Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-147245

] Re-enablement of security feature in AMD EDKII BIOS

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • CentOS Stream 10
    • edk2
    • None
    • None
    • None
    • rhel-virt-confidential-firmware
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      AMD is seeking to comply to the October 2025 Microsoft UEFI signing requirements[1].  As part of the requirements [2]:

       
      "One key requirement added is that the binary layout must allow to enforce memory attributes with page tables, i.e. PE binary sections must be aligned to page size (4k). Sections also can't be both writable and executable. And the application must be able to deal with data section being mapped as not executable (NX_COMPAT)."

      The edk2 fix will be for Venice onward.

      Below is the link for edk2 tianocore upstream changes.

      https://github.com/tianocore/edk2/pull/5939

       

      [1]https://techcommunity.microsoft.com/blog/hardware-dev-center/updated-microsoft-uefi-signing-requirements/1062916

      [2]https://www.kraxel.org/blog/2023/12/uefi-nx-linux-boot/
       

       

              virt-maint virt-maint
              kim.naru@amd.com Kim Naru
              AMD Confidential Group
              virt-maint virt-maint
              virt-bugs virt-bugs
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: