There is UEFI firmware popping up in the wild now that implements stricter
permission checks using NX and write protect page table entry bits.

This means that firmware now may fail to load binaries if its individual
sections are not page aligned, as otherwise it can not ensure permission
boundaries.

So let's bump all efi section alignments up to 4k (EFI page size). That way
we will stay compatible going forward. This brings us into sync with what
the MS C compiler toolchain does.

Signed-off-by: Alexander Graf <ag...@suse.de>
---
 util/mkimage.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/util/mkimage.c b/util/mkimage.c
index 6b372cba5..a57f277ec 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -194,7 +194,7 @@ static const struct grub_install_image_target_desc 
image_targets[] =
       .decompressor_compressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_addr = TARGET_NO_FIELD,
-      .section_align = GRUB_PE32_SECTION_ALIGNMENT,
+      .section_align = GRUB_EFI_PAGE_SIZE,
       .vaddr_offset = EFI32_HEADER_SIZE,
       .pe_target = GRUB_PE32_MACHINE_I386,
       .elf_target = EM_386,
@@ -244,7 +244,7 @@ static const struct grub_install_image_target_desc 
image_targets[] =
       .decompressor_compressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_addr = TARGET_NO_FIELD,
-      .section_align = GRUB_PE32_SECTION_ALIGNMENT,
+      .section_align = GRUB_EFI_PAGE_SIZE,
       .vaddr_offset = EFI64_HEADER_SIZE,
       .pe_target = GRUB_PE32_MACHINE_X86_64,
       .elf_target = EM_X86_64,
@@ -421,7 +421,7 @@ static const struct grub_install_image_target_desc 
image_targets[] =
       .decompressor_compressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_addr = TARGET_NO_FIELD,
-      .section_align = GRUB_PE32_SECTION_ALIGNMENT,
+      .section_align = GRUB_EFI_PAGE_SIZE,
       .vaddr_offset = EFI64_HEADER_SIZE,
       .pe_target = GRUB_PE32_MACHINE_IA64,
       .elf_target = EM_IA_64,
@@ -602,7 +602,7 @@ static const struct grub_install_image_target_desc 
image_targets[] =
       .decompressor_compressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_addr = TARGET_NO_FIELD,
-      .section_align = GRUB_PE32_SECTION_ALIGNMENT,
+      .section_align = GRUB_EFI_PAGE_SIZE,
       .vaddr_offset = EFI32_HEADER_SIZE,
       .pe_target = GRUB_PE32_MACHINE_ARMTHUMB_MIXED,
       .elf_target = EM_ARM,
@@ -618,7 +618,7 @@ static const struct grub_install_image_target_desc 
image_targets[] =
       .decompressor_compressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_size = TARGET_NO_FIELD,
       .decompressor_uncompressed_addr = TARGET_NO_FIELD,
-      .section_align = GRUB_PE32_SECTION_ALIGNMENT,
+      .section_align = GRUB_EFI_PAGE_SIZE,
       .vaddr_offset = EFI64_HEADER_SIZE,
       .pe_target = GRUB_PE32_MACHINE_ARM64,
       .elf_target = EM_AARCH64,
-- 
2.12.3


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to