fix #4696: Revert "ArmVirtPkg: make EFI_LOADER_DATA non-executable"

> Continue to allow bootloaders to execute memory allocated as
> EFI_LOADER_DATA until GRUB fixes are more generally available.
> (Closes: #1025656)

-- https://salsa.debian.org/qemu-team/edk2/-/commit/a0be41b75c989351b55211c7521ef1309e4e51fe

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/debian/patches/Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch b/debian/patches/Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch
new file mode 100644 (file)
index 0000000..7e1417a
--- /dev/null
+++ b/debian/patches/Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch
@@ -0,0 +1,20 @@
+Description: Revert "ArmVirtPkg: make EFI_LOADER_DATA non-executable"
+ The versions of GRUB most distros are shipping still depend on executable
+ EFI_LOADER_DATA. Revert this upstream change until the necessary fixes are
+ more generally available.
+Author: dann frazier <dannf@debian.org>
+Bug-Debian: https://bugs.debian.org/1025656
+Forwarded: https://edk2.groups.io/g/devel/message/97814
+Last-Update: 2023-03-09
+
+--- a/ArmVirtPkg/ArmVirt.dsc.inc
++++ b/ArmVirtPkg/ArmVirt.dsc.inc
+@@ -361,7 +361,7 @@
+   # reserved ones, with the exception of LoaderData regions, of which OS loaders\r
+   # (i.e., GRUB) may assume that its contents are executable.\r
+   #\r
+-  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5\r
++  gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1\r
+ \r
+ [Components.common]\r
+   #\r

diff --git a/debian/patches/series b/debian/patches/series
index ade866533ed481e5d7747ff591ee730550387189..f1ec614a7f39544c049569fa006318f6211a9bcf 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 no-stack-protector-all-archs.diff
 brotlicompress-disable.diff
 x64-baseline-abi.patch
+Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch