From: "Rebecca Cran" <rebecca@bsdio.com>
To: Joey Vagedes <joey.vagedes@gmail.com>, devel@edk2.groups.io
Cc: Liming Gao <gaoliming@byosoft.com.cn>,
Bob Feng <bob.c.feng@intel.com>,
Yuwei Chen <yuwei.chen@intel.com>
Subject: Re: [PATCH v1 2/2] BaseTools: GenFw: auto-set nxcompat flag
Date: Sun, 9 Jul 2023 17:24:18 -0600 [thread overview]
Message-ID: <316ec4da-bfde-a491-27b8-3f85a5643ac5@bsdio.com> (raw)
In-Reply-To: <CAKURc-9xRcyz4u8cZf=gs2D=Oh8YWzTL7tsc=X-VeW-B91PzPg@mail.gmail.com>
Please fix the documentation block.
It should go above the function, and use Doxygen style.
Also, the commit message doesn't make sense to me - specifically ", it
must,"
--
Rebecca Cran
On 7/6/23 9:26 AM, Joey Vagedes wrote:
> Hi all,
>
> Do you have any concerns over the changes I've made to GenFw.c as seen
> above? Please let me know if you have any questions, concerns, or
> improvements; I would be happy to help!
>
> Thanks,
> Joey
>
> On Fri, Jun 23, 2023 at 8:44 AM Joey Vagedes <joey.vagedes@gmail.com>
> wrote:
>
> Automatically set the nxcompat flag in the DLL Characteristics
> field of
> the Optional Header of the PE32+ image. For this flag to be set
> automatically, it must, the section alignment must be evenly divisible
> by 4K (EFI_PAGE_SIZE) and no section must be executable and writable.
>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Bob Feng <bob.c.feng@intel.com>
> Cc: Yuwei Chen <yuwei.chen@intel.com>
> Signed-off-by: Joey Vagedes <joeyvagedes@gmail.com>
> ---
> BaseTools/Source/C/GenFw/GenFw.c | 59 ++++++++++++++++++++
> 1 file changed, 59 insertions(+)
>
> diff --git a/BaseTools/Source/C/GenFw/GenFw.c
> b/BaseTools/Source/C/GenFw/GenFw.c
> index 0289c8ef8a5c..4581c4233c14 100644
> --- a/BaseTools/Source/C/GenFw/GenFw.c
> +++ b/BaseTools/Source/C/GenFw/GenFw.c
> @@ -441,6 +441,60 @@ Returns:
> return STATUS_SUCCESS;
> }
>
> +STATIC
> +BOOLEAN
> +IsNxCompatCompliant (
> + EFI_IMAGE_OPTIONAL_HEADER_UNION *PeHdr
> + )
> +/*++
> +
> +Routine Description:
> +
> + Checks if the Pe image is nxcompat. i.e. PE is 64bit, section
> alignment is
> + evenly divisible by 4k, and no section is writable and executable.
> +
> +Arguments:
> +
> + PeHdr The Pe header
> +
> +Returns:
> + TRUE The PE is nx compat compliant
> + FALSE The PE is not nx compat compliant
> +
> +--*/
> +{
> + EFI_IMAGE_SECTION_HEADER *SectionHeader;
> + UINT32 Index;
> + UINT32 Mask;
> +
> + // Must have an optional header to perform verification
> + if (PeHdr->Pe32.FileHeader.SizeOfOptionalHeader == 0) {
> + return FALSE;
> + }
> +
> + // Verify PE is 64 bit
> + if (!(PeHdr->Pe32.OptionalHeader.Magic ==
> EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC)) {
> + return FALSE;
> + }
> +
> + // Verify Section Alignment is divisible by 4K
> + if (!((PeHdr->Pe32Plus.OptionalHeader.SectionAlignment %
> EFI_PAGE_SIZE) == 0)) {
> + return FALSE;
> + }
> +
> + // Verify sections are not Write & Execute
> + Mask = EFI_IMAGE_SCN_MEM_EXECUTE | EFI_IMAGE_SCN_MEM_WRITE;
> + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) ((UINT8 *)
> &(PeHdr->Pe32Plus.OptionalHeader) +
> PeHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader);
> + for (Index = 0; Index <
> PeHdr->Pe32Plus.FileHeader.NumberOfSections; Index ++,
> SectionHeader ++) {
> + if ((SectionHeader->Characteristics & Mask) == Mask) {
> + return FALSE;
> + }
> + }
> +
> + // Passed all requirements, return TRUE
> + return TRUE;
> +}
> +
> VOID
> SetHiiResourceHeader (
> UINT8 *HiiBinData,
> @@ -2458,6 +2512,11 @@ Returns:
> TEImageHeader.BaseOfCode = Optional64->BaseOfCode;
> TEImageHeader.ImageBase = (UINT64)
> (Optional64->ImageBase);
>
> + // Set NxCompat flag
> + if (IsNxCompatCompliant (PeHdr)) {
> + Optional64->DllCharacteristics |=
> IMAGE_DLLCHARACTERISTICS_NX_COMPAT;
> + }
> +
> if (Optional64->NumberOfRvaAndSizes >
> EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {
> TEImageHeader.DataDirectory[EFI_TE_IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress
> =
> Optional64->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress;
> TEImageHeader.DataDirectory[EFI_TE_IMAGE_DIRECTORY_ENTRY_BASERELOC].Size
> = Optional64->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
> --
> 2.41.0.windows.1
>
next prev parent reply other threads:[~2023-07-09 23:24 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-23 15:44 [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met Joey Vagedes
2023-06-23 15:44 ` [PATCH v1 1/2] MdePkg: IndustryStandard: Add DLL Characteristics Joey Vagedes
2023-06-27 20:12 ` Michael D Kinney
2023-06-27 21:42 ` Joey Vagedes
2023-06-27 23:51 ` Michael D Kinney
2023-06-23 15:44 ` [PATCH v1 2/2] BaseTools: GenFw: auto-set nxcompat flag Joey Vagedes
2023-07-06 15:26 ` Joey Vagedes
2023-07-09 23:24 ` Rebecca Cran [this message]
2023-06-23 16:11 ` [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met Ard Biesheuvel
2023-06-27 22:23 ` Joey Vagedes
2023-06-25 2:44 ` 回复: " gaoliming
2023-06-26 21:58 ` Joey Vagedes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=316ec4da-bfde-a491-27b8-3f85a5643ac5@bsdio.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox