efi/libstub: zboot: Mark zboot EFI application as NX compatible

Now that the zboot loader will invoke the EFI memory attributes protocol to remap the decompressed code and rodata as read-only/executable, we can set the PE/COFF header flag that indicates to the firmware that the application does not rely on writable memory being executable at the same time. Cc: <stable@vger.kernel.org> # v6.2+ Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
author: Ard Biesheuvel <ardb@kernel.org> 2023-03-10 12:15:24 +0100
committer: Ard Biesheuvel <ardb@kernel.org> 2023-03-10 14:11:39 +0100
commit: c7d9e628b8ff4d52a365a441bdacb3209ee83c81 (patch)
tree: 99549ee6401b3e1e68f1ba3fa06b155821cc75d5 /drivers/firmware
parent: Linux 6.3-rc1 (diff)
download: linux-c7d9e628b8ff4d52a365a441bdacb3209ee83c81.tar.gz
linux-c7d9e628b8ff4d52a365a441bdacb3209ee83c81.tar.bz2
linux-c7d9e628b8ff4d52a365a441bdacb3209ee83c81.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/firmware/efi/libstub/zboot-header.S b/drivers/firmware/efi/libstub/zboot-header.S
index ec4525d40e0c..445cb646eaaa 100644
--- a/drivers/firmware/efi/libstub/zboot-header.S
+++ b/drivers/firmware/efi/libstub/zboot-header.S
@@ -63,7 +63,7 @@ __efistub_efi_zboot_header:
 	.long		.Lefi_header_end - .Ldoshdr
 	.long		0
 	.short		IMAGE_SUBSYSTEM_EFI_APPLICATION
-	.short		0
+	.short		IMAGE_DLL_CHARACTERISTICS_NX_COMPAT
 #ifdef CONFIG_64BIT
 	.quad		0, 0, 0, 0
 #else
author	Ard Biesheuvel <ardb@kernel.org>	2023-03-10 12:15:24 +0100
committer	Ard Biesheuvel <ardb@kernel.org>	2023-03-10 14:11:39 +0100
commit	c7d9e628b8ff4d52a365a441bdacb3209ee83c81 (patch)
tree	99549ee6401b3e1e68f1ba3fa06b155821cc75d5 /drivers/firmware
parent	Linux 6.3-rc1 (diff)
download	linux-c7d9e628b8ff4d52a365a441bdacb3209ee83c81.tar.gz linux-c7d9e628b8ff4d52a365a441bdacb3209ee83c81.tar.bz2 linux-c7d9e628b8ff4d52a365a441bdacb3209ee83c81.zip