summaryrefslogtreecommitdiff
path: root/MdeModulePkg/MdeModulePkg.uni
diff options
context:
space:
mode:
authorJian J Wang <jian.j.wang@intel.com>2018-09-14 10:01:28 +0800
committerJian J Wang <jian.j.wang@intel.com>2018-09-26 08:55:09 +0800
commitb888c57a053f41b33fcaa13da66f8de470e9a1c8 (patch)
tree9b618ece1658040a69c1d7e8b9b9f48f4246e805 /MdeModulePkg/MdeModulePkg.uni
parent67998a547e47b231533f5b6668ac352f6c69104b (diff)
downloadedk2-b888c57a053f41b33fcaa13da66f8de470e9a1c8.zip
edk2-b888c57a053f41b33fcaa13da66f8de470e9a1c8.tar.gz
edk2-b888c57a053f41b33fcaa13da66f8de470e9a1c8.tar.bz2
MdeModulePkg/MdeModulePkg.dec/.uni: clarify PCDs usage
BZ#1116: https://bugzilla.tianocore.org/show_bug.cgi?id=1116 The usage of following PCDs described in MdeModulePkg.dec don't match the implementation exactly. This patch updates related description in both .dec and .uni files to avoid confusion in platform configuration. PcdSetNxForStack PcdImageProtectionPolicy PcdDxeNxMemoryProtectionPolicy The main change is at the statement on how to handle the FALSE or 0 setting value in those PCDs. Current statement says the implementation should unset or disable related features but in fact the related code just do nothing (leave it to AS-IS). That means the result might be disabled, or might be not. It depends on other features or platform policy. For example, if one don't want to enforce NX onto stack memory, he/she needs to set PcdSetNxForStack to FALSE as well as to clear BIT4 of PcdDxeNxMemoryProtectionPolicy. Cc: Star Zeng <star.zeng@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'MdeModulePkg/MdeModulePkg.uni')
-rw-r--r--MdeModulePkg/MdeModulePkg.uni13
1 files changed, 9 insertions, 4 deletions
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index 080b8a6..a6bcb62 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -345,8 +345,9 @@
"For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>"
"For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require"
"IA32 PAE is supported and Execute Disable Bit is available.<BR>"
- "TRUE - to set NX for stack.<BR>"
- "FALSE - Not to set NX for stack.<BR>"
+ "TRUE - Set NX for stack.<BR>"
+ "FALSE - Do nothing for stack.<BR>"
+ "Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for EfiBootServicesData.<BR>"
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_PROMPT #language en-US "ACPI S3 Enable"
@@ -1098,15 +1099,19 @@
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdImageProtectionPolicy_HELP #language en-US "Set image protection policy. The policy is bitwise.\n"
"If a bit is set, the image will be protected by DxeCore if it is aligned.\n"
"The code section becomes read-only, and the data section becomes non-executable.\n"
- "If a bit is clear, the image will not be protected.<BR><BR>\n"
+ "If a bit is clear, nothing will be done to image code/data sections.<BR><BR>\n"
"BIT0 - Image from unknown device. <BR>\n"
"BIT1 - Image from firmware volume.<BR>"
+ "Note: If a bit is cleared, the data section could be still non-executable if\n"
+ "PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData\n"
+ "and/or EfiRuntimeServicesData.<BR>"
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_PROMPT #language en-US "Set DXE memory protection policy."
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_HELP #language en-US "Set DXE memory protection policy. The policy is bitwise.\n"
"If a bit is set, memory regions of the associated type will be mapped\n"
- "non-executable.<BR><BR>\n"
+ "non-executable.<BR>\n"
+ "If a bit is cleared, nothing will be done to associated type of memory.<BR><BR>\n"
"\n"
"Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\n"
"EfiReservedMemoryType 0x0001<BR>\n"