| Message ID | 1488206291-25768-8-git-send-email-ard.biesheuvel@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | MdeModulePkg/DxeCore: increased memory protection | expand |
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 151f413f1b2b..c9f20d570049 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -383,6 +383,12 @@ [PcdsFixedAtBuild.AARCH64] # gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3 + # + # Enable NX memory protection for all non-code regions, including OEM and OS + # reserved ones. + # + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5 + [Components.common] # # Networking stack
This sets the recently introduced PCD PcdDxeNxMemoryProtectionPolicy to a value that protects all memory regions except code regions against inadvertent execution. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> --- ArmVirtPkg/ArmVirt.dsc.inc | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel