PE Loader: support and require NX

This adds support in our PE loader for NX support utilizing the
EFI_MEMORY_ATTRIBUTE protocol.  Specifically, it changes the loader such
that:

- binaries without the EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT flag set
  in the Optional Header are rejected as EFI_UNSUPPORTED
- binaries with non-discardable sections that have both the
  EFI_SCN_MEM_WRITE and EFI_SCN_MEM_EXECUTE flags set are rejected as
  EFI_UNSUPPORTED
- if the EFI_MEMORY_ATTRIBUTE protocol is installed, then:
  - sections without the EFI_SCN_MEM_READ flag set will be marked with
    EFI_MEMORY_RP
  - sections without the EFI_SCN_MEM_WRITE flag set will be marked with
    EFI_MEMORY_RO
  - sections without the EFI_SCN_MEM_EXECUTE flag set will be marked
    with EFI_MEMORY_XP

Signed-off-by: Peter Jones <pjones@redhat.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/include/guid.h b/include/guid.h
index 07a19a91..d9910ff1 100644
--- a/include/guid.h
+++ b/include/guid.h
@@ -33,8 +33,8 @@ extern EFI_GUID EFI_SECURE_BOOT_DB_GUID;
 extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID;
 extern EFI_GUID SECURITY_PROTOCOL_GUID;
 extern EFI_GUID SECURITY2_PROTOCOL_GUID;
+extern EFI_GUID EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
 extern EFI_GUID SHIM_LOCK_GUID;
-
 extern EFI_GUID MOK_VARIABLE_STORE;
 
 #endif /* SHIM_GUID_H */