[efi] Mark PE .reloc and .debug sections as discardable

After a PE image is fully loaded and relocated, the loader code may
opt to zero discardable sections for security reasons.  This includes
relocation and debug information, as both contain hints about specific
locations within the binary.  Mark both generated sections as
discardable, which follows the PE specification.

Signed-off-by: Marvin Häuser <mhaeuser@posteo.de>

1 files changed, 2 insertions, 0 deletions

diff --git a/src/util/elf2efi.c b/src/util/elf2efi.c
index b0d5466..5542b99 100644
--- a/src/util/elf2efi.c
+++ b/src/util/elf2efi.c
@@ -758,6 +758,7 @@ create_reloc_section ( struct pe_header *pe_header,
 	reloc->hdr.VirtualAddress = pe_header->nt.OptionalHeader.SizeOfImage;
 	reloc->hdr.SizeOfRawData = section_filesz;
 	reloc->hdr.Characteristics = ( EFI_IMAGE_SCN_CNT_INITIALIZED_DATA |
+				       EFI_IMAGE_SCN_MEM_DISCARDABLE |
 				       EFI_IMAGE_SCN_MEM_NOT_PAGED |
 				       EFI_IMAGE_SCN_MEM_READ );
 
@@ -822,6 +823,7 @@ create_debug_section ( struct pe_header *pe_header, const char *filename ) {
 	debug->hdr.VirtualAddress = pe_header->nt.OptionalHeader.SizeOfImage;
 	debug->hdr.SizeOfRawData = section_filesz;
 	debug->hdr.Characteristics = ( EFI_IMAGE_SCN_CNT_INITIALIZED_DATA |
+				       EFI_IMAGE_SCN_MEM_DISCARDABLE |
 				       EFI_IMAGE_SCN_MEM_NOT_PAGED |
 				       EFI_IMAGE_SCN_MEM_READ );
 	debug->fixup = fixup_debug_section;