Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify NX compliance and set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT #30

Closed
superm1 opened this issue Nov 3, 2022 · 2 comments
Closed

Verify NX compliance and set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT #30

superm1 opened this issue Nov 3, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@superm1
Copy link
Member

superm1 commented Nov 3, 2022

As the payloads loaded by fwupd are not executable code, it's very likely that it is already NX compatible, but the PE header does not set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT.

On a system that enforces it, we should verify that it is indeed NX compatible and then set this bit in the PE header.

CC @vathpela
@superm1 superm1 added the enhancement New feature or request label Nov 3, 2022
@superm1
Copy link
Member Author

superm1 commented Jan 25, 2023

@vathpela as we recently discussed various distros are going to start doing NX compatible shims.

@hughsie we probably should flip this bit here too and do a new fwupd-efi release.

@superm1
Copy link
Member Author

superm1 commented Jan 25, 2023

Link this issue: rhboot/shim#548
Alternatively, we can change the header ourselves during build.

superm1 added a commit that referenced this issue Jan 25, 2023
@superm1
Fix generating EFI images that are NX compatible (Fixes: #30)
ba10a17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Milestone
No milestone
Development

No branches or pull requests
1 participant
@superm1