[efi] Mark PE .reloc and .debug sections as discardable

After a PE image is fully loaded and relocated, the loader code may
opt to zero discardable sections for security reasons.  This includes
relocation and debug information, as both contain hints about specific
locations within the binary.  Mark both generated sections as
discardable, which follows the PE specification.

Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>

diff --git a/src/util/elf2efi.c b/src/util/elf2efi.c
index b0d5466455ed612ed8fe13932e22cfed18c0e4a8..5542b99f825fd9ed3483b5b7cad8434269569d1f 100644 (file)
--- a/src/util/elf2efi.c
+++ b/src/util/elf2efi.c
@@ -758,6 +758,7 @@ create_reloc_section ( struct pe_header *pe_header,
        reloc->hdr.VirtualAddress = pe_header->nt.OptionalHeader.SizeOfImage;
        reloc->hdr.SizeOfRawData = section_filesz;
        reloc->hdr.Characteristics = ( EFI_IMAGE_SCN_CNT_INITIALIZED_DATA |
+                                      EFI_IMAGE_SCN_MEM_DISCARDABLE |
                                       EFI_IMAGE_SCN_MEM_NOT_PAGED |
                                       EFI_IMAGE_SCN_MEM_READ );
 
@@ -822,6 +823,7 @@ create_debug_section ( struct pe_header *pe_header, const char *filename ) {
        debug->hdr.VirtualAddress = pe_header->nt.OptionalHeader.SizeOfImage;
        debug->hdr.SizeOfRawData = section_filesz;
        debug->hdr.Characteristics = ( EFI_IMAGE_SCN_CNT_INITIALIZED_DATA |
+                                      EFI_IMAGE_SCN_MEM_DISCARDABLE |
                                       EFI_IMAGE_SCN_MEM_NOT_PAGED |
                                       EFI_IMAGE_SCN_MEM_READ );
        debug->fixup = fixup_debug_section;