Enable the new DXE image protection for all image, i.e., FV images but
also external images that originate from disk or the network, such as
OS loaders.
This complements work that is underway on the arm64/Linux kernel side,
to emit the OS loader with 4 KB section alignment, and a suitable split
between code and data.
http://marc.info/?l=linux-arm-kernel&m=
148655557227819
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F\r
DEFINE TTY_TERMINAL = FALSE\r
\r
+[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION]\r
+ GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000\r
+\r
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]\r
GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000\r
GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000\r
[PcdsFixedAtBuild.ARM]\r
gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
\r
+[PcdsFixedAtBuild.AARCH64]\r
+ #\r
+ # Enable strict image permissions for all images. (This applies\r
+ # only to images that were built with >= 4 KB section alignment.)\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3\r
+\r
[Components.common]\r
#\r
# Networking stack\r