diff mbox series

[edk2,v4,7/7] ArmVirtPkg/ArmVirt.dsc.inc: enable NX memory protection for all platforms

Message ID 1488206291-25768-8-git-send-email-ard.biesheuvel@linaro.org
State New
Headers show
Series MdeModulePkg/DxeCore: increased memory protection | expand

Commit Message

Ard Biesheuvel Feb. 27, 2017, 2:38 p.m. UTC
This sets the recently introduced PCD PcdDxeNxMemoryProtectionPolicy to
a value that protects all memory regions except code regions against
inadvertent execution.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

---
 ArmVirtPkg/ArmVirt.dsc.inc | 6 ++++++
 1 file changed, 6 insertions(+)

-- 
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
diff mbox series

Patch

diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 151f413f1b2b..c9f20d570049 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -383,6 +383,12 @@  [PcdsFixedAtBuild.AARCH64]
   #
   gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3
 
+  #
+  # Enable NX memory protection for all non-code regions, including OEM and OS
+  # reserved ones.
+  #
+  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5
+
 [Components.common]
   #
   # Networking stack