From nobody Fri May 10 08:25:53 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+106296+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+106296+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1687536231; cv=none;
	d=zohomail.com; s=zohoarc;
	b=fkzhaIrOiCwhuveRXzYGIW9NtgbIx698Hy/it5CF2zAQC6LoaLTzUUCDvNDRHMrVgLmZG5No2RGUHHcXv3WwnyqiZvPlOAscFJnXKRHYPv5f9cHboOSp8pzpvtieqSnnYE0/pHENpEoT1C/PJhGQzCnKbJjmPZMdpHXu9q2fC/g=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1687536231;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=hNi4JSo59RFVLBwInL2H02RDQ5H0PmWiNF90usGdNLc=;
	b=UueHLsrVJVEhfvftIgwIW/tt+gpr3dEuuapozK1d1xRhUbSYbX8JpzrVowbE0lUiqV8YsZ8HX36Bl0pyoydLV/Y3okqk0szVypESzYga6pEffj6UmPSfIVq10+DBb0bmLXJ8cvroC03SFCpjUu7MFtFsFs64LD8E1hB/ZGZAa5A=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+106296+1787277+3901457@groups.io;
	dmarc=fail header.from=<joey.vagedes@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1687536231035320.3622198115304;
 Fri, 23 Jun 2023 09:03:51 -0700 (PDT)
Return-Path: <bounce+27952+106296+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id GP3fYY1788612xAWIOhh88T8;
 Fri, 23 Jun 2023 09:03:50 -0700
X-Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com
 [209.85.216.46])
 by mx.groups.io with SMTP id smtpd.web11.1910.1687535095765618300
 for <devel@edk2.groups.io>;
 Fri, 23 Jun 2023 08:44:55 -0700
X-Received: by mail-pj1-f46.google.com with SMTP id
 98e67ed59e1d1-25e83a63143so544445a91.3
        for <devel@edk2.groups.io>; Fri, 23 Jun 2023 08:44:55 -0700 (PDT)
X-Gm-Message-State: uJ6UIiQbL78JBvxh2963uoGox1787277AA=
X-Google-Smtp-Source: 
 ACHHUZ5g9PFnKQe4iA8m02B/0LtEWLCJX2ObwJzyjlUIo5FpmOuqA+x98BLOy8sb7bsQ6lNzfJ8eGA==
X-Received: by 2002:a17:90a:fe0d:b0:256:4217:b955 with SMTP id
 ck13-20020a17090afe0d00b002564217b955mr19433412pjb.35.1687535094794;
        Fri, 23 Jun 2023 08:44:54 -0700 (PDT)
X-Received: from localhost.localdomain ([174.164.102.13])
        by smtp.gmail.com with ESMTPSA id
 e14-20020a17090ac20e00b0025bb1bdb989sm1654192pjt.29.2023.06.23.08.44.53
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 23 Jun 2023 08:44:54 -0700 (PDT)
From: Joey Vagedes <joey.vagedes@gmail.com>
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>
Subject: [edk2-devel] [PATCH v1 1/2] MdePkg: IndustryStandard: Add DLL
 Characteristics
Date: Fri, 23 Jun 2023 08:44:41 -0700
Message-ID: <20230623154442.799-2-joey.vagedes@gmail.com>
In-Reply-To: <20230623154442.799-1-joey.vagedes@gmail.com>
References: <20230623154442.799-1-joey.vagedes@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,joey.vagedes@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1687536230;
 bh=QG9/4gFEg7wcMpIzquoEpL++4xjQDma+tz4jonwXNcE=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=IoEE5BKN4Sg4suI8VFAmEow4GfE+PaMlY7nhU8Prq+12+iPRH86l9zA5yXZBX6siT8I
 r1hT0cBosqGq78CDAy3UqszwE8YDEjoC42TtcJQzQE/Mi/walZgvM5XvPWAgdGSsBgM43
 mbvo+sCvKmUJMH4+7+xvy/vGjjt2/nOmX+Q=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1687536232467100007
Content-Type: text/plain; charset="utf-8"

Add the bit masks for DLL Characteristics, used within the optional
header of a PE, to the PeImage.h header file.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Joey Vagedes <joeyvagedes@gmail.com>
---
 MdePkg/Include/IndustryStandard/PeImage.h | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/MdePkg/Include/IndustryStandard/PeImage.h b/MdePkg/Include/Ind=
ustryStandard/PeImage.h
index 47037049348c..430e8988f550 100644
--- a/MdePkg/Include/IndustryStandard/PeImage.h
+++ b/MdePkg/Include/IndustryStandard/PeImage.h
@@ -269,6 +269,21 @@ typedef struct {
 #define EFI_IMAGE_SUBSYSTEM_OS2_CUI      5
 #define EFI_IMAGE_SUBSYSTEM_POSIX_CUI    7
=20
+//
+// DLL Characteristics
+//
+#define IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA        0x0020
+#define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE           0x0040
+#define IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY        0x0080
+#define IMAGE_DLLCHARACTERISTICS_NX_COMPAT              0x0100
+#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION           0x0200
+#define IMAGE_DLLCHARACTERISTICS_NO_SEH                 0x0400
+#define IMAGE_DLLCHARACTERISTICS_NO_BIND                0x0800
+#define IMAGE_DLLCHARACTERISTICS_APPCONTAINER           0x1000
+#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER             0x2000
+#define IMAGE_DLLCHARACTERISTICS_GUARD_CF               0x4000
+#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE  0x8000
+
 ///
 /// Length of ShortName.
 ///
--=20
2.41.0.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106296): https://edk2.groups.io/g/devel/message/106296
Mute This Topic: https://groups.io/mt/99721319/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
From nobody Fri May 10 08:25:53 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+106297+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+106297+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1687536230; cv=none;
	d=zohomail.com; s=zohoarc;
	b=BIu95LPwdQUn/LAAZTgrSfUAOqr+rV0opmuRviae89LdU3T+niaS3YpDoDUtSl3TqH9qce/Oo/fXHnwTnbsg/DooXz468xWKnanx99dRunIYDYTk5UgPOdO+DV9StORXz8MNSw79LWDHkb32WO+qDo+cflVUM4Jc7VLY/SK8ULY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1687536230;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=meNjIlqTddhHjIfBVeuVUKFdecPOyj7rQwbzV4hQgUs=;
	b=GMmSWCg7+AhEzZHJ9Gr+BHOivbluqPcmjXeRZBBLCrvto0ixKNYUFCQdmgbwUfvxUwyJ/WkoZ32F6cXC0D+2jIH1Z5Zn+h2NjcsIAB91qc6Jw4Uyfp7tji4OU6a9z0ry/aWyKBm4aaOeu59HS1Q4VKH3/Fx0IbolIIjkezjxmuM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+106297+1787277+3901457@groups.io;
	dmarc=fail header.from=<joey.vagedes@gmail.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1687536230574222.6559743921074;
 Fri, 23 Jun 2023 09:03:50 -0700 (PDT)
Return-Path: <bounce+27952+106297+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id M31hYY1788612xNZjju8Vs1W;
 Fri, 23 Jun 2023 09:03:50 -0700
X-Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com
 [209.85.215.177])
 by mx.groups.io with SMTP id smtpd.web10.1839.1687535096829629396
 for <devel@edk2.groups.io>;
 Fri, 23 Jun 2023 08:44:56 -0700
X-Received: by mail-pg1-f177.google.com with SMTP id
 41be03b00d2f7-54fd6aa3b0dso550553a12.2
        for <devel@edk2.groups.io>; Fri, 23 Jun 2023 08:44:56 -0700 (PDT)
X-Gm-Message-State: fGXLAAv6TH3TKY06vqyE5Pmux1787277AA=
X-Google-Smtp-Source: 
 ACHHUZ4loA/pluBCzBSjH50DyJmUzHViJq8TBSILDMvtkCZabO6AXUIBmxgcMnFMkM3DqlCIikFokQ==
X-Received: by 2002:a17:90a:28a3:b0:255:c829:b638 with SMTP id
 f32-20020a17090a28a300b00255c829b638mr14315742pjd.9.1687535095848;
        Fri, 23 Jun 2023 08:44:55 -0700 (PDT)
X-Received: from localhost.localdomain ([174.164.102.13])
        by smtp.gmail.com with ESMTPSA id
 e14-20020a17090ac20e00b0025bb1bdb989sm1654192pjt.29.2023.06.23.08.44.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 23 Jun 2023 08:44:55 -0700 (PDT)
From: Joey Vagedes <joey.vagedes@gmail.com>
To: devel@edk2.groups.io
Cc: Rebecca Cran <rebecca@bsdio.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Bob Feng <bob.c.feng@intel.com>,
	Yuwei Chen <yuwei.chen@intel.com>
Subject: [edk2-devel] [PATCH v1 2/2] BaseTools: GenFw: auto-set nxcompat flag
Date: Fri, 23 Jun 2023 08:44:42 -0700
Message-ID: <20230623154442.799-3-joey.vagedes@gmail.com>
In-Reply-To: <20230623154442.799-1-joey.vagedes@gmail.com>
References: <20230623154442.799-1-joey.vagedes@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,joey.vagedes@gmail.com
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1687536230;
 bh=U/3A1OvXNJbOlImSY92KoyjrrZcuEsT6xf+zrWp/cSE=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=KlMGfXuvK85aLqUKJj2nZXEiA/mxOBMEgbmJvGflsWAOHuFaMKVfkUjFrZKBnSCn/Y/
 5NZhOAoUTe1WW5SiO/0aYnT77elvaAT/8WUi0OCt4+fhpHwo/HvZLS6W9VsNVmwSJeDf0
 DWtVQmJVb4ZcEMmoklQv1n6iOUak3ErYD4A=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1687536232475100008
Content-Type: text/plain; charset="utf-8"

Automatically set the nxcompat flag in the DLL Characteristics field of
the Optional Header of the PE32+ image. For this flag to be set
automatically, it must, the section alignment must be evenly divisible
by 4K (EFI_PAGE_SIZE) and no section must be executable and writable.

Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Signed-off-by: Joey Vagedes <joeyvagedes@gmail.com>
---
 BaseTools/Source/C/GenFw/GenFw.c | 59 ++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/BaseTools/Source/C/GenFw/GenFw.c b/BaseTools/Source/C/GenFw/Ge=
nFw.c
index 0289c8ef8a5c..4581c4233c14 100644
--- a/BaseTools/Source/C/GenFw/GenFw.c
+++ b/BaseTools/Source/C/GenFw/GenFw.c
@@ -441,6 +441,60 @@ Returns:
   return STATUS_SUCCESS;
 }
=20
+STATIC
+BOOLEAN
+IsNxCompatCompliant (
+  EFI_IMAGE_OPTIONAL_HEADER_UNION  *PeHdr
+  )
+/*++
+
+Routine Description:
+
+  Checks if the Pe image is nxcompat. i.e. PE is 64bit, section alignment =
is
+  evenly divisible by 4k, and no section is writable and executable.
+
+Arguments:
+
+  PeHdr      The Pe header
+
+Returns:
+  TRUE       The PE is nx compat compliant
+  FALSE      The PE is not nx compat compliant
+
+--*/
+{
+  EFI_IMAGE_SECTION_HEADER     *SectionHeader;
+  UINT32                       Index;
+  UINT32                       Mask;
+
+  // Must have an optional header to perform verification
+  if (PeHdr->Pe32.FileHeader.SizeOfOptionalHeader =3D=3D 0) {
+    return FALSE;
+  }
+
+  // Verify PE is 64 bit
+  if (!(PeHdr->Pe32.OptionalHeader.Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR6=
4_MAGIC)) {
+    return FALSE;
+  }
+
+  // Verify Section Alignment is divisible by 4K
+  if (!((PeHdr->Pe32Plus.OptionalHeader.SectionAlignment % EFI_PAGE_SIZE) =
=3D=3D 0)) {
+    return FALSE;
+  }
+
+  // Verify sections are not Write & Execute
+  Mask =3D EFI_IMAGE_SCN_MEM_EXECUTE | EFI_IMAGE_SCN_MEM_WRITE;
+  SectionHeader =3D (EFI_IMAGE_SECTION_HEADER *) ((UINT8 *) &(PeHdr->Pe32P=
lus.OptionalHeader) + PeHdr->Pe32Plus.FileHeader.SizeOfOptionalHeader);
+  for (Index =3D 0; Index < PeHdr->Pe32Plus.FileHeader.NumberOfSections; I=
ndex ++, SectionHeader ++) {
+    if ((SectionHeader->Characteristics & Mask) =3D=3D Mask) {
+      return FALSE;
+    }
+  }
+
+  // Passed all requirements, return TRUE
+  return TRUE;
+}
+
 VOID
 SetHiiResourceHeader (
   UINT8   *HiiBinData,
@@ -2458,6 +2512,11 @@ Returns:
     TEImageHeader.BaseOfCode          =3D Optional64->BaseOfCode;
     TEImageHeader.ImageBase           =3D (UINT64) (Optional64->ImageBase);
=20
+    // Set NxCompat flag
+    if (IsNxCompatCompliant (PeHdr)) {
+      Optional64->DllCharacteristics |=3D IMAGE_DLLCHARACTERISTICS_NX_COMP=
AT;
+    }
+
     if (Optional64->NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_BASERE=
LOC) {
       TEImageHeader.DataDirectory[EFI_TE_IMAGE_DIRECTORY_ENTRY_BASERELOC].=
VirtualAddress =3D Optional64->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASE=
RELOC].VirtualAddress;
       TEImageHeader.DataDirectory[EFI_TE_IMAGE_DIRECTORY_ENTRY_BASERELOC].=
Size =3D Optional64->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].Siz=
e;
--=20
2.41.0.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106297): https://edk2.groups.io/g/devel/message/106297
Mute This Topic: https://groups.io/mt/99721320/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-