From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web11.2547.1687536694438121519
 for <devel@edk2.groups.io>;
 Fri, 23 Jun 2023 09:11:34 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=U7wmN6AD;
 spf=pass (domain: kernel.org, ip: 139.178.84.217, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id CF36661AAF
	for <devel@edk2.groups.io>; Fri, 23 Jun 2023 16:11:33 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37E51C433C9
	for <devel@edk2.groups.io>; Fri, 23 Jun 2023 16:11:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1687536693;
	bh=PgC3ykrshWcY0YHA+jDvfYYIBh6OzFo9/vAzguv0sYs=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=U7wmN6ADHchYKrxTuw0H1qaoPS7+I5RWaDw96fHzWgrX3d54MJE9aOomxanaIrFZd
	 l8vIYf3dTVlhm3tgcyVByzlXRf05/mpSGir9iBd2FDWxqL/6256eYA5p1paY5zVcF4
	 wxVY+W5NjyjqvuIe0fpaSgT5ts+YpoJNOpcgVHyHGGXTL/IIk9qmikqbh5iGCSJVaB
	 dQnRvVvgCte5FJgbZ+maouVrb4NQmY/NPpjHbOKVmGCufU3al9VCQgSdmiQI0p+qwt
	 tBxqishzxTtNnq5bYiwvkTT6PQE1yd6LrgnRVj6sxIN7aHTnxW7rLNQLCL3ukCbHDg
	 GFHDvMEP8brnA==
Received: by mail-lf1-f48.google.com with SMTP id 2adb3069b0e04-4f4b2bc1565so1134915e87.2
        for <devel@edk2.groups.io>; Fri, 23 Jun 2023 09:11:33 -0700 (PDT)
X-Gm-Message-State: AC+VfDxnGy3xdDDXDVItqMfNrX3vxM4m6MQMlbWGwZrlp6Ycyl1nvKDS
	TXg+9SiKa2cGQBG+oLrVvNi8A0PBMAdmZTOKf2o=
X-Google-Smtp-Source: ACHHUZ6EsE/DpL1QDUG3t6OupmJzLAUKqZoShq/T7zdy4cJQFCWkp/eynDbcQZeZuXrGsq2gKD5IvAxhUw+z/M2Ncik=
X-Received: by 2002:a19:6918:0:b0:4f8:7556:23eb with SMTP id
 e24-20020a196918000000b004f8755623ebmr9070909lfc.39.1687536690986; Fri, 23
 Jun 2023 09:11:30 -0700 (PDT)
MIME-Version: 1.0
References: <20230623154442.799-1-joey.vagedes@gmail.com>
In-Reply-To: <20230623154442.799-1-joey.vagedes@gmail.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Fri, 23 Jun 2023 18:11:19 +0200
X-Gmail-Original-Message-ID: <CAMj1kXFV4NEDe65_zGtz5NC9gq+L9-isZcfcdYTRyc-k5gxdzA@mail.gmail.com>
Message-ID: <CAMj1kXFV4NEDe65_zGtz5NC9gq+L9-isZcfcdYTRyc-k5gxdzA@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v1 0/2] Automatically set NXCOMPAT bit if requirements are met
To: devel@edk2.groups.io, joey.vagedes@gmail.com
Cc: Michael D Kinney <michael.d.kinney@intel.com>, Liming Gao <gaoliming@byosoft.com.cn>, 
	Zhiguang Liu <zhiguang.liu@intel.com>, Rebecca Cran <rebecca@bsdio.com>, 
	Bob Feng <bob.c.feng@intel.com>, Yuwei Chen <yuwei.chen@intel.com>
Content-Type: text/plain; charset="UTF-8"

On Fri, 23 Jun 2023 at 18:03, Joey Vagedes <joey.vagedes@gmail.com> wrote:
>
> Utilize GenFw to automatically set the NXCOMPAT bit of the DLL Characteristics
> field of the Optional Header if the following requirements are met:
>
> 1. It is a 64bit PE
> 2. The section alignment is evently divisible by 4K
> 3. No section is both EFI_IMAGE_SCN_MEM_EXECUTE and EFI_IMAGE_SCN_MEM_WRITE
>

Is this sufficient? For example, the EBC DXE driver creates code
trampolines in page allocations, and expects them to be executable.
However, this change would flag that driver as NX compat too.