Google Git
Sign in
android / device / linaro / bootloader / OpenPlatformPkg / 30a7064^! / .
commit30a70640879494d0b975d37c2ceaf10e17f2a32c[log] [tgz]
authorArd Biesheuvel <ard.biesheuvel@linaro.org>Tue Dec 06 19:42:17 2016 +0000
committerArd Biesheuvel <ard.biesheuvel@linaro.org>Wed Dec 07 09:49:37 2016 +0000
treec661cf103662246a3a80075e1f0e4cc6424bf364
parent0ce014a8b60d7cced27a310b547f22b536621fe0 [diff]
Platforms/AMD/Styx: map the DXE stack as non-executable

Map the DXE stack as non-executable, to prevent stack buffer overflows
from being exploitable.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>

diff --git a/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc b/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc
index 2606a0b..d7e1a53 100644
--- a/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc
+++ b/Platforms/AMD/Styx/CelloBoard/CelloBoard.dsc

@@ -440,6 +440,9 @@
   gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000

   gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000

 

+  # map the stack as non-executable when entering the DXE phase

+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE

+

 [PcdsPatchableInModule]

 # PCIe Configuration: x4x2x2

   gAmdModulePkgTokenSpaceGuid.PcdPcieCoreConfiguration|2


diff --git a/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc b/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc
index 4f90f94..60ceb71 100644
--- a/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc
+++ b/Platforms/AMD/Styx/Overdrive1000Board/Overdrive1000Board.dsc

@@ -457,6 +457,9 @@
   gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000

   gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000

 

+  # map the stack as non-executable when entering the DXE phase

+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE

+

 [PcdsPatchableInModule]

 # PCIe Configuration: x4x2x2 (=2 See Include/FDKGionb.h)

   gAmdModulePkgTokenSpaceGuid.PcdPcieCoreConfiguration|2


diff --git a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc
index c7bf241..a236836 100644
--- a/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc
+++ b/Platforms/AMD/Styx/OverdriveBoard/OverdriveBoard.dsc

@@ -459,6 +459,9 @@
   gAmdModulePkgTokenSpaceGuid.PcdSataSerdesBase|0xE1200000

   gAmdModulePkgTokenSpaceGuid.PcdSataSerdesOffset|0x00010000

 

+  # map the stack as non-executable when entering the DXE phase

+  gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE

+

 !if $(DO_XGBE)

   gAmdModulePkgTokenSpaceGuid.PcdXgbeEnable|TRUE