diff options
| author | Tom Rini <[email protected]> | 2025-03-14 09:31:36 -0600 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2025-03-14 09:31:36 -0600 |
| commit | 973c366ce68d9a99e16bcbce3941a1c52492c097 (patch) | |
| tree | 4551686cc38c7e419c833ebfeaf6bd6843124691 /common | |
| parent | bbfabe290138d76e78e0dac28fec93c32e3964eb (diff) | |
| parent | fb553201b67aededdc794f3a0880e386771cbd58 (diff) | |
Merge tag 'mmu-next-14032025' of https://source.denx.de/u-boot/custodians/u-boot-tpm into next
Up to now we configure the entire memory space for U-Boot as RWX.
For modern architectures and security requirements, it's better to
map the memory properly.
This pull request adds basics support for mapping the U-Boot binary with
proper (RO, RW, RW^X) memory permissions on aarch64 right after we
relocate U-Boot in the top of DRAM.
It's worrth noting that the linker script annotations are only added for
the aarch64 architecture. We can, in the future, try to unify the linker --
at least for the architectures that have enough in common and expand this
Diffstat (limited to 'common')
| -rw-r--r-- | common/Kconfig | 13 | ||||
| -rw-r--r-- | common/board_r.c | 20 |
2 files changed, 33 insertions, 0 deletions
diff --git a/common/Kconfig b/common/Kconfig index a1f65559a1b..be517b80eb5 100644 --- a/common/Kconfig +++ b/common/Kconfig @@ -914,6 +914,19 @@ config STACKPROTECTOR Enable stack smash detection through compiler's stack-protector canary logic +config MMU_PGPROT + bool "Enable RO, RW and RX mappings" + help + U-Boot maps all pages as RWX. If selected pages will + be marked as RO(.rodata), RX(.text), RW(.data) right after + we relocate. Since code sections needs to be page aligned + the final binary size will increase. The mappings can be dumped + using the 'meminfo' command. + + Enabling this feature can expose bugs in U-Boot where we have + code that violates read-only permissions for example. Use this + feature with caution. + config SPL_STACKPROTECTOR bool "Stack Protector buffer overflow detection for SPL" depends on STACKPROTECTOR && SPL diff --git a/common/board_r.c b/common/board_r.c index db0c5cb8032..8d69db1875d 100644 --- a/common/board_r.c +++ b/common/board_r.c @@ -170,7 +170,27 @@ static int initr_reloc_global_data(void) efi_save_gd(); efi_runtime_relocate(gd->relocaddr, NULL); + #endif + /* + * We are done with all relocations change the permissions of the binary + * NOTE: __start_rodata etc are defined in arm64 linker scripts and + * sections.h. If you want to add support for your platform you need to + * add the symbols on your linker script, otherwise they will point to + * random addresses. + * + */ + if (IS_ENABLED(CONFIG_MMU_PGPROT)) { + pgprot_set_attrs((phys_addr_t)(uintptr_t)(__start_rodata), + (size_t)(uintptr_t)(__end_rodata - __start_rodata), + MMU_ATTR_RO); + pgprot_set_attrs((phys_addr_t)(uintptr_t)(__start_data), + (size_t)(uintptr_t)(__end_data - __start_data), + MMU_ATTR_RW); + pgprot_set_attrs((phys_addr_t)(uintptr_t)(__text_start), + (size_t)(uintptr_t)(__text_end - __text_start), + MMU_ATTR_RX); + } return 0; } |