DEFINE TTY_TERMINAL = FALSE\r
\r
[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION]\r
- GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000\r
+ GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000\r
\r
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]\r
GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000\r
gArmVirtTokenSpaceGuid.PcdTerminalTypeGuidBuffer|{0x80, 0x6d, 0x91, 0x7d, 0xb1, 0x5b, 0x8c, 0x45, 0xa4, 0x8f, 0xe2, 0x5f, 0xdd, 0x51, 0xef, 0x94}\r
!endif\r
\r
-[PcdsFixedAtBuild.ARM]\r
- gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
-\r
-[PcdsFixedAtBuild.AARCH64]\r
#\r
# Enable strict image permissions for all images. (This applies\r
# only to images that were built with >= 4 KB section alignment.)\r
#\r
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3\r
\r
+ #\r
+ # Enable NX memory protection for all non-code regions, including OEM and OS\r
+ # reserved ones, with the exception of LoaderData regions, of which OS loaders\r
+ # (i.e., GRUB) may assume that its contents are executable.\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1\r
+\r
+ #\r
+ # Enable the non-executable DXE stack. (This gets set up by DxeIpl)\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE\r
+\r
+[PcdsFixedAtBuild.ARM]\r
+ gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
+\r
[Components.common]\r
#\r
# Networking stack\r