The EFI zboot code needs access to the kernel code size, in order to be able to determine which part of the image needs to be cleaned to the PoU, and does not tolerate being mapped with non-executable permissions. Instead of adding [0] this to the kernel image header, which makes it ABI, let's use Kbuild rules to inject this quantity into the zboot payload ELF object. [0] https://lore.kernel.org/all/20230418134952.1170141-1-ardb@xxxxxxxxxx/ Ard Biesheuvel (2): efi/zboot: arm64: Inject kernel code size symbol into the zboot payload efi/zboot: arm64: Grab kernel code size from zboot payload arch/arm64/boot/Makefile | 3 +++ arch/arm64/kernel/image-vars.h | 4 ++++ drivers/firmware/efi/libstub/Makefile.zboot | 16 ++++------------ drivers/firmware/efi/libstub/arm64.c | 19 +++++++++++++------ drivers/firmware/efi/libstub/efistub.h | 3 +-- drivers/firmware/efi/libstub/zboot.c | 15 ++++----------- drivers/firmware/efi/libstub/zboot.lds | 7 +++++++ 7 files changed, 36 insertions(+), 31 deletions(-) -- 2.39.2
