efi_loader: set IMAGE_DLLCHARACTERISTICS_NX_COMPAT

The IMAGE_DLLCHARACTERISTICS_NX_COMPAT flag marks an EFI binary where the following conditions are met [1]: * Executable and writable sections are separated. * The application does not run self-modifying code. * The application uses the EFI_MEMORY_ATTRIBUTE_PROTOCOL when loading executable code. * The application does not assume that all memory ranges are usable. * The stack is not expected to be executable. The only EFI binaries U-Boot provides that do not fulfill these requirements are the EFI app and the EFI payload. Once we have implemented separation of writable and executable memory in U-Boot we can use the IMAGE_DLLCHARACTERISTICS_NX_COMPAT flag to decide if we will load an EFI binary. [1] New UEFI CA memory mitigation requirements for signing https://techcommunity.microsoft.com/t5/hardware-dev-center/new-uefi-ca-memory-mitigation-requirements-for-signing/ba-p/3608714 Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

efi_loader: set IMAGE_DLLCHARACTERISTICS_NX_COMPAT
c9f368b5 · Heinrich Schuchardt · d49fa3de · c9f368b5 · c9f368b5 · c9f368b5
Commit c9f368b5 authored 1 year ago by Heinrich Schuchardt
--- a/arch/arm/lib/crt0_aarch64_efi.S
+++ b/arch/arm/lib/crt0_aarch64_efi.S
@@ -66,7 +66,11 @@ extra_header_fields:
 	.long	_start - ImageBase		/* SizeOfHeaders */
 	.long	0				/* CheckSum */
 	.short	IMAGE_SUBSYSTEM_EFI_APPLICATION /* Subsystem */
+#if CONFIG_VENDOR_EFI
 	.short	0				/* DllCharacteristics */
+#else
+	.short	IMAGE_DLLCHARACTERISTICS_NX_COMPAT
+#endif
 	.quad	0				/* SizeOfStackReserve */
 	.quad	0				/* SizeOfStackCommit */
 	.quad	0				/* SizeOfHeapReserve */

--- a/arch/arm/lib/crt0_arm_efi.S
+++ b/arch/arm/lib/crt0_arm_efi.S
@@ -65,7 +65,11 @@ extra_header_fields:
 	.long	_start - image_base		/* SizeOfHeaders */
 	.long	0				/* CheckSum */
 	.short	IMAGE_SUBSYSTEM_EFI_APPLICATION	/* Subsystem */
+#if CONFIG_VENDOR_EFI
 	.short	0				/* DllCharacteristics */
+#else
+	.short	IMAGE_DLLCHARACTERISTICS_NX_COMPAT
+#endif
 	.long	0				/* SizeOfStackReserve */
 	.long	0				/* SizeOfStackCommit */
 	.long	0				/* SizeOfHeapReserve */

--- a/arch/riscv/lib/crt0_riscv_efi.S
+++ b/arch/riscv/lib/crt0_riscv_efi.S
@@ -96,7 +96,11 @@ extra_header_fields:
 	.long	_start - ImageBase		/* SizeOfHeaders */
 	.long	0				/* CheckSum */
 	.short	IMAGE_SUBSYSTEM_EFI_APPLICATION /* Subsystem */
+#if CONFIG_VENDOR_EFI
 	.short	0				/* DllCharacteristics */
+#else
+	.short	IMAGE_DLLCHARACTERISTICS_NX_COMPAT
+#endif
 #if __riscv_xlen == 32
 	.long	0				/* SizeOfStackReserve */
 	.long	0				/* SizeOfStackCommit */

--- a/include/asm-generic/pe.h
+++ b/include/asm-generic/pe.h
@@ -51,6 +51,9 @@
 #define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER	12
 #define IMAGE_SUBSYSTEM_EFI_ROM			13

+/* DLL characteristics */
+#define IMAGE_DLLCHARACTERISTICS_NX_COMPAT	0x100
+
 /* Section flags */
 #define IMAGE_SCN_CNT_CODE			0x00000020
 #define IMAGE_SCN_CNT_INITIALIZED_DATA		0x00000040