#
97ba4416 |
|
18-Dec-2023 |
Masahiro Yamada <masahiroy@kernel.org> |
efi/libstub: zboot: do not use $(shell ...) in cmd_copy_and_pad You do not need to use $(shell ...) in recipe lines, as they are already executed in a shell. An alternative solution is $$(...), which is an escaped sequence of the shell's command substituion, $(...). For this case, there is a reason to avoid $(shell ...). Kbuild detects command changes by using the if_changed macro, which compares the previous command recorded in .*.cmd with the current command from Makefile. If they differ, Kbuild re-runs the build rule. To diff the commands, Make must expand $(shell ...) first. It means that hexdump is executed every time, even when nothing needs rebuilding. If Kbuild determines that vmlinux.bin needs rebuilding, hexdump will be executed again to evaluate the 'cmd' macro, one more time to really build vmlinux.bin, and finally yet again to record the expanded command into .*.cmd. Replace $(shell ...) with $$(...) to avoid multiple, unnecessay shell evaluations. Since Make is agnostic about the shell code, $(...), the if_changed macro compares the string "$(hexdump -s16 -n4 ...)" verbatim, so hexdump is run only for building vmlinux.bin. For the same reason, $(shell ...) in EFI_ZBOOT_OBJCOPY_FLAGS should be eliminated. While I was here, I replaced '&&' with ';' because a command for if_changed is executed with 'set -e'. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20231218080127.907460-1-masahiroy@kernel.org Signed-off-by: Will Deacon <will@kernel.org>
|
#
095aabe3 |
|
22-May-2023 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: zboot: Avoid eager evaluation of objcopy flags The Make variable containing the objcopy flags may be constructed from the output of build tools operating on build artifacts, and these may not exist when doing a make clean. So avoid evaluating them eagerly, to prevent spurious build warnings. Suggested-by: Pedro Falcato <pedro.falcato@gmail.com> Tested-by: Alan Bartlett <ajb@elrepo.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
#
026b8579 |
|
18-Apr-2023 |
Ard Biesheuvel <ardb@kernel.org> |
efi/zboot: arm64: Grab code size from ELF symbol in payload Instead of relying on a dodgy dd hack to copy the image code size from the uncompressed image's PE header to the end of the compressed image, let's grab the code size from the symbol that is injected into the ELF object by the Kbuild rules that generate the compressed payload. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Mark Rutland <mark.rutland@arm.com>
|
#
45dd403d |
|
18-Apr-2023 |
Ard Biesheuvel <ardb@kernel.org> |
efi/zboot: arm64: Inject kernel code size symbol into the zboot payload The EFI zboot code is not built as part of the kernel proper, like the ordinary EFI stub, but still needs access to symbols that are defined only internally in the kernel, and are left unexposed deliberately to avoid creating ABI inadvertently that we're stuck with later. So capture the kernel code size of the kernel image, and inject it as an ELF symbol into the object that contains the compressed payload, where it will be accessible to zboot code that needs it. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Mark Rutland <mark.rutland@arm.com>
|
#
538bc0f4 |
|
18-Apr-2023 |
Ard Biesheuvel <ardb@kernel.org> |
efi/zboot: Set forward edge CFI compat header flag if supported Add some plumbing to the zboot EFI header generation to set the newly introduced DllCharacteristicsEx flag associated with forward edge CFI enforcement instructions (BTI on arm64, IBT on x86) x86 does not currently uses the zboot infrastructure, so let's wire it up only for arm64. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
#
bca2f3a9 |
|
18-Apr-2023 |
Ard Biesheuvel <ardb@kernel.org> |
efi/zboot: Add BSS padding before compression We don't really care about the size of the decompressed image - what matters is how much space needs to be allocated for the image to execute, and this includes space for BSS that is not part of the loadable image and so it is not accounted for in the decompressed size. So let's add some zero padding to the end of the image: this compresses well, and it ensures that BSS is accounted for, and as a bonus, it will be zeroed before launching the image. Since all architectures that implement support for EFI zboot carry this value in the header in the same location, we can just grab it from the binary that is being compressed. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
#
97fd768e |
|
21-Mar-2023 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: zboot: Add compressed image to make targets Avoid needlessly rebuilding the compressed image by adding the file 'vmlinuz' to the 'targets' Kbuild make variable. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
#
1f1ba325 |
|
12-Oct-2022 |
Ard Biesheuvel <ardb@kernel.org> |
efi: libstub: Add image code and data size to the zimage metadata In order to be able to switch from LoadImage() [which treats the supplied PE/COFF image as file input only, and reconstructs the memory image based on the section descriptors] to a mode where we allocate the memory directly, and invoke the image in place, we need to now how much memory to allocate beyond the end of the image. So copy this information from the payload's PE/COFF header to the end of the compressed version of the payload, so that the decompressor app can access it before performing the decompression itself. We'll also need to size of the code region once we switch arm64 to jumping to the kernel proper with MMU and caches enabled, so let's capture that information as well. Note that SizeOfCode does not account for the header, so we need SizeOfHeaders as well. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
#
f57fb375 |
|
16-Oct-2022 |
Ard Biesheuvel <ardb@kernel.org> |
efi: libstub: Remove zboot signing from build options The zboot decompressor series introduced a feature to sign the PE/COFF kernel image for secure boot as part of the kernel build. This was necessary because there are actually two images that need to be signed: the kernel with the EFI stub attached, and the decompressor application. This is a bit of a burden, because it means that the images must be signed on the the same system that performs the build, and this is not realistic for distros. During the next cycle, we will introduce changes to the zboot code so that the inner image no longer needs to be signed. This means that the outer PE/COFF image can be handled as usual, and be signed later in the release process. Let's remove the associated Kconfig options now so that they don't end up in a LTS release while already being deprecated. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
#
a0509109 |
|
01-May-2022 |
Ard Biesheuvel <ardb@kernel.org> |
efi/libstub: implement generic EFI zboot Implement a minimal EFI app that decompresses the real kernel image and launches it using the firmware's LoadImage and StartImage boot services. This removes the need for any arch-specific hacks. Note that on systems that have UEFI secure boot policies enabled, LoadImage/StartImage require images to be signed, or their hashes known a priori, in order to be permitted to boot. There are various possible strategies to work around this requirement, but they all rely either on overriding internal PI/DXE protocols (which are not part of the EFI spec) or omitting the firmware provided LoadImage() and StartImage() boot services, which is also undesirable, given that they encapsulate platform specific policies related to secure boot and measured boot, but also related to memory permissions (whether or not and which types of heap allocations have both write and execute permissions.) The only generic and truly portable way around this is to simply sign both the inner and the outer image with the same key/cert pair, so this is what is implemented here. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|