diff options
| author | Ard Biesheuvel <ardb@kernel.org> | 2023-06-26 10:30:16 +0200 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-06-27 16:40:07 +0000 |
| commit | 2f8b51d6af6fd2eda2516030f1713dac171e0896 (patch) | |
| tree | f60eb9b01be5069bd553131effee107892cd2486 | |
| parent | 8a1f5405964fe6c09e768ae576a023be2e2e7b08 (diff) | |
| download | edk2-2f8b51d6af6fd2eda2516030f1713dac171e0896.tar.gz edk2-2f8b51d6af6fd2eda2516030f1713dac171e0896.tar.bz2 edk2-2f8b51d6af6fd2eda2516030f1713dac171e0896.zip | |
ArmPkg/OpteeLib: Map shared communication buffer non-executable
The OP-TEE secure OS exposes a non-secure memory region for
communication between the secure OS itself and any clients in the
non-secure firmware. This memory is writable by non-secure and is not
used for code only data, and so it should be mapped non-executable.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
| -rw-r--r-- | ArmPkg/Library/OpteeLib/Optee.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ArmPkg/Library/OpteeLib/Optee.c b/ArmPkg/Library/OpteeLib/Optee.c index 46464f17ef..3acf172b68 100644 --- a/ArmPkg/Library/OpteeLib/Optee.c +++ b/ArmPkg/Library/OpteeLib/Optee.c @@ -86,7 +86,12 @@ OpteeSharedMemoryRemap ( return EFI_BUFFER_TOO_SMALL;
}
- Status = ArmSetMemoryAttributes (PhysicalAddress, Size, EFI_MEMORY_WB, 0);
+ Status = ArmSetMemoryAttributes (
+ PhysicalAddress,
+ Size,
+ EFI_MEMORY_WB | EFI_MEMORY_XP,
+ 0
+ );
if (EFI_ERROR (Status)) {
return Status;
}
|