X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=MdeModulePkg%2FMdeModulePkg.dec;h=428eeeb670449499f5e31f1529b886dbca107725;hb=f87db25620f79054cb122d6b16b1609a181da175;hp=261da61c18a231249822e6982f1d1c348e5cebf8;hpb=17da1b91089d1da8a0b9fbbb8d29e4586fa13e46;p=mirror_edk2.git
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 261da61c18..428eeeb670 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -932,7 +932,8 @@
# If enabled, accessing NULL address in UEFI or SMM code can be caught.
# BIT0 - Enable NULL pointer detection for UEFI.
# BIT1 - Enable NULL pointer detection for SMM.
- # BIT2..6 - Reserved for future uses.
+ # BIT2..5 - Reserved for future uses.
+ # BIT6 - Enable non-stop mode.
# BIT7 - Disable NULL pointer detection just after EndOfDxe.
# This is a workaround for those unsolvable NULL access issues in
# OptionROM, boot loader, etc. It can also help to avoid unnecessary
@@ -954,6 +955,8 @@
# free pages for all of them. The page allocation for the type related to
# cleared bits keeps the same as ususal.
#
+ # This PCD is only valid if BIT0 and/or BIT2 are set in PcdHeapGuardPropertyMask.
+ #
# Below is bit mask for this PCD: (Order is same as UEFI spec)
# EfiReservedMemoryType 0x0000000000000001
# EfiLoaderCode 0x0000000000000002
@@ -983,6 +986,8 @@
# if there's enough free memory for all of them. The pool allocation for the
# type related to cleared bits keeps the same as ususal.
#
+ # This PCD is only valid if BIT1 and/or BIT3 are set in PcdHeapGuardPropertyMask.
+ #
# Below is bit mask for this PCD: (Order is same as UEFI spec)
# EfiReservedMemoryType 0x0000000000000001
# EfiLoaderCode 0x0000000000000002
@@ -1006,14 +1011,23 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPoolType|0x0|UINT64|0x30001053
## This mask is to control Heap Guard behavior.
- # Note that due to the limit of pool memory implementation and the alignment
- # requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee
- # that the returned pool is exactly adjacent to head guard page or tail guard
- # page.
+ #
+ # Note:
+ # a) Heap Guard is for debug purpose and should not be enabled in product
+ # BIOS.
+ # b) Due to the limit of pool memory implementation and the alignment
+ # requirement of UEFI spec, BIT7 is a try-best setting which cannot
+ # guarantee that the returned pool is exactly adjacent to head guard
+ # page or tail guard page.
+ # c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled
+ # at the same time.
+ #
# BIT0 - Enable UEFI page guard.
# BIT1 - Enable UEFI pool guard.
# BIT2 - Enable SMM page guard.
# BIT3 - Enable SMM pool guard.
+ # BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).
+ # BIT6 - Enable non-stop mode.
# BIT7 - The direction of Guard Page for Pool Guard.
# 0 - The returned pool is near the tail guard page.
# 1 - The returned pool is near the head guard page.
@@ -1286,17 +1300,23 @@
## Set image protection policy. The policy is bitwise.
# If a bit is set, the image will be protected by DxeCore if it is aligned.
# The code section becomes read-only, and the data section becomes non-executable.
- # If a bit is clear, the image will not be protected.
+ # If a bit is clear, nothing will be done to image code/data sections.
# BIT0 - Image from unknown device.
# BIT1 - Image from firmware volume.
+ #
+ # Note: If a bit is cleared, the data section could be still non-executable if
+ # PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData
+ # and/or EfiRuntimeServicesData.
+ #
# @Prompt Set image protection policy.
# @ValidRange 0x80000002 | 0x00000000 - 0x0000001F
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047
## Set DXE memory protection policy. The policy is bitwise.
# If a bit is set, memory regions of the associated type will be mapped
- # non-executable.
- #
+ # non-executable.
+ # If a bit is cleared, nothing will be done to associated type of memory.
+ #
# Below is bit mask for this PCD: (Order is same as UEFI spec)
# EfiReservedMemoryType 0x0001
# EfiLoaderCode 0x0002
@@ -1888,8 +1908,13 @@
# For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.
# For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require
# IA32 PAE is supported and Execute Disable Bit is available.
- # TRUE - to set NX for stack.
- # FALSE - Not to set NX for stack.
+ #
+ # TRUE - Set NX for stack.
+ # FALSE - Do nothing for stack.
+ #
+ # Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for
+ # EfiBootServicesData.
+ #
# @Prompt Set NX for stack.
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE|BOOLEAN|0x0001006f