From: Joey Vagedes <joey.vagedes@gmail.com>
To: devel@edk2.groups.io
Cc: Rebecca Cran <rebecca@bsdio.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Bob Feng <bob.c.feng@intel.com>,
Yuwei Chen <yuwei.chen@intel.com>
Subject: [PATCH v1 2/2] BaseTools: GenFw: auto-set nxcompat flag
Date: Fri, 23 Jun 2023 08:44:42 -0700 [thread overview]
Message-ID: <20230623154442.799-3-joey.vagedes@gmail.com> (raw)
In-Reply-To: <20230623154442.799-1-joey.vagedes@gmail.com>
Automatically set the nxcompat flag in the DLL Characteristics field of
the Optional Header of the PE32+ image. For this flag to be set
automatically, it must, the section alignment must be evenly divisible
by 4K (EFI_PAGE_SIZE) and no section must be executable and writable.
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Signed-off-by: Joey Vagedes <joeyvagedes@gmail.com>
---
BaseTools/Source/C/GenFw/GenFw.c | 59 ++++++++++++++++++++
1 file changed, 59 insertions(+)
diff --git a/BaseTools/Source/C/GenFw/GenFw.c b/BaseTools/Source/C/GenFw/GenFw.c
index 0289c8ef8a5c..4581c4233c14 100644
--- a/BaseTools/Source/C/GenFw/GenFw.c
+++ b/BaseTools/Source/C/GenFw/GenFw.c
@@ -441,6 +441,60 @@ Returns:
return STATUS_SUCCESS;
}
+STATIC
+BOOLEAN
+IsNxCompatCompliant (
+ EFI_IMAGE_OPTIONAL_HEADER_UNION *PeHdr
+ )
+/*++
+
+Routine Description:
+
+ Checks if the Pe image is nxcompat. i.e. PE is 64bit, section alignment is
+ evenly divisible by 4k, and no section is writable and executable.
+
+Arguments:
+
+ PeHdr The Pe header
+
+Returns:
+ TRUE The PE is nx compat compliant
+ FALSE The PE is not nx compat compliant
+
+--*/
+{
+ EFI_IMAGE_SECTION_HEADER *SectionHeader;
+ UINT32 Index;
+ UINT32 Mask;
+
+ // Must have an optional header to perform verification
+ if (PeHdr->Pe32.FileHeader.SizeOfOptionalHeader == 0) {
+ return FALSE;
+ }
+
+ // Verify PE is 64 bit
+ if (!(PeHdr->Pe32.OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC)) {
+ return FALSE;
+ }
+
+ // Verify Section Alignment is divisible by 4K
+ if (!((PeHdr->Pe32Plus.OptionalHeader.SectionAlignment % EFI_PAGE_SIZE) == 0)) {
+ return FALSE;
+ }
+
+ // Verify sections are not Write & Execute
+ Mask = EFI_IMAGE_SCN_MEM_EXECUTE | EFI_IMAGE_SCN_MEM_WRITE;
+ SectionHeader = (EFI_IMAGE_SECTION_HEADER *) ((UINT8 *) &(PeHdr->Pe32Plus.OptionalHeader) + PeHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader);
+ for (Index = 0; Index < PeHdr->Pe32Plus.FileHeader.NumberOfSections; Index ++, SectionHeader ++) {
+ if ((SectionHeader->Characteristics & Mask) == Mask) {
+ return FALSE;
+ }
+ }
+
+ // Passed all requirements, return TRUE
+ return TRUE;
+}
+
VOID
SetHiiResourceHeader (
UINT8 *HiiBinData,
@@ -2458,6 +2512,11 @@ Returns:
TEImageHeader.BaseOfCode = Optional64->BaseOfCode;
TEImageHeader.ImageBase = (UINT64) (Optional64->ImageBase);
+ // Set NxCompat flag
+ if (IsNxCompatCompliant (PeHdr)) {
+ Optional64->DllCharacteristics |= IMAGE_DLLCHARACTERISTICS_NX_COMPAT;
+ }
+
if (Optional64->NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {
TEImageHeader.DataDirectory[EFI_TE_IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = Optional64->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress;
TEImageHeader.DataDirectory[EFI_TE_IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = Optional64->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
--
2.41.0.windows.1
next prev parent reply other threads:[~2023-06-23 15:44 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-23 15:44 [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met Joey Vagedes
2023-06-23 15:44 ` [PATCH v1 1/2] MdePkg: IndustryStandard: Add DLL Characteristics Joey Vagedes
2023-06-27 20:12 ` Michael D Kinney
2023-06-27 21:42 ` Joey Vagedes
2023-06-27 23:51 ` Michael D Kinney
2023-06-23 15:44 ` Joey Vagedes [this message]
2023-07-06 15:26 ` [PATCH v1 2/2] BaseTools: GenFw: auto-set nxcompat flag Joey Vagedes
2023-07-09 23:24 ` Rebecca Cran
2023-06-23 16:11 ` [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met Ard Biesheuvel
2023-06-27 22:23 ` Joey Vagedes
2023-06-25 2:44 ` 回复: " gaoliming
2023-06-26 21:58 ` Joey Vagedes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230623154442.799-3-joey.vagedes@gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox