From: Lucas Stach <l.stach@pengutronix.de>
To: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 2/5] efi: fix lds for secure boot support
Date: Fri, 10 Mar 2017 12:05:38 +0100 [thread overview]
Message-ID: <1489143938.24921.17.camel@pengutronix.de> (raw)
In-Reply-To: <DA9CFBDA-E7D8-48B7-9CAC-73FDD1A51148@jcrosoft.com>
Am Freitag, den 10.03.2017, 18:17 +0800 schrieb Jean-Christophe
PLAGNIOL-VILLARD:
> > On Mar 10, 2017, at 1:24 AM, Lucas Stach <l.stach@pengutronix.de> wrote:
> >
> > Am Donnerstag, den 09.03.2017, 15:34 +0100 schrieb Jean-Christophe
> > PLAGNIOL-VILLARD:
> >> everythink need to be aligned to 4096
> >
> > Why? The commit message isn't really telling anything.
> This is a requierment by EFI
This is in no way an EFI requirement.
Googling tells me that the signing procedure for EFI secure boot is
built around a PE binary. PE in turn is based on the COFF binary format
which, unlike ELF, has no section descriptions in the header and
therefore requires the sections to be placed page aligned (4K on x86, 4K
or 64K on ARM64).
All of the above is what should have been included in the commit
message, to allow other people to understand the commit and not require
them to google their way to the justification of this commit.
Regards,
Lucas
> Best Regards,
> J.
> >
> > Regards,
> > Lucas
> >
> >>
> >> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> >> ---
> >> arch/x86/mach-efi/elf_ia32_efi.lds.S | 10 +++++++---
> >> arch/x86/mach-efi/elf_x86_64_efi.lds.S | 10 ++++++----
> >> arch/x86/mach-efi/include/mach/barebox.lds.h | 14 +++++++++++++-
> >> include/asm-generic/barebox.lds.h | 8 +++++---
> >> 4 files changed, 31 insertions(+), 11 deletions(-)
> >>
> >> diff --git a/arch/x86/mach-efi/elf_ia32_efi.lds.S b/arch/x86/mach-efi/elf_ia32_efi.lds.S
> >> index 69f43f554..6d9cb973c 100644
> >> --- a/arch/x86/mach-efi/elf_ia32_efi.lds.S
> >> +++ b/arch/x86/mach-efi/elf_ia32_efi.lds.S
> >> @@ -50,22 +50,23 @@ SECTIONS
> >> *(COMMON)
> >> }
> >>
> >> - . = ALIGN(64);
> >> + . = ALIGN(4096);
> >>
> >> __barebox_initcalls_start = .;
> >> __barebox_initcalls : { INITCALLS }
> >> __barebox_initcalls_end = .;
> >> + . = ALIGN(4096);
> >>
> >> __barebox_exitcalls_start = .;
> >> __barebox_exitcalls : { EXITCALLS }
> >> __barebox_exitcalls_end = .;
> >>
> >> - . = ALIGN(64);
> >> + . = ALIGN(4096);
> >> __barebox_magicvar_start = .;
> >> .barebox_magicvar : { BAREBOX_MAGICVARS }
> >> __barebox_magicvar_end = .;
> >>
> >> - . = ALIGN(64);
> >> + . = ALIGN(4096);
> >> __barebox_cmd_start = .;
> >> __barebox_cmd : { BAREBOX_CMDS }
> >> __barebox_cmd_end = .;
> >> @@ -76,6 +77,9 @@ SECTIONS
> >> .rel : {
> >> *(.rel.data)
> >> *(.rel.data.*)
> >> + *(.rela.barebox*)
> >> + *(.rela.initcall*)
> >> + *(.rela.exitcall*)
> >> *(.rel.got)
> >> *(.rel.stab)
> >> *(.data.rel.ro.local)
> >> diff --git a/arch/x86/mach-efi/elf_x86_64_efi.lds.S b/arch/x86/mach-efi/elf_x86_64_efi.lds.S
> >> index 93d34d17a..8216d1d70 100644
> >> --- a/arch/x86/mach-efi/elf_x86_64_efi.lds.S
> >> +++ b/arch/x86/mach-efi/elf_x86_64_efi.lds.S
> >> @@ -23,6 +23,7 @@ SECTIONS
> >> *(.text)
> >> *(.text.*)
> >> *(.gnu.linkonce.t.*)
> >> + . = ALIGN(16);
> >> }
> >>
> >> _etext = .;
> >> @@ -33,8 +34,8 @@ SECTIONS
> >> *(.reloc)
> >> }
> >>
> >> - . = ALIGN(4096);
> >> _sdata = .;
> >> + . = ALIGN(4096);
> >>
> >> .data : {
> >> *(.rodata*)
> >> @@ -52,22 +53,23 @@ SECTIONS
> >> *(.rel.local)
> >> }
> >>
> >> - . = ALIGN(64);
> >> + . = ALIGN(4096);
> >>
> >> __barebox_initcalls_start = .;
> >> __barebox_initcalls : { INITCALLS }
> >> __barebox_initcalls_end = .;
> >> + . = ALIGN(4096);
> >>
> >> __barebox_exitcalls_start = .;
> >> __barebox_exitcalls : { EXITCALLS }
> >> __barebox_exitcalls_end = .;
> >>
> >> - . = ALIGN(64);
> >> + . = ALIGN(4096);
> >> __barebox_magicvar_start = .;
> >> .barebox_magicvar : { BAREBOX_MAGICVARS }
> >> __barebox_magicvar_end = .;
> >>
> >> - . = ALIGN(64);
> >> + . = ALIGN(4096);
> >> __barebox_cmd_start = .;
> >> __barebox_cmd : { BAREBOX_CMDS }
> >> __barebox_cmd_end = .;
> >> diff --git a/arch/x86/mach-efi/include/mach/barebox.lds.h b/arch/x86/mach-efi/include/mach/barebox.lds.h
> >> index 40a8c178f..e7a3bb9cd 100644
> >> --- a/arch/x86/mach-efi/include/mach/barebox.lds.h
> >> +++ b/arch/x86/mach-efi/include/mach/barebox.lds.h
> >> @@ -1 +1,13 @@
> >> -/* empty */
> >> +/*
> >> + * Copyright (C) 2017 Jean-Christophe PLAGNIOL-VILLARD <plagnio@jcrosoft.com>
> >> + *
> >> + * Under GPL v2
> >> + */
> >> +
> >> +#ifndef __EFI_MACH_BAREBOX_LDS_H__
> >> +#define __EFI_MACH_BAREBOX_LDS_H__
> >> +
> >> +/* For secure boot we need all the section to be 4096 alligned */
> >> +#define STRUCT_ALIGNMENT 4096
> >> +
> >> +#endif /* __EFI_MACH_BAREBOX_LDS_H__ */
> >> diff --git a/include/asm-generic/barebox.lds.h b/include/asm-generic/barebox.lds.h
> >> index c8a919b92..6c37751b3 100644
> >> --- a/include/asm-generic/barebox.lds.h
> >> +++ b/include/asm-generic/barebox.lds.h
> >> @@ -3,15 +3,17 @@
> >> * Align to a 32 byte boundary equal to the
> >> * alignment gcc 4.5 uses for a struct
> >> */
> >> -#define STRUCT_ALIGNMENT 32
> >> -#define STRUCT_ALIGN() . = ALIGN(STRUCT_ALIGNMENT)
> >> -
> >> #if defined CONFIG_X86 || \
> >> defined CONFIG_ARCH_EP93XX || \
> >> defined CONFIG_ARCH_ZYNQ
> >> #include <mach/barebox.lds.h>
> >> #endif
> >>
> >> +#ifndef STRUCT_ALIGNMENT
> >> +#define STRUCT_ALIGNMENT 32
> >> +#endif
> >> +#define STRUCT_ALIGN() . = ALIGN(STRUCT_ALIGNMENT)
> >> +
> >> #ifndef PRE_IMAGE
> >> #define PRE_IMAGE
> >> #endif
> >
> >
>
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2017-03-10 11:06 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-09 14:31 [PATCH 0/5] EFI Secure " Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 1/5] efi: add more security related guid for the efivars Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 2/5] efi: fix lds for secure boot support Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 17:24 ` Lucas Stach
2017-03-10 10:17 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-10 11:05 ` Lucas Stach [this message]
2017-03-10 13:54 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-10 13:57 ` Lucas Stach
2017-03-10 14:13 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 3/5] efi: fix secure and setup mode report Jean-Christophe PLAGNIOL-VILLARD
2017-03-13 7:34 ` Sascha Hauer
2017-03-14 8:15 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 4/5] boot: if we are in secure boot mode Jean-Christophe PLAGNIOL-VILLARD
2017-03-13 7:50 ` Sascha Hauer
2017-03-14 8:14 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-13 7:55 ` Sascha Hauer
2017-03-14 8:07 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-14 9:48 ` Sascha Hauer
2017-03-09 14:34 ` [PATCH 5/5] efi: enable sercure boot support Jean-Christophe PLAGNIOL-VILLARD
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1489143938.24921.17.camel@pengutronix.de \
--to=l.stach@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=plagnioj@jcrosoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox