| Message ID | 20230310125026.3390928-2-ardb@kernel.org |
|---|---|
| State | Accepted |
| Commit | c7d9e628b8ff4d52a365a441bdacb3209ee83c81 |
| Headers | show |
| Series | efi: arm64: Set NX compat flag where appropriate | expand |
diff --git a/drivers/firmware/efi/libstub/zboot-header.S b/drivers/firmware/efi/libstub/zboot-header.S index ec4525d40e0cf6d6..445cb646eaaaf1c6 100644 --- a/drivers/firmware/efi/libstub/zboot-header.S +++ b/drivers/firmware/efi/libstub/zboot-header.S @@ -63,7 +63,7 @@ __efistub_efi_zboot_header: .long .Lefi_header_end - .Ldoshdr .long 0 .short IMAGE_SUBSYSTEM_EFI_APPLICATION - .short 0 + .short IMAGE_DLL_CHARACTERISTICS_NX_COMPAT #ifdef CONFIG_64BIT .quad 0, 0, 0, 0 #else
Now that the zboot loader will invoke the EFI memory attributes protocol to remap the decompressed code and rodata as read-only/executable, we can set the PE/COFF header flag that indicates to the firmware that the application does not rely on writable memory being executable at the same time. Cc: <stable@vger.kernel.org> # v6.2+ Signed-off-by: Ard Biesheuvel <ardb@kernel.org> --- drivers/firmware/efi/libstub/zboot-header.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)