[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)
- To: Laszlo Ersek <lersek@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Jordan L Justen <jordan.l.justen@xxxxxxxxx>, Star Zeng <star.zeng@xxxxxxxxx>
- From: Ian Campbell <ian.campbell@xxxxxxxxxx>
- Date: Wed, 9 Sep 2015 12:07:06 +0100
- Cc: edk2-devel-01 <edk2-devel@xxxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxx>, "Gabriel L. Somlo \(GMail\)" <gsomlo@xxxxxxxxx>, Gary Ching-Pang Lin <glin@xxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>
- Delivery-date: Wed, 09 Sep 2015 11:07:20 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On Wed, 2015-09-09 at 12:48 +0200, Laszlo Ersek wrote:
Thanks for all the info, I think I get it (although its not clear to me
whether how an app can claim to be UEFI 2.5 capable and what the transition
plan for legacy applications was going to be).
> ... The question could be then if grub (in Wheezy) should be adapted to
> UEFI-2.5 (if that's possible)
I don't know either I'm afraid.
[...]
> Hmmm. Actually, I'm torn about the default for PcdSetNxForStack.
I have a question: What attack vector is setting the stack as Nx in OVMF
(or even UEFI generally) trying to protect against? Or is this being done
for a reason other than security?
I understand why it is done for kernels and apps, but where does the
untrusted element which is being protected against come from when running
UEFI?
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|