On 09/09/15 13:30, Paolo Bonzini wrote: > > > On 09/09/2015 13:07, Ian Campbell wrote: >> I have a question: What attack vector is setting the stack as Nx in OVMF >> (or even UEFI generally) trying to protect against? Or is this being done >> for a reason other than security? >> >> I understand why it is done for kernels and apps, but where does the >> untrusted element which is being protected against come from when running >> UEFI? > > I guess something could attack shim.efi or GRUB, and subvert secure > boot's chain of trust.
... or the firmware could be fed some malicious data over the network, when the fw (e.g. shim) boots off PXE (or, in case of edk2, HTTP), and a buffer overflow could lead to the execution of arbitrary code?... _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
