From nobody Wed Apr 24 01:38:58 2024
Delivered-To: importer@patchew.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Authentication-Results: mx.zoho.com;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org;
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1487764498018777.8240723579861;
 Wed, 22 Feb 2017 03:54:58 -0800 (PST)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id DCFD682230;
	Wed, 22 Feb 2017 03:54:55 -0800 (PST)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com
 [IPv6:2a00:1450:400c:c09::236])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 45ACE8222D
 for <edk2-devel@lists.01.org>; Wed, 22 Feb 2017 03:54:54 -0800 (PST)
Received: by mail-wm0-x236.google.com with SMTP id r141so182823wmg.1
 for <edk2-devel@lists.01.org>; Wed, 22 Feb 2017 03:54:54 -0800 (PST)
Received: from localhost.localdomain ([160.163.32.105])
 by smtp.gmail.com with ESMTPSA id j80sm1795385wmd.14.2017.02.22.03.54.51
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Wed, 22 Feb 2017 03:54:52 -0800 (PST)
X-Original-To: edk2-devel@lists.01.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id;
 bh=P96npwtwPDvNr2skcallEW/4hcWz31veF5mlyfDkPb0=;
 b=kAiGYzyH5NVTdEz9FKdYKhptO+uZMiarSVkkBqAJVgo4QwKmElxIFsYhznj8Dqd28n
 7vWtbWFhcp8si0IXP9+Lb7+4pxzXfD8QRem/w9Bc3FNaLR+pEZgq9YVxgtU4US6setHs
 OkUJBOwwMcXXzOt20KV4I/qWswVsWmDzdxb08=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=P96npwtwPDvNr2skcallEW/4hcWz31veF5mlyfDkPb0=;
 b=IR6EmCe826D1AXrsg4xvkY5qGLGUtX8afbrVZLqKAkjTYVhSnhod/wTfeVW79hKRYN
 gYSruYZHc59/0UG8OwnTzCk+wYrd2lgQKtRdTZCTo0js7ZTjqZqButtY6J7Oebee4Yx1
 sZDLhxUM562k9L2nW4O1mXJ9FvIIOHuH8lBvrtEG0gH0Nj9kfkNwNTdUpnFrjaMwhTFl
 CM902oKxQGP1JhcSguSu/Y71MutnJUQQ3VYtqbKg8z6oaxXs8UalpZc6X8osYcMS2JtZ
 2j99T6YZqifbxKqywJy4b2IulAQfIWAxLOBrBIT/wg5zY1r/CwGa8CXhvsT51drf+OnA
 y9Pw==
X-Gm-Message-State: 
 AMke39nHA0Kg5qkedeJrG/xHYLGw9xXs9G53YurfVRyv+6KBMd1G7Gwn2egUBbt4Ojx94R+B
X-Received: by 10.28.184.198 with SMTP id i189mr1936194wmf.26.1487764492867;
 Wed, 22 Feb 2017 03:54:52 -0800 (PST)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org,
	lersek@redhat.com
Date: Wed, 22 Feb 2017 11:54:45 +0000
Message-Id: <1487764485-18631-1-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.7.4
Subject: [edk2] [PATCH] ArmVirtPkg/ArmVirt.dsc.inc: AARCH64: enable DXE
 image protection feature
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: leif.lindholm@linaro.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail: RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Enable the new DXE image protection for all image, i.e., FV images but
also external images that originate from disk or the network, such as
OS loaders.

This complements work that is underway on the arm64/Linux kernel side,
to emit the OS loader with 4 KB section alignment, and a suitable split
between code and data.

http://marc.info/?l=3Dlinux-arm-kernel&m=3D148655557227819

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 ArmVirtPkg/ArmVirt.dsc.inc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index dbd6678accde..c0d5e7c6aa6d 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -17,6 +17,9 @@ [Defines]
   DEFINE DEBUG_PRINT_ERROR_LEVEL =3D 0x8000004F
   DEFINE TTY_TERMINAL            =3D FALSE
=20
+[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVE=
R,BuildOptions.common.EDKII.UEFI_APPLICATION]
+  GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x1000
+
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
   GCC:*_*_ARM_DLINK_FLAGS =3D -z common-page-size=3D0x1000
   GCC:*_*_AARCH64_DLINK_FLAGS =3D -z common-page-size=3D0x10000
@@ -380,6 +383,13 @@ [PcdsFixedAtBuild.common]
 [PcdsFixedAtBuild.ARM]
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40
=20
+[PcdsFixedAtBuild.AARCH64]
+  #
+  # Enable strict image permissions for all images. (This applies
+  # only to images that were built with >=3D 4 KB section alignment.)
+  #
+  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3
+
 [Components.common]
   #
   # Networking stack
--=20
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel