Hi Liming,

This is being done as a part of the memory protections work which can be reviewed here: Task Table · Memory Protections (github.com)

Overall, DxeCore will ingest the NX_COMPAT flag on image load.

In the base case, when modules make allocations of type EfiLoaderCode, EfiBootServicesCode, and EfiRuntimeServicesCode, the EFI_MEMORY_XP access attribute will be applied with the expectation that the allocating modules will remove the EFI_MEMORY_XP attribute and apply the EFI_MEMORY_RO attribute once they have loaded their code into the buffer for execution.

In the exception case, if an EFI_APPLICATION type image is loaded without the NX_COMPAT flag then allocations of type EfiLoaderCode, EfiBootServicesCode, and EfiRuntimeServicesCode will no longer have EFI_MEMORY_XP applied for the remainder of boot.

Note that a patch series for the supporting DxeCore logic has not yet been submitted.

Thanks,
Joey

On Sat, Jun 24, 2023 at 7:46 PM gaoliming <gaoliming@byosoft.com.cn> wrote:
Joey:
  Can you describe the full usage of NXCOMPAT bit? This patch sets NXCOMPAT
bit. And, which module will consume NXCOMPAT bit, how use it? DxeCore?

Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Joey Vagedes
> 发送时间: 2023年6月23日 23:45
> 收件人: devel@edk2.groups.io
> 抄送: Michael D Kinney <michael.d.kinney@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>;
> Rebecca Cran <rebecca@bsdio.com>; Bob Feng <bob.c.feng@intel.com>;
> Yuwei Chen <yuwei.chen@intel.com>
> 主题: [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if
> requirements are met
>
> Utilize GenFw to automatically set the NXCOMPAT bit of the DLL
> Characteristics
> field of the Optional Header if the following requirements are met:
>
> 1. It is a 64bit PE
> 2. The section alignment is evently divisible by 4K
> 3. No section is both EFI_IMAGE_SCN_MEM_EXECUTE and
> EFI_IMAGE_SCN_MEM_WRITE
>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Bob Feng <bob.c.feng@intel.com>
> Cc: Yuwei Chen <yuwei.chen@intel.com>
>
> Joey Vagedes (2):
>   MdePkg: IndustryStandard: Add DLL Characteristics
>   BaseTools: GenFw: auto-set nxcompat flag
>
>  MdePkg/Include/IndustryStandard/PeImage.h | 15 +++++
>  BaseTools/Source/C/GenFw/GenFw.c          | 59
> ++++++++++++++++++++
>  2 files changed, 74 insertions(+)
>
> --
> 2.41.0.windows.1
>
>
>
>
>