X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=ArmVirtPkg%2FArmVirt.dsc.inc;h=f61fd0680612e0917dc4b5ec321ddcb052bb10cb;hb=60bd1e1269ff93390a90014144a835ad71fe2fa0;hp=43699cb9bdd61d29e71253fd00e7799fb8509bfa;hpb=a76d0e88c39a10cef284eedec3bd4b57c4d83ad2;p=mirror_edk2.git diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 43699cb9bd..f61fd06806 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -17,6 +17,9 @@ DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F DEFINE TTY_TERMINAL = FALSE +[BuildOptions.common.EDKII.DXE_CORE,BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION] + GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 + [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000 GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000 @@ -136,7 +139,7 @@ # !if $(SECURE_BOOT_ENABLE) == TRUE IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -148,6 +151,7 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf [LibraryClasses.common.SEC] PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -292,7 +296,6 @@ gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength|1000000 gEfiMdePkgTokenSpaceGuid.PcdSpinLockTimeout|10000000 gEfiMdePkgTokenSpaceGuid.PcdDebugClearMemoryValue|0xAF - gEfiMdePkgTokenSpaceGuid.PcdPerformanceLibraryPropertyMask|1 gEfiMdePkgTokenSpaceGuid.PcdPostCodePropertyMask|0 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|320 @@ -358,11 +361,6 @@ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0 - # - # ARM Pcds - # - gArmTokenSpaceGuid.PcdArmUncachedMemoryMask|0x0000000000000000 - !if $(SECURE_BOOT_ENABLE) == TRUE # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 @@ -375,6 +373,24 @@ gArmVirtTokenSpaceGuid.PcdTerminalTypeGuidBuffer|{0x80, 0x6d, 0x91, 0x7d, 0xb1, 0x5b, 0x8c, 0x45, 0xa4, 0x8f, 0xe2, 0x5f, 0xdd, 0x51, 0xef, 0x94} !endif + # + # Enable strict image permissions for all images. (This applies + # only to images that were built with >= 4 KB section alignment.) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 + + # + # Enable NX memory protection for all non-code regions, including OEM and OS + # reserved ones, with the exception of LoaderData regions, of which OS loaders + # (i.e., GRUB) may assume that its contents are executable. + # + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 + + # + # Enable the non-executable DXE stack. (This gets set up by DxeIpl) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + [PcdsFixedAtBuild.ARM] gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40