MdeModulePkg/DxeIplPeim: implement non-exec stack for ARM/AARCH64

Mark the DXE stack region as non-executable right before handing
off to the DXE core, by invoking the appropriate ArmLib function.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Feng Tian <Feng.Tian@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18588 6f19259b-4bc3-4df7-8a09-765794883524

MdeModulePkg/Core/DxeIplPeim/Arm/DxeLoadFunc.c

@@ -16,6 +16,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 #include "DxeIpl.h"
 
+#include <Library/ArmLib.h>
+
 /**
    Transfers control to DxeCore.
 
@@ -43,6 +45,11 @@ HandOffToDxeCore (
   BaseOfStack = AllocatePages (EFI_SIZE_TO_PAGES (STACK_SIZE));
   ASSERT (BaseOfStack != NULL);
 
+  if (PcdGetBool (PcdSetNxForStack)) {
+    Status = ArmSetMemoryRegionNoExec ((UINTN)BaseOfStack, STACK_SIZE);
+    ASSERT_EFI_ERROR (Status);
+  }
+
   //
   // Compute the top of the stack we were allocated. Pre-allocate a UINTN
   // for safety.

MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf

@@ -61,6 +61,9 @@
   MdePkg/MdePkg.dec
   MdeModulePkg/MdeModulePkg.dec
 
+[Packages.ARM, Packages.AARCH64]
+  ArmPkg/ArmPkg.dec
+
 [LibraryClasses]
   PcdLib
   MemoryAllocationLib
@@ -76,6 +79,9 @@
   DebugAgentLib
   PeiServicesTablePointerLib
 
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
+  ArmLib
+
 [Ppis]
   gEfiDxeIplPpiGuid                 ## PRODUCES
   gEfiPeiDecompressPpiGuid          ## PRODUCES
@@ -104,6 +110,8 @@
 
 [Pcd.IA32,Pcd.X64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable              ## SOMETIMES_CONSUMES
+
+[Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64]
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack               ## SOMETIMES_CONSUMES
 
 [Depex]