From 2936b7d1628c8c6f7cc838af5f9ab1562dfb5122 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Date: Sun, 15 Sep 2024 11:07:55 +0200
Subject: [PATCH] ArmVirtPkg: Correct PcdDxeNxMemoryProtectionPolicy comment

Since commit 2997ae387397 ("ArmVirtPkg: make EFI_LOADER_DATA
non-executable") the comment for PcdDxeNxMemoryProtectionPolicy is
incorrect.

* Remove the incorrect part of the description.
* Describe overriding NX protection by passing a pcd parameter on the
  build command line.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
---
 ArmVirtPkg/ArmVirt.dsc.inc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 890a056cd0..6dd6ce69cc 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -381,8 +381,10 @@
 
   #
   # Enable NX memory protection for all non-code regions, including OEM and OS
-  # reserved ones, with the exception of LoaderData regions, of which OS loaders
-  # (i.e., GRUB) may assume that its contents are executable.
+  # reserved ones.
+  # By passing --pcd PcdDxeNxMemoryProtectionPolicy=0xC000000000007FD1 on the
+  # build command line you can allow code execution in EfiLoaderData. This is
+  # required when using some outdated GRUB versions.
   #
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5