| Message ID | 1488379344-16273-5-git-send-email-ard.biesheuvel@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | ArmPkg, ArmVirtpkg ARM: enable strict memory protection | expand |
On 03/01/17 15:42, Ard Biesheuvel wrote: > Like for AARCH64, enable PE/COFF image and NX memory protection for all > 32-bit ARM virt platforms. > > Note that this does not [yet] protect EfiLoaderData regions, due to > compatibility issues with GRUB. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > --- > ArmVirtPkg/ArmVirt.dsc.inc | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc > index a91b27f13cf2..acfb71d3ff6c 100644 > --- a/ArmVirtPkg/ArmVirt.dsc.inc > +++ b/ArmVirtPkg/ArmVirt.dsc.inc > @@ -18,7 +18,7 @@ [Defines] > DEFINE TTY_TERMINAL = FALSE > > [BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION] > - GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000 > + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 > > [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] > GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000 > @@ -373,10 +373,6 @@ [PcdsFixedAtBuild.common] > gArmVirtTokenSpaceGuid.PcdTerminalTypeGuidBuffer|{0x80, 0x6d, 0x91, 0x7d, 0xb1, 0x5b, 0x8c, 0x45, 0xa4, 0x8f, 0xe2, 0x5f, 0xdd, 0x51, 0xef, 0x94} > !endif > > -[PcdsFixedAtBuild.ARM] > - gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 > - > -[PcdsFixedAtBuild.AARCH64] > # > # Enable strict image permissions for all images. (This applies > # only to images that were built with >= 4 KB section alignment.) > @@ -390,6 +386,9 @@ [PcdsFixedAtBuild.AARCH64] > # > gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 > > +[PcdsFixedAtBuild.ARM] > + gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 > + > [Components.common] > # > # Networking stack > Reviewed-by: Laszlo Ersek <lersek@redhat.com> _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index a91b27f13cf2..acfb71d3ff6c 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -18,7 +18,7 @@ [Defines] DEFINE TTY_TERMINAL = FALSE [BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION] - GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000 + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000 @@ -373,10 +373,6 @@ [PcdsFixedAtBuild.common] gArmVirtTokenSpaceGuid.PcdTerminalTypeGuidBuffer|{0x80, 0x6d, 0x91, 0x7d, 0xb1, 0x5b, 0x8c, 0x45, 0xa4, 0x8f, 0xe2, 0x5f, 0xdd, 0x51, 0xef, 0x94} !endif -[PcdsFixedAtBuild.ARM] - gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 - -[PcdsFixedAtBuild.AARCH64] # # Enable strict image permissions for all images. (This applies # only to images that were built with >= 4 KB section alignment.) @@ -390,6 +386,9 @@ [PcdsFixedAtBuild.AARCH64] # gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 +[PcdsFixedAtBuild.ARM] + gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 + [Components.common] # # Networking stack
Like for AARCH64, enable PE/COFF image and NX memory protection for all 32-bit ARM virt platforms. Note that this does not [yet] protect EfiLoaderData regions, due to compatibility issues with GRUB. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> --- ArmVirtPkg/ArmVirt.dsc.inc | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel