diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeMain.inf
index 924b2b132f..faaae2cd4a 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.inf
+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf
@@ -190,7 +190,8 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth ## CONSUMES
-
+ gEfiMdePkgTokenSpaceGuid.PcdDebugRaisePropertyMask ## CONSUMES
+
# [Hob]
# RESOURCE_DESCRIPTOR ## CONSUMES
# MEMORY_ALLOCATION ## CONSUMES
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
index cf39f6f486..65abac6e0d 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryProtection.c
@@ -49,8 +49,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// Protection policy bit definition
//
-#define DO_NOT_PROTECT 0x00000000
-#define PROTECT_IF_ALIGNED_ELSE_ALLOW 0x00000001
+#define DO_NOT_PROTECT 0x00000000
+#define PROTECT_IF_ALIGNED_ELSE_ALLOW 0x00000001
+#define PROTECT_IF_ALIGNED_ELSE_DISALLOW 0x00000002
#define MEMORY_TYPE_OS_RESERVED_MIN 0x80000000
#define MEMORY_TYPE_OEM_RESERVED_MIN 0x70000000
@@ -78,11 +79,15 @@ GetProtectionPolicyFromImageType (
{
ASSERT (ImageIsFromFv == FALSE || ImageIsFromFv == TRUE);
+ if ((mImageProtectionPolicy & 4U) != 0) {
+ return PROTECT_IF_ALIGNED_ELSE_DISALLOW;
+ }
+
if (((ImageIsFromFv + 1) & mImageProtectionPolicy) == 0) {
return DO_NOT_PROTECT;
- } else {
- return PROTECT_IF_ALIGNED_ELSE_ALLOW;
}
+
+ return PROTECT_IF_ALIGNED_ELSE_ALLOW;
}
/**
@@ -233,13 +238,13 @@ ProtectUefiImage (
UEFI_IMAGE_LOADER_IMAGE_CONTEXT *ImageContext
)
{
- RETURN_STATUS PdbStatus;
- UINT32 SectionAlignment;
- UEFI_IMAGE_RECORD *ImageRecord;
- CONST CHAR8 *PdbPointer;
- UINT32 PdbSize;
- BOOLEAN IsAligned;
- UINT32 ProtectionPolicy;
+ RETURN_STATUS PdbStatus;
+ UINT32 SectionAlignment;
+ UEFI_IMAGE_RECORD *ImageRecord;
+ CONST CHAR8 *PdbPointer;
+ UINT32 PdbSize;
+ BOOLEAN IsAligned;
+ UINT32 ProtectionPolicy;
DEBUG ((DEBUG_INFO, "ProtectUefiImageCommon - 0x%x\n", LoadedImage));
DEBUG ((DEBUG_INFO, " - 0x%016lx - 0x%016lx\n", (EFI_PHYSICAL_ADDRESS)(UINTN)LoadedImage->ImageBase, LoadedImage->ImageSize));
@@ -250,8 +255,10 @@ ProtectUefiImage (
return;
case PROTECT_IF_ALIGNED_ELSE_ALLOW:
break;
+ case PROTECT_IF_ALIGNED_ELSE_DISALLOW:
+ break;
default:
- ASSERT (FALSE);
+ DEBUG_RAISE ();
return;
}
@@ -275,6 +282,11 @@ ProtectUefiImage (
DEBUG ((DEBUG_VERBOSE, "!!!!!!!! Image - %a !!!!!!!!\n", PdbPointer));
}
+ if (ProtectionPolicy == PROTECT_IF_ALIGNED_ELSE_DISALLOW) {
+ DEBUG_RAISE ();
+ return;
+ }
+
goto Finish;
}
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 67e4001d13..583857bf5b 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1367,11 +1367,13 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath|{0x0}|VOID*|0x00001043
## Set image protection policy. The policy is bitwise.
- # If a bit is set, the image will be protected by DxeCore if it is aligned.
+ # If a bit is set, the image will be protected by DxeCore if it is aligned,
# The code section becomes read-only, and the data section becomes non-executable.
- # If a bit is clear, nothing will be done to image code/data sections.
+ # If a bit is clear, nothing will be done to image code/data sections.
+ # If BIT2 is set unaligned images will stop boot process regardless of their origin.
# BIT0 - Image from unknown device.
# BIT1 - Image from firmware volume.
+ # BIT2 - Forbid loading of unaligned images.
#
# Note: If a bit is cleared, the data section could be still non-executable if
# PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData