[Linaro-uefi] [PATCH] Platforms/AMD/Styx: map the DXE stack as non-executable

Map the DXE stack as non-executable, to prevent stack buffer overflows from being exploitable.

Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org --- Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc | 3 +++ Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc | 3 +++ Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc | 3 +++ 3 files changed, 9 insertions(+)

diff --git a/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc b/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc index f833fe200422..0f299c388d00 100644 --- a/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc +++ b/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc @@ -439,6 +439,9 @@ DEFINE DO_KCS = 0 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000

+ # map the stack as non-executable when entering the DXE phase + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + [PcdsPatchableInModule] # PCIe Configuration: x4x2x2 gAmdModulePkgTokenSpaceGuid.PcdPcieCoreConfiguration|2 diff --git a/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc b/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc index 107205386c55..0d630fba1ca9 100644 --- a/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc +++ b/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc @@ -461,6 +461,9 @@ DEFINE DO_KCS = 1 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000

+ # map the stack as non-executable when entering the DXE phase + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + [PcdsPatchableInModule] # PCIe Configuration: x4x2x2 (=2 See Include/FDKGionb.h) gAmdModulePkgTokenSpaceGuid.PcdPcieCoreConfiguration|2 diff --git a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc index 92721064a51f..944cee3d8536 100644 --- a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc +++ b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc @@ -458,6 +458,9 @@ DEFINE DO_KCS = 1 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000 gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000

+ # map the stack as non-executable when entering the DXE phase + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE + !if $(DO_XGBE) gAmdModulePkgTokenSpaceGuid.PcdXgbeEnable|TRUE