[PATCH v7 07/10] nx: set the nx compatible flag in EFI GRUB images

[Mate Kukri]

For NX, we need the GRUB binary to announce that it is compatible with
the NX feature.  This implies that when loading the executable GRUB
image, several attributes are true:

- the binary doesn't need an executable stack
- the binary doesn't need sections to be both executable and writable
- the binary knows how to use the EFI Memory Attributes protocol on code
  it is loading.

This patch
- adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT
- changes grub-mkimage to set that flag.

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 include/grub/efi/pe32.h | 2 ++
 util/mkimage.c          | 1 +
 2 files changed, 3 insertions(+)

diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
index 4e6e9d254..9887e14b2 100644
--- a/include/grub/efi/pe32.h
+++ b/include/grub/efi/pe32.h
@@ -231,6 +231,8 @@ struct grub_pe64_optional_header
 
 #define GRUB_PE32_SUBSYSTEM_EFI_APPLICATION    10
 
+#define GRUB_PE32_NX_COMPAT    0x0100
+
 #define GRUB_PE32_NUM_DATA_DIRECTORIES 16
 
 struct grub_pe32_section_table
diff --git a/util/mkimage.c b/util/mkimage.c
index 8c5660825..845e084e0 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -1417,6 +1417,7 @@ grub_install_generate_image (const char *dir, const char 
*prefix,
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdangling-pointer"
 #endif
+       PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 
(GRUB_PE32_NX_COMPAT);
        PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size);
        PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 
(layout.start_address);
        PE_OHDR (o32, o64, image_base) = 0;
-- 
2.39.2