nx: Set the NX compatible flag for the GRUB EFI images

For NX the GRUB binary has to announce that it is compatible with the
NX feature. This implies that when loading the executable GRUB image
several attributes are true:
  - the binary doesn't need an executable stack,
  - the binary doesn't need sections to be both executable and writable,
  - the binary knows how to use the EFI Memory Attributes Protocol on code
    it is loading.

This patch:
  - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT,
  - changes grub-mkimage to set that flag.

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
index 4e6e9d254bd35c9bdbeef64876a61339b84a4ac8..9887e14b278aeb5c4f1b362adf8554bb8d86ffd0 100644 (file)
--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
@@ -231,6 +231,8 @@ struct grub_pe64_optional_header
 
 #define GRUB_PE32_SUBSYSTEM_EFI_APPLICATION    10
 
+#define GRUB_PE32_NX_COMPAT    0x0100
+
 #define GRUB_PE32_NUM_DATA_DIRECTORIES 16
 
 struct grub_pe32_section_table

diff --git a/util/mkimage.c b/util/mkimage.c
index 8c56608254431d50640765b9868e96f8d7c8b8e3..845e084e07bbdffbce527419fbaaa3a21c9ae11e 100644 (file)
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -1417,6 +1417,7 @@ grub_install_generate_image (const char *dir, const char *prefix,
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdangling-pointer"
 #endif
+       PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT);
        PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size);
        PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address);
        PE_OHDR (o32, o64, image_base) = 0;