PE Loader: support and require NX - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Peter Jones <pjones@redhat.com>	2021-12-02 18:29:50 -0500
committer	Peter Jones <pjones@redhat.com>	2022-05-17 19:01:03 -0400
commit	226fee25ffcbd29988399ba080c7706eb1d52251 (patch)
tree	99481eef73d898ce4f5e4499b0d6451e5eeb14fd /Cryptlib/OpenSSL
parent	465663e5f6b350abdb18f0ab51ec8924e739bc78 (diff)
download	efi-boot-shim-226fee25ffcbd29988399ba080c7706eb1d52251.tar.gz efi-boot-shim-226fee25ffcbd29988399ba080c7706eb1d52251.zip

PE Loader: support and require NX

This adds support in our PE loader for NX support utilizing the EFI_MEMORY_ATTRIBUTE protocol. Specifically, it changes the loader such that: - binaries without the EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT flag set in the Optional Header are rejected as EFI_UNSUPPORTED - binaries with non-discardable sections that have both the EFI_SCN_MEM_WRITE and EFI_SCN_MEM_EXECUTE flags set are rejected as EFI_UNSUPPORTED - if the EFI_MEMORY_ATTRIBUTE protocol is installed, then: - sections without the EFI_SCN_MEM_READ flag set will be marked with EFI_MEMORY_RP - sections without the EFI_SCN_MEM_WRITE flag set will be marked with EFI_MEMORY_RO - sections without the EFI_SCN_MEM_EXECUTE flag set will be marked with EFI_MEMORY_XP Signed-off-by: Peter Jones <pjones@redhat.com>

Diffstat (limited to 'Cryptlib/OpenSSL')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: