[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 07/10] nx: set the nx compatible flag in EFI grub images
From: |
Mate Kukri |
Subject: |
[PATCH v4 07/10] nx: set the nx compatible flag in EFI grub images |
Date: |
Wed, 12 Jun 2024 16:57:10 +0100 |
For NX, we need the grub binary to announce that it is compatible with
the NX feature. This implies that when loading the executable grub
image, several attributes are true:
- the binary doesn't need an executable stack
- the binary doesn't need sections to be both executable and writable
- the binary knows how to use the EFI Memory Attributes protocol on code
it is loading.
This patch
- adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT
- changes grub-mkimage to set that flag.
Original-Author: Peter Jones <pjones@redhat.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
---
include/grub/efi/pe32.h | 2 ++
util/mkimage.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
index 4e6e9d254..9887e14b2 100644
--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
@@ -231,6 +231,8 @@ struct grub_pe64_optional_header
#define GRUB_PE32_SUBSYSTEM_EFI_APPLICATION 10
+#define GRUB_PE32_NX_COMPAT 0x0100
+
#define GRUB_PE32_NUM_DATA_DIRECTORIES 16
struct grub_pe32_section_table
diff --git a/util/mkimage.c b/util/mkimage.c
index 4237383ac..9b4720e21 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -1403,6 +1403,7 @@ grub_install_generate_image (const char *dir, const char
*prefix,
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdangling-pointer"
#endif
+ PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16
(GRUB_PE32_NX_COMPAT);
PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size);
PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32
(layout.start_address);
PE_OHDR (o32, o64, image_base) = 0;
--
2.39.2
- Re: [PATCH v4 02/10] modules: strip .llvm_addrsig sections and similar., (continued)
- [PATCH v4 01/10] modules: make .module_license read-only, Mate Kukri, 2024/06/12
- [PATCH v4 03/10] modules: Don't allocate space for non-allocable sections., Mate Kukri, 2024/06/12
- [PATCH v4 05/10] nx: add memory attribute get/set API, Mate Kukri, 2024/06/12
- [PATCH v4 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required., Mate Kukri, 2024/06/12
- [PATCH v4 04/10] modules: load module sections at page-aligned addresses, Mate Kukri, 2024/06/12
- [PATCH v4 07/10] nx: set the nx compatible flag in EFI grub images,
Mate Kukri <=
- [PATCH v4 08/10] efi: Provide wrappers for load_image, start_image, unload_image, Mate Kukri, 2024/06/12
- [PATCH v4 09/10] efi: Use shim's loader protocol for EFI image verification and loading, Mate Kukri, 2024/06/12
- Re: [PATCH v4 00/10] UEFI NX support and NX Linux loader using shim loader protocol, Daniel Kiper, 2024/06/25