|
 |
1c6ba0 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
1c6ba0 |
From: Peter Jones <pjones@redhat.com>
|
|
|
1c6ba0 |
Date: Tue, 22 Mar 2022 10:57:20 -0400
|
|
|
1c6ba0 |
Subject: [PATCH] nx: set the nx compatible flag in EFI grub images
|
|
|
1c6ba0 |
|
|
|
1c6ba0 |
For NX, we need the grub binary to announce that it is compatible with
|
|
|
1c6ba0 |
the NX feature. This implies that when loading the executable grub
|
|
|
1c6ba0 |
image, several attributes are true:
|
|
|
1c6ba0 |
|
|
|
1c6ba0 |
- the binary doesn't need an executable stack
|
|
|
1c6ba0 |
- the binary doesn't need sections to be both executable and writable
|
|
|
1c6ba0 |
- the binary knows how to use the EFI Memory Attributes protocol on code
|
|
|
1c6ba0 |
it is loading.
|
|
|
1c6ba0 |
|
|
|
1c6ba0 |
This patch adds a definition for the PE DLL Characteristics flag
|
|
|
1c6ba0 |
GRUB_PE32_NX_COMPAT, and changes grub-mkimage to set that flag.
|
|
|
1c6ba0 |
|
|
|
1c6ba0 |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
1c6ba0 |
(cherry picked from commit 0c7f1aed5a87f75051b421903a900ccb4bbd795a)
|
|
|
1c6ba0 |
---
|
|
|
1c6ba0 |
util/mkimage.c | 1 +
|
|
|
1c6ba0 |
1 file changed, 1 insertion(+)
|
|
|
1c6ba0 |
|
|
|
1c6ba0 |
diff --git a/util/mkimage.c b/util/mkimage.c
|
|
|
1c6ba0 |
index 8319e8dfbd..c3d33aaac8 100644
|
|
|
1c6ba0 |
--- a/util/mkimage.c
|
|
|
1c6ba0 |
+++ b/util/mkimage.c
|
|
|
1c6ba0 |
@@ -1418,6 +1418,7 @@ grub_install_generate_image (const char *dir, const char *prefix,
|
|
|
1c6ba0 |
section = (struct grub_pe32_section_table *)(o64 + 1);
|
|
|
1c6ba0 |
}
|
|
|
1c6ba0 |
|
|
|
1c6ba0 |
+ PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT);
|
|
|
1c6ba0 |
PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size);
|
|
|
1c6ba0 |
PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address);
|
|
|
1c6ba0 |
PE_OHDR (o32, o64, image_base) = 0;
|