On 12 October 2015 at 17:50, Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx> wrote: > On Mon, 12 Oct, at 05:34:53PM, Ard Biesheuvel wrote: >> >> On arm64, we only map in all of the UEFI runtime services regions >> during the time any of these services are being invoked. I think this >> should be mostly feasible on x86 as well, although it would involve >> yet another rewrite of the EFI region mapping code, and most likely a >> long list of quirks for platforms that are not able to deal with it >> correctly for one reason or the other (but that all come down to: 'if >> you are not doing it like Windows does it, you must be doing it >> wrong'). > > Actually, we use separate page tables for mapping the EFI runtime > services on x86 right now. These tables are only used when making > runtime calls, just like on arm64. > > So we've got a little bit of isolation right now. > Ah ok. I thought that only applied to the duplicate 1:1 mapping, not to the high mapping. But that does reduce the attack surface considerably. Combined with strict w^x once the UEFI 2.5 feature is fully supported, I am a lot less nervous about RWX EFI runtime regions being used to subvert the system. -- Ard. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
