The comment regarding the configured image protection policy states that
data regions of a loaded image may be mapped NX based on the configured
NX memory policy for boot/runtime services or loader data regions.
This is inaccurate: all image sections will be covered by the same code
region in the memory map, so the NX protection policy for data regions
has no bearing on this whatsoever.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
MdeModulePkg/MdeModulePkg.dec | 4 ----
1 file changed, 4 deletions(-)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 720dec58dfc4..b42af1faee25 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1356,10 +1356,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
# BIT0 - Image from unknown device. <BR>
# BIT1 - Image from firmware volume.<BR>
# <BR>
- # Note: If a bit is cleared, the data section could be still non-executable if
- # PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData
- # and/or EfiRuntimeServicesData.<BR>
- # <BR>
# @Prompt Set image protection policy.
# @ValidRange 0x80000002 | 0x00000000 - 0x0000001F
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101142): https://edk2.groups.io/g/devel/message/101142
Mute This Topic: https://groups.io/mt/97586061/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-