[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 2/2] mkimage: Align efi sections on 4k boundary
|
From: |
Alexander Graf |
|
Subject: |
[PATCH v4 2/2] mkimage: Align efi sections on 4k boundary |
|
Date: |
Wed, 23 Jan 2019 16:34:58 +0100 |
There is UEFI firmware popping up in the wild now that implements stricter
permission checks using NX and write protect page table entry bits.
This means that firmware now may fail to load binaries if its individual
sections are not page aligned, as otherwise it can not ensure permission
boundaries.
So let's bump all efi section alignments up to 4k (EFI page size). That way
we will stay compatible going forward.
Unfortunately our internals can't deal very well with a mismatch of alignment
between the virtual and file offsets, so we have to also pad our target
binary a bit.
Signed-off-by: Alexander Graf <address@hidden>
---
include/grub/efi/pe32.h | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
index 7d44732d2..52ff208c0 100644
--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
@@ -50,8 +50,13 @@
/* According to the spec, the minimal alignment is 512 bytes...
But some examples (such as EFI drivers in the Intel
Sample Implementation) use 32 bytes (0x20) instead, and it seems
- to be working. For now, GRUB uses 512 bytes for safety. */
-#define GRUB_PE32_SECTION_ALIGNMENT 0x200
+ to be working.
+
+ However, there is firmware showing up in the field now with
+ page alignment constraints to guarantee that page protection
+ bits take effect. Because we can not easily distinguish between
+ in-memory and in-file layout, let's bump all alignment to 4k. */
+#define GRUB_PE32_SECTION_ALIGNMENT 0x1000
#define GRUB_PE32_FILE_ALIGNMENT GRUB_PE32_SECTION_ALIGNMENT
struct grub_pe32_coff_header
--
2.12.3