ArmVirtPkg/ArmVirt.dsc.inc: AARCH64: enable DXE image protection feature

Enable the new DXE image protection for all image, i.e., FV images but also external images that originate from disk or the network, such as OS loaders. This complements work that is underway on the arm64/Linux kernel side, to emit the OS loader with 4 KB section alignment, and a suitable split between code and data. http://marc.info/?l=linux-arm-kernel&m=148655557227819 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2017-02-22 11:51:24 +00:00 · 2017-02-22 11:51:24 +00:00 · 7b30036b5e
parent 3cf41b8728
commit 7b30036b5e
1 changed files with 10 additions and 0 deletions
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@ -17,6 +17,9 @@
  DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F
  DEFINE TTY_TERMINAL            = FALSE

+[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION]
+  GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000
+
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
  GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000
  GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000
@ -378,6 +381,13 @@
 [PcdsFixedAtBuild.ARM]
  gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40

+[PcdsFixedAtBuild.AARCH64]
+  #
+  # Enable strict image permissions for all images. (This applies
+  # only to images that were built with >= 4 KB section alignment.)
+  #
+  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3
+
 [Components.common]
  #
  # Networking stack