[PATCH v1 5/6] treewide: Add a function to change page permissions
Simon Glass
sjg at chromium.org
Sun Feb 9 21:15:53 CET 2025
Hi Tom,
On Sun, 9 Feb 2025 at 09:39, Tom Rini <trini at konsulko.com> wrote:
>
> On Thu, Feb 06, 2025 at 08:47:47AM -0700, Simon Glass wrote:
>
> [snip]
> > Perhaps make EFI_LOADER select CPU, or depend on CPU? If that's the
> > way you want to go, I'd be happy to do a precursor series to deal with
> > the fallout.
>
> I'm not sure what EFI_LOADER has to do with the generic security feature
> of enforcing permissions on pages. That's something we want everywhere
> that can enable it as it's a good defensive security measure and also
> catches code bugs.
Yes, it's a good thing to have. I assumed it was related to EFI
because of all the mention of EFI, SetVirtualAddressMap() and the
like.
It doesn't have to be DM. I was reacting to the idea that we cannot
add it to the CPU driver because hardly any boards have one. How about
mapping arch-specific stuff to generic functions, like we try to do
with the CPU uclass. The enforcement happens before initr_dm()
although I suppose it could be moved later, or a CPU driver could be
started up before relocation. Or just don't use a CPU driver, use
something else.
WIth all the pain I've just been through with the EFI link scripts, I
would have rather seen some effort to follow the existing convention,
e.g. text_start rather than start_text. We already have
__image_copy_start - there is so much arch-specific variability here
already.
Anyway, I'll stay away from this series in future.
Regards,
Simon
More information about the U-Boot
mailing list