[edk2] [PATCH V4 0/3] DXE Memory Protection

Jiewen Yao posted 3 patches 7 years, 8 months ago
Failed in applying to current master (apply log)
MdeModulePkg/Core/Dxe/DxeMain.h               |  61 ++
MdeModulePkg/Core/Dxe/DxeMain.inf             |   5 +-
MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c       |   5 +-
MdeModulePkg/Core/Dxe/Image/Image.c           |   7 +-
MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 769 +++++++++++++++++++
MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c  |  24 +-
MdeModulePkg/MdeModulePkg.dec                 |  10 +
UefiCpuPkg/CpuDxe/CpuDxe.c                    | 141 ++--
UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   5 +-
UefiCpuPkg/CpuDxe/CpuPageTable.c              | 779 ++++++++++++++++++++
UefiCpuPkg/CpuDxe/CpuPageTable.h              | 113 +++
11 files changed, 1832 insertions(+), 87 deletions(-)
create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c
create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h
[edk2] [PATCH V4 0/3] DXE Memory Protection
Posted by Jiewen Yao 7 years, 8 months ago
==== V4 ====
1) Remove ARM patch. (Which was already submitted by Ard Biesheuvel in another series)
2) Unprotect RT image at ExitBootServices (feedback from Ard Biesheuvel)
3) Round up the ImageSize on protection (feedback from Ard Biesheuvel)

==== V3 ====
1) Add PCD for policy control (feedback from Ard Biesheuvel)
(Discussed with Mike Kinney)
+  #    BIT0       - Image from unknown device. <BR>
+  #    BIT1       - Image from firmware volume.<BR>
+  # @Prompt Set image protection policy.
+  # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F
+  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047

2) Remove unused function in CpuDxe.(feedback from Liming Gao)
3) Add commit log on link option assumption (feedback from Feng Tian)
4) Rename file PageTableLib.h/.c to CpuPageTable.h/.c file (from Jeff Fan)
5) Remove multi-entrypoint usage (from Liming Gao/Mike Kinney)

==== V2 ====
1) Clean up ArmPkg, (feedback from Leif Lindholm)

==== V1 ====
This series patch provides capability to protect PE/COFF image
in DXE memory.
If the UEFI image is page aligned, the image code section is set to read
only and the image data section is set to non-executable.

The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
the image.

Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal X64/
Tested OS: UEFI Win10, UEFI Ubuntu 16.04.

Untested platform: ARM/AARCH64.
Can ARM/AARCH64 owner help to take a look and try the ARM platform?


Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>


Jiewen Yao (3):
  UefiCpuPkg/CpuDxe: Add memory attribute setting.
  MdeModulePkg/dec: add PcdImageProtectionPolicy.
  MdeModulePkg/DxeCore: Add UEFI image protection.

 MdeModulePkg/Core/Dxe/DxeMain.h               |  61 ++
 MdeModulePkg/Core/Dxe/DxeMain.inf             |   5 +-
 MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c       |   5 +-
 MdeModulePkg/Core/Dxe/Image/Image.c           |   7 +-
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 769 +++++++++++++++++++
 MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c  |  24 +-
 MdeModulePkg/MdeModulePkg.dec                 |  10 +
 UefiCpuPkg/CpuDxe/CpuDxe.c                    | 141 ++--
 UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   5 +-
 UefiCpuPkg/CpuDxe/CpuPageTable.c              | 779 ++++++++++++++++++++
 UefiCpuPkg/CpuDxe/CpuPageTable.h              | 113 +++
 11 files changed, 1832 insertions(+), 87 deletions(-)
 create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
 create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c
 create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h

-- 
2.7.4.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH V4 0/3] DXE Memory Protection
Posted by Fan, Jeff 7 years, 8 months ago
Reviewed-by: Jeff Fan <jeff.fan@intel.com>

-----Original Message-----
From: Yao, Jiewen 
Sent: Tuesday, February 21, 2017 2:57 PM
To: edk2-devel@lists.01.org
Cc: Fan, Jeff; Kinney, Michael D; Leif Lindholm; Ard Biesheuvel; Zeng, Star; Tian, Feng
Subject: [PATCH V4 0/3] DXE Memory Protection

==== V4 ====
1) Remove ARM patch. (Which was already submitted by Ard Biesheuvel in another series)
2) Unprotect RT image at ExitBootServices (feedback from Ard Biesheuvel)
3) Round up the ImageSize on protection (feedback from Ard Biesheuvel)

==== V3 ====
1) Add PCD for policy control (feedback from Ard Biesheuvel) (Discussed with Mike Kinney)
+  #    BIT0       - Image from unknown device. <BR>
+  #    BIT1       - Image from firmware volume.<BR>
+  # @Prompt Set image protection policy.
+  # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F
+  
+ gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UIN
+ T32|0x00001047

2) Remove unused function in CpuDxe.(feedback from Liming Gao)
3) Add commit log on link option assumption (feedback from Feng Tian)
4) Rename file PageTableLib.h/.c to CpuPageTable.h/.c file (from Jeff Fan)
5) Remove multi-entrypoint usage (from Liming Gao/Mike Kinney)

==== V2 ====
1) Clean up ArmPkg, (feedback from Leif Lindholm)

==== V1 ====
This series patch provides capability to protect PE/COFF image in DXE memory.
If the UEFI image is page aligned, the image code section is set to read only and the image data section is set to non-executable.

The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect the image.

Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal X64/ Tested OS: UEFI Win10, UEFI Ubuntu 16.04.

Untested platform: ARM/AARCH64.
Can ARM/AARCH64 owner help to take a look and try the ARM platform?


Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>


Jiewen Yao (3):
  UefiCpuPkg/CpuDxe: Add memory attribute setting.
  MdeModulePkg/dec: add PcdImageProtectionPolicy.
  MdeModulePkg/DxeCore: Add UEFI image protection.

 MdeModulePkg/Core/Dxe/DxeMain.h               |  61 ++
 MdeModulePkg/Core/Dxe/DxeMain.inf             |   5 +-
 MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c       |   5 +-
 MdeModulePkg/Core/Dxe/Image/Image.c           |   7 +-
 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 769 +++++++++++++++++++  MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c  |  24 +-
 MdeModulePkg/MdeModulePkg.dec                 |  10 +
 UefiCpuPkg/CpuDxe/CpuDxe.c                    | 141 ++--
 UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   5 +-
 UefiCpuPkg/CpuDxe/CpuPageTable.c              | 779 ++++++++++++++++++++
 UefiCpuPkg/CpuDxe/CpuPageTable.h              | 113 +++
 11 files changed, 1832 insertions(+), 87 deletions(-)  create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
 create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c  create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h

--
2.7.4.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH V4 0/3] DXE Memory Protection
Posted by Ard Biesheuvel 7 years, 8 months ago
On 21 February 2017 at 06:57, Jiewen Yao <jiewen.yao@intel.com> wrote:
> ==== V4 ====
> 1) Remove ARM patch. (Which was already submitted by Ard Biesheuvel in another series)
> 2) Unprotect RT image at ExitBootServices (feedback from Ard Biesheuvel)
> 3) Round up the ImageSize on protection (feedback from Ard Biesheuvel)
>

Hello Jiewen,

This works fine now on AARCH64.

Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Could you please wait a little bit before merging this? Leif and I
need to get the AARCH64 prepatory patches merged first, but I am
hoping to do that today.

Thanks,
Ard.

> ==== V3 ====
> 1) Add PCD for policy control (feedback from Ard Biesheuvel)
> (Discussed with Mike Kinney)
> +  #    BIT0       - Image from unknown device. <BR>
> +  #    BIT1       - Image from firmware volume.<BR>
> +  # @Prompt Set image protection policy.
> +  # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047
>
> 2) Remove unused function in CpuDxe.(feedback from Liming Gao)
> 3) Add commit log on link option assumption (feedback from Feng Tian)
> 4) Rename file PageTableLib.h/.c to CpuPageTable.h/.c file (from Jeff Fan)
> 5) Remove multi-entrypoint usage (from Liming Gao/Mike Kinney)
>
> ==== V2 ====
> 1) Clean up ArmPkg, (feedback from Leif Lindholm)
>
> ==== V1 ====
> This series patch provides capability to protect PE/COFF image
> in DXE memory.
> If the UEFI image is page aligned, the image code section is set to read
> only and the image data section is set to non-executable.
>
> The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
> the image.
>
> Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal X64/
> Tested OS: UEFI Win10, UEFI Ubuntu 16.04.
>
> Untested platform: ARM/AARCH64.
> Can ARM/AARCH64 owner help to take a look and try the ARM platform?
>
>
> Cc: Jeff Fan <jeff.fan@intel.com>
> Cc: Michael Kinney <michael.d.kinney@intel.com>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Feng Tian <feng.tian@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
>
>
> Jiewen Yao (3):
>   UefiCpuPkg/CpuDxe: Add memory attribute setting.
>   MdeModulePkg/dec: add PcdImageProtectionPolicy.
>   MdeModulePkg/DxeCore: Add UEFI image protection.
>
>  MdeModulePkg/Core/Dxe/DxeMain.h               |  61 ++
>  MdeModulePkg/Core/Dxe/DxeMain.inf             |   5 +-
>  MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c       |   5 +-
>  MdeModulePkg/Core/Dxe/Image/Image.c           |   7 +-
>  MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 769 +++++++++++++++++++
>  MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c  |  24 +-
>  MdeModulePkg/MdeModulePkg.dec                 |  10 +
>  UefiCpuPkg/CpuDxe/CpuDxe.c                    | 141 ++--
>  UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   5 +-
>  UefiCpuPkg/CpuDxe/CpuPageTable.c              | 779 ++++++++++++++++++++
>  UefiCpuPkg/CpuDxe/CpuPageTable.h              | 113 +++
>  11 files changed, 1832 insertions(+), 87 deletions(-)
>  create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
>  create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c
>  create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h
>
> --
> 2.7.4.windows.1
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH V4 0/3] DXE Memory Protection
Posted by Yao, Jiewen 7 years, 8 months ago
No problem. ☺

I appreciate your help to confirm it working on AARCH64.

Thank you
Yao Jiewen

From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
Sent: Tuesday, February 21, 2017 4:36 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; Leif Lindholm <leif.lindholm@linaro.org>
Cc: edk2-devel@lists.01.org; Fan, Jeff <jeff.fan@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Zeng, Star <star.zeng@intel.com>; Tian, Feng <feng.tian@intel.com>
Subject: Re: [PATCH V4 0/3] DXE Memory Protection

On 21 February 2017 at 06:57, Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>> wrote:
> ==== V4 ====
> 1) Remove ARM patch. (Which was already submitted by Ard Biesheuvel in another series)
> 2) Unprotect RT image at ExitBootServices (feedback from Ard Biesheuvel)
> 3) Round up the ImageSize on protection (feedback from Ard Biesheuvel)
>

Hello Jiewen,

This works fine now on AARCH64.

Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org<mailto:ard.biesheuvel@linaro.org>>

Could you please wait a little bit before merging this? Leif and I
need to get the AARCH64 prepatory patches merged first, but I am
hoping to do that today.

Thanks,
Ard.

> ==== V3 ====
> 1) Add PCD for policy control (feedback from Ard Biesheuvel)
> (Discussed with Mike Kinney)
> +  #    BIT0       - Image from unknown device. <BR>
> +  #    BIT1       - Image from firmware volume.<BR>
> +  # @Prompt Set image protection policy.
> +  # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047
>
> 2) Remove unused function in CpuDxe.(feedback from Liming Gao)
> 3) Add commit log on link option assumption (feedback from Feng Tian)
> 4) Rename file PageTableLib.h/.c to CpuPageTable.h/.c file (from Jeff Fan)
> 5) Remove multi-entrypoint usage (from Liming Gao/Mike Kinney)
>
> ==== V2 ====
> 1) Clean up ArmPkg, (feedback from Leif Lindholm)
>
> ==== V1 ====
> This series patch provides capability to protect PE/COFF image
> in DXE memory.
> If the UEFI image is page aligned, the image code section is set to read
> only and the image data section is set to non-executable.
>
> The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
> the image.
>
> Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal X64/
> Tested OS: UEFI Win10, UEFI Ubuntu 16.04.
>
> Untested platform: ARM/AARCH64.
> Can ARM/AARCH64 owner help to take a look and try the ARM platform?
>
>
> Cc: Jeff Fan <jeff.fan@intel.com<mailto:jeff.fan@intel.com>>
> Cc: Michael Kinney <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
> Cc: Leif Lindholm <leif.lindholm@linaro.org<mailto:leif.lindholm@linaro.org>>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org<mailto:ard.biesheuvel@linaro.org>>
> Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
> Cc: Feng Tian <feng.tian@intel.com<mailto:feng.tian@intel.com>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>
>
> Jiewen Yao (3):
>   UefiCpuPkg/CpuDxe: Add memory attribute setting.
>   MdeModulePkg/dec: add PcdImageProtectionPolicy.
>   MdeModulePkg/DxeCore: Add UEFI image protection.
>
>  MdeModulePkg/Core/Dxe/DxeMain.h               |  61 ++
>  MdeModulePkg/Core/Dxe/DxeMain.inf             |   5 +-
>  MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c       |   5 +-
>  MdeModulePkg/Core/Dxe/Image/Image.c           |   7 +-
>  MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 769 +++++++++++++++++++
>  MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c  |  24 +-
>  MdeModulePkg/MdeModulePkg.dec                 |  10 +
>  UefiCpuPkg/CpuDxe/CpuDxe.c                    | 141 ++--
>  UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   5 +-
>  UefiCpuPkg/CpuDxe/CpuPageTable.c              | 779 ++++++++++++++++++++
>  UefiCpuPkg/CpuDxe/CpuPageTable.h              | 113 +++
>  11 files changed, 1832 insertions(+), 87 deletions(-)
>  create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
>  create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c
>  create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h
>
> --
> 2.7.4.windows.1
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH V4 0/3] DXE Memory Protection
Posted by Ard Biesheuvel 7 years, 8 months ago
On 21 February 2017 at 08:39, Yao, Jiewen <jiewen.yao@intel.com> wrote:
> No problem. J
>

Pushed now. Thanks for you patience.



>
>
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Tuesday, February 21, 2017 4:36 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; Leif Lindholm
> <leif.lindholm@linaro.org>
> Cc: edk2-devel@lists.01.org; Fan, Jeff <jeff.fan@intel.com>; Kinney, Michael
> D <michael.d.kinney@intel.com>; Zeng, Star <star.zeng@intel.com>; Tian, Feng
> <feng.tian@intel.com>
> Subject: Re: [PATCH V4 0/3] DXE Memory Protection
>
>
>
> On 21 February 2017 at 06:57, Jiewen Yao <jiewen.yao@intel.com> wrote:
>> ==== V4 ====
>> 1) Remove ARM patch. (Which was already submitted by Ard Biesheuvel in
>> another series)
>> 2) Unprotect RT image at ExitBootServices (feedback from Ard Biesheuvel)
>> 3) Round up the ImageSize on protection (feedback from Ard Biesheuvel)
>>
>
> Hello Jiewen,
>
> This works fine now on AARCH64.
>
> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>
> Could you please wait a little bit before merging this? Leif and I
> need to get the AARCH64 prepatory patches merged first, but I am
> hoping to do that today.
>
> Thanks,
> Ard.
>
>> ==== V3 ====
>> 1) Add PCD for policy control (feedback from Ard Biesheuvel)
>> (Discussed with Mike Kinney)
>> +  #    BIT0       - Image from unknown device. <BR>
>> +  #    BIT1       - Image from firmware volume.<BR>
>> +  # @Prompt Set image protection policy.
>> +  # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F
>> +
>> gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047
>>
>> 2) Remove unused function in CpuDxe.(feedback from Liming Gao)
>> 3) Add commit log on link option assumption (feedback from Feng Tian)
>> 4) Rename file PageTableLib.h/.c to CpuPageTable.h/.c file (from Jeff Fan)
>> 5) Remove multi-entrypoint usage (from Liming Gao/Mike Kinney)
>>
>> ==== V2 ====
>> 1) Clean up ArmPkg, (feedback from Leif Lindholm)
>>
>> ==== V1 ====
>> This series patch provides capability to protect PE/COFF image
>> in DXE memory.
>> If the UEFI image is page aligned, the image code section is set to read
>> only and the image data section is set to non-executable.
>>
>> The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect
>> the image.
>>
>> Tested platform: NT32/Quark IA32/OVMF IA32/OVMF IA32X64/Intel internal
>> X64/
>> Tested OS: UEFI Win10, UEFI Ubuntu 16.04.
>>
>> Untested platform: ARM/AARCH64.
>> Can ARM/AARCH64 owner help to take a look and try the ARM platform?
>>
>>
>> Cc: Jeff Fan <jeff.fan@intel.com>
>> Cc: Michael Kinney <michael.d.kinney@intel.com>
>> Cc: Leif Lindholm <leif.lindholm@linaro.org>
>> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Feng Tian <feng.tian@intel.com>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
>>
>>
>> Jiewen Yao (3):
>>   UefiCpuPkg/CpuDxe: Add memory attribute setting.
>>   MdeModulePkg/dec: add PcdImageProtectionPolicy.
>>   MdeModulePkg/DxeCore: Add UEFI image protection.
>>
>>  MdeModulePkg/Core/Dxe/DxeMain.h               |  61 ++
>>  MdeModulePkg/Core/Dxe/DxeMain.inf             |   5 +-
>>  MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c       |   5 +-
>>  MdeModulePkg/Core/Dxe/Image/Image.c           |   7 +-
>>  MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c | 769 +++++++++++++++++++
>>  MdeModulePkg/Core/Dxe/Misc/PropertiesTable.c  |  24 +-
>>  MdeModulePkg/MdeModulePkg.dec                 |  10 +
>>  UefiCpuPkg/CpuDxe/CpuDxe.c                    | 141 ++--
>>  UefiCpuPkg/CpuDxe/CpuDxe.inf                  |   5 +-
>>  UefiCpuPkg/CpuDxe/CpuPageTable.c              | 779 ++++++++++++++++++++
>>  UefiCpuPkg/CpuDxe/CpuPageTable.h              | 113 +++
>>  11 files changed, 1832 insertions(+), 87 deletions(-)
>>  create mode 100644 MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
>>  create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.c
>>  create mode 100644 UefiCpuPkg/CpuDxe/CpuPageTable.h
>>
>> --
>> 2.7.4.windows.1
>>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel