sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ArmPkg/OpteeLib: Map shared communication buffer non-executable

Browse Source 
The OP-TEE secure OS exposes a non-secure memory region for
communication between the secure OS itself and any clients in the
non-secure firmware. This memory is writable by non-secure and is not
used for code only data, and so it should be mapped non-executable.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
This commit is contained in:
Ard Biesheuvel
2023-06-26 10:30:16 +02:00
committed by mergify[bot]
parent 8a1f540596
commit 2f8b51d6af
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ArmPkg/Library/OpteeLib/Optee.c
View File

@@ -86,7 +86,12 @@ OpteeSharedMemoryRemap (
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
Status = ArmSetMemoryAttributes (PhysicalAddress, Size, EFI_MEMORY_WB, 0); Status = ArmSetMemoryAttributes (
PhysicalAddress,
Size,
EFI_MEMORY_WB | EFI_MEMORY_XP,
0
);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }