On 8 September 2017 at 14:50, Gregory CLEMENT <gregory.clement@xxxxxxxxxxxxxxxxxx> wrote: > Hi Ard, > > On jeu., juin 29 2017, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > >> To prevent unintended modifications to the kernel text (malicious or >> otherwise) while running the EFI stub, describe the kernel image as >> two separate sections: a .text section with read-execute permissions, >> covering .text, .rodata, .piggytext and the GOT sections (which the >> stub does not care about anyway), and a .data section with read-write >> permissions, covering .data and .bss. >> >> This relies on the firmware to actually take the section permission >> flags into account, but this is something that is currently being >> implemented in EDK2, which means we will likely start seeing it in >> the wild between one and two years from now. > > This patch had been merged in mainline yesterday and now prevent the > Marvell Armada 370 and the Armada XP based SoC to boot. I also suspect > that more Socs are impacted because the number of boot fail exploded > according to kci: > https://kernelci.org/boot/all/job/mainline/branch/master/kernel/v4.13-8899-g8dc5b3a6cb2f/ > Ouch. > I found this patch after bisecting (I can provide the bisect log if > needed). > > The kernel failed to boot only if CONFIG_EFI is enabled so it occurs in > multi_v7_defconfig but not with mvebu_v7_defconfig. > > Currently the solution is to revert this patch. > > Have you a better option? > I will investigate. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
