x86 efistub stable backports for v6.6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

(cc stakeholders from various distros - apologies if I missed anyone)

Please consider the patches below for backporting to the linux-6.6.y
stable tree.

These are prerequisites for building a signed x86 efistub kernel image
that complies with the tightened UEFI boot requirements imposed by
MicroSoft, and this is the condition under which it is willing to sign
future Linux secure boot shim builds with its 3rd party CA
certificate. (Such builds must enforce a strict separation between
executable and writable code, among other things)

The patches apply cleanly onto 6.6.17 (-rc2), resulting in a defconfig
build that boots as expected under OVMF/KVM.

5f51c5d0e905 x86/efi: Drop EFI stub .bss from .data section
7e50262229fa x86/efi: Disregard setup header of loaded image
bfab35f552ab x86/efi: Drop alignment flags from PE section headers
768171d7ebbc x86/boot: Remove the 'bugger off' message
8eace5b35556 x86/boot: Omit compression buffer from PE/COFF image
memory footprint
7448e8e5d15a x86/boot: Drop redundant code setting the root device
b618d31f112b x86/boot: Drop references to startup_64
2e765c02dcbf x86/boot: Grab kernel_info offset from zoffset header directly
eac956345f99 x86/boot: Set EFI handover offset directly in header asm
093ab258e3fb x86/boot: Define setup size in linker script
aeb92067f6ae x86/boot: Derive file size from _edata symbol
efa089e63b56 x86/boot: Construct PE/COFF .text section from assembler
fa5750521e0a x86/boot: Drop PE/COFF .reloc section
34951f3c28bd x86/boot: Split off PE/COFF .data section
3e3eabe26dc8 x86/boot: Increase section and file alignment to 4k/512

1ad55cecf22f x86/efistub: Use 1:1 file:memory mapping for PE/COFF
.compat section


 arch/x86/boot/Makefile                  |   2 +-
 arch/x86/boot/compressed/vmlinux.lds.S  |   6 +-
 arch/x86/boot/header.S                  | 211 ++++++++++--------------
 arch/x86/boot/setup.ld                  |  14 +-
 arch/x86/boot/tools/build.c             | 273 ++------------------------------
 drivers/firmware/efi/libstub/Makefile   |   7 -
 drivers/firmware/efi/libstub/x86-stub.c |  46 +-----
 7 files changed, 112 insertions(+), 447 deletions(-)
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux