From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
Leif Lindholm <quic_llindhol@quicinc.com>,
Alexander Graf <agraf@csgraf.de>,
Gerd Hoffmann <kraxel@redhat.com>,
Sami Mujawar <Sami.Mujawar@arm.com>
Subject: [PATCH v3 resend 03/11] ArmVirtPkg: make EFI_LOADER_DATA non-executable
Date: Wed, 19 Oct 2022 11:22:03 +0200 [thread overview]
Message-ID: <20221019092211.465699-4-ardb@kernel.org> (raw)
In-Reply-To: <20221019092211.465699-1-ardb@kernel.org>
When the memory protections were implemented and enabled on ArmVirtQemu
5+ years ago, we had to work around the fact that GRUB at the time
expected EFI_LOADER_DATA to be executable, as that is the memory type it
allocates when loading its modules.
This has been fixed in GRUB in August 2017, so by now, we should be able
to tighten this, and remove execute permissions from EFI_LOADER_DATA
allocations.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
ArmVirtPkg/ArmVirt.dsc.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 34575585adbb..462073517a22 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -368,7 +368,7 @@ [PcdsFixedAtBuild.common]
# reserved ones, with the exception of LoaderData regions, of which OS loaders
# (i.e., GRUB) may assume that its contents are executable.
#
- gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5
[Components.common]
#
--
2.35.1
next prev parent reply other threads:[~2022-10-19 9:22 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-19 9:22 [PATCH v3 resend 00/11] ArmVirtPkg/ArmVirtQemu: Performance streamlining Ard Biesheuvel
2022-10-19 9:22 ` [PATCH v3 resend 01/11] ArmVirtPkg: remove EbcDxe from all platforms Ard Biesheuvel
2022-10-20 8:58 ` [edk2-devel] " Leif Lindholm
2022-10-19 9:22 ` [PATCH v3 resend 02/11] ArmVirtPkg: do not enable iSCSI driver by default Ard Biesheuvel
2022-10-20 9:03 ` Leif Lindholm
2022-10-20 12:34 ` Ard Biesheuvel
2022-10-19 9:22 ` Ard Biesheuvel [this message]
2022-10-19 9:22 ` [PATCH v3 resend 04/11] ArmVirtPkg/ArmVirtQemu: wire up timeout PCD to Timeout variable Ard Biesheuvel
2022-10-19 9:22 ` [PATCH v3 resend 05/11] ArmVirtPkg/ArmVirtQemu: implement ArmPlatformLib with static ID map Ard Biesheuvel
2022-10-19 9:22 ` [PATCH v3 resend 06/11] ArmVirtPkg/ArmVirtQemu: use first 128 MiB as permanent PEI memory Ard Biesheuvel
2022-10-19 9:22 ` [PATCH v3 resend 07/11] ArmVirtPkg/ArmVirtQemu: enable initial ID map at early boot Ard Biesheuvel
2022-11-08 15:59 ` Gerd Hoffmann
2022-10-19 9:22 ` [PATCH v3 resend 08/11] ArmVirtPkg/ArmVirtQemu: Drop unused variable PEIM Ard Biesheuvel
2022-10-19 9:22 ` [PATCH v3 resend 09/11] ArmVirtPkg/ArmVirtQemu: avoid shadowing PEIMs unless necessary Ard Biesheuvel
2022-10-19 9:22 ` [PATCH v3 resend 10/11] ArmVirtPkg/QemuVirtMemInfoLib: use HOB not PCD to record the memory size Ard Biesheuvel
2022-10-19 9:22 ` [PATCH v3 resend 11/11] ArmVirtPkg/ArmVirtQemu: omit PCD PEIM unless TPM support is enabled Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221019092211.465699-4-ardb@kernel.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox