From: Joey Vagedes <joey.vagedes@gmail.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: devel@edk2.groups.io,
Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Zhiguang Liu <zhiguang.liu@intel.com>,
Rebecca Cran <rebecca@bsdio.com>,
Bob Feng <bob.c.feng@intel.com>,
Yuwei Chen <yuwei.chen@intel.com>
Subject: Re: [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met
Date: Tue, 27 Jun 2023 15:23:55 -0700 [thread overview]
Message-ID: <CAKURc-9nLqeDrdXmNo6V+M1Kk=Mvr4QSagApMJhQ9XdGvyFamQ@mail.gmail.com> (raw)
In-Reply-To: <CAMj1kXFV4NEDe65_zGtz5NC9gq+L9-isZcfcdYTRyc-k5gxdzA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1361 bytes --]
Hi Ard,
Talked to the team and I think the appropriate answer to this is to follow
what is currently done through the MSVC FLAGS, i.e. that any PE that
knowingly does not meet these requirements manually opts out of NXCOMPAT
via the /NXCOMPAT:no flag. That means adding a flag to GENFW: "--nxcompat
no". Then this can be appended to existing flags in the INF of any
incompatible component.
Invalid PEs could be reviewed after this patch is in, or as a part of it.
We have a list of modules that modules that are potentially non-nx compat,
but would need to be evaluated by package owners and may not be all
encompassing.
Thanks,
Joey
On Fri, Jun 23, 2023 at 9:11 AM Ard Biesheuvel <ardb@kernel.org> wrote:
> On Fri, 23 Jun 2023 at 18:03, Joey Vagedes <joey.vagedes@gmail.com> wrote:
> >
> > Utilize GenFw to automatically set the NXCOMPAT bit of the DLL
> Characteristics
> > field of the Optional Header if the following requirements are met:
> >
> > 1. It is a 64bit PE
> > 2. The section alignment is evently divisible by 4K
> > 3. No section is both EFI_IMAGE_SCN_MEM_EXECUTE and
> EFI_IMAGE_SCN_MEM_WRITE
> >
>
> Is this sufficient? For example, the EBC DXE driver creates code
> trampolines in page allocations, and expects them to be executable.
> However, this change would flag that driver as NX compat too.
>
[-- Attachment #2: Type: text/html, Size: 3849 bytes --]
next prev parent reply other threads:[~2023-06-27 22:24 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-23 15:44 [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met Joey Vagedes
2023-06-23 15:44 ` [PATCH v1 1/2] MdePkg: IndustryStandard: Add DLL Characteristics Joey Vagedes
2023-06-27 20:12 ` Michael D Kinney
2023-06-27 21:42 ` Joey Vagedes
2023-06-27 23:51 ` Michael D Kinney
2023-06-23 15:44 ` [PATCH v1 2/2] BaseTools: GenFw: auto-set nxcompat flag Joey Vagedes
2023-07-06 15:26 ` Joey Vagedes
2023-07-09 23:24 ` Rebecca Cran
2023-06-23 16:11 ` [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met Ard Biesheuvel
2023-06-27 22:23 ` Joey Vagedes [this message]
2023-06-25 2:44 ` 回复: " gaoliming
2023-06-26 21:58 ` Joey Vagedes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKURc-9nLqeDrdXmNo6V+M1Kk=Mvr4QSagApMJhQ9XdGvyFamQ@mail.gmail.com' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox