Skip to content

Commit

Permalink
OvmfPkg: set image protection to be default
Browse files Browse the repository at this point in the history 
The default value of PcdImageProtectionPolicy is 2, which will enable the
protection policy on image from firmware volume. Then the code section
will be set to read-only, and the data section will be set to
non-executable.

Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
  • Loading branch information
@gaojiaqi7 @mxu9
gaojiaqi7 authored and mxu9 committed Dec 9, 2021
1 parent 8772f3f commit 91a2ce5
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion OvmfPkg/OvmfPkgX64.dsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -631,7 +631,7 @@

# Noexec settings for DXE.
# TDX doesn't allow us to change EFER so make sure these are disabled
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000000
#gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000000
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0x00000000
# Noexec settings for DXE.
# TDX doesn't allow us to change EFER so make sure these are disabled
Expand Down

0 comments on commit 91a2ce5

Please sign in to comment.