diff --git a/meson_options.txt b/meson_options.txt index ad7174cf69e..b7f30ce16bf 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -370,6 +370,18 @@ option('efi-includedir', type : 'string', value : '/usr/include/efi', description : 'path to the EFI header directory') option('tpm-pcrindex', type : 'integer', value : 8, description : 'TPM PCR register number to use') +option('sbat-distro', type : 'string', + description : 'SBAT distribution ID, e.g. fedora, or auto for autodetection') +option('sbat-distro-generation', type : 'integer', value : 1, + description : 'SBAT distribution generation') +option('sbat-distro-summary', type : 'string', + description : 'SBAT distribution summary, e.g. Fedora') +option('sbat-distro-pkgname', type : 'string', + description : 'SBAT distribution package name, e.g. systemd') +option('sbat-distro-version', type : 'string', + description : 'SBAT distribution package version, e.g. 248-7.fc34') +option('sbat-distro-url', type : 'string', + description : 'SBAT distribution URL, e.g. https://src.fedoraproject.org/rpms/systemd') option('bashcompletiondir', type : 'string', description : 'directory for bash completion scripts ["no" disables]') diff --git a/src/basic/macro.h b/src/basic/macro.h index f1d5e0894e3..072fed43789 100644 --- a/src/basic/macro.h +++ b/src/basic/macro.h @@ -18,8 +18,6 @@ # define _alloc_(...) __attribute__((__alloc_size__(__VA_ARGS__))) #endif #define _sentinel_ __attribute__((__sentinel__)) -#define _section_(x) __attribute__((__section__(x))) -#define _used_ __attribute__((__used__)) #define _destructor_ __attribute__((__destructor__)) #define _deprecated_ __attribute__((__deprecated__)) #define _packed_ __attribute__((__packed__)) @@ -30,7 +28,6 @@ #define _public_ __attribute__((__visibility__("default"))) #define _hidden_ __attribute__((__visibility__("hidden"))) #define _weakref_(x) __attribute__((__weakref__(#x))) -#define _align_(x) __attribute__((__aligned__(x))) #define _alignas_(x) __attribute__((__aligned__(__alignof(x)))) #define _alignptr_ __attribute__((__aligned__(sizeof(void*)))) #if __GNUC__ >= 7 @@ -138,9 +135,6 @@ /* automake test harness */ #define EXIT_TEST_SKIP 77 -#define XSTRINGIFY(x) #x -#define STRINGIFY(x) XSTRINGIFY(x) - /* builtins */ #if __SIZEOF_INT__ == 4 #define BUILTIN_FFS_U32(x) __builtin_ffs(x); diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build index 47768931082..ab5530bec17 100644 --- a/src/boot/efi/meson.build +++ b/src/boot/efi/meson.build @@ -102,6 +102,42 @@ if have_gnu_efi efi_conf.set10('ENABLE_TPM', get_option('tpm')) efi_conf.set('SD_TPM_PCR', get_option('tpm-pcrindex')) + if get_option('sbat-distro') != '' + efi_conf.set_quoted('SBAT_PROJECT', meson.project_name()) + efi_conf.set_quoted('PROJECT_VERSION', substs.get('PROJECT_VERSION')) + efi_conf.set_quoted('PROJECT_URL', substs.get('PROJECT_URL')) + if get_option('sbat-distro-generation') < 1 + error('SBAT Distro Generation must be a positive integer') + endif + efi_conf.set('SBAT_DISTRO_GENERATION', get_option('sbat-distro-generation')) + sbatvars = [['sbat-distro', 'ID'], + ['sbat-distro-summary', 'NAME'], + ['sbat-distro-url', 'BUG_REPORT_URL']] + foreach sbatvar : sbatvars + value = get_option(sbatvar[0]) + if value == '' or value == 'auto' + value = run_command('sh', '-c', 'if [ -e /etc/os-release ]; then . /etc/os-release; else . /usr/lib/os-release; fi; echo $' + sbatvar[1]).stdout().strip() + endif + if value == '' + error('Required @0@ option not set and autodetection failed'.format(sbatvar[0])) + endif + efi_conf.set_quoted(sbatvar[0].underscorify().to_upper(), value) + endforeach + + pkgname = get_option('sbat-distro-pkgname') + if pkgname == '' + pkgname = meson.project_name() + endif + efi_conf.set_quoted('SBAT_DISTRO_PKGNAME', pkgname) + + pkgver = get_option('sbat-distro-version') + if pkgver == '' + efi_conf.set('SBAT_DISTRO_VERSION', 'GIT_VERSION') + else + efi_conf.set_quoted('SBAT_DISTRO_VERSION', pkgver) + endif + endif + efi_config_h = configure_file( output : 'efi_config.h', configuration : efi_conf) @@ -244,6 +280,7 @@ if have_gnu_efi command : [objcopy, '-j', '.text', '-j', '.sdata', + '-j', '.sbat', '-j', '.data', '-j', '.dynamic', '-j', '.dynsym', diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c index cacf3b6a7b8..c1dfcfc5cb0 100644 --- a/src/boot/efi/secure-boot.c +++ b/src/boot/efi/secure-boot.c @@ -11,3 +11,10 @@ BOOLEAN secure_boot_enabled(void) { return !EFI_ERROR(err) && secure; } + +#ifdef SBAT_DISTRO +static const char sbat[] _used_ _section_ (".sbat") _align_ (512) = + "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md\n" + SBAT_PROJECT ",1,The systemd Developers," SBAT_PROJECT "," PROJECT_VERSION "," PROJECT_URL "\n" + SBAT_PROJECT "." SBAT_DISTRO "," STRINGIFY(SBAT_DISTRO_GENERATION) "," SBAT_DISTRO_SUMMARY "," SBAT_DISTRO_PKGNAME "," SBAT_DISTRO_VERSION "," SBAT_DISTRO_URL "\n"; +#endif diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h index 790920eb23b..6ff8372f3cd 100644 --- a/src/fundamental/macro-fundamental.h +++ b/src/fundamental/macro-fundamental.h @@ -7,11 +7,17 @@ #include "type.h" +#define _align_(x) __attribute__((__aligned__(x))) #define _const_ __attribute__((__const__)) #define _pure_ __attribute__((__pure__)) +#define _section_(x) __attribute__((__section__(x))) +#define _used_ __attribute__((__used__)) #define _unused_ __attribute__((__unused__)) #define _cleanup_(x) __attribute__((__cleanup__(x))) +#define XSTRINGIFY(x) #x +#define STRINGIFY(x) XSTRINGIFY(x) + #ifndef __COVERITY__ # define VOID_0 ((void)0) #else