mirror of https://github.com/acidanthera/audk.git
d0e92aad46
If the UEFI image is page aligned, the image code section is set to read only and the image data section is set to non-executable. 1) This policy is applied for all UEFI image including boot service driver, runtime driver or application. 2) This policy is applied only if the UEFI image meets the page alignment requirement. 3) This policy is applied only if the Source UEFI image matches the PcdImageProtectionPolicy definition. 4) This policy is not applied to the non-PE image region. The DxeCore calls CpuArchProtocol->SetMemoryAttributes() to protect the image. If the CpuArch protocol is not installed yet, the DxeCore enqueues the protection request. Once the CpuArch is installed, the DxeCore dequeues the protection request and applies policy. Once the image is unloaded, the protection is removed automatically. The UEFI runtime image protection is teared down at ExitBootServices(), the runtime image code relocation need write code segment at SetVirtualAddressMap(). We cannot assume OS/Loader has taken over page table at that time. NOTE: It is per-requisite that code section and data section should not be not merged. That is same criteria for SMM/runtime driver. We are not able to detect during BIOS boot, because we can only get LINK warning below: "LINK : warning LNK4254: section '.data' (C0000040) merged into '.text' (60000020) with different attributes" But final attribute in PE code section is same. Cc: Star Zeng <star.zeng@intel.com> Cc: Feng Tian <feng.tian@intel.com> Cc: Michael Kinney <michael.d.kinney@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Jeff Fan <jeff.fan@intel.com> Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> |
||
---|---|---|
.. | ||
DxeMain.c | ||
DxeProtocolNotify.c |