DEP in X86 Processor

Security Enhancement to Mitigate Buffer Overflow in UEFI

DRAFT

Revision 02.0

DEP in X86 Processor

Data Execution Protection (DEP) is a hardware feature. Intel X86 processor supports the XD (eXecution Disable) bit in the page table. [IA32SDM]^[1] This XD bit can be used to indicate that a page is an Execute-Disable Page. In order to enable Data Execution Protection, the operating system needs to set the IA32_EFER.NXE (No-eXecution Enable) bit in IA32_EFER model specific register (MSR), and then set the XD bit in the CPU physical address extensions (PAE) page table.

[1][IA32SDM] Intel® 64 and IA-32 Architectures Software Developer’s Manual,

Security Enhancement to Mitigate Buffer Overflow in UEFI DRAFT Revision 02.0