From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 22 Mar 2022 10:57:20 -0400
Subject: [PATCH] nx: set the nx compatible flag in EFI grub images

For NX, we need the grub binary to announce that it is compatible with
the NX feature.  This implies that when loading the executable grub
image, several attributes are true:

- the binary doesn't need an executable stack
- the binary doesn't need sections to be both executable and writable
- the binary knows how to use the EFI Memory Attributes protocol on code
  it is loading.

This patch adds a definition for the PE DLL Characteristics flag
GRUB_PE32_NX_COMPAT, and changes grub-mkimage to set that flag.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 util/mkimage.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/util/mkimage.c b/util/mkimage.c
index 8319e8dfbd..c3d33aaac8 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -1418,6 +1418,7 @@ grub_install_generate_image (const char *dir, const char *prefix,
 	    section = (struct grub_pe32_section_table *)(o64 + 1);
 	  }
 
+	PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT);
 	PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size);
 	PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address);
 	PE_OHDR (o32, o64, image_base) = 0;