Flesh out UEFI_020 #220
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Today this just points to the 3rd Party UEFI Certificate Authority (CA) requirements page on Microsoft's domain, which is a bit annoying, since:
Suggestion is to drop the link entirely, and instead flesh out the actual requirements, which appear to be:
As description we SHOULD say something along the lines of not breaking OS DEP/NX when mapping UEFI RT ranges. It should be clear that this is not a "nice to have" for testing/security reasons, but instead can have direct impact on the OS after boot.
Btw here's the Arm BBR wording. Btw I wasn't able to find anything about 64k alignment for DXE_RUNTIME_DRIVER. Maybe I didn't look very well.
6.3.3.3. PE/COFF image
The SectionAlignment and FileAlignment fields in Microsoft PE Format must contain the value of
at least 4KiB. Higher values are possible. For example, UEFI specification requires
DXE_RUNTIME_DRIVER modules to have the 64KiB granular memory type.
Modules that execute in place, for example SEC, PEI_CORE or PEIM type UEFI/PI modules, are
exempt from this requirement. For these modules, any power-of-2 value of 32 bytes or higher is
possible if the section alignment and file alignment are equal.
PE/COFF images whose section alignment is at least 4KiB must not contain any sections that have
both the IMAGE_SCN_MEM_WRITE and IMAGE_SCN_MEM_EXECUTE attributes set.
The text was updated successfully, but these errors were encountered: