7 Mar
2017
7 Mar
'17
3:56 p.m.
On 7 Mar 2017 3:03 p.m., "Ard Biesheuvel" ard.biesheuvel@linaro.org wrote:
On 7 March 2017 at 14:47, Leif Lindholm leif.lindholm@linaro.org wrote:
On Tue, Mar 07, 2017 at 12:25:17PM +0100, Ard Biesheuvel wrote:
This enables the recently added and/or enhanced memory protection features in upstream EDK2:
- strict code/data separation PE/COFF sections so that mappings can be made either read-only or non-executable
- remove exec permissions from all other (i.e., non-code) regions (as far as is feasible without breaking GRUB)
- remap the DXE stack as non-executable before entering DxeCore
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org
I'm theoretically quite keen on getting this enabled, but would definitely need a Tested-by from Ryan before I would want to see it
merged.
... hence the cc :-)
It'll have to wait till next week as I'm currently on holiday :-)