From patchwork Wed Feb 22 11:54:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 94306 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp875204qgi; Wed, 22 Feb 2017 03:54:56 -0800 (PST) X-Received: by 10.99.67.6 with SMTP id q6mr41210188pga.156.1487764496506; Wed, 22 Feb 2017 03:54:56 -0800 (PST) Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id j16si1037896pli.308.2017.02.22.03.54.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Feb 2017 03:54:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id DCFD682230; Wed, 22 Feb 2017 03:54:55 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 45ACE8222D for ; Wed, 22 Feb 2017 03:54:54 -0800 (PST) Received: by mail-wm0-x236.google.com with SMTP id r141so182823wmg.1 for ; Wed, 22 Feb 2017 03:54:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=P96npwtwPDvNr2skcallEW/4hcWz31veF5mlyfDkPb0=; b=kAiGYzyH5NVTdEz9FKdYKhptO+uZMiarSVkkBqAJVgo4QwKmElxIFsYhznj8Dqd28n 7vWtbWFhcp8si0IXP9+Lb7+4pxzXfD8QRem/w9Bc3FNaLR+pEZgq9YVxgtU4US6setHs OkUJBOwwMcXXzOt20KV4I/qWswVsWmDzdxb08= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=P96npwtwPDvNr2skcallEW/4hcWz31veF5mlyfDkPb0=; b=IR6EmCe826D1AXrsg4xvkY5qGLGUtX8afbrVZLqKAkjTYVhSnhod/wTfeVW79hKRYN gYSruYZHc59/0UG8OwnTzCk+wYrd2lgQKtRdTZCTo0js7ZTjqZqButtY6J7Oebee4Yx1 sZDLhxUM562k9L2nW4O1mXJ9FvIIOHuH8lBvrtEG0gH0Nj9kfkNwNTdUpnFrjaMwhTFl CM902oKxQGP1JhcSguSu/Y71MutnJUQQ3VYtqbKg8z6oaxXs8UalpZc6X8osYcMS2JtZ 2j99T6YZqifbxKqywJy4b2IulAQfIWAxLOBrBIT/wg5zY1r/CwGa8CXhvsT51drf+OnA y9Pw== X-Gm-Message-State: AMke39nHA0Kg5qkedeJrG/xHYLGw9xXs9G53YurfVRyv+6KBMd1G7Gwn2egUBbt4Ojx94R+B X-Received: by 10.28.184.198 with SMTP id i189mr1936194wmf.26.1487764492867; Wed, 22 Feb 2017 03:54:52 -0800 (PST) Received: from localhost.localdomain ([160.163.32.105]) by smtp.gmail.com with ESMTPSA id j80sm1795385wmd.14.2017.02.22.03.54.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 22 Feb 2017 03:54:52 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org, lersek@redhat.com Date: Wed, 22 Feb 2017 11:54:45 +0000 Message-Id: <1487764485-18631-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [edk2] [PATCH] ArmVirtPkg/ArmVirt.dsc.inc: AARCH64: enable DXE image protection feature X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: leif.lindholm@linaro.org, Ard Biesheuvel MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Enable the new DXE image protection for all image, i.e., FV images but also external images that originate from disk or the network, such as OS loaders. This complements work that is underway on the arm64/Linux kernel side, to emit the OS loader with 4 KB section alignment, and a suitable split between code and data. http://marc.info/?l=linux-arm-kernel&m=148655557227819 Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- ArmVirtPkg/ArmVirt.dsc.inc | 10 ++++++++++ 1 file changed, 10 insertions(+) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel Reviewed-by: Laszlo Ersek diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index dbd6678accde..c0d5e7c6aa6d 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -17,6 +17,9 @@ [Defines] DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F DEFINE TTY_TERMINAL = FALSE +[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION] + GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000 + [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000 GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000 @@ -380,6 +383,13 @@ [PcdsFixedAtBuild.common] [PcdsFixedAtBuild.ARM] gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 +[PcdsFixedAtBuild.AARCH64] + # + # Enable strict image permissions for all images. (This applies + # only to images that were built with >= 4 KB section alignment.) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 + [Components.common] # # Networking stack