diff options
| author | Peter Jones <pjones@redhat.com> | 2022-11-17 12:31:31 -0500 |
|---|---|---|
| committer | Jan Setje-Eilers <73182357+jsetje@users.noreply.github.com> | 2023-01-27 10:03:31 -0800 |
| commit | 7c7642530fab73facaf3eac233cfbce29e10b0ef (patch) | |
| tree | 16540bef4f8e1afe6e503082a7612381439b9c53 /Cryptlib/SysCall/BaseMemAllocation.c | |
| parent | 657b2483ca6e9fcf2ad8ac7ee577ff546d24c3aa (diff) | |
| download | efi-boot-shim-7c7642530fab73facaf3eac233cfbce29e10b0ef.tar.gz efi-boot-shim-7c7642530fab73facaf3eac233cfbce29e10b0ef.zip | |
Enable the NX compatibility flag by default.
Currently by default, when we build shim we do not set the PE
NX-compatibility DLL Characteristic flag. This signifies to the
firmware that shim (including the components it loads) is not prepared
for several related firmware changes:
- non-executable stack
- non-executable pages from AllocatePages()/AllocatePool()/etc.
- non-writable 0 page (not strictly related but some firmware will be
transitioning at the same time)
- the need to use the UEFI 2.10 Memory Attribute Protocol to set page
permissions.
This patch changes that default to be enabled by default. Distributors
of shim will need to ensure that either their builds disable this bit
(using "post-process-pe -N"), or that the bootloaders and kernels you
support loading are all compliant with this change. A new make
variable, POST_PROCESS_PE_FLAGS, has been added to simplify doing so.
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'Cryptlib/SysCall/BaseMemAllocation.c')
0 files changed, 0 insertions, 0 deletions