From Fedora Project Wiki
< Changes
| Line 52: | Line 52: | ||
== Detailed Description == | == Detailed Description == | ||
Turn on strict NX checking: | |||
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5 | |||
PcdSetNxForStack = TRUE | |||
PcdImageProtectionPolicy = 0x03 | |||
PcdNullPointerDetectionPropertyMask = 0x03 | |||
== Feedback == | == Feedback == | ||
Revision as of 12:32, 13 January 2025
Comments and Explanations
The page source contains comments providing guidance to fill out each section. They are invisible when viewing this page. To read it, choose the "view source" link.
Copy the source to a new page before making changes! DO NOT EDIT THIS TEMPLATE FOR YOUR CHANGE PROPOSAL.
The page source contains comments providing guidance to fill out each section. They are invisible when viewing this page. To read it, choose the "view source" link.
Copy the source to a new page before making changes! DO NOT EDIT THIS TEMPLATE FOR YOUR CHANGE PROPOSAL.
Guidance
For details on how to fill out this form, see the documentation.
For details on how to fill out this form, see the documentation.
Report issues
To report an issue with this template, file an issue in the pgm_docs repo.
To report an issue with this template, file an issue in the pgm_docs repo.
Improve edk2 security
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
Summary
Turn on a few security-related build time options to improve edk2 security.
Owner
- Name: Gerd Hoffmann
- Email: kraxel@redhat.com
Current status
- Targeted release: Fedora Linux 42
- Last updated: 2025-01-13
- [<link to devel-announce post will be added by Wrangler> Announced]
- [<will be assigned by the Wrangler> Discussion thread]
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
Turn on strict NX checking:
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5 PcdSetNxForStack = TRUE
PcdImageProtectionPolicy = 0x03
PcdNullPointerDetectionPropertyMask = 0x03
Feedback
Benefit to Fedora
Scope
- Proposal owners:
- Other developers:
- Release engineering: #Releng issue number
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with the Fedora Strategy:
Upgrade/compatibility impact
Early Testing (Optional)
Do you require 'QA Blueprint' support? Y/N
How To Test
User Experience
Dependencies
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
Documentation
N/A (not a System Wide Change)