X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=ArmVirtPkg%2FArmVirt.dsc.inc;h=a91b27f13cf274f6a69f4858948cc215eccd5836;hp=43699cb9bdd61d29e71253fd00e7799fb8509bfa;hb=91db774bf4b33e1bf07f2f1aded5fd79c6f27c44;hpb=a76d0e88c39a10cef284eedec3bd4b57c4d83ad2 diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 43699cb9bd..a91b27f13c 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -17,6 +17,9 @@ DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F DEFINE TTY_TERMINAL = FALSE +[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION] + GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000 + [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000 GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000 @@ -136,7 +139,7 @@ # !if $(SECURE_BOOT_ENABLE) == TRUE IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -148,6 +151,7 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf [LibraryClasses.common.SEC] PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -292,7 +296,6 @@ gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength|1000000 gEfiMdePkgTokenSpaceGuid.PcdSpinLockTimeout|10000000 gEfiMdePkgTokenSpaceGuid.PcdDebugClearMemoryValue|0xAF - gEfiMdePkgTokenSpaceGuid.PcdPerformanceLibraryPropertyMask|1 gEfiMdePkgTokenSpaceGuid.PcdPostCodePropertyMask|0 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|320 @@ -358,11 +361,6 @@ gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20 gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0 - # - # ARM Pcds - # - gArmTokenSpaceGuid.PcdArmUncachedMemoryMask|0x0000000000000000 - !if $(SECURE_BOOT_ENABLE) == TRUE # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04 @@ -378,6 +376,20 @@ [PcdsFixedAtBuild.ARM] gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40 +[PcdsFixedAtBuild.AARCH64] + # + # Enable strict image permissions for all images. (This applies + # only to images that were built with >= 4 KB section alignment.) + # + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 + + # + # Enable NX memory protection for all non-code regions, including OEM and OS + # reserved ones, with the exception of LoaderData regions, of which OS loaders + # (i.e., GRUB) may assume that its contents are executable. + # + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 + [Components.common] # # Networking stack