Now that ARM has grown support for managing memory permissions in
ArmMmuLib, we can enable the non-executable DXE stack for all virt
platforms. Note that this includes the AARCH64 Xen platform as well.
Note that this is not [entirely] redundant: the non-executable stack
is configured before DxeCore is invoked. The image and memory protection
features configured during DXE only take affect when the CPU arch
protocol implementation is registered.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
#\r
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1\r
\r
+ #\r
+ # Enable the non-executable DXE stack. (This gets set up by DxeIpl)\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE\r
+\r
[PcdsFixedAtBuild.ARM]\r
gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
\r
gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16\r
\r
[PcdsFixedAtBuild.AARCH64]\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE\r
-\r
# KVM limits it IPA space to 40 bits (1 TB), so there is no need to\r
# support anything bigger, even if the host hardware does\r
gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
#\r
gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16\r
\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE\r
-\r
# KVM limits it IPA space to 40 bits (1 TB), so there is no need to\r
# support anything bigger, even if the host hardware does\r
gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r