ArmVirtPkg: make EFI_LOADER_DATA non-executable

When the memory protections were implemented and enabled on ArmVirtQemu 5+ years ago, we had to work around the fact that GRUB at the time expected EFI_LOADER_DATA to be executable, as that is the memory type it allocates when loading its modules. This has been fixed in GRUB in August 2017, so by now, we should be able to tighten this, and remove execute permissions from EFI_LOADER_DATA allocations. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
2022-08-02 11:48:04 +02:00 · 2022-08-02 11:48:04 +02:00 · 2997ae3873
parent 9e2c88b16e
commit 2997ae3873
1 changed files with 1 additions and 1 deletions
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@ -368,7 +368,7 @@
  # reserved ones, with the exception of LoaderData regions, of which OS loaders
  # (i.e., GRUB) may assume that its contents are executable.
  #
-  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
+  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5

 [Components.common]
  #