ArmVirtPkg/ArmVirt.dsc.inc: AARCH64: enable DXE image protection feature
authorArd Biesheuvel <ard.biesheuvel@linaro.org>
Wed, 22 Feb 2017 11:51:24 +0000 (11:51 +0000)
committerArd Biesheuvel <ard.biesheuvel@linaro.org>
Fri, 24 Feb 2017 15:16:46 +0000 (15:16 +0000)
Enable the new DXE image protection for all image, i.e., FV images but
also external images that originate from disk or the network, such as
OS loaders.

This complements work that is underway on the arm64/Linux kernel side,
to emit the OS loader with 4 KB section alignment, and a suitable split
between code and data.

http://marc.info/?l=linux-arm-kernel&m=148655557227819

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
ArmVirtPkg/ArmVirt.dsc.inc

index 43699cb9bdd61d29e71253fd00e7799fb8509bfa..61d4a6642eb760350da86899f7e538ec9fbf36ec 100644 (file)
@@ -17,6 +17,9 @@
   DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F\r
   DEFINE TTY_TERMINAL            = FALSE\r
 \r
   DEFINE DEBUG_PRINT_ERROR_LEVEL = 0x8000004F\r
   DEFINE TTY_TERMINAL            = FALSE\r
 \r
+[BuildOptions.common.EDKII.DXE_DRIVER,BuildOptions.common.EDKII.UEFI_DRIVER,BuildOptions.common.EDKII.UEFI_APPLICATION]\r
+  GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x1000\r
+\r
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]\r
   GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000\r
   GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000\r
 [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]\r
   GCC:*_*_ARM_DLINK_FLAGS = -z common-page-size=0x1000\r
   GCC:*_*_AARCH64_DLINK_FLAGS = -z common-page-size=0x10000\r
 [PcdsFixedAtBuild.ARM]\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
 \r
 [PcdsFixedAtBuild.ARM]\r
   gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
 \r
+[PcdsFixedAtBuild.AARCH64]\r
+  #\r
+  # Enable strict image permissions for all images. (This applies\r
+  # only to images that were built with >= 4 KB section alignment.)\r
+  #\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3\r
+\r
 [Components.common]\r
   #\r
   # Networking stack\r
 [Components.common]\r
   #\r
   # Networking stack\r