File 0007-nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch of Package grub2
From bc05900880e6c33c0bc590bb9ab72d354163324b Mon Sep 17 00:00:00 2001 From: Mate Kukri <mate.kukri@canonical.com> Date: Wed, 12 Jun 2024 16:57:10 +0100 Subject: [PATCH 07/10] nx: set the nx compatible flag in EFI grub images For NX, we need the grub binary to announce that it is compatible with the NX feature. This implies that when loading the executable grub image, several attributes are true: - the binary doesn't need an executable stack - the binary doesn't need sections to be both executable and writable - the binary knows how to use the EFI Memory Attributes protocol on code it is loading. This patch - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT - changes grub-mkimage to set that flag. Original-Author: Peter Jones <pjones@redhat.com> Signed-off-by: Mate Kukri <mate.kukri@canonical.com> --- include/grub/efi/pe32.h | 2 ++ util/mkimage.c | 1 + 2 files changed, 3 insertions(+) diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h index 4e6e9d254..9887e14b2 100644 --- a/include/grub/efi/pe32.h +++ b/include/grub/efi/pe32.h @@ -231,6 +231,8 @@ struct grub_pe64_optional_header #define GRUB_PE32_SUBSYSTEM_EFI_APPLICATION 10 +#define GRUB_PE32_NX_COMPAT 0x0100 + #define GRUB_PE32_NUM_DATA_DIRECTORIES 16 struct grub_pe32_section_table diff --git a/util/mkimage.c b/util/mkimage.c index 0737935fd..db1c9a703 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -1439,6 +1439,7 @@ grub_install_generate_image (const char *dir, const char *prefix, #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wdangling-pointer" #endif + PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT); PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); PE_OHDR (o32, o64, image_base) = 0; -- 2.45.2
