On 09/09/2015 13:07, Ian Campbell wrote: > I have a question: What attack vector is setting the stack as Nx in OVMF > (or even UEFI generally) trying to protect against? Or is this being done > for a reason other than security? > > I understand why it is done for kernels and apps, but where does the > untrusted element which is being protected against come from when running > UEFI?
I guess something could attack shim.efi or GRUB, and subvert secure boot's chain of trust. Paolo _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
