On 16 March 2017 at 13:12, Leif Lindholm leif.lindholm@linaro.org wrote:
On Thu, Mar 16, 2017 at 01:06:14PM +0000, Ryan Harkin wrote:
On 16 March 2017 at 13:03, Leif Lindholm leif.lindholm@linaro.org wrote:
On Thu, Mar 16, 2017 at 12:04:50PM +0000, Ryan Harkin wrote:
On 7 March 2017 at 11:25, Ard Biesheuvel ard.biesheuvel@linaro.org wrote:
This enables the recently added and/or enhanced memory protection features in upstream EDK2:
- strict code/data separation PE/COFF sections so that mappings can be made either read-only or non-executable
- remove exec permissions from all other (i.e., non-code) regions (as far as is feasible without breaking GRUB)
- remap the DXE stack as non-executable before entering DxeCore
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org
Tested-by: Ryan Harkin ryan.harkin@linaro.org
Tested on FVP Foundation & AEMv8, TC2 and Juno R0/1/2 when combined with the HEAD of EDK2 (currently 056563f) and OpenPlatformPkg at c6cdf9e, but with my hack to get TC2 booting [1].
I can't really defend to myself keeping that patch out of the public tree any more. We don't care enough to try to figure the actual issue out and it's needed for the platform to be of any use.
Want me to just push it?
Yes please :-)
If you could be so kind as to remove the "HACK" prefix from the title, that would be much appreciated. Although, it is still a hack...
Done. (And shortened the remainder of the subject slightly.)
I kept the rest of the commit message as-is, in violation of guidelines, because it's archeologically useful (and includes indented copies of other commit messages, which I wouldn't want to reflow).
Back on $subject: are you ok with this patch now that Ryan has confirmed it does not break anything?