The OP-TEE secure OS exposes a non-secure memory region for
communication between the secure OS itself and any clients in the
non-secure firmware. This memory is writable by non-secure and is not
used for code only data, and so it should be mapped non-executable.
Signed-off-by: Ard Biesheuvel <a...@kernel.org>
---
ArmPkg/Library/OpteeLib/Optee.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/ArmPkg/Library/OpteeLib/Optee.c b/ArmPkg/Library/OpteeLib/Optee.c
index 46464f17ef06653e..3acf172b68a2d34c 100644
--- a/ArmPkg/Library/OpteeLib/Optee.c
+++ b/ArmPkg/Library/OpteeLib/Optee.c
@@ -86,7 +86,12 @@ OpteeSharedMemoryRemap (
return EFI_BUFFER_TOO_SMALL;
}
- Status = ArmSetMemoryAttributes (PhysicalAddress, Size, EFI_MEMORY_WB, 0);
+ Status = ArmSetMemoryAttributes (
+ PhysicalAddress,
+ Size,
+ EFI_MEMORY_WB | EFI_MEMORY_XP,
+ 0
+ );
if (EFI_ERROR (Status)) {
return Status;
}
--
2.39.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106350): https://edk2.groups.io/g/devel/message/106350
Mute This Topic: https://groups.io/mt/99783775/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
