From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web11.16995.1676301542216015688
 for <devel@edk2.groups.io>;
 Mon, 13 Feb 2023 07:19:02 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=d0GgEAlJ;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id B3CAD61172;
	Mon, 13 Feb 2023 15:19:01 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 80A3AC433EF;
	Mon, 13 Feb 2023 15:18:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1676301541;
	bh=vtTvw7OFVuMr27En1iP6h5YVzkFHjzn4DT/hTWiJayg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=d0GgEAlJbzE7ajLezIEyUNhqGU+BTwl+oxfQQWLhOvT3Vm9aYs4mSG9muz4kqrzHx
	 EOreBYqWwTLW7gxTwpAGL4drUTldiJ8ZWcbclNRlKVIQD2fZrYDEiZ6bzXRVvb9dk8
	 CVakIY9JR3pGj2Fz9qv91GIZpGpKwBeg0uPX1cHFdwJ28xt62KH/INMogBWKFIf0P9
	 qy8LU7WM/AjanueEyz1xYg3Gd/QtU9KYifYhlKNv+0kkgplnZRvFhrMNz9h3qEfkcG
	 XDOX6bd92VynGX2bejIWsNOhn+GyNVpsrqIvYGtArSYwm6ecjAu78vujoHb/65zZg6
	 lNxCA5PsBw2VQ==
From: "Ard Biesheuvel" <ardb@kernel.org>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Michael Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Michael Kubacki <michael.kubacki@microsoft.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Rebecca Cran <quic_rcran@quicinc.com>,
	Leif Lindholm <quic_llindhol@quicinc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Taylor Beebe <t@taylorbeebe.com>,
	Matthew Garrett <mjg59@srcf.ucam.org>,
	Peter Jones <pjones@redhat.com>,
	Kees Cook <keescook@chromium.org>
Subject: [RFC 11/13] ArmVirtPkg/ArmVirtQemu: Use read-only memory region type for code flash
Date: Mon, 13 Feb 2023 16:18:08 +0100
Message-Id: <20230213151810.2301480-12-ardb@kernel.org>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230213151810.2301480-1-ardb@kernel.org>
References: <20230213151810.2301480-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Map the code flash with read-only attributes so we can execute from it
even under a memory protection regime that enables WXN, making all
writable memory regions non-executable by default.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c b/A=
rmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
index aa083cec2082..a5324b1e4eed 100644
--- a/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
+++ b/ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c
@@ -115,7 +115,7 @@ ArmVirtGetMemoryMap (
   VirtualMemoryTable[2].PhysicalBase =3D PcdGet64 (PcdFvBaseAddress);=0D
   VirtualMemoryTable[2].VirtualBase  =3D VirtualMemoryTable[2].PhysicalBas=
e;=0D
   VirtualMemoryTable[2].Length       =3D FixedPcdGet32 (PcdFvSize);=0D
-  VirtualMemoryTable[2].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK;=0D
+  VirtualMemoryTable[2].Attributes   =3D ARM_MEMORY_REGION_ATTRIBUTE_WRITE=
_BACK_RO;=0D
 =0D
   // End of Table=0D
   ZeroMem (&VirtualMemoryTable[3], sizeof (ARM_MEMORY_REGION_DESCRIPTOR));=
=0D
--=20
2.39.1