On 7 Mar 2017 3:03 p.m., "Ard Biesheuvel" <ard.biesheuvel@linaro.org> wrote:
>
> On 7 March 2017 at 14:47, Leif Lindholm <leif.lindholm@linaro.org> wrote:
> > On Tue, Mar 07, 2017 at 12:25:17PM +0100, Ard Biesheuvel wrote:
> >> This enables the recently added and/or enhanced memory protection
> >> features in upstream EDK2:
> >> - strict code/data separation PE/COFF sections so that mappings can
> >>   be made either read-only or non-executable
> >> - remove exec permissions from all other (i.e., non-code) regions (as
> >>   far as is feasible without breaking GRUB)
> >> - remap the DXE stack as non-executable before entering DxeCore
> >>
> >> Contributed-under: TianoCore Contribution Agreement 1.0
> >> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >
> > I'm theoretically quite keen on getting this enabled, but would
> > definitely need a Tested-by from Ryan before I would want to see it merged.
> >
>
> ... hence the cc :-)

It'll have to wait till next week as I'm currently on holiday :-)