Linux 4.11 Adds EFI Memory Attributes Table Support

Linux 4.11 EFI changes include changes to the initialization code for checking accurately if secure boot authentication was performed at boot time, support for UEFI memory attributes table on x86, and other changes and bug fixes.
The EFI_MEMORY_ATTRIBUTES_TABLE support in Linux 4.11 for x86 EFI was described by developer Sai Praneeth Prakhya in his patch, "UEFI v2.6 introduces EFI_MEMORY_ATTRIBUTES_TABLE which describes memory protections that may be applied to EFI Runtime code and data regions by kernel. This enables kernel to map these regions more strictly thereby increasing security. Presently, the only valid bits for attribute field of a memory descriptor are EFI_MEMORY_RO and EFI_MEMORY_XP, hence use these bits to update mappings in efi_pgd."
Thus this benefits newer systems with UEFI 2.6+ with being able to accurately apply memory protections to the UEFI Runtime code and data regions and this new EFI_MEMORY_ATTRIBUTES_TABLE support is used in place of EFI_PROPERTIES_TABLE, but that is still supported as a fallback for older UEFI systems.
19 Comments