mirror of
https://github.com/torvalds/linux
synced 2024-10-03 09:48:02 +00:00
efi/zboot: Set forward edge CFI compat header flag if supported
Add some plumbing to the zboot EFI header generation to set the newly introduced DllCharacteristicsEx flag associated with forward edge CFI enforcement instructions (BTI on arm64, IBT on x86) x86 does not currently uses the zboot infrastructure, so let's wire it up only for arm64. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This commit is contained in:
parent
bca2f3a940
commit
538bc0f40b
|
@ -42,5 +42,6 @@ $(obj)/Image.zst: $(obj)/Image FORCE
|
|||
EFI_ZBOOT_PAYLOAD := Image
|
||||
EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64
|
||||
EFI_ZBOOT_MACH_TYPE := ARM64
|
||||
EFI_ZBOOT_FORWARD_CFI := $(CONFIG_ARM64_BTI_KERNEL)
|
||||
|
||||
include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
# SPDX-License-Identifier: GPL-2.0
|
||||
|
||||
# to be include'd by arch/$(ARCH)/boot/Makefile after setting
|
||||
# EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET and EFI_ZBOOT_MACH_TYPE
|
||||
# EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET, EFI_ZBOOT_MACH_TYPE and
|
||||
# EFI_ZBOOT_FORWARD_CFI
|
||||
|
||||
quiet_cmd_copy_and_pad = PAD $@
|
||||
cmd_copy_and_pad = cp $< $@ && \
|
||||
|
@ -44,10 +45,14 @@ OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \
|
|||
$(obj)/vmlinuz.o: $(obj)/vmlinuz FORCE
|
||||
$(call if_changed,objcopy)
|
||||
|
||||
aflags-zboot-header-$(EFI_ZBOOT_FORWARD_CFI) := \
|
||||
-DPE_DLL_CHAR_EX=IMAGE_DLLCHARACTERISTICS_EX_FORWARD_CFI_COMPAT
|
||||
|
||||
AFLAGS_zboot-header.o += -DMACHINE_TYPE=IMAGE_FILE_MACHINE_$(EFI_ZBOOT_MACH_TYPE) \
|
||||
-DZBOOT_EFI_PATH="\"$(realpath $(obj)/vmlinuz.efi.elf)\"" \
|
||||
-DZBOOT_SIZE_LEN=$(zboot-size-len-y) \
|
||||
-DCOMP_TYPE="\"$(comp-type-y)\""
|
||||
-DCOMP_TYPE="\"$(comp-type-y)\"" \
|
||||
$(aflags-zboot-header-y)
|
||||
|
||||
$(obj)/zboot-header.o: $(srctree)/drivers/firmware/efi/libstub/zboot-header.S FORCE
|
||||
$(call if_changed_rule,as_o_S)
|
||||
|
|
|
@ -78,9 +78,36 @@ __efistub_efi_zboot_header:
|
|||
.quad 0 // ExceptionTable
|
||||
.quad 0 // CertificationTable
|
||||
.quad 0 // BaseRelocationTable
|
||||
#ifdef CONFIG_DEBUG_EFI
|
||||
#if defined(PE_DLL_CHAR_EX) || defined(CONFIG_DEBUG_EFI)
|
||||
.long .Lefi_debug_table - .Ldoshdr // DebugTable
|
||||
.long .Lefi_debug_table_size
|
||||
|
||||
.section ".rodata", "a"
|
||||
.p2align 2
|
||||
.Lefi_debug_table:
|
||||
// EFI_IMAGE_DEBUG_DIRECTORY_ENTRY[]
|
||||
#ifdef PE_DLL_CHAR_EX
|
||||
.long 0 // Characteristics
|
||||
.long 0 // TimeDateStamp
|
||||
.short 0 // MajorVersion
|
||||
.short 0 // MinorVersion
|
||||
.long IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS // Type
|
||||
.long 4 // SizeOfData
|
||||
.long 0 // RVA
|
||||
.long .Lefi_dll_characteristics_ex - .Ldoshdr // FileOffset
|
||||
#endif
|
||||
#ifdef CONFIG_DEBUG_EFI
|
||||
.long 0 // Characteristics
|
||||
.long 0 // TimeDateStamp
|
||||
.short 0 // MajorVersion
|
||||
.short 0 // MinorVersion
|
||||
.long IMAGE_DEBUG_TYPE_CODEVIEW // Type
|
||||
.long .Lefi_debug_entry_size // SizeOfData
|
||||
.long 0 // RVA
|
||||
.long .Lefi_debug_entry - .Ldoshdr // FileOffset
|
||||
#endif
|
||||
.set .Lefi_debug_table_size, . - .Lefi_debug_table
|
||||
.previous
|
||||
#endif
|
||||
|
||||
.Lsection_table:
|
||||
|
@ -110,23 +137,11 @@ __efistub_efi_zboot_header:
|
|||
|
||||
.set .Lsection_count, (. - .Lsection_table) / 40
|
||||
|
||||
#ifdef PE_DLL_CHAR_EX
|
||||
.Lefi_dll_characteristics_ex:
|
||||
.long PE_DLL_CHAR_EX
|
||||
#endif
|
||||
#ifdef CONFIG_DEBUG_EFI
|
||||
.section ".rodata", "a"
|
||||
.align 2
|
||||
.Lefi_debug_table:
|
||||
// EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
|
||||
.long 0 // Characteristics
|
||||
.long 0 // TimeDateStamp
|
||||
.short 0 // MajorVersion
|
||||
.short 0 // MinorVersion
|
||||
.long IMAGE_DEBUG_TYPE_CODEVIEW // Type
|
||||
.long .Lefi_debug_entry_size // SizeOfData
|
||||
.long 0 // RVA
|
||||
.long .Lefi_debug_entry - .Ldoshdr // FileOffset
|
||||
|
||||
.set .Lefi_debug_table_size, . - .Lefi_debug_table
|
||||
.previous
|
||||
|
||||
.Lefi_debug_entry:
|
||||
// EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
|
||||
.ascii "NB10" // Signature
|
||||
|
|
Loading…
Reference in a new issue