NX for stack.
- # FALSE - Do nothing for stack.
- #
- # Note: If this PCD is set to FALSE, NX could be still applied to stack= due to PcdDxeNxMemoryProtectionPolicy enabled for - # EfiBootServicesData.
- #
- # @Prompt Set NX for stack. - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE|BOOLEAN|0x0001006f - ## This PCD specifies the PCI-based SD/MMC host controller mmio base add= ress. # Define the mmio base address of the pci-based SD/MMC host controller. = If there are multiple SD/MMC # host controllers, their mmio base addresses are calculated one by one = from this base address. diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index a17d34d60b..afbbc44761 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -330,16 +330,6 @@ =20 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSerialRegisterStride_HELP #= language en-US "The number of bytes between registers in serial device. Th= e default is 1 byte." =20 -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSetNxForStack_PROMPT #langu= age en-US "Set NX for stack" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSetNxForStack_HELP #languag= e en-US "Indicates if to set NX for stack.

" - = "For the DxeIpl and the DxeCore are both X64, set NX for stack feat= ure also require PcdDxeIplBuildPageTables be TRUE.
" - = "For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLon= gMode is FALSE), set NX for stack feature also require" - = "IA32 PAE is supported and Execute Disable Bit is available.
" - = "TRUE - Set NX for stack.
" - = "FALSE - Do nothing for stack.
" - = "Note: If this PCD is set to FALSE, NX could be still applied to st= ack due to PcdDxeNxMemoryProtectionPolicy enabled for EfiBootServicesData.<= BR>" - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_PROMPT #langua= ge en-US "ACPI S3 Enable" =20 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_HELP #language= en-US "Indicates if ACPI S3 will be enabled.

" @@ -1096,51 +1086,6 @@ #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdSmiHandlerProfilePropertyMas= k_HELP #language en-US "The mask is used to control SmiHandlerProfile beha= vior.

\n" = "BIT0 - Enable SmiHandlerProfile.
" =20 -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdImageProtectionPolicy_PROMPT= #language en-US "Set image protection policy." - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdImageProtectionPolicy_HELP = #language en-US "Set image protection policy. The policy is bitwise.\n" - = "If a bit is set, the image will be protected by DxeCore if= it is aligned.\n" - = "The code section becomes read-only, and the data section b= ecomes non-executable.\n" - = "If a bit is clear, nothing will be done to image code/data= sections.

\n" - = "BIT0 - Image from unknown device.
\n" - = "BIT1 - Image from firmware volume.
" - = "Note: If a bit is cleared, the data section could be still= non-executable if\n" - = "PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderDat= a, EfiBootServicesData\n" - = "and/or EfiRuntimeServicesData.
" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_= PROMPT #language en-US "Set DXE memory protection policy." - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_= HELP #language en-US "Set DXE memory protection policy. The policy is bitw= ise.\n" - = "If a bit is set, memory regions of the associated ty= pe will be mapped\n" - = "non-executable.
\n" - = "If a bit is cleared, nothing will be done to associa= ted type of memory.

\n" - = "\n" - = "Below is bit mask for this PCD: (Order is same as UE= FI spec)
\n" - = "EfiReservedMemoryType 0x0001
\n" - = "EfiLoaderCode 0x0002
\n" - = "EfiLoaderData 0x0004
\n" - = "EfiBootServicesCode 0x0008
\n" - = "EfiBootServicesData 0x0010
\n" - = "EfiRuntimeServicesCode 0x0020
\n" - = "EfiRuntimeServicesData 0x0040
\n" - = "EfiConventionalMemory 0x0080
\n" - = "EfiUnusableMemory 0x0100
\n" - = "EfiACPIReclaimMemory 0x0200
\n" - = "EfiACPIMemoryNVS 0x0400
\n" - = "EfiMemoryMappedIO 0x0800
\n" - = "EfiMemoryMappedIOPortSpace 0x1000
\n" - = "EfiPalCode 0x2000
\n" - = "EfiPersistentMemory 0x4000
\n" - = "OEM Reserved 0x4000000000000000
\n" - = "OS Reserved 0x8000000000000000
\n" - = "\n" - = "NOTE: User must NOT set NX protection for EfiLoaderC= ode / EfiBootServicesCode / EfiRuntimeServicesCode.
\n" - = "User MUST set the same NX protection for EfiBootServ= icesData and EfiConventionalMemory.
\n" - = "\n" - = "e.g. 0x7FD5 can be used for all memory except Code. =
\n" - = "e.g. 0x7BD4 can be used for all memory except Code a= nd ACPINVS/Reserved.
\n" - = "" - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOr= Mask_PROMPT #language en-US "The address mask when memory encryption is en= abled." =20 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPteMemoryEncryptionAddressOr= Mask_HELP #language en-US "This PCD holds the address mask for page table = entries when memory encryption is\n" @@ -1186,110 +1131,12 @@ #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCodRelocationDevPath_HELP #= language en-US "Full device path of platform specific device to store Cap= sule On Disk temp relocation file.
" = "If this PCD is set, Capsule On Disk temp relocation file = will be stored in the device specified by this PCD, instead of the EFI Syst= em Partition that stores capsule image file." =20 -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdNullPointerDetectionProperty= Mask_PROMPT #language en-US "Enable NULL pointer detection" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdNullPointerDetectionProperty= Mask_HELP #language en-US "Mask to control the NULL address detection in= code for different phases.\n" - = " If enabled, accessing NULL address in UEFI o= r SMM code can be caught.\n\n" - = " BIT0 - Enable NULL pointer detection fo= r UEFI.\n" - = " BIT1 - Enable NULL pointer detection fo= r SMM.\n" - = " BIT2..6 - Reserved for future uses.\n" - = " BIT7 - Disable NULL pointer detection j= ust after EndOfDxe." - = " This is a workaround for those unsolvable NU= LL access issues in" - = " OptionROM, boot loader, etc. It can also hel= p to avoid unnecessary" - = " exception caused by legacy memory (0-4095) a= ccess after EndOfDxe," - = " such as Windows 7 boot on Qemu.\n" - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdInitValueInTempStack_PROMPT = #language en-US "Init Value in Temp Stack" =20 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdInitValueInTempStack_HELP = #language en-US "Init Value in Temp Stack to be shared between SEC and PEI= _CORE\n" = "SEC fills the full temp stack with this values. When swit= ch stack, PeiCore can check\n" = "this value in the temp stack to know how many stack has b= een used.\n" =20 -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPageType_PROMPT #l= anguage en-US "The memory type mask for Page Guard" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPageType_HELP #l= anguage en-US "Indicates which type allocation need guard page.\n\n" - = " If a bit is set, a head guard page and a tail guard page wi= ll be added just\n" - = " before and after corresponding type of pages allocated if t= here's enough\n" - = " free pages for all of them. The page allocation for the typ= e related to\n" - = " cleared bits keeps the same as ususal.\n\n" - = " This PCD is only valid if BIT0 and/or BIT2 are set in PcdHe= apGuardPropertyMask.\n\n" - = " Below is bit mask for this PCD: (Order is same as UEFI spec= )
\n" - = " EfiReservedMemoryType 0x0000000000000001\n" - = " EfiLoaderCode 0x0000000000000002\n" - = " EfiLoaderData 0x0000000000000004\n" - = " EfiBootServicesCode 0x0000000000000008\n" - = " EfiBootServicesData 0x0000000000000010\n" - = " EfiRuntimeServicesCode 0x0000000000000020\n" - = " EfiRuntimeServicesData 0x0000000000000040\n" - = " EfiConventionalMemory 0x0000000000000080\n" - = " EfiUnusableMemory 0x0000000000000100\n" - = " EfiACPIReclaimMemory 0x0000000000000200\n" - = " EfiACPIMemoryNVS 0x0000000000000400\n" - = " EfiMemoryMappedIO 0x0000000000000800\n" - = " EfiMemoryMappedIOPortSpace 0x0000000000001000\n" - = " EfiPalCode 0x0000000000002000\n" - = " EfiPersistentMemory 0x0000000000004000\n" - = " OEM Reserved 0x4000000000000000\n" - = " OS Reserved 0x8000000000000000\n" - = " e.g. LoaderCode+LoaderData+BootServicesCode+BootServicesDat= a are needed, 0x1E should be used.
" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPoolType_PROMPT #l= anguage en-US "The memory type mask for Pool Guard" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPoolType_HELP #l= anguage en-US "Indicates which type allocation need guard page.\n\n" - = " If a bit is set, a head guard page and a tail guard page wi= ll be added just\n" - = " before and after corresponding type of pages which the allo= cated pool occupies,\n" - = " if there's enough free memory for all of them. The pool all= ocation for the\n" - = " type related to cleared bits keeps the same as ususal.\n\n" - = " This PCD is only valid if BIT1 and/or BIT3 are set in PcdHe= apGuardPropertyMask.\n\n" - = " Below is bit mask for this PCD: (Order is same as UEFI spec= )
\n" - = " EfiReservedMemoryType 0x0000000000000001\n" - = " EfiLoaderCode 0x0000000000000002\n" - = " EfiLoaderData 0x0000000000000004\n" - = " EfiBootServicesCode 0x0000000000000008\n" - = " EfiBootServicesData 0x0000000000000010\n" - = " EfiRuntimeServicesCode 0x0000000000000020\n" - = " EfiRuntimeServicesData 0x0000000000000040\n" - = " EfiConventionalMemory 0x0000000000000080\n" - = " EfiUnusableMemory 0x0000000000000100\n" - = " EfiACPIReclaimMemory 0x0000000000000200\n" - = " EfiACPIMemoryNVS 0x0000000000000400\n" - = " EfiMemoryMappedIO 0x0000000000000800\n" - = " EfiMemoryMappedIOPortSpace 0x0000000000001000\n" - = " EfiPalCode 0x0000000000002000\n" - = " EfiPersistentMemory 0x0000000000004000\n" - = " OEM Reserved 0x4000000000000000\n" - = " OS Reserved 0x8000000000000000\n" - = " e.g. LoaderCode+LoaderData+BootServicesCode+BootServicesDat= a are needed, 0x1E should be used.
" - - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_PROMPT= #language en-US "The Heap Guard feature mask" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_HELP = #language en-US "This mask is to control Heap Guard behavior.\n" - = " Note:\n" - = " a) Heap Guard is for debug purpose and should not be = enabled in product" - = " BIOS.\n" - = " b) Due to the limit of pool memory implementation and= the alignment" - = " requirement of UEFI spec, BIT7 is a try-best setti= ng which cannot" - = " guarantee that the returned pool is exactly adjace= nt to head guard" - = " page or tail guard page.\n" - = " c) UEFI freed-memory guard and UEFI pool/page guard c= annot be enabled" - = " at the same time.\n" - = " BIT0 - Enable UEFI page guard.
\n" - = " BIT1 - Enable UEFI pool guard.
\n" - = " BIT2 - Enable SMM page guard.
\n" - = " BIT3 - Enable SMM pool guard.
\n" - = " BIT4 - Enable UEFI freed-memory guard (Use-After-Free= memory detection).
\n" - = " BIT7 - The direction of Guard Page for Pool Guard.\n" - = " 0 - The returned pool is near the tail guard p= age.
\n" - = " 1 - The returned pool is near the head guard p= age.
" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCpuStackGuard_PROMPT #langu= age en-US "Enable UEFI Stack Guard" - -#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCpuStackGuard_HELP #langu= age en-US "Indicates if UEFI Stack Guard will be enabled.\n" - = " If enabled, stack overflow in UEFI can be caught, preventing c= haotic consequences.

\n" - = " TRUE - UEFI Stack Guard will be enabled.
\n" - = " FALSE - UEFI Stack Guard will be disabled.
" - #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdTraceHubDebugLevel_PROMPT #= language en-US "Debug level of Trace Hub." =20 #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdTraceHubDebugLevel_HELP #= language en-US "Indicate debug level of Trace Hub" --=20 2.41.0.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106837): https://edk2.groups.io/g/devel/message/106837 Mute This Topic: https://groups.io/mt/100090648/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-