From: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
To: Lucas Stach <l.stach@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 2/5] efi: fix lds for secure boot support
Date: Fri, 10 Mar 2017 14:54:03 +0100 [thread overview]
Message-ID: <20170310135403.GA19458@mail.ovh.net> (raw)
In-Reply-To: <1489143938.24921.17.camel@pengutronix.de>
On 12:05 Fri 10 Mar , Lucas Stach wrote:
> Am Freitag, den 10.03.2017, 18:17 +0800 schrieb Jean-Christophe
> PLAGNIOL-VILLARD:
> > > On Mar 10, 2017, at 1:24 AM, Lucas Stach <l.stach@pengutronix.de> wrote:
> > >
> > > Am Donnerstag, den 09.03.2017, 15:34 +0100 schrieb Jean-Christophe
> > > PLAGNIOL-VILLARD:
> > >> everythink need to be aligned to 4096
> > >
> > > Why? The commit message isn't really telling anything.
> > This is a requierment by EFI
>
> This is in no way an EFI requirement.
>
> Googling tells me that the signing procedure for EFI secure boot is
> built around a PE binary. PE in turn is based on the COFF binary format
> which, unlike ELF, has no section descriptions in the header and
> therefore requires the sections to be placed page aligned (4K on x86, 4K
> or 64K on ARM64).
No COFF does not require to have section "page aligned" which is wrong here
The is a Requirement by EFI from secure boot
Otherwise EFI will not work today
>
> All of the above is what should have been included in the commit
> message, to allow other people to understand the commit and not require
> them to google their way to the justification of this commit.
And read the Spec is required to undrestant EFI no?
Or I need to put the spec in the commit too?
Best Regards,
J
>
> Regards,
> Lucas
>
> > Best Regards,
> > J.
> > >
> > > Regards,
> > > Lucas
> > >
> > >>
> > >> Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
> > >> ---
> > >> arch/x86/mach-efi/elf_ia32_efi.lds.S | 10 +++++++---
> > >> arch/x86/mach-efi/elf_x86_64_efi.lds.S | 10 ++++++----
> > >> arch/x86/mach-efi/include/mach/barebox.lds.h | 14 +++++++++++++-
> > >> include/asm-generic/barebox.lds.h | 8 +++++---
> > >> 4 files changed, 31 insertions(+), 11 deletions(-)
> > >>
> > >> diff --git a/arch/x86/mach-efi/elf_ia32_efi.lds.S b/arch/x86/mach-efi/elf_ia32_efi.lds.S
> > >> index 69f43f554..6d9cb973c 100644
> > >> --- a/arch/x86/mach-efi/elf_ia32_efi.lds.S
> > >> +++ b/arch/x86/mach-efi/elf_ia32_efi.lds.S
> > >> @@ -50,22 +50,23 @@ SECTIONS
> > >> *(COMMON)
> > >> }
> > >>
> > >> - . = ALIGN(64);
> > >> + . = ALIGN(4096);
> > >>
> > >> __barebox_initcalls_start = .;
> > >> __barebox_initcalls : { INITCALLS }
> > >> __barebox_initcalls_end = .;
> > >> + . = ALIGN(4096);
> > >>
> > >> __barebox_exitcalls_start = .;
> > >> __barebox_exitcalls : { EXITCALLS }
> > >> __barebox_exitcalls_end = .;
> > >>
> > >> - . = ALIGN(64);
> > >> + . = ALIGN(4096);
> > >> __barebox_magicvar_start = .;
> > >> .barebox_magicvar : { BAREBOX_MAGICVARS }
> > >> __barebox_magicvar_end = .;
> > >>
> > >> - . = ALIGN(64);
> > >> + . = ALIGN(4096);
> > >> __barebox_cmd_start = .;
> > >> __barebox_cmd : { BAREBOX_CMDS }
> > >> __barebox_cmd_end = .;
> > >> @@ -76,6 +77,9 @@ SECTIONS
> > >> .rel : {
> > >> *(.rel.data)
> > >> *(.rel.data.*)
> > >> + *(.rela.barebox*)
> > >> + *(.rela.initcall*)
> > >> + *(.rela.exitcall*)
> > >> *(.rel.got)
> > >> *(.rel.stab)
> > >> *(.data.rel.ro.local)
> > >> diff --git a/arch/x86/mach-efi/elf_x86_64_efi.lds.S b/arch/x86/mach-efi/elf_x86_64_efi.lds.S
> > >> index 93d34d17a..8216d1d70 100644
> > >> --- a/arch/x86/mach-efi/elf_x86_64_efi.lds.S
> > >> +++ b/arch/x86/mach-efi/elf_x86_64_efi.lds.S
> > >> @@ -23,6 +23,7 @@ SECTIONS
> > >> *(.text)
> > >> *(.text.*)
> > >> *(.gnu.linkonce.t.*)
> > >> + . = ALIGN(16);
> > >> }
> > >>
> > >> _etext = .;
> > >> @@ -33,8 +34,8 @@ SECTIONS
> > >> *(.reloc)
> > >> }
> > >>
> > >> - . = ALIGN(4096);
> > >> _sdata = .;
> > >> + . = ALIGN(4096);
> > >>
> > >> .data : {
> > >> *(.rodata*)
> > >> @@ -52,22 +53,23 @@ SECTIONS
> > >> *(.rel.local)
> > >> }
> > >>
> > >> - . = ALIGN(64);
> > >> + . = ALIGN(4096);
> > >>
> > >> __barebox_initcalls_start = .;
> > >> __barebox_initcalls : { INITCALLS }
> > >> __barebox_initcalls_end = .;
> > >> + . = ALIGN(4096);
> > >>
> > >> __barebox_exitcalls_start = .;
> > >> __barebox_exitcalls : { EXITCALLS }
> > >> __barebox_exitcalls_end = .;
> > >>
> > >> - . = ALIGN(64);
> > >> + . = ALIGN(4096);
> > >> __barebox_magicvar_start = .;
> > >> .barebox_magicvar : { BAREBOX_MAGICVARS }
> > >> __barebox_magicvar_end = .;
> > >>
> > >> - . = ALIGN(64);
> > >> + . = ALIGN(4096);
> > >> __barebox_cmd_start = .;
> > >> __barebox_cmd : { BAREBOX_CMDS }
> > >> __barebox_cmd_end = .;
> > >> diff --git a/arch/x86/mach-efi/include/mach/barebox.lds.h b/arch/x86/mach-efi/include/mach/barebox.lds.h
> > >> index 40a8c178f..e7a3bb9cd 100644
> > >> --- a/arch/x86/mach-efi/include/mach/barebox.lds.h
> > >> +++ b/arch/x86/mach-efi/include/mach/barebox.lds.h
> > >> @@ -1 +1,13 @@
> > >> -/* empty */
> > >> +/*
> > >> + * Copyright (C) 2017 Jean-Christophe PLAGNIOL-VILLARD <plagnio@jcrosoft.com>
> > >> + *
> > >> + * Under GPL v2
> > >> + */
> > >> +
> > >> +#ifndef __EFI_MACH_BAREBOX_LDS_H__
> > >> +#define __EFI_MACH_BAREBOX_LDS_H__
> > >> +
> > >> +/* For secure boot we need all the section to be 4096 alligned */
> > >> +#define STRUCT_ALIGNMENT 4096
> > >> +
> > >> +#endif /* __EFI_MACH_BAREBOX_LDS_H__ */
> > >> diff --git a/include/asm-generic/barebox.lds.h b/include/asm-generic/barebox.lds.h
> > >> index c8a919b92..6c37751b3 100644
> > >> --- a/include/asm-generic/barebox.lds.h
> > >> +++ b/include/asm-generic/barebox.lds.h
> > >> @@ -3,15 +3,17 @@
> > >> * Align to a 32 byte boundary equal to the
> > >> * alignment gcc 4.5 uses for a struct
> > >> */
> > >> -#define STRUCT_ALIGNMENT 32
> > >> -#define STRUCT_ALIGN() . = ALIGN(STRUCT_ALIGNMENT)
> > >> -
> > >> #if defined CONFIG_X86 || \
> > >> defined CONFIG_ARCH_EP93XX || \
> > >> defined CONFIG_ARCH_ZYNQ
> > >> #include <mach/barebox.lds.h>
> > >> #endif
> > >>
> > >> +#ifndef STRUCT_ALIGNMENT
> > >> +#define STRUCT_ALIGNMENT 32
> > >> +#endif
> > >> +#define STRUCT_ALIGN() . = ALIGN(STRUCT_ALIGNMENT)
> > >> +
> > >> #ifndef PRE_IMAGE
> > >> #define PRE_IMAGE
> > >> #endif
> > >
> > >
> >
>
>
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2017-03-10 13:48 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-09 14:31 [PATCH 0/5] EFI Secure " Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 1/5] efi: add more security related guid for the efivars Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 2/5] efi: fix lds for secure boot support Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 17:24 ` Lucas Stach
2017-03-10 10:17 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-10 11:05 ` Lucas Stach
2017-03-10 13:54 ` Jean-Christophe PLAGNIOL-VILLARD [this message]
2017-03-10 13:57 ` Lucas Stach
2017-03-10 14:13 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 3/5] efi: fix secure and setup mode report Jean-Christophe PLAGNIOL-VILLARD
2017-03-13 7:34 ` Sascha Hauer
2017-03-14 8:15 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 4/5] boot: if we are in secure boot mode Jean-Christophe PLAGNIOL-VILLARD
2017-03-13 7:50 ` Sascha Hauer
2017-03-14 8:14 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-13 7:55 ` Sascha Hauer
2017-03-14 8:07 ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-14 9:48 ` Sascha Hauer
2017-03-09 14:34 ` [PATCH 5/5] efi: enable sercure boot support Jean-Christophe PLAGNIOL-VILLARD
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170310135403.GA19458@mail.ovh.net \
--to=plagnioj@jcrosoft.com \
--cc=barebox@lists.infradead.org \
--cc=l.stach@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox