# free pages for all of them. The page allocation for the type related to\r
# cleared bits keeps the same as ususal.\r
#\r
+ # This PCD is only valid if BIT0 and/or BIT2 are set in PcdHeapGuardPropertyMask.\r
+ #\r
# Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\r
# EfiReservedMemoryType 0x0000000000000001<BR>\r
# EfiLoaderCode 0x0000000000000002<BR>\r
# if there's enough free memory for all of them. The pool allocation for the\r
# type related to cleared bits keeps the same as ususal.\r
#\r
+ # This PCD is only valid if BIT1 and/or BIT3 are set in PcdHeapGuardPropertyMask.\r
+ #\r
# Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\r
# EfiReservedMemoryType 0x0000000000000001<BR>\r
# EfiLoaderCode 0x0000000000000002<BR>\r
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053\r
\r
## This mask is to control Heap Guard behavior.\r
- # Note that due to the limit of pool memory implementation and the alignment\r
- # requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee\r
- # that the returned pool is exactly adjacent to head guard page or tail guard\r
- # page.\r
+ #\r
+ # Note:\r
+ # a) Heap Guard is for debug purpose and should not be enabled in product\r
+ # BIOS.\r
+ # b) Due to the limit of pool memory implementation and the alignment\r
+ # requirement of UEFI spec, BIT7 is a try-best setting which cannot\r
+ # guarantee that the returned pool is exactly adjacent to head guard\r
+ # page or tail guard page.\r
+ # c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled\r
+ # at the same time.\r
+ #\r
# BIT0 - Enable UEFI page guard.<BR>\r
# BIT1 - Enable UEFI pool guard.<BR>\r
# BIT2 - Enable SMM page guard.<BR>\r
# BIT3 - Enable SMM pool guard.<BR>\r
+ # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).<BR>\r
# BIT6 - Enable non-stop mode.<BR>\r
# BIT7 - The direction of Guard Page for Pool Guard.\r
# 0 - The returned pool is near the tail guard page.<BR>\r
## Set image protection policy. The policy is bitwise.\r
# If a bit is set, the image will be protected by DxeCore if it is aligned.\r
# The code section becomes read-only, and the data section becomes non-executable.\r
- # If a bit is clear, the image will not be protected.<BR><BR>\r
+ # If a bit is clear, nothing will be done to image code/data sections.<BR><BR>\r
# BIT0 - Image from unknown device. <BR>\r
# BIT1 - Image from firmware volume.<BR>\r
+ # <BR>\r
+ # Note: If a bit is cleared, the data section could be still non-executable if\r
+ # PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData\r
+ # and/or EfiRuntimeServicesData.<BR>\r
+ # <BR>\r
# @Prompt Set image protection policy.\r
# @ValidRange 0x80000002 | 0x00000000 - 0x0000001F\r
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047\r
\r
## Set DXE memory protection policy. The policy is bitwise.\r
# If a bit is set, memory regions of the associated type will be mapped\r
- # non-executable.<BR><BR>\r
- #\r
+ # non-executable.<BR>\r
+ # If a bit is cleared, nothing will be done to associated type of memory.<BR>\r
+ # <BR>\r
# Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\r
# EfiReservedMemoryType 0x0001<BR>\r
# EfiLoaderCode 0x0002<BR>\r
# For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>\r
# For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require\r
# IA32 PAE is supported and Execute Disable Bit is available.<BR>\r
- # TRUE - to set NX for stack.<BR>\r
- # FALSE - Not to set NX for stack.<BR>\r
+ # <BR>\r
+ # TRUE - Set NX for stack.<BR>\r
+ # FALSE - Do nothing for stack.<BR>\r
+ # <BR>\r
+ # Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for\r
+ # EfiBootServicesData.<BR>\r
+ # <BR>\r
# @Prompt Set NX for stack.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE|BOOLEAN|0x0001006f\r
\r
# @ValidList 0x80000001 | 0x0\r
gEfiMdeModulePkgTokenSpaceGuid.PcdS3BootScriptTablePrivateSmmDataPtr|0x0|UINT64|0x00030001\r
\r
- ## This dynamic PCD hold an address to point to the memory of page table. The page table establishes a 1:1\r
- # Virtual to Physical mapping according to the processor physical address bits.\r
- # @Prompt Identify Mapping Page Table pointer.\r
- # @ValidList 0x80000001 | 0x0\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdIdentifyMappingPageTablePtr|0x0|UINT64|0x00030002\r
-\r
## This dynamic PCD holds the information if there is any test key used by the platform.\r
# @Prompt If there is any test key used by the platform.\r
gEfiMdeModulePkgTokenSpaceGuid.PcdTestKeyUsed|FALSE|BOOLEAN|0x00030003\r
# @Prompt NV Storage Default Value Buffer\r
gEfiMdeModulePkgTokenSpaceGuid.PcdNvStoreDefaultValueBuffer|{0x0}|VOID*|0x00030005\r
\r
+ ## VPD type PCD allows a developer to point to an absolute physical address PcdVpdBaseAddress64\r
+ # to store PCD value. It will be DynamicExDefault only.\r
+ # It is used to set VPD region base address. So, it can't be DynamicExVpd PCD. Its value is\r
+ # required to be accessed in PcdDxe driver entry point. So, its value must be set in PEI phase.\r
+ # It can't depend on EFI variable service, and can't be DynamicExHii PCD.\r
+ # @Prompt 64bit VPD base address.\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVpdBaseAddress64|0x0|UINT64|0x00030006\r
+\r
[UserExtensions.TianoCore."ExtraFiles"]\r
MdeModulePkgExtra.uni\r