On 03/01/17 15:42, Ard Biesheuvel wrote:
> Like for AARCH64, enable PE/COFF image and NX memory protection for all
> 32-bit ARM virt platforms.
>
> Note that this does not [yet] protect EfiLoaderData regions, due to
> compatibility issues with GRUB.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> ArmVirtPkg/ArmVirt.dsc.inc | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> index a91b27f13cf2..acfb71d3ff6c 100644
> --- a/ArmVirtPkg/ArmVirt.dsc.inc
> +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> @@ -18,7 +18,7 @@ [Defines]
> DEFINE TTY_TERMINAL = FALSE
>
> [BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION]
> - GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000
> + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
>
> [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
> GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000
> @@ -373,10 +373,6 @@ [PcdsFixedAtBuild.common]
> gArmVirtTokenSpaceGuid.PcdTerminalTypeGuidBuffer|{0x80, 0x6d, 0x91, 0x7d, 0xb1, 0x5b, 0x8c, 0x45, 0xa4, 0x8f, 0xe2, 0x5f, 0xdd, 0x51, 0xef, 0x94}
> !endif
>
> -[PcdsFixedAtBuild.ARM]
> - gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40
> -
> -[PcdsFixedAtBuild.AARCH64]
> #
> # Enable strict image permissions for all images. (This applies
> # only to images that were built with >= 4 KB section alignment.)
> @@ -390,6 +386,9 @@ [PcdsFixedAtBuild.AARCH64]
> #
> gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1
>
> +[PcdsFixedAtBuild.ARM]
> + gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40
> +
> [Components.common]
> #
> # Networking stack
>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel