[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v1 13/15] nx: set the nx compatible flag in EFI grub images
|
From: |
Leo Sandoval |
|
Subject: |
[PATCH v1 13/15] nx: set the nx compatible flag in EFI grub images |
|
Date: |
Thu, 31 Oct 2024 13:42:56 -0600 |
From: Peter Jones <pjones@redhat.com>
For NX, we need the grub binary to announce that it is compatible with
the NX feature. This implies that when loading the executable grub
image, several attributes are true:
- the binary doesn't need an executable stack
- the binary doesn't need sections to be both executable and writable
- the binary knows how to use the EFI Memory Attributes protocol on code
it is loading.
This patch adds a definition for the PE DLL Characteristics flag
GRUB_PE32_NX_COMPAT, and changes grub-mkimage to set that flag.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
include/grub/efi/pe32.h | 2 ++
util/mkimage.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
index 4e6e9d254..9887e14b2 100644
--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
@@ -231,6 +231,8 @@ struct grub_pe64_optional_header
#define GRUB_PE32_SUBSYSTEM_EFI_APPLICATION 10
+#define GRUB_PE32_NX_COMPAT 0x0100
+
#define GRUB_PE32_NUM_DATA_DIRECTORIES 16
struct grub_pe32_section_table
diff --git a/util/mkimage.c b/util/mkimage.c
index 4237383ac..9b4720e21 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -1403,6 +1403,7 @@ grub_install_generate_image (const char *dir, const char
*prefix,
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdangling-pointer"
#endif
+ PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16
(GRUB_PE32_NX_COMPAT);
PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size);
PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32
(layout.start_address);
PE_OHDR (o32, o64, image_base) = 0;
--
2.46.2
- [PATCH v1 00/15] Fedora Rawhide (non-network) EFI patches, Leo Sandoval, 2024/10/31
- [PATCH v1 01/15] misc: Make "exit" take a return code., Leo Sandoval, 2024/10/31
- [PATCH v1 02/15] efi/init: Make efi machines load an env block from a variable, Leo Sandoval, 2024/10/31
- [PATCH v1 05/15] efi/api: Add PRIxGRUB_EFI_STATUS and use it., Leo Sandoval, 2024/10/31
- [PATCH v1 10/15] env: Add efi-export-env and efi-load-env commands, Leo Sandoval, 2024/10/31
- [PATCH v1 06/15] efi: don't use int for efi status, Leo Sandoval, 2024/10/31
- [PATCH v1 07/15] grub-install: Don't guess /boot/efi/ as HFS+ on ppc machines in grub-install, Leo Sandoval, 2024/10/31
- [PATCH v1 08/15] misc: align struct efi_variable better..., Leo Sandoval, 2024/10/31
- [PATCH v1 13/15] nx: set the nx compatible flag in EFI grub images,
Leo Sandoval <=
- [PATCH v1 11/15] grub-install: disable support for EFI platforms, Leo Sandoval, 2024/10/31
- [PATCH v1 04/15] chainloader: Use grub_efi_...() memory helpers where reasonable., Leo Sandoval, 2024/10/31
- [PATCH v1 03/15] efi: Add grub_efi_allocate_pool() and grub_efi_free_pool() wrappers., Leo Sandoval, 2024/10/31
- [PATCH v1 09/15] console: Work around some minor include path weirdnesses, Leo Sandoval, 2024/10/31
- [PATCH v1 12/15] connectefi: new 'connectefi' command, Leo Sandoval, 2024/10/31
- [PATCH v1 15/15] 25_bli.in 30_uefi_firmware.in: load EFI commands inside test expressions, Leo Sandoval, 2024/10/31
- [PATCH v1 14/15] grub-install: install on EFI if forced, Leo Sandoval, 2024/10/31