[Bug 2037137] Re: Enable NX support for ARM VMs

Bug Watch Updater 2037137 at bugs.launchpad.net
Tue Sep 26 19:42:43 UTC 2023 

** Changed in: shim
       Status: Unknown => New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/2037137

Title:
  Enable NX support for ARM VMs

Status in shim:
  New
Status in Release Notes for Ubuntu:
  New
Status in edk2 package in Ubuntu:
  Triaged
Status in shim package in Ubuntu:
  New

Bug description:
  EDK2 2023.05-1 introduced the EFI Memory Attribute Protocol, which
  shim 15.7-0ubuntu1 detects and consumes to implement NX support.
  Unfortunately, due to bugs in shim's usage of this feature, this
  caused shim to sometimes crash when handing off execution to the next
  stage bootloader. We worked around this for mantic by disabling the
  EFI Memory Attribute Protocol. This bug is to track the tasks required
  to re-enable it.

  shim needs to adopt this patch from upstream (not yet in a release):

    From c7b305152802c8db688605654f75e1195def9fd6 Mon Sep 17 00:00:00 2001
    From: Nicholas Bishop <REDACTED>
    Date: Mon, 19 Dec 2022 18:56:13 -0500
    Subject: [PATCH] pe: Align section size up to page size for mem attrs

    Setting memory attributes is generally done at page granularity, and
    this is enforced by checks in `get_mem_attrs` and
    `update_mem_attrs`. But unlike the section address, the section size
    isn't necessarily aligned to 4KiB. Round up the section size to fix
    this.

    Signed-off-by: Nicholas Bishop <REDACTED>

  shim should also handle the 64KiB attribute requirements described in
  Comment #1  which is not yet addressed upstream (see the shim upstream
  task on this bug).

  qemu-efi-{aarch64,arm} should also document this change in
  NEWS.Debian, as it will break VMs that have not yet updated to the
  latest version of shim. And we should also cover this in the Ubuntu
  release notes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/shim/+bug/2037137/+subscriptions

More information about the foundations-bugs mailing list