tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ArmVirtPkg AARCH64: enable NX memory protection for all platforms 

This sets the recently introduced PCD PcdDxeNxMemoryProtectionPolicy to
a value that protects all memory regions except code regions against
inadvertent execution.

Note that this does not [yet] protect EfiLoaderData regions, due to
compatibility issues with shim and GRUB.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by:  Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Ard Biesheuvel 2017-02-27 14:10:59 +00:00
parent dd320e633a
commit 1acd7c54a7
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ArmVirtPkg/ArmVirt.dsc.inc
View File

@ -383,6 +383,13 @@
# #
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3
#
# Enable NX memory protection for all non-code regions, including OEM and OS
# reserved ones, with the exception of LoaderData regions, of which OS loaders
# (i.e., GRUB) may assume that its contents are executable.
#
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
[Components.common] [Components.common]
# #
# Networking stack # Networking stack