From nobody Sat Nov 2 14:26:47 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1487764498018777.8240723579861; Wed, 22 Feb 2017 03:54:58 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id DCFD682230; Wed, 22 Feb 2017 03:54:55 -0800 (PST) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 45ACE8222D for ; Wed, 22 Feb 2017 03:54:54 -0800 (PST) Received: by mail-wm0-x236.google.com with SMTP id r141so182823wmg.1 for ; Wed, 22 Feb 2017 03:54:54 -0800 (PST) Received: from localhost.localdomain ([160.163.32.105]) by smtp.gmail.com with ESMTPSA id j80sm1795385wmd.14.2017.02.22.03.54.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 22 Feb 2017 03:54:52 -0800 (PST) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=P96npwtwPDvNr2skcallEW/4hcWz31veF5mlyfDkPb0=; b=kAiGYzyH5NVTdEz9FKdYKhptO+uZMiarSVkkBqAJVgo4QwKmElxIFsYhznj8Dqd28n 7vWtbWFhcp8si0IXP9+Lb7+4pxzXfD8QRem/w9Bc3FNaLR+pEZgq9YVxgtU4US6setHs OkUJBOwwMcXXzOt20KV4I/qWswVsWmDzdxb08= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=P96npwtwPDvNr2skcallEW/4hcWz31veF5mlyfDkPb0=; b=IR6EmCe826D1AXrsg4xvkY5qGLGUtX8afbrVZLqKAkjTYVhSnhod/wTfeVW79hKRYN gYSruYZHc59/0UG8OwnTzCk+wYrd2lgQKtRdTZCTo0js7ZTjqZqButtY6J7Oebee4Yx1 sZDLhxUM562k9L2nW4O1mXJ9FvIIOHuH8lBvrtEG0gH0Nj9kfkNwNTdUpnFrjaMwhTFl CM902oKxQGP1JhcSguSu/Y71MutnJUQQ3VYtqbKg8z6oaxXs8UalpZc6X8osYcMS2JtZ 2j99T6YZqifbxKqywJy4b2IulAQfIWAxLOBrBIT/wg5zY1r/CwGa8CXhvsT51drf+OnA y9Pw== X-Gm-Message-State: AMke39nHA0Kg5qkedeJrG/xHYLGw9xXs9G53YurfVRyv+6KBMd1G7Gwn2egUBbt4Ojx94R+B X-Received: by 10.28.184.198 with SMTP id i189mr1936194wmf.26.1487764492867; Wed, 22 Feb 2017 03:54:52 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, lersek@redhat.com Date: Wed, 22 Feb 2017 11:54:45 +0000 Message-Id: <1487764485-18631-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [edk2] [PATCH] ArmVirtPkg/ArmVirt.dsc.inc: AARCH64: enable DXE image protection feature X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: leif.lindholm@linaro.org, Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Enable the new DXE image protection for all image, i.e., FV images but also external images that originate from disk or the network, such as OS loaders. This complements work that is underway on the arm64/Linux kernel side, to emit the OS loader with 4 KB section alignment, and a suitable split between code and data. http://marc.info/?l=3Dlinux-arm-kernel&m=3D148655557227819 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel Reviewed-by: Laszlo Ersek --- ArmVirtPkg/ArmVirt.dsc.inc | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index dbd6678accde..c0d5e7c6aa6d 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -17,6 +17,9 @@ [Defines] DEFINE DEBUG_PRINT_ERROR_LEVEL =3D 0x8000004F DEFINE TTY_TERMINAL =3D FALSE =20 +[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVE= R,BuildOptions.common.EDKII.UEFI_APPLICATION] + GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x1000 + [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS =3D -z common-page-size=3D0x1000 GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x10000 @@ -380,6 +383,13 @@ [PcdsFixedAtBuild.common] [PcdsFixedAtBuild.ARM] gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 =20 +[PcdsFixedAtBuild.AARCH64] + # + # Enable strict image permissions for all images. (This applies + # only to images that were built with >=3D 4 KB section alignment.) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 + [Components.common] # # Networking stack --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel