ArmPkg/OpteeLib: Map shared communication buffer non-executable

The OP-TEE secure OS exposes a non-secure memory region for
communication between the secure OS itself and any clients in the
non-secure firmware. This memory is writable by non-secure and is not
used for code only data, and so it should be mapped non-executable.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>

ArmPkg/Library/OpteeLib/Optee.c

@@ -86,7 +86,12 @@ OpteeSharedMemoryRemap (
     return EFI_BUFFER_TOO_SMALL;
   }
 
-  Status = ArmSetMemoryAttributes (PhysicalAddress, Size, EFI_MEMORY_WB, 0);
+  Status = ArmSetMemoryAttributes (
+             PhysicalAddress,
+             Size,
+             EFI_MEMORY_WB | EFI_MEMORY_XP,
+             0
+             );
   if (EFI_ERROR (Status)) {
     return Status;
   }