diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2016-06-01 19:23:20 +0200 |
|---|---|---|
| committer | Laszlo Ersek <lersek@redhat.com> | 2016-06-06 10:58:24 +0200 |
| commit | 509f8425b75dd0b0698b159db71379f49c36b2fc (patch) | |
| tree | 96f3a5912adb86d0635b6bff00dc0e4269309b69 /UefiCpuPkg/UefiCpuPkg.dec | |
| parent | d2970bbc1d88dbde480e7eef57f3ddcedd39ad08 (diff) | |
| download | edk2-509f8425b75dd0b0698b159db71379f49c36b2fc.tar.gz edk2-509f8425b75dd0b0698b159db71379f49c36b2fc.tar.bz2 edk2-509f8425b75dd0b0698b159db71379f49c36b2fc.zip | |
UefiCpuPkg: change PcdCpuSmmStackGuard default to TRUE
This Feature PCD causes PiSmmCpuDxe to catch SMM stack overflow at
runtime, logging a clear error message, and entering a CPU dead loop.
Compared to the chaotic and catastrophic consequences of the stack leaking
into, and corrupting, the SMM page table, a stack guard that is enabled by
default is vastly superior.
We should not require sane platforms to explicitly opt in to this
safeguard; instead, we should require platforms that prefer to live
dangerously to opt out of it.
Stack overflow in SMM might even give rise to security vulnerabilities.
Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: http://thread.gmane.org/gmane.comp.bios.edk2.devel/12864
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1341733
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Diffstat (limited to 'UefiCpuPkg/UefiCpuPkg.dec')
| -rw-r--r-- | UefiCpuPkg/UefiCpuPkg.dec | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 16637dfdc1..ef46318a89 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -85,11 +85,11 @@ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmBlockStartupThisAp|FALSE|BOOLEAN|0x32132108
## Indicates if SMM Stack Guard will be enabled.
- # If enabled, stack overflow in SMM can be caught which eases debugging.<BR><BR>
+ # If enabled, stack overflow in SMM can be caught, preventing chaotic consequences.<BR><BR>
# TRUE - SMM Stack Guard will be enabled.<BR>
# FALSE - SMM Stack Guard will be disabled.<BR>
# @Prompt Enable SMM Stack Guard.
- gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|FALSE|BOOLEAN|0x1000001C
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard|TRUE|BOOLEAN|0x1000001C
## Indicates if BSP election in SMM will be enabled.
# If enabled, a BSP will be dynamically elected among all processors in each SMI.
|