mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
To: Lucas Stach <l.stach@pengutronix.de>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 2/5] efi: fix lds for secure boot support
Date: Fri, 10 Mar 2017 15:13:18 +0100	[thread overview]
Message-ID: <20170310141318.GC19458@mail.ovh.net> (raw)
In-Reply-To: <20170310135403.GA19458@mail.ovh.net>

On 14:54 Fri 10 Mar     , Jean-Christophe PLAGNIOL-VILLARD wrote:
> On 12:05 Fri 10 Mar     , Lucas Stach wrote:
> > Am Freitag, den 10.03.2017, 18:17 +0800 schrieb Jean-Christophe
> > PLAGNIOL-VILLARD:
> > > > On Mar 10, 2017, at 1:24 AM, Lucas Stach <l.stach@pengutronix.de> wrote:
> > > > 
> > > > Am Donnerstag, den 09.03.2017, 15:34 +0100 schrieb Jean-Christophe
> > > > PLAGNIOL-VILLARD:
> > > >> everythink need to be aligned to 4096
> > > > 
> > > > Why? The commit message isn't really telling anything.
> > > This is a requierment by EFI
> > 
> > This is in no way an EFI requirement.
> > 
> > Googling tells me that the signing procedure for EFI secure boot is
> > built around a PE binary. PE in turn is based on the COFF binary format
> > which, unlike ELF, has no section descriptions in the header and
> > therefore requires the sections to be placed page aligned (4K on x86, 4K
> > or 64K on ARM64).
> No COFF does not require to have section "page aligned" which is wrong here

This is the job of the loader to aligned them in memory but on EFI it's
required to sign the binary.

Best Regards,
J.

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

  parent reply	other threads:[~2017-03-10 14:07 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-09 14:31 [PATCH 0/5] EFI Secure " Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34 ` [PATCH 1/5] efi: add more security related guid for the efivars Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34   ` [PATCH 2/5] efi: fix lds for secure boot support Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 17:24     ` Lucas Stach
2017-03-10 10:17       ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-10 11:05         ` Lucas Stach
2017-03-10 13:54           ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-10 13:57             ` Lucas Stach
2017-03-10 14:13             ` Jean-Christophe PLAGNIOL-VILLARD [this message]
2017-03-09 14:34   ` [PATCH 3/5] efi: fix secure and setup mode report Jean-Christophe PLAGNIOL-VILLARD
2017-03-13  7:34     ` Sascha Hauer
2017-03-14  8:15       ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-09 14:34   ` [PATCH 4/5] boot: if we are in secure boot mode Jean-Christophe PLAGNIOL-VILLARD
2017-03-13  7:50     ` Sascha Hauer
2017-03-14  8:14       ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-13  7:55     ` Sascha Hauer
2017-03-14  8:07       ` Jean-Christophe PLAGNIOL-VILLARD
2017-03-14  9:48         ` Sascha Hauer
2017-03-09 14:34   ` [PATCH 5/5] efi: enable sercure boot support Jean-Christophe PLAGNIOL-VILLARD

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170310141318.GC19458@mail.ovh.net \
    --to=plagnioj@jcrosoft.com \
    --cc=barebox@lists.infradead.org \
    --cc=l.stach@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox