* [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-11 10:20 Gary Lin
2017-04-11 17:37 ` Ard Biesheuvel
2017-04-13 22:21 ` hpa-YMNOUZJC4hwAvxtiuMwx3w
0 siblings, 2 replies; 11+ messages in thread
From: Gary Lin @ 2017-04-11 10:20 UTC (permalink / raw)
To: Thomas Gleixner, Ingo Molnar, H . Peter Anvin
Cc: x86, linux-kernel, linux-efi, Gary Lin, Masahiro Yamada,
Michal Marek, Matt Fleming, Ard Biesheuvel, Joey Lee,
Vojtech Pavlik
This commit adds the new config options to allow the user to modify the
following fields in the PE-COFF header.
UINT16 MajorOperatingSystemVersion
UINT16 MinorOperatingSystemVersion
UINT16 MajorImageVersion
UINT16 MinorImageVersion
Those fields are mainly for the executables or libraries in Windows NT
or higher to specify the minimum supported Windows version and the
version of the image itself.
Given the fact that those fields are ignored in UEFI, we can safely reuse
those fields for other purposes, e.g. Security Version(*).
(*) https://github.com/lcp/shim/wiki/Security-Version
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Michal Marek <mmarek@suse.com>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Joey Lee <jlee@suse.com>
Cc: Vojtech Pavlik <vojtech@suse.cz>
Signed-off-by: Gary Lin <glin@suse.com>
Tested-by: Joey Lee <jlee@suse.com>
---
arch/x86/Kconfig | 24 +++++++
arch/x86/boot/Makefile | 10 +++
scripts/efiversion.pl | 192 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 226 insertions(+)
create mode 100755 scripts/efiversion.pl
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 5bbdef151805..f281c0ff3ff6 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1803,6 +1803,30 @@ config EFI_STUB
See Documentation/efi-stub.txt for more information.
+config EFI_MAJOR_OS_VERSION
+ hex "EFI Major OS Version"
+ range 0x0 0xFFFF
+ default "0x0"
+ depends on EFI_STUB
+
+config EFI_MINOR_OS_VERSION
+ hex "EFI Minor OS Version"
+ range 0x0 0xFFFF
+ default "0x0"
+ depends on EFI_STUB
+
+config EFI_MAJOR_IMAGE_VERSION
+ hex "EFI Major Image Version"
+ range 0x0 0xFFFF
+ default "0x0"
+ depends on EFI_STUB
+
+config EFI_MINOR_IMAGE_VERSION
+ hex "EFI Minor Image Version"
+ range 0x0 0xFFFF
+ default "0x0"
+ depends on EFI_STUB
+
config EFI_MIXED
bool "EFI mixed-mode support"
depends on EFI_STUB && X86_64
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
index 0d810fb15eac..b9de8b50f32a 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -76,8 +76,18 @@ quiet_cmd_image = BUILD $@
cmd_image = $(obj)/tools/build $(obj)/setup.bin $(obj)/vmlinux.bin \
$(obj)/zoffset.h $@
+cmd_efiversion = scripts/efiversion.pl \
+ --major-os=$(CONFIG_EFI_MAJOR_OS_VERSION) \
+ --minor-os=$(CONFIG_EFI_MINOR_OS_VERSION) \
+ --major-image=$(CONFIG_EFI_MAJOR_IMAGE_VERSION) \
+ --minor-image=$(CONFIG_EFI_MINOR_IMAGE_VERSION) \
+ $@
+
$(obj)/bzImage: $(obj)/setup.bin $(obj)/vmlinux.bin $(obj)/tools/build FORCE
$(call if_changed,image)
+ifeq ($(CONFIG_EFI_STUB),y)
+ $(call if_changed,efiversion,$@)
+endif
@echo 'Kernel: $@ is ready' ' (#'`cat .version`')'
OBJCOPYFLAGS_vmlinux.bin := -O binary -R .note -R .comment -S
diff --git a/scripts/efiversion.pl b/scripts/efiversion.pl
new file mode 100755
index 000000000000..fe730d10638a
--- /dev/null
+++ b/scripts/efiversion.pl
@@ -0,0 +1,192 @@
+#!/usr/bin/perl
+
+=head1 efiversion.pl
+
+efiversion.pl - show or modify the version fields in the EFI image
+
+=head1 SYNOPSIS
+
+efiversion.pl [OPTIONS] FILE
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<--major-os=NUMBER>
+
+assign the major OS version
+
+=item B<--minor-os=NUMBER>
+
+assign the minor OS version
+
+=item B<--major-image=NUMBER>
+
+assign the major image version
+
+=item B<--minor-image=NUMBER>
+
+assign the minor image version
+
+=item B<--help, -h>
+
+print help
+
+=back
+
+=head1 DESCRIPTION
+
+A script to modify the version fields in the header of the EFI image
+
+Show the versions:
+$ efiversion.pl sample.efi
+
+Modify the versions:
+$ efiversion.pl --major-os=1 --minor-os=2 sample.efi
+
+=cut
+
+use strict;
+use warnings;
+use FileHandle;
+use Getopt::Long;
+Getopt::Long::Configure("no_ignore_case");
+
+my %options;
+
+sub usage($) {
+ my $r = shift;
+ eval "use Pod::Usage; pod2usage($r);";
+ if ($@) {
+ die "cannot display help, install perl(Pod::Usage)\n";
+ }
+}
+
+my $options;
+my $major_os = '';
+my $minor_os = '';
+my $major_image = '';
+my $minor_image = '';
+my $help = '';
+my $overwrite = '';
+
+GetOptions(
+ "major-os=o" => \$major_os,
+ "minor-os=o" => \$minor_os,
+ "major-image=o" => \$major_image,
+ "minor-image=o" => \$minor_image,
+ "help|h" => \$help,
+) or usage(1);
+
+usage(1) unless @ARGV;
+usage(0) if ($help);
+
+sub not_ushort($)
+{
+ my ($number) = @_;
+
+ return 0 unless $number;
+ return 1 if ($number < 0 or $number > 0xFFFF);
+
+ $overwrite = "y";
+
+ return 0;
+}
+
+sub check_args
+{
+ return 0 if not_ushort($major_os);
+ return 0 if not_ushort($minor_os);
+ return 0 if not_ushort($major_image);
+ return 0 if not_ushort($minor_image);
+ return 1;
+}
+
+sub read_file($)
+{
+ my ($file) = @_;
+ my $contents;
+ my $len;
+
+ open(FD, "<$file") || die $file;
+ binmode FD;
+ my @st = stat(FD);
+ die $file if (!@st);
+ $len = read(FD, $contents, $st[7]) || die $file;
+ close(FD) || die $file;
+ die "$file: Wanted length ", $st[7], ", got ", $len, "\n"
+ if ($len != $st[7]);
+ return $contents;
+}
+
+sub get_signature_offset($)
+{
+ my ($image) = @_;
+
+ # e_magic must be 'M''Z'
+ my ($e_magic) = unpack("n", substr($image, 0, 2));
+ die "not a EFI Image\n" unless ($e_magic == 0x4D5A);
+
+ # Get the offset to the PE signature
+ my ($e_lfanew) = unpack("V", substr($image, 0x3C, 4));
+
+ # Match Signature 'P''E''\0''\0'
+ my ($Signature) = unpack("N", substr($image, $e_lfanew, 4));
+ die "not a PE Image\n" unless ($Signature == 0x50450000);
+
+ return $e_lfanew;
+}
+
+sub write_file($)
+{
+ my ($file, $contents) = @_;
+
+ open(FD, ">$file") || die $file;
+ binmode FD;
+ print FD $contents;
+ close(FD) || die $file;
+}
+
+sub set_version($)
+{
+ my ($image_ptr, $offset, $value) = @_;
+ my $packed = pack("v", $value);
+ substr($$image_ptr, $offset, 2, $packed);
+}
+
+die "invalid arguments\n" unless check_args;
+
+my ($file) = @ARGV;
+my $pe_image = read_file($file) if ($file);
+my $e_lfanew = get_signature_offset($pe_image);
+
+# [PE Signature][COFF File Header][Optional Header]
+# 4 bytes 20 bytes
+#
+# The offset of MajorOperatingSystemVersion in the Optional Header: 40
+#
+# The file offset of MajorOperatingSystemVersion: $e_lfanew + 24 + 40
+#
+# Our targets:
+# UINT16 MajorOperatingSystemVersion;
+# UINT16 MinorOperatingSystemVersion;
+# UINT16 MajorImageVersion;
+# UINT16 MinorImageVersion;
+my $os_offset = $e_lfanew + 64;
+
+if ($overwrite) {
+ # Write the file
+ &set_version(\$pe_image, $os_offset, $major_os) if ($major_os);
+ &set_version(\$pe_image, $os_offset + 2, $minor_os) if ($minor_os);
+ &set_version(\$pe_image, $os_offset + 4, $major_image) if ($major_image);
+ &set_version(\$pe_image, $os_offset + 6, $minor_image) if ($minor_image);
+ &write_file($file, $pe_image);
+} else {
+ # Get the versions
+ (my @versions) = unpack("v6", substr($pe_image, $os_offset, 12));
+
+ printf "MajorOperatingSystemVersion\t0x%X\n", $versions[0];
+ printf "MinorOperatingSystemVersion\t0x%X\n", $versions[1];
+ printf "MajorImageVersion\t\t0x%X\n", $versions[2];
+ printf "MinorImageVersion\t\t0x%X\n", $versions[3];
+}
--
2.12.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-11 17:37 ` Ard Biesheuvel
0 siblings, 0 replies; 11+ messages in thread
From: Ard Biesheuvel @ 2017-04-11 17:37 UTC (permalink / raw)
To: Gary Lin
Cc: Thomas Gleixner, Ingo Molnar, H . Peter Anvin, x86, linux-kernel,
linux-efi, Masahiro Yamada, Michal Marek, Matt Fleming, Joey Lee,
Vojtech Pavlik
On 11 April 2017 at 11:20, Gary Lin <glin@suse.com> wrote:
> This commit adds the new config options to allow the user to modify the
> following fields in the PE-COFF header.
>
> UINT16 MajorOperatingSystemVersion
> UINT16 MinorOperatingSystemVersion
> UINT16 MajorImageVersion
> UINT16 MinorImageVersion
>
> Those fields are mainly for the executables or libraries in Windows NT
> or higher to specify the minimum supported Windows version and the
> version of the image itself.
>
> Given the fact that those fields are ignored in UEFI, we can safely reuse
> those fields for other purposes, e.g. Security Version(*).
>
> (*) https://github.com/lcp/shim/wiki/Security-Version
>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: "H. Peter Anvin" <hpa@zytor.com>
> Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
> Cc: Michal Marek <mmarek@suse.com>
> Cc: Matt Fleming <matt@codeblueprint.co.uk>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Joey Lee <jlee@suse.com>
> Cc: Vojtech Pavlik <vojtech@suse.cz>
> Signed-off-by: Gary Lin <glin@suse.com>
> Tested-by: Joey Lee <jlee@suse.com>
> ---
> arch/x86/Kconfig | 24 +++++++
> arch/x86/boot/Makefile | 10 +++
> scripts/efiversion.pl | 192 +++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 226 insertions(+)
> create mode 100755 scripts/efiversion.pl
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 5bbdef151805..f281c0ff3ff6 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1803,6 +1803,30 @@ config EFI_STUB
>
> See Documentation/efi-stub.txt for more information.
>
> +config EFI_MAJOR_OS_VERSION
> + hex "EFI Major OS Version"
> + range 0x0 0xFFFF
> + default "0x0"
> + depends on EFI_STUB
> +
> +config EFI_MINOR_OS_VERSION
> + hex "EFI Minor OS Version"
> + range 0x0 0xFFFF
> + default "0x0"
> + depends on EFI_STUB
> +
> +config EFI_MAJOR_IMAGE_VERSION
> + hex "EFI Major Image Version"
> + range 0x0 0xFFFF
> + default "0x0"
> + depends on EFI_STUB
> +
> +config EFI_MINOR_IMAGE_VERSION
> + hex "EFI Minor Image Version"
> + range 0x0 0xFFFF
> + default "0x0"
> + depends on EFI_STUB
> +
Why is this x86 only?
> config EFI_MIXED
> bool "EFI mixed-mode support"
> depends on EFI_STUB && X86_64
> diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
> index 0d810fb15eac..b9de8b50f32a 100644
> --- a/arch/x86/boot/Makefile
> +++ b/arch/x86/boot/Makefile
> @@ -76,8 +76,18 @@ quiet_cmd_image = BUILD $@
> cmd_image = $(obj)/tools/build $(obj)/setup.bin $(obj)/vmlinux.bin \
> $(obj)/zoffset.h $@
>
> +cmd_efiversion = scripts/efiversion.pl \
> + --major-os=$(CONFIG_EFI_MAJOR_OS_VERSION) \
> + --minor-os=$(CONFIG_EFI_MINOR_OS_VERSION) \
> + --major-image=$(CONFIG_EFI_MAJOR_IMAGE_VERSION) \
> + --minor-image=$(CONFIG_EFI_MINOR_IMAGE_VERSION) \
> + $@
> +
> $(obj)/bzImage: $(obj)/setup.bin $(obj)/vmlinux.bin $(obj)/tools/build FORCE
> $(call if_changed,image)
> +ifeq ($(CONFIG_EFI_STUB),y)
> + $(call if_changed,efiversion,$@)
> +endif
> @echo 'Kernel: $@ is ready' ' (#'`cat .version`')'
>
Do we need a script? Can't we just use those defines in the PE/COFF
header directly? I.e., something like
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 3dd5be33aaa7..da21b48a2d68 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -156,10 +156,10 @@ extra_header_fields:
#endif
.long 0x20 # SectionAlignment
.long 0x20 # FileAlignment
- .word 0 # MajorOperatingSystemVersion
- .word 0 # MinorOperatingSystemVersion
- .word 0 # MajorImageVersion
- .word 0 # MinorImageVersion
+ .word CONFIG_EFI_MAJOR_OS_VERSION # MajorOperatingSystemVersion
+ .word CONFIG_EFI_MINOR_OS_VERSION # MinorOperatingSystemVersion
+ .word CONFIG_EFI_MAJOR_IMAGE_VERSION # MajorImageVersion
+ .word CONFIG_EFI_MINOR_IMAGE_VERSION # MinorImageVersion
.word 0 # MajorSubsystemVersion
.word 0 # MinorSubsystemVersion
.long 0 # Win32VersionValue
(and again, why is this x86 only?)
> OBJCOPYFLAGS_vmlinux.bin := -O binary -R .note -R .comment -S
> diff --git a/scripts/efiversion.pl b/scripts/efiversion.pl
> new file mode 100755
> index 000000000000..fe730d10638a
> --- /dev/null
> +++ b/scripts/efiversion.pl
> @@ -0,0 +1,192 @@
> +#!/usr/bin/perl
> +
> +=head1 efiversion.pl
> +
> +efiversion.pl - show or modify the version fields in the EFI image
> +
> +=head1 SYNOPSIS
> +
> +efiversion.pl [OPTIONS] FILE
> +
> +=head1 OPTIONS
> +
> +=over 4
> +
> +=item B<--major-os=NUMBER>
> +
> +assign the major OS version
> +
> +=item B<--minor-os=NUMBER>
> +
> +assign the minor OS version
> +
> +=item B<--major-image=NUMBER>
> +
> +assign the major image version
> +
> +=item B<--minor-image=NUMBER>
> +
> +assign the minor image version
> +
> +=item B<--help, -h>
> +
> +print help
> +
> +=back
> +
> +=head1 DESCRIPTION
> +
> +A script to modify the version fields in the header of the EFI image
> +
> +Show the versions:
> +$ efiversion.pl sample.efi
> +
> +Modify the versions:
> +$ efiversion.pl --major-os=1 --minor-os=2 sample.efi
> +
> +=cut
> +
> +use strict;
> +use warnings;
> +use FileHandle;
> +use Getopt::Long;
> +Getopt::Long::Configure("no_ignore_case");
> +
> +my %options;
> +
> +sub usage($) {
> + my $r = shift;
> + eval "use Pod::Usage; pod2usage($r);";
> + if ($@) {
> + die "cannot display help, install perl(Pod::Usage)\n";
> + }
> +}
> +
> +my $options;
> +my $major_os = '';
> +my $minor_os = '';
> +my $major_image = '';
> +my $minor_image = '';
> +my $help = '';
> +my $overwrite = '';
> +
> +GetOptions(
> + "major-os=o" => \$major_os,
> + "minor-os=o" => \$minor_os,
> + "major-image=o" => \$major_image,
> + "minor-image=o" => \$minor_image,
> + "help|h" => \$help,
> +) or usage(1);
> +
> +usage(1) unless @ARGV;
> +usage(0) if ($help);
> +
> +sub not_ushort($)
> +{
> + my ($number) = @_;
> +
> + return 0 unless $number;
> + return 1 if ($number < 0 or $number > 0xFFFF);
> +
> + $overwrite = "y";
> +
> + return 0;
> +}
> +
> +sub check_args
> +{
> + return 0 if not_ushort($major_os);
> + return 0 if not_ushort($minor_os);
> + return 0 if not_ushort($major_image);
> + return 0 if not_ushort($minor_image);
> + return 1;
> +}
> +
> +sub read_file($)
> +{
> + my ($file) = @_;
> + my $contents;
> + my $len;
> +
> + open(FD, "<$file") || die $file;
> + binmode FD;
> + my @st = stat(FD);
> + die $file if (!@st);
> + $len = read(FD, $contents, $st[7]) || die $file;
> + close(FD) || die $file;
> + die "$file: Wanted length ", $st[7], ", got ", $len, "\n"
> + if ($len != $st[7]);
> + return $contents;
> +}
> +
> +sub get_signature_offset($)
> +{
> + my ($image) = @_;
> +
> + # e_magic must be 'M''Z'
> + my ($e_magic) = unpack("n", substr($image, 0, 2));
> + die "not a EFI Image\n" unless ($e_magic == 0x4D5A);
> +
> + # Get the offset to the PE signature
> + my ($e_lfanew) = unpack("V", substr($image, 0x3C, 4));
> +
> + # Match Signature 'P''E''\0''\0'
> + my ($Signature) = unpack("N", substr($image, $e_lfanew, 4));
> + die "not a PE Image\n" unless ($Signature == 0x50450000);
> +
> + return $e_lfanew;
> +}
> +
> +sub write_file($)
> +{
> + my ($file, $contents) = @_;
> +
> + open(FD, ">$file") || die $file;
> + binmode FD;
> + print FD $contents;
> + close(FD) || die $file;
> +}
> +
> +sub set_version($)
> +{
> + my ($image_ptr, $offset, $value) = @_;
> + my $packed = pack("v", $value);
> + substr($$image_ptr, $offset, 2, $packed);
> +}
> +
> +die "invalid arguments\n" unless check_args;
> +
> +my ($file) = @ARGV;
> +my $pe_image = read_file($file) if ($file);
> +my $e_lfanew = get_signature_offset($pe_image);
> +
> +# [PE Signature][COFF File Header][Optional Header]
> +# 4 bytes 20 bytes
> +#
> +# The offset of MajorOperatingSystemVersion in the Optional Header: 40
> +#
> +# The file offset of MajorOperatingSystemVersion: $e_lfanew + 24 + 40
> +#
> +# Our targets:
> +# UINT16 MajorOperatingSystemVersion;
> +# UINT16 MinorOperatingSystemVersion;
> +# UINT16 MajorImageVersion;
> +# UINT16 MinorImageVersion;
> +my $os_offset = $e_lfanew + 64;
> +
> +if ($overwrite) {
> + # Write the file
> + &set_version(\$pe_image, $os_offset, $major_os) if ($major_os);
> + &set_version(\$pe_image, $os_offset + 2, $minor_os) if ($minor_os);
> + &set_version(\$pe_image, $os_offset + 4, $major_image) if ($major_image);
> + &set_version(\$pe_image, $os_offset + 6, $minor_image) if ($minor_image);
> + &write_file($file, $pe_image);
> +} else {
> + # Get the versions
> + (my @versions) = unpack("v6", substr($pe_image, $os_offset, 12));
> +
> + printf "MajorOperatingSystemVersion\t0x%X\n", $versions[0];
> + printf "MinorOperatingSystemVersion\t0x%X\n", $versions[1];
> + printf "MajorImageVersion\t\t0x%X\n", $versions[2];
> + printf "MinorImageVersion\t\t0x%X\n", $versions[3];
> +}
> --
> 2.12.0
>
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-11 17:37 ` Ard Biesheuvel
0 siblings, 0 replies; 11+ messages in thread
From: Ard Biesheuvel @ 2017-04-11 17:37 UTC (permalink / raw)
To: Gary Lin
Cc: Thomas Gleixner, Ingo Molnar, H . Peter Anvin,
x86-DgEjT+Ai2ygdnm+yROfE0A, linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Masahiro Yamada, Michal Marek,
Matt Fleming, Joey Lee, Vojtech Pavlik
On 11 April 2017 at 11:20, Gary Lin <glin-IBi9RG/b67k@public.gmane.org> wrote:
> This commit adds the new config options to allow the user to modify the
> following fields in the PE-COFF header.
>
> UINT16 MajorOperatingSystemVersion
> UINT16 MinorOperatingSystemVersion
> UINT16 MajorImageVersion
> UINT16 MinorImageVersion
>
> Those fields are mainly for the executables or libraries in Windows NT
> or higher to specify the minimum supported Windows version and the
> version of the image itself.
>
> Given the fact that those fields are ignored in UEFI, we can safely reuse
> those fields for other purposes, e.g. Security Version(*).
>
> (*) https://github.com/lcp/shim/wiki/Security-Version
>
> Cc: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
> Cc: Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> Cc: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
> Cc: Masahiro Yamada <yamada.masahiro-uWyLwvC0a2jby3iVrkZq2A@public.gmane.org>
> Cc: Michal Marek <mmarek-IBi9RG/b67k@public.gmane.org>
> Cc: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
> Cc: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
> Cc: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
> Cc: Vojtech Pavlik <vojtech-AlSwsSmVLrQ@public.gmane.org>
> Signed-off-by: Gary Lin <glin-IBi9RG/b67k@public.gmane.org>
> Tested-by: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
> ---
> arch/x86/Kconfig | 24 +++++++
> arch/x86/boot/Makefile | 10 +++
> scripts/efiversion.pl | 192 +++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 226 insertions(+)
> create mode 100755 scripts/efiversion.pl
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 5bbdef151805..f281c0ff3ff6 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1803,6 +1803,30 @@ config EFI_STUB
>
> See Documentation/efi-stub.txt for more information.
>
> +config EFI_MAJOR_OS_VERSION
> + hex "EFI Major OS Version"
> + range 0x0 0xFFFF
> + default "0x0"
> + depends on EFI_STUB
> +
> +config EFI_MINOR_OS_VERSION
> + hex "EFI Minor OS Version"
> + range 0x0 0xFFFF
> + default "0x0"
> + depends on EFI_STUB
> +
> +config EFI_MAJOR_IMAGE_VERSION
> + hex "EFI Major Image Version"
> + range 0x0 0xFFFF
> + default "0x0"
> + depends on EFI_STUB
> +
> +config EFI_MINOR_IMAGE_VERSION
> + hex "EFI Minor Image Version"
> + range 0x0 0xFFFF
> + default "0x0"
> + depends on EFI_STUB
> +
Why is this x86 only?
> config EFI_MIXED
> bool "EFI mixed-mode support"
> depends on EFI_STUB && X86_64
> diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
> index 0d810fb15eac..b9de8b50f32a 100644
> --- a/arch/x86/boot/Makefile
> +++ b/arch/x86/boot/Makefile
> @@ -76,8 +76,18 @@ quiet_cmd_image = BUILD $@
> cmd_image = $(obj)/tools/build $(obj)/setup.bin $(obj)/vmlinux.bin \
> $(obj)/zoffset.h $@
>
> +cmd_efiversion = scripts/efiversion.pl \
> + --major-os=$(CONFIG_EFI_MAJOR_OS_VERSION) \
> + --minor-os=$(CONFIG_EFI_MINOR_OS_VERSION) \
> + --major-image=$(CONFIG_EFI_MAJOR_IMAGE_VERSION) \
> + --minor-image=$(CONFIG_EFI_MINOR_IMAGE_VERSION) \
> + $@
> +
> $(obj)/bzImage: $(obj)/setup.bin $(obj)/vmlinux.bin $(obj)/tools/build FORCE
> $(call if_changed,image)
> +ifeq ($(CONFIG_EFI_STUB),y)
> + $(call if_changed,efiversion,$@)
> +endif
> @echo 'Kernel: $@ is ready' ' (#'`cat .version`')'
>
Do we need a script? Can't we just use those defines in the PE/COFF
header directly? I.e., something like
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index 3dd5be33aaa7..da21b48a2d68 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -156,10 +156,10 @@ extra_header_fields:
#endif
.long 0x20 # SectionAlignment
.long 0x20 # FileAlignment
- .word 0 # MajorOperatingSystemVersion
- .word 0 # MinorOperatingSystemVersion
- .word 0 # MajorImageVersion
- .word 0 # MinorImageVersion
+ .word CONFIG_EFI_MAJOR_OS_VERSION # MajorOperatingSystemVersion
+ .word CONFIG_EFI_MINOR_OS_VERSION # MinorOperatingSystemVersion
+ .word CONFIG_EFI_MAJOR_IMAGE_VERSION # MajorImageVersion
+ .word CONFIG_EFI_MINOR_IMAGE_VERSION # MinorImageVersion
.word 0 # MajorSubsystemVersion
.word 0 # MinorSubsystemVersion
.long 0 # Win32VersionValue
(and again, why is this x86 only?)
> OBJCOPYFLAGS_vmlinux.bin := -O binary -R .note -R .comment -S
> diff --git a/scripts/efiversion.pl b/scripts/efiversion.pl
> new file mode 100755
> index 000000000000..fe730d10638a
> --- /dev/null
> +++ b/scripts/efiversion.pl
> @@ -0,0 +1,192 @@
> +#!/usr/bin/perl
> +
> +=head1 efiversion.pl
> +
> +efiversion.pl - show or modify the version fields in the EFI image
> +
> +=head1 SYNOPSIS
> +
> +efiversion.pl [OPTIONS] FILE
> +
> +=head1 OPTIONS
> +
> +=over 4
> +
> +=item B<--major-os=NUMBER>
> +
> +assign the major OS version
> +
> +=item B<--minor-os=NUMBER>
> +
> +assign the minor OS version
> +
> +=item B<--major-image=NUMBER>
> +
> +assign the major image version
> +
> +=item B<--minor-image=NUMBER>
> +
> +assign the minor image version
> +
> +=item B<--help, -h>
> +
> +print help
> +
> +=back
> +
> +=head1 DESCRIPTION
> +
> +A script to modify the version fields in the header of the EFI image
> +
> +Show the versions:
> +$ efiversion.pl sample.efi
> +
> +Modify the versions:
> +$ efiversion.pl --major-os=1 --minor-os=2 sample.efi
> +
> +=cut
> +
> +use strict;
> +use warnings;
> +use FileHandle;
> +use Getopt::Long;
> +Getopt::Long::Configure("no_ignore_case");
> +
> +my %options;
> +
> +sub usage($) {
> + my $r = shift;
> + eval "use Pod::Usage; pod2usage($r);";
> + if ($@) {
> + die "cannot display help, install perl(Pod::Usage)\n";
> + }
> +}
> +
> +my $options;
> +my $major_os = '';
> +my $minor_os = '';
> +my $major_image = '';
> +my $minor_image = '';
> +my $help = '';
> +my $overwrite = '';
> +
> +GetOptions(
> + "major-os=o" => \$major_os,
> + "minor-os=o" => \$minor_os,
> + "major-image=o" => \$major_image,
> + "minor-image=o" => \$minor_image,
> + "help|h" => \$help,
> +) or usage(1);
> +
> +usage(1) unless @ARGV;
> +usage(0) if ($help);
> +
> +sub not_ushort($)
> +{
> + my ($number) = @_;
> +
> + return 0 unless $number;
> + return 1 if ($number < 0 or $number > 0xFFFF);
> +
> + $overwrite = "y";
> +
> + return 0;
> +}
> +
> +sub check_args
> +{
> + return 0 if not_ushort($major_os);
> + return 0 if not_ushort($minor_os);
> + return 0 if not_ushort($major_image);
> + return 0 if not_ushort($minor_image);
> + return 1;
> +}
> +
> +sub read_file($)
> +{
> + my ($file) = @_;
> + my $contents;
> + my $len;
> +
> + open(FD, "<$file") || die $file;
> + binmode FD;
> + my @st = stat(FD);
> + die $file if (!@st);
> + $len = read(FD, $contents, $st[7]) || die $file;
> + close(FD) || die $file;
> + die "$file: Wanted length ", $st[7], ", got ", $len, "\n"
> + if ($len != $st[7]);
> + return $contents;
> +}
> +
> +sub get_signature_offset($)
> +{
> + my ($image) = @_;
> +
> + # e_magic must be 'M''Z'
> + my ($e_magic) = unpack("n", substr($image, 0, 2));
> + die "not a EFI Image\n" unless ($e_magic == 0x4D5A);
> +
> + # Get the offset to the PE signature
> + my ($e_lfanew) = unpack("V", substr($image, 0x3C, 4));
> +
> + # Match Signature 'P''E''\0''\0'
> + my ($Signature) = unpack("N", substr($image, $e_lfanew, 4));
> + die "not a PE Image\n" unless ($Signature == 0x50450000);
> +
> + return $e_lfanew;
> +}
> +
> +sub write_file($)
> +{
> + my ($file, $contents) = @_;
> +
> + open(FD, ">$file") || die $file;
> + binmode FD;
> + print FD $contents;
> + close(FD) || die $file;
> +}
> +
> +sub set_version($)
> +{
> + my ($image_ptr, $offset, $value) = @_;
> + my $packed = pack("v", $value);
> + substr($$image_ptr, $offset, 2, $packed);
> +}
> +
> +die "invalid arguments\n" unless check_args;
> +
> +my ($file) = @ARGV;
> +my $pe_image = read_file($file) if ($file);
> +my $e_lfanew = get_signature_offset($pe_image);
> +
> +# [PE Signature][COFF File Header][Optional Header]
> +# 4 bytes 20 bytes
> +#
> +# The offset of MajorOperatingSystemVersion in the Optional Header: 40
> +#
> +# The file offset of MajorOperatingSystemVersion: $e_lfanew + 24 + 40
> +#
> +# Our targets:
> +# UINT16 MajorOperatingSystemVersion;
> +# UINT16 MinorOperatingSystemVersion;
> +# UINT16 MajorImageVersion;
> +# UINT16 MinorImageVersion;
> +my $os_offset = $e_lfanew + 64;
> +
> +if ($overwrite) {
> + # Write the file
> + &set_version(\$pe_image, $os_offset, $major_os) if ($major_os);
> + &set_version(\$pe_image, $os_offset + 2, $minor_os) if ($minor_os);
> + &set_version(\$pe_image, $os_offset + 4, $major_image) if ($major_image);
> + &set_version(\$pe_image, $os_offset + 6, $minor_image) if ($minor_image);
> + &write_file($file, $pe_image);
> +} else {
> + # Get the versions
> + (my @versions) = unpack("v6", substr($pe_image, $os_offset, 12));
> +
> + printf "MajorOperatingSystemVersion\t0x%X\n", $versions[0];
> + printf "MinorOperatingSystemVersion\t0x%X\n", $versions[1];
> + printf "MajorImageVersion\t\t0x%X\n", $versions[2];
> + printf "MinorImageVersion\t\t0x%X\n", $versions[3];
> +}
> --
> 2.12.0
>
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-12 3:30 ` Gary Lin
0 siblings, 0 replies; 11+ messages in thread
From: Gary Lin @ 2017-04-12 3:30 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Thomas Gleixner, Ingo Molnar, H . Peter Anvin, x86, linux-kernel,
linux-efi, Masahiro Yamada, Michal Marek, Matt Fleming, Joey Lee,
Vojtech Pavlik
On Tue, Apr 11, 2017 at 06:37:54PM +0100, Ard Biesheuvel wrote:
> On 11 April 2017 at 11:20, Gary Lin <glin@suse.com> wrote:
> > This commit adds the new config options to allow the user to modify the
> > following fields in the PE-COFF header.
> >
> > UINT16 MajorOperatingSystemVersion
> > UINT16 MinorOperatingSystemVersion
> > UINT16 MajorImageVersion
> > UINT16 MinorImageVersion
> >
> > Those fields are mainly for the executables or libraries in Windows NT
> > or higher to specify the minimum supported Windows version and the
> > version of the image itself.
> >
> > Given the fact that those fields are ignored in UEFI, we can safely reuse
> > those fields for other purposes, e.g. Security Version(*).
> >
> > (*) https://github.com/lcp/shim/wiki/Security-Version
> >
> > Cc: Thomas Gleixner <tglx@linutronix.de>
> > Cc: Ingo Molnar <mingo@redhat.com>
> > Cc: "H. Peter Anvin" <hpa@zytor.com>
> > Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
> > Cc: Michal Marek <mmarek@suse.com>
> > Cc: Matt Fleming <matt@codeblueprint.co.uk>
> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > Cc: Joey Lee <jlee@suse.com>
> > Cc: Vojtech Pavlik <vojtech@suse.cz>
> > Signed-off-by: Gary Lin <glin@suse.com>
> > Tested-by: Joey Lee <jlee@suse.com>
> > ---
> > arch/x86/Kconfig | 24 +++++++
> > arch/x86/boot/Makefile | 10 +++
> > scripts/efiversion.pl | 192 +++++++++++++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 226 insertions(+)
> > create mode 100755 scripts/efiversion.pl
> >
> > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> > index 5bbdef151805..f281c0ff3ff6 100644
> > --- a/arch/x86/Kconfig
> > +++ b/arch/x86/Kconfig
> > @@ -1803,6 +1803,30 @@ config EFI_STUB
> >
> > See Documentation/efi-stub.txt for more information.
> >
> > +config EFI_MAJOR_OS_VERSION
> > + hex "EFI Major OS Version"
> > + range 0x0 0xFFFF
> > + default "0x0"
> > + depends on EFI_STUB
> > +
> > +config EFI_MINOR_OS_VERSION
> > + hex "EFI Minor OS Version"
> > + range 0x0 0xFFFF
> > + default "0x0"
> > + depends on EFI_STUB
> > +
> > +config EFI_MAJOR_IMAGE_VERSION
> > + hex "EFI Major Image Version"
> > + range 0x0 0xFFFF
> > + default "0x0"
> > + depends on EFI_STUB
> > +
> > +config EFI_MINOR_IMAGE_VERSION
> > + hex "EFI Minor Image Version"
> > + range 0x0 0xFFFF
> > + default "0x0"
> > + depends on EFI_STUB
> > +
>
> Why is this x86 only?
>
> > config EFI_MIXED
> > bool "EFI mixed-mode support"
> > depends on EFI_STUB && X86_64
> > diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
> > index 0d810fb15eac..b9de8b50f32a 100644
> > --- a/arch/x86/boot/Makefile
> > +++ b/arch/x86/boot/Makefile
> > @@ -76,8 +76,18 @@ quiet_cmd_image = BUILD $@
> > cmd_image = $(obj)/tools/build $(obj)/setup.bin $(obj)/vmlinux.bin \
> > $(obj)/zoffset.h $@
> >
> > +cmd_efiversion = scripts/efiversion.pl \
> > + --major-os=$(CONFIG_EFI_MAJOR_OS_VERSION) \
> > + --minor-os=$(CONFIG_EFI_MINOR_OS_VERSION) \
> > + --major-image=$(CONFIG_EFI_MAJOR_IMAGE_VERSION) \
> > + --minor-image=$(CONFIG_EFI_MINOR_IMAGE_VERSION) \
> > + $@
> > +
> > $(obj)/bzImage: $(obj)/setup.bin $(obj)/vmlinux.bin $(obj)/tools/build FORCE
> > $(call if_changed,image)
> > +ifeq ($(CONFIG_EFI_STUB),y)
> > + $(call if_changed,efiversion,$@)
> > +endif
> > @echo 'Kernel: $@ is ready' ' (#'`cat .version`')'
> >
>
> Do we need a script? Can't we just use those defines in the PE/COFF
> header directly? I.e., something like
>
> diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
> index 3dd5be33aaa7..da21b48a2d68 100644
> --- a/arch/x86/boot/header.S
> +++ b/arch/x86/boot/header.S
> @@ -156,10 +156,10 @@ extra_header_fields:
> #endif
> .long 0x20 # SectionAlignment
> .long 0x20 # FileAlignment
> - .word 0 # MajorOperatingSystemVersion
> - .word 0 # MinorOperatingSystemVersion
> - .word 0 # MajorImageVersion
> - .word 0 # MinorImageVersion
> + .word CONFIG_EFI_MAJOR_OS_VERSION # MajorOperatingSystemVersion
> + .word CONFIG_EFI_MINOR_OS_VERSION # MinorOperatingSystemVersion
> + .word CONFIG_EFI_MAJOR_IMAGE_VERSION # MajorImageVersion
> + .word CONFIG_EFI_MINOR_IMAGE_VERSION # MinorImageVersion
> .word 0 # MajorSubsystemVersion
> .word 0 # MinorSubsystemVersion
> .long 0 # Win32VersionValue
>
This looks much saner! I was using the script to modify and check EFI
images and thought it's objcopy to generate the header. I'm happy to
know that I was wrong.
> (and again, why is this x86 only?)
>
The reason is that I only tested on x86_64. I will add the patches for
ARM and ARM64 later.
Thanks,
Gary Lin
>
>
>
> > OBJCOPYFLAGS_vmlinux.bin := -O binary -R .note -R .comment -S
> > diff --git a/scripts/efiversion.pl b/scripts/efiversion.pl
> > new file mode 100755
> > index 000000000000..fe730d10638a
> > --- /dev/null
> > +++ b/scripts/efiversion.pl
> > @@ -0,0 +1,192 @@
> > +#!/usr/bin/perl
> > +
> > +=head1 efiversion.pl
> > +
> > +efiversion.pl - show or modify the version fields in the EFI image
> > +
> > +=head1 SYNOPSIS
> > +
> > +efiversion.pl [OPTIONS] FILE
> > +
> > +=head1 OPTIONS
> > +
> > +=over 4
> > +
> > +=item B<--major-os=NUMBER>
> > +
> > +assign the major OS version
> > +
> > +=item B<--minor-os=NUMBER>
> > +
> > +assign the minor OS version
> > +
> > +=item B<--major-image=NUMBER>
> > +
> > +assign the major image version
> > +
> > +=item B<--minor-image=NUMBER>
> > +
> > +assign the minor image version
> > +
> > +=item B<--help, -h>
> > +
> > +print help
> > +
> > +=back
> > +
> > +=head1 DESCRIPTION
> > +
> > +A script to modify the version fields in the header of the EFI image
> > +
> > +Show the versions:
> > +$ efiversion.pl sample.efi
> > +
> > +Modify the versions:
> > +$ efiversion.pl --major-os=1 --minor-os=2 sample.efi
> > +
> > +=cut
> > +
> > +use strict;
> > +use warnings;
> > +use FileHandle;
> > +use Getopt::Long;
> > +Getopt::Long::Configure("no_ignore_case");
> > +
> > +my %options;
> > +
> > +sub usage($) {
> > + my $r = shift;
> > + eval "use Pod::Usage; pod2usage($r);";
> > + if ($@) {
> > + die "cannot display help, install perl(Pod::Usage)\n";
> > + }
> > +}
> > +
> > +my $options;
> > +my $major_os = '';
> > +my $minor_os = '';
> > +my $major_image = '';
> > +my $minor_image = '';
> > +my $help = '';
> > +my $overwrite = '';
> > +
> > +GetOptions(
> > + "major-os=o" => \$major_os,
> > + "minor-os=o" => \$minor_os,
> > + "major-image=o" => \$major_image,
> > + "minor-image=o" => \$minor_image,
> > + "help|h" => \$help,
> > +) or usage(1);
> > +
> > +usage(1) unless @ARGV;
> > +usage(0) if ($help);
> > +
> > +sub not_ushort($)
> > +{
> > + my ($number) = @_;
> > +
> > + return 0 unless $number;
> > + return 1 if ($number < 0 or $number > 0xFFFF);
> > +
> > + $overwrite = "y";
> > +
> > + return 0;
> > +}
> > +
> > +sub check_args
> > +{
> > + return 0 if not_ushort($major_os);
> > + return 0 if not_ushort($minor_os);
> > + return 0 if not_ushort($major_image);
> > + return 0 if not_ushort($minor_image);
> > + return 1;
> > +}
> > +
> > +sub read_file($)
> > +{
> > + my ($file) = @_;
> > + my $contents;
> > + my $len;
> > +
> > + open(FD, "<$file") || die $file;
> > + binmode FD;
> > + my @st = stat(FD);
> > + die $file if (!@st);
> > + $len = read(FD, $contents, $st[7]) || die $file;
> > + close(FD) || die $file;
> > + die "$file: Wanted length ", $st[7], ", got ", $len, "\n"
> > + if ($len != $st[7]);
> > + return $contents;
> > +}
> > +
> > +sub get_signature_offset($)
> > +{
> > + my ($image) = @_;
> > +
> > + # e_magic must be 'M''Z'
> > + my ($e_magic) = unpack("n", substr($image, 0, 2));
> > + die "not a EFI Image\n" unless ($e_magic == 0x4D5A);
> > +
> > + # Get the offset to the PE signature
> > + my ($e_lfanew) = unpack("V", substr($image, 0x3C, 4));
> > +
> > + # Match Signature 'P''E''\0''\0'
> > + my ($Signature) = unpack("N", substr($image, $e_lfanew, 4));
> > + die "not a PE Image\n" unless ($Signature == 0x50450000);
> > +
> > + return $e_lfanew;
> > +}
> > +
> > +sub write_file($)
> > +{
> > + my ($file, $contents) = @_;
> > +
> > + open(FD, ">$file") || die $file;
> > + binmode FD;
> > + print FD $contents;
> > + close(FD) || die $file;
> > +}
> > +
> > +sub set_version($)
> > +{
> > + my ($image_ptr, $offset, $value) = @_;
> > + my $packed = pack("v", $value);
> > + substr($$image_ptr, $offset, 2, $packed);
> > +}
> > +
> > +die "invalid arguments\n" unless check_args;
> > +
> > +my ($file) = @ARGV;
> > +my $pe_image = read_file($file) if ($file);
> > +my $e_lfanew = get_signature_offset($pe_image);
> > +
> > +# [PE Signature][COFF File Header][Optional Header]
> > +# 4 bytes 20 bytes
> > +#
> > +# The offset of MajorOperatingSystemVersion in the Optional Header: 40
> > +#
> > +# The file offset of MajorOperatingSystemVersion: $e_lfanew + 24 + 40
> > +#
> > +# Our targets:
> > +# UINT16 MajorOperatingSystemVersion;
> > +# UINT16 MinorOperatingSystemVersion;
> > +# UINT16 MajorImageVersion;
> > +# UINT16 MinorImageVersion;
> > +my $os_offset = $e_lfanew + 64;
> > +
> > +if ($overwrite) {
> > + # Write the file
> > + &set_version(\$pe_image, $os_offset, $major_os) if ($major_os);
> > + &set_version(\$pe_image, $os_offset + 2, $minor_os) if ($minor_os);
> > + &set_version(\$pe_image, $os_offset + 4, $major_image) if ($major_image);
> > + &set_version(\$pe_image, $os_offset + 6, $minor_image) if ($minor_image);
> > + &write_file($file, $pe_image);
> > +} else {
> > + # Get the versions
> > + (my @versions) = unpack("v6", substr($pe_image, $os_offset, 12));
> > +
> > + printf "MajorOperatingSystemVersion\t0x%X\n", $versions[0];
> > + printf "MinorOperatingSystemVersion\t0x%X\n", $versions[1];
> > + printf "MajorImageVersion\t\t0x%X\n", $versions[2];
> > + printf "MinorImageVersion\t\t0x%X\n", $versions[3];
> > +}
> > --
> > 2.12.0
> >
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-12 3:30 ` Gary Lin
0 siblings, 0 replies; 11+ messages in thread
From: Gary Lin @ 2017-04-12 3:30 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Thomas Gleixner, Ingo Molnar, H . Peter Anvin,
x86-DgEjT+Ai2ygdnm+yROfE0A, linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Masahiro Yamada, Michal Marek,
Matt Fleming, Joey Lee, Vojtech Pavlik
On Tue, Apr 11, 2017 at 06:37:54PM +0100, Ard Biesheuvel wrote:
> On 11 April 2017 at 11:20, Gary Lin <glin-IBi9RG/b67k@public.gmane.org> wrote:
> > This commit adds the new config options to allow the user to modify the
> > following fields in the PE-COFF header.
> >
> > UINT16 MajorOperatingSystemVersion
> > UINT16 MinorOperatingSystemVersion
> > UINT16 MajorImageVersion
> > UINT16 MinorImageVersion
> >
> > Those fields are mainly for the executables or libraries in Windows NT
> > or higher to specify the minimum supported Windows version and the
> > version of the image itself.
> >
> > Given the fact that those fields are ignored in UEFI, we can safely reuse
> > those fields for other purposes, e.g. Security Version(*).
> >
> > (*) https://github.com/lcp/shim/wiki/Security-Version
> >
> > Cc: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
> > Cc: Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> > Cc: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
> > Cc: Masahiro Yamada <yamada.masahiro-uWyLwvC0a2jby3iVrkZq2A@public.gmane.org>
> > Cc: Michal Marek <mmarek-IBi9RG/b67k@public.gmane.org>
> > Cc: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
> > Cc: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
> > Cc: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
> > Cc: Vojtech Pavlik <vojtech-AlSwsSmVLrQ@public.gmane.org>
> > Signed-off-by: Gary Lin <glin-IBi9RG/b67k@public.gmane.org>
> > Tested-by: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
> > ---
> > arch/x86/Kconfig | 24 +++++++
> > arch/x86/boot/Makefile | 10 +++
> > scripts/efiversion.pl | 192 +++++++++++++++++++++++++++++++++++++++++++++++++
> > 3 files changed, 226 insertions(+)
> > create mode 100755 scripts/efiversion.pl
> >
> > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> > index 5bbdef151805..f281c0ff3ff6 100644
> > --- a/arch/x86/Kconfig
> > +++ b/arch/x86/Kconfig
> > @@ -1803,6 +1803,30 @@ config EFI_STUB
> >
> > See Documentation/efi-stub.txt for more information.
> >
> > +config EFI_MAJOR_OS_VERSION
> > + hex "EFI Major OS Version"
> > + range 0x0 0xFFFF
> > + default "0x0"
> > + depends on EFI_STUB
> > +
> > +config EFI_MINOR_OS_VERSION
> > + hex "EFI Minor OS Version"
> > + range 0x0 0xFFFF
> > + default "0x0"
> > + depends on EFI_STUB
> > +
> > +config EFI_MAJOR_IMAGE_VERSION
> > + hex "EFI Major Image Version"
> > + range 0x0 0xFFFF
> > + default "0x0"
> > + depends on EFI_STUB
> > +
> > +config EFI_MINOR_IMAGE_VERSION
> > + hex "EFI Minor Image Version"
> > + range 0x0 0xFFFF
> > + default "0x0"
> > + depends on EFI_STUB
> > +
>
> Why is this x86 only?
>
> > config EFI_MIXED
> > bool "EFI mixed-mode support"
> > depends on EFI_STUB && X86_64
> > diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
> > index 0d810fb15eac..b9de8b50f32a 100644
> > --- a/arch/x86/boot/Makefile
> > +++ b/arch/x86/boot/Makefile
> > @@ -76,8 +76,18 @@ quiet_cmd_image = BUILD $@
> > cmd_image = $(obj)/tools/build $(obj)/setup.bin $(obj)/vmlinux.bin \
> > $(obj)/zoffset.h $@
> >
> > +cmd_efiversion = scripts/efiversion.pl \
> > + --major-os=$(CONFIG_EFI_MAJOR_OS_VERSION) \
> > + --minor-os=$(CONFIG_EFI_MINOR_OS_VERSION) \
> > + --major-image=$(CONFIG_EFI_MAJOR_IMAGE_VERSION) \
> > + --minor-image=$(CONFIG_EFI_MINOR_IMAGE_VERSION) \
> > + $@
> > +
> > $(obj)/bzImage: $(obj)/setup.bin $(obj)/vmlinux.bin $(obj)/tools/build FORCE
> > $(call if_changed,image)
> > +ifeq ($(CONFIG_EFI_STUB),y)
> > + $(call if_changed,efiversion,$@)
> > +endif
> > @echo 'Kernel: $@ is ready' ' (#'`cat .version`')'
> >
>
> Do we need a script? Can't we just use those defines in the PE/COFF
> header directly? I.e., something like
>
> diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
> index 3dd5be33aaa7..da21b48a2d68 100644
> --- a/arch/x86/boot/header.S
> +++ b/arch/x86/boot/header.S
> @@ -156,10 +156,10 @@ extra_header_fields:
> #endif
> .long 0x20 # SectionAlignment
> .long 0x20 # FileAlignment
> - .word 0 # MajorOperatingSystemVersion
> - .word 0 # MinorOperatingSystemVersion
> - .word 0 # MajorImageVersion
> - .word 0 # MinorImageVersion
> + .word CONFIG_EFI_MAJOR_OS_VERSION # MajorOperatingSystemVersion
> + .word CONFIG_EFI_MINOR_OS_VERSION # MinorOperatingSystemVersion
> + .word CONFIG_EFI_MAJOR_IMAGE_VERSION # MajorImageVersion
> + .word CONFIG_EFI_MINOR_IMAGE_VERSION # MinorImageVersion
> .word 0 # MajorSubsystemVersion
> .word 0 # MinorSubsystemVersion
> .long 0 # Win32VersionValue
>
This looks much saner! I was using the script to modify and check EFI
images and thought it's objcopy to generate the header. I'm happy to
know that I was wrong.
> (and again, why is this x86 only?)
>
The reason is that I only tested on x86_64. I will add the patches for
ARM and ARM64 later.
Thanks,
Gary Lin
>
>
>
> > OBJCOPYFLAGS_vmlinux.bin := -O binary -R .note -R .comment -S
> > diff --git a/scripts/efiversion.pl b/scripts/efiversion.pl
> > new file mode 100755
> > index 000000000000..fe730d10638a
> > --- /dev/null
> > +++ b/scripts/efiversion.pl
> > @@ -0,0 +1,192 @@
> > +#!/usr/bin/perl
> > +
> > +=head1 efiversion.pl
> > +
> > +efiversion.pl - show or modify the version fields in the EFI image
> > +
> > +=head1 SYNOPSIS
> > +
> > +efiversion.pl [OPTIONS] FILE
> > +
> > +=head1 OPTIONS
> > +
> > +=over 4
> > +
> > +=item B<--major-os=NUMBER>
> > +
> > +assign the major OS version
> > +
> > +=item B<--minor-os=NUMBER>
> > +
> > +assign the minor OS version
> > +
> > +=item B<--major-image=NUMBER>
> > +
> > +assign the major image version
> > +
> > +=item B<--minor-image=NUMBER>
> > +
> > +assign the minor image version
> > +
> > +=item B<--help, -h>
> > +
> > +print help
> > +
> > +=back
> > +
> > +=head1 DESCRIPTION
> > +
> > +A script to modify the version fields in the header of the EFI image
> > +
> > +Show the versions:
> > +$ efiversion.pl sample.efi
> > +
> > +Modify the versions:
> > +$ efiversion.pl --major-os=1 --minor-os=2 sample.efi
> > +
> > +=cut
> > +
> > +use strict;
> > +use warnings;
> > +use FileHandle;
> > +use Getopt::Long;
> > +Getopt::Long::Configure("no_ignore_case");
> > +
> > +my %options;
> > +
> > +sub usage($) {
> > + my $r = shift;
> > + eval "use Pod::Usage; pod2usage($r);";
> > + if ($@) {
> > + die "cannot display help, install perl(Pod::Usage)\n";
> > + }
> > +}
> > +
> > +my $options;
> > +my $major_os = '';
> > +my $minor_os = '';
> > +my $major_image = '';
> > +my $minor_image = '';
> > +my $help = '';
> > +my $overwrite = '';
> > +
> > +GetOptions(
> > + "major-os=o" => \$major_os,
> > + "minor-os=o" => \$minor_os,
> > + "major-image=o" => \$major_image,
> > + "minor-image=o" => \$minor_image,
> > + "help|h" => \$help,
> > +) or usage(1);
> > +
> > +usage(1) unless @ARGV;
> > +usage(0) if ($help);
> > +
> > +sub not_ushort($)
> > +{
> > + my ($number) = @_;
> > +
> > + return 0 unless $number;
> > + return 1 if ($number < 0 or $number > 0xFFFF);
> > +
> > + $overwrite = "y";
> > +
> > + return 0;
> > +}
> > +
> > +sub check_args
> > +{
> > + return 0 if not_ushort($major_os);
> > + return 0 if not_ushort($minor_os);
> > + return 0 if not_ushort($major_image);
> > + return 0 if not_ushort($minor_image);
> > + return 1;
> > +}
> > +
> > +sub read_file($)
> > +{
> > + my ($file) = @_;
> > + my $contents;
> > + my $len;
> > +
> > + open(FD, "<$file") || die $file;
> > + binmode FD;
> > + my @st = stat(FD);
> > + die $file if (!@st);
> > + $len = read(FD, $contents, $st[7]) || die $file;
> > + close(FD) || die $file;
> > + die "$file: Wanted length ", $st[7], ", got ", $len, "\n"
> > + if ($len != $st[7]);
> > + return $contents;
> > +}
> > +
> > +sub get_signature_offset($)
> > +{
> > + my ($image) = @_;
> > +
> > + # e_magic must be 'M''Z'
> > + my ($e_magic) = unpack("n", substr($image, 0, 2));
> > + die "not a EFI Image\n" unless ($e_magic == 0x4D5A);
> > +
> > + # Get the offset to the PE signature
> > + my ($e_lfanew) = unpack("V", substr($image, 0x3C, 4));
> > +
> > + # Match Signature 'P''E''\0''\0'
> > + my ($Signature) = unpack("N", substr($image, $e_lfanew, 4));
> > + die "not a PE Image\n" unless ($Signature == 0x50450000);
> > +
> > + return $e_lfanew;
> > +}
> > +
> > +sub write_file($)
> > +{
> > + my ($file, $contents) = @_;
> > +
> > + open(FD, ">$file") || die $file;
> > + binmode FD;
> > + print FD $contents;
> > + close(FD) || die $file;
> > +}
> > +
> > +sub set_version($)
> > +{
> > + my ($image_ptr, $offset, $value) = @_;
> > + my $packed = pack("v", $value);
> > + substr($$image_ptr, $offset, 2, $packed);
> > +}
> > +
> > +die "invalid arguments\n" unless check_args;
> > +
> > +my ($file) = @ARGV;
> > +my $pe_image = read_file($file) if ($file);
> > +my $e_lfanew = get_signature_offset($pe_image);
> > +
> > +# [PE Signature][COFF File Header][Optional Header]
> > +# 4 bytes 20 bytes
> > +#
> > +# The offset of MajorOperatingSystemVersion in the Optional Header: 40
> > +#
> > +# The file offset of MajorOperatingSystemVersion: $e_lfanew + 24 + 40
> > +#
> > +# Our targets:
> > +# UINT16 MajorOperatingSystemVersion;
> > +# UINT16 MinorOperatingSystemVersion;
> > +# UINT16 MajorImageVersion;
> > +# UINT16 MinorImageVersion;
> > +my $os_offset = $e_lfanew + 64;
> > +
> > +if ($overwrite) {
> > + # Write the file
> > + &set_version(\$pe_image, $os_offset, $major_os) if ($major_os);
> > + &set_version(\$pe_image, $os_offset + 2, $minor_os) if ($minor_os);
> > + &set_version(\$pe_image, $os_offset + 4, $major_image) if ($major_image);
> > + &set_version(\$pe_image, $os_offset + 6, $minor_image) if ($minor_image);
> > + &write_file($file, $pe_image);
> > +} else {
> > + # Get the versions
> > + (my @versions) = unpack("v6", substr($pe_image, $os_offset, 12));
> > +
> > + printf "MajorOperatingSystemVersion\t0x%X\n", $versions[0];
> > + printf "MinorOperatingSystemVersion\t0x%X\n", $versions[1];
> > + printf "MajorImageVersion\t\t0x%X\n", $versions[2];
> > + printf "MinorImageVersion\t\t0x%X\n", $versions[3];
> > +}
> > --
> > 2.12.0
> >
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-13 22:21 ` hpa-YMNOUZJC4hwAvxtiuMwx3w
0 siblings, 0 replies; 11+ messages in thread
From: hpa @ 2017-04-13 22:21 UTC (permalink / raw)
To: Gary Lin, Thomas Gleixner, Ingo Molnar
Cc: x86, linux-kernel, linux-efi, Masahiro Yamada, Michal Marek,
Matt Fleming, Ard Biesheuvel, Joey Lee, Vojtech Pavlik
On April 11, 2017 3:20:41 AM PDT, Gary Lin <glin@suse.com> wrote:
>This commit adds the new config options to allow the user to modify the
>following fields in the PE-COFF header.
>
>UINT16 MajorOperatingSystemVersion
>UINT16 MinorOperatingSystemVersion
>UINT16 MajorImageVersion
>UINT16 MinorImageVersion
>
>Those fields are mainly for the executables or libraries in Windows NT
>or higher to specify the minimum supported Windows version and the
>version of the image itself.
>
>Given the fact that those fields are ignored in UEFI, we can safely
>reuse
>those fields for other purposes, e.g. Security Version(*).
>
>(*) https://github.com/lcp/shim/wiki/Security-Version
>
>Cc: Thomas Gleixner <tglx@linutronix.de>
>Cc: Ingo Molnar <mingo@redhat.com>
>Cc: "H. Peter Anvin" <hpa@zytor.com>
>Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
>Cc: Michal Marek <mmarek@suse.com>
>Cc: Matt Fleming <matt@codeblueprint.co.uk>
>Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>Cc: Joey Lee <jlee@suse.com>
>Cc: Vojtech Pavlik <vojtech@suse.cz>
>Signed-off-by: Gary Lin <glin@suse.com>
>Tested-by: Joey Lee <jlee@suse.com>
>---
> arch/x86/Kconfig | 24 +++++++
> arch/x86/boot/Makefile | 10 +++
>scripts/efiversion.pl | 192
>+++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 226 insertions(+)
> create mode 100755 scripts/efiversion.pl
>
>diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>index 5bbdef151805..f281c0ff3ff6 100644
>--- a/arch/x86/Kconfig
>+++ b/arch/x86/Kconfig
>@@ -1803,6 +1803,30 @@ config EFI_STUB
>
> See Documentation/efi-stub.txt for more information.
>
>+config EFI_MAJOR_OS_VERSION
>+ hex "EFI Major OS Version"
>+ range 0x0 0xFFFF
>+ default "0x0"
>+ depends on EFI_STUB
>+
>+config EFI_MINOR_OS_VERSION
>+ hex "EFI Minor OS Version"
>+ range 0x0 0xFFFF
>+ default "0x0"
>+ depends on EFI_STUB
>+
>+config EFI_MAJOR_IMAGE_VERSION
>+ hex "EFI Major Image Version"
>+ range 0x0 0xFFFF
>+ default "0x0"
>+ depends on EFI_STUB
>+
>+config EFI_MINOR_IMAGE_VERSION
>+ hex "EFI Minor Image Version"
>+ range 0x0 0xFFFF
>+ default "0x0"
>+ depends on EFI_STUB
>+
> config EFI_MIXED
> bool "EFI mixed-mode support"
> depends on EFI_STUB && X86_64
>diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
>index 0d810fb15eac..b9de8b50f32a 100644
>--- a/arch/x86/boot/Makefile
>+++ b/arch/x86/boot/Makefile
>@@ -76,8 +76,18 @@ quiet_cmd_image = BUILD $@
> cmd_image = $(obj)/tools/build $(obj)/setup.bin $(obj)/vmlinux.bin \
> $(obj)/zoffset.h $@
>
>+cmd_efiversion = scripts/efiversion.pl \
>+ --major-os=$(CONFIG_EFI_MAJOR_OS_VERSION) \
>+ --minor-os=$(CONFIG_EFI_MINOR_OS_VERSION) \
>+ --major-image=$(CONFIG_EFI_MAJOR_IMAGE_VERSION) \
>+ --minor-image=$(CONFIG_EFI_MINOR_IMAGE_VERSION) \
>+ $@
>+
>$(obj)/bzImage: $(obj)/setup.bin $(obj)/vmlinux.bin $(obj)/tools/build
>FORCE
> $(call if_changed,image)
>+ifeq ($(CONFIG_EFI_STUB),y)
>+ $(call if_changed,efiversion,$@)
>+endif
> @echo 'Kernel: $@ is ready' ' (#'`cat .version`')'
>
> OBJCOPYFLAGS_vmlinux.bin := -O binary -R .note -R .comment -S
>diff --git a/scripts/efiversion.pl b/scripts/efiversion.pl
>new file mode 100755
>index 000000000000..fe730d10638a
>--- /dev/null
>+++ b/scripts/efiversion.pl
>@@ -0,0 +1,192 @@
>+#!/usr/bin/perl
>+
>+=head1 efiversion.pl
>+
>+efiversion.pl - show or modify the version fields in the EFI image
>+
>+=head1 SYNOPSIS
>+
>+efiversion.pl [OPTIONS] FILE
>+
>+=head1 OPTIONS
>+
>+=over 4
>+
>+=item B<--major-os=NUMBER>
>+
>+assign the major OS version
>+
>+=item B<--minor-os=NUMBER>
>+
>+assign the minor OS version
>+
>+=item B<--major-image=NUMBER>
>+
>+assign the major image version
>+
>+=item B<--minor-image=NUMBER>
>+
>+assign the minor image version
>+
>+=item B<--help, -h>
>+
>+print help
>+
>+=back
>+
>+=head1 DESCRIPTION
>+
>+A script to modify the version fields in the header of the EFI image
>+
>+Show the versions:
>+$ efiversion.pl sample.efi
>+
>+Modify the versions:
>+$ efiversion.pl --major-os=1 --minor-os=2 sample.efi
>+
>+=cut
>+
>+use strict;
>+use warnings;
>+use FileHandle;
>+use Getopt::Long;
>+Getopt::Long::Configure("no_ignore_case");
>+
>+my %options;
>+
>+sub usage($) {
>+ my $r = shift;
>+ eval "use Pod::Usage; pod2usage($r);";
>+ if ($@) {
>+ die "cannot display help, install perl(Pod::Usage)\n";
>+ }
>+}
>+
>+my $options;
>+my $major_os = '';
>+my $minor_os = '';
>+my $major_image = '';
>+my $minor_image = '';
>+my $help = '';
>+my $overwrite = '';
>+
>+GetOptions(
>+ "major-os=o" => \$major_os,
>+ "minor-os=o" => \$minor_os,
>+ "major-image=o" => \$major_image,
>+ "minor-image=o" => \$minor_image,
>+ "help|h" => \$help,
>+) or usage(1);
>+
>+usage(1) unless @ARGV;
>+usage(0) if ($help);
>+
>+sub not_ushort($)
>+{
>+ my ($number) = @_;
>+
>+ return 0 unless $number;
>+ return 1 if ($number < 0 or $number > 0xFFFF);
>+
>+ $overwrite = "y";
>+
>+ return 0;
>+}
>+
>+sub check_args
>+{
>+ return 0 if not_ushort($major_os);
>+ return 0 if not_ushort($minor_os);
>+ return 0 if not_ushort($major_image);
>+ return 0 if not_ushort($minor_image);
>+ return 1;
>+}
>+
>+sub read_file($)
>+{
>+ my ($file) = @_;
>+ my $contents;
>+ my $len;
>+
>+ open(FD, "<$file") || die $file;
>+ binmode FD;
>+ my @st = stat(FD);
>+ die $file if (!@st);
>+ $len = read(FD, $contents, $st[7]) || die $file;
>+ close(FD) || die $file;
>+ die "$file: Wanted length ", $st[7], ", got ", $len, "\n"
>+ if ($len != $st[7]);
>+ return $contents;
>+}
>+
>+sub get_signature_offset($)
>+{
>+ my ($image) = @_;
>+
>+ # e_magic must be 'M''Z'
>+ my ($e_magic) = unpack("n", substr($image, 0, 2));
>+ die "not a EFI Image\n" unless ($e_magic == 0x4D5A);
>+
>+ # Get the offset to the PE signature
>+ my ($e_lfanew) = unpack("V", substr($image, 0x3C, 4));
>+
>+ # Match Signature 'P''E''\0''\0'
>+ my ($Signature) = unpack("N", substr($image, $e_lfanew, 4));
>+ die "not a PE Image\n" unless ($Signature == 0x50450000);
>+
>+ return $e_lfanew;
>+}
>+
>+sub write_file($)
>+{
>+ my ($file, $contents) = @_;
>+
>+ open(FD, ">$file") || die $file;
>+ binmode FD;
>+ print FD $contents;
>+ close(FD) || die $file;
>+}
>+
>+sub set_version($)
>+{
>+ my ($image_ptr, $offset, $value) = @_;
>+ my $packed = pack("v", $value);
>+ substr($$image_ptr, $offset, 2, $packed);
>+}
>+
>+die "invalid arguments\n" unless check_args;
>+
>+my ($file) = @ARGV;
>+my $pe_image = read_file($file) if ($file);
>+my $e_lfanew = get_signature_offset($pe_image);
>+
>+# [PE Signature][COFF File Header][Optional Header]
>+# 4 bytes 20 bytes
>+#
>+# The offset of MajorOperatingSystemVersion in the Optional Header: 40
>+#
>+# The file offset of MajorOperatingSystemVersion: $e_lfanew + 24 + 40
>+#
>+# Our targets:
>+# UINT16 MajorOperatingSystemVersion;
>+# UINT16 MinorOperatingSystemVersion;
>+# UINT16 MajorImageVersion;
>+# UINT16 MinorImageVersion;
>+my $os_offset = $e_lfanew + 64;
>+
>+if ($overwrite) {
>+ # Write the file
>+ &set_version(\$pe_image, $os_offset, $major_os) if
>($major_os);
>+ &set_version(\$pe_image, $os_offset + 2, $minor_os) if
>($minor_os);
>+ &set_version(\$pe_image, $os_offset + 4, $major_image) if
>($major_image);
>+ &set_version(\$pe_image, $os_offset + 6, $minor_image) if
>($minor_image);
>+ &write_file($file, $pe_image);
>+} else {
>+ # Get the versions
>+ (my @versions) = unpack("v6", substr($pe_image, $os_offset, 12));
>+
>+ printf "MajorOperatingSystemVersion\t0x%X\n", $versions[0];
>+ printf "MinorOperatingSystemVersion\t0x%X\n", $versions[1];
>+ printf "MajorImageVersion\t\t0x%X\n", $versions[2];
>+ printf "MinorImageVersion\t\t0x%X\n", $versions[3];
>+}
Reusing PECOFF fields seems doubleplusunsafe: we don't own those fields, the UEFI forum does. It would make a lot more sense to add these fields to the bzImage header directly or indirectly (via a pointer), the latter would be more economical since the bzImage header size is bounded.
We could even define it as a pointer to a "security information header" with its own size field, so it can be grown in the future as needed.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-13 22:21 ` hpa-YMNOUZJC4hwAvxtiuMwx3w
0 siblings, 0 replies; 11+ messages in thread
From: hpa-YMNOUZJC4hwAvxtiuMwx3w @ 2017-04-13 22:21 UTC (permalink / raw)
To: Gary Lin, Thomas Gleixner, Ingo Molnar
Cc: x86-DgEjT+Ai2ygdnm+yROfE0A, linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Masahiro Yamada, Michal Marek,
Matt Fleming, Ard Biesheuvel, Joey Lee, Vojtech Pavlik
On April 11, 2017 3:20:41 AM PDT, Gary Lin <glin-IBi9RG/b67k@public.gmane.org> wrote:
>This commit adds the new config options to allow the user to modify the
>following fields in the PE-COFF header.
>
>UINT16 MajorOperatingSystemVersion
>UINT16 MinorOperatingSystemVersion
>UINT16 MajorImageVersion
>UINT16 MinorImageVersion
>
>Those fields are mainly for the executables or libraries in Windows NT
>or higher to specify the minimum supported Windows version and the
>version of the image itself.
>
>Given the fact that those fields are ignored in UEFI, we can safely
>reuse
>those fields for other purposes, e.g. Security Version(*).
>
>(*) https://github.com/lcp/shim/wiki/Security-Version
>
>Cc: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
>Cc: Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
>Cc: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
>Cc: Masahiro Yamada <yamada.masahiro-uWyLwvC0a2jby3iVrkZq2A@public.gmane.org>
>Cc: Michal Marek <mmarek-IBi9RG/b67k@public.gmane.org>
>Cc: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
>Cc: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
>Cc: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
>Cc: Vojtech Pavlik <vojtech-AlSwsSmVLrQ@public.gmane.org>
>Signed-off-by: Gary Lin <glin-IBi9RG/b67k@public.gmane.org>
>Tested-by: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
>---
> arch/x86/Kconfig | 24 +++++++
> arch/x86/boot/Makefile | 10 +++
>scripts/efiversion.pl | 192
>+++++++++++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 226 insertions(+)
> create mode 100755 scripts/efiversion.pl
>
>diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>index 5bbdef151805..f281c0ff3ff6 100644
>--- a/arch/x86/Kconfig
>+++ b/arch/x86/Kconfig
>@@ -1803,6 +1803,30 @@ config EFI_STUB
>
> See Documentation/efi-stub.txt for more information.
>
>+config EFI_MAJOR_OS_VERSION
>+ hex "EFI Major OS Version"
>+ range 0x0 0xFFFF
>+ default "0x0"
>+ depends on EFI_STUB
>+
>+config EFI_MINOR_OS_VERSION
>+ hex "EFI Minor OS Version"
>+ range 0x0 0xFFFF
>+ default "0x0"
>+ depends on EFI_STUB
>+
>+config EFI_MAJOR_IMAGE_VERSION
>+ hex "EFI Major Image Version"
>+ range 0x0 0xFFFF
>+ default "0x0"
>+ depends on EFI_STUB
>+
>+config EFI_MINOR_IMAGE_VERSION
>+ hex "EFI Minor Image Version"
>+ range 0x0 0xFFFF
>+ default "0x0"
>+ depends on EFI_STUB
>+
> config EFI_MIXED
> bool "EFI mixed-mode support"
> depends on EFI_STUB && X86_64
>diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
>index 0d810fb15eac..b9de8b50f32a 100644
>--- a/arch/x86/boot/Makefile
>+++ b/arch/x86/boot/Makefile
>@@ -76,8 +76,18 @@ quiet_cmd_image = BUILD $@
> cmd_image = $(obj)/tools/build $(obj)/setup.bin $(obj)/vmlinux.bin \
> $(obj)/zoffset.h $@
>
>+cmd_efiversion = scripts/efiversion.pl \
>+ --major-os=$(CONFIG_EFI_MAJOR_OS_VERSION) \
>+ --minor-os=$(CONFIG_EFI_MINOR_OS_VERSION) \
>+ --major-image=$(CONFIG_EFI_MAJOR_IMAGE_VERSION) \
>+ --minor-image=$(CONFIG_EFI_MINOR_IMAGE_VERSION) \
>+ $@
>+
>$(obj)/bzImage: $(obj)/setup.bin $(obj)/vmlinux.bin $(obj)/tools/build
>FORCE
> $(call if_changed,image)
>+ifeq ($(CONFIG_EFI_STUB),y)
>+ $(call if_changed,efiversion,$@)
>+endif
> @echo 'Kernel: $@ is ready' ' (#'`cat .version`')'
>
> OBJCOPYFLAGS_vmlinux.bin := -O binary -R .note -R .comment -S
>diff --git a/scripts/efiversion.pl b/scripts/efiversion.pl
>new file mode 100755
>index 000000000000..fe730d10638a
>--- /dev/null
>+++ b/scripts/efiversion.pl
>@@ -0,0 +1,192 @@
>+#!/usr/bin/perl
>+
>+=head1 efiversion.pl
>+
>+efiversion.pl - show or modify the version fields in the EFI image
>+
>+=head1 SYNOPSIS
>+
>+efiversion.pl [OPTIONS] FILE
>+
>+=head1 OPTIONS
>+
>+=over 4
>+
>+=item B<--major-os=NUMBER>
>+
>+assign the major OS version
>+
>+=item B<--minor-os=NUMBER>
>+
>+assign the minor OS version
>+
>+=item B<--major-image=NUMBER>
>+
>+assign the major image version
>+
>+=item B<--minor-image=NUMBER>
>+
>+assign the minor image version
>+
>+=item B<--help, -h>
>+
>+print help
>+
>+=back
>+
>+=head1 DESCRIPTION
>+
>+A script to modify the version fields in the header of the EFI image
>+
>+Show the versions:
>+$ efiversion.pl sample.efi
>+
>+Modify the versions:
>+$ efiversion.pl --major-os=1 --minor-os=2 sample.efi
>+
>+=cut
>+
>+use strict;
>+use warnings;
>+use FileHandle;
>+use Getopt::Long;
>+Getopt::Long::Configure("no_ignore_case");
>+
>+my %options;
>+
>+sub usage($) {
>+ my $r = shift;
>+ eval "use Pod::Usage; pod2usage($r);";
>+ if ($@) {
>+ die "cannot display help, install perl(Pod::Usage)\n";
>+ }
>+}
>+
>+my $options;
>+my $major_os = '';
>+my $minor_os = '';
>+my $major_image = '';
>+my $minor_image = '';
>+my $help = '';
>+my $overwrite = '';
>+
>+GetOptions(
>+ "major-os=o" => \$major_os,
>+ "minor-os=o" => \$minor_os,
>+ "major-image=o" => \$major_image,
>+ "minor-image=o" => \$minor_image,
>+ "help|h" => \$help,
>+) or usage(1);
>+
>+usage(1) unless @ARGV;
>+usage(0) if ($help);
>+
>+sub not_ushort($)
>+{
>+ my ($number) = @_;
>+
>+ return 0 unless $number;
>+ return 1 if ($number < 0 or $number > 0xFFFF);
>+
>+ $overwrite = "y";
>+
>+ return 0;
>+}
>+
>+sub check_args
>+{
>+ return 0 if not_ushort($major_os);
>+ return 0 if not_ushort($minor_os);
>+ return 0 if not_ushort($major_image);
>+ return 0 if not_ushort($minor_image);
>+ return 1;
>+}
>+
>+sub read_file($)
>+{
>+ my ($file) = @_;
>+ my $contents;
>+ my $len;
>+
>+ open(FD, "<$file") || die $file;
>+ binmode FD;
>+ my @st = stat(FD);
>+ die $file if (!@st);
>+ $len = read(FD, $contents, $st[7]) || die $file;
>+ close(FD) || die $file;
>+ die "$file: Wanted length ", $st[7], ", got ", $len, "\n"
>+ if ($len != $st[7]);
>+ return $contents;
>+}
>+
>+sub get_signature_offset($)
>+{
>+ my ($image) = @_;
>+
>+ # e_magic must be 'M''Z'
>+ my ($e_magic) = unpack("n", substr($image, 0, 2));
>+ die "not a EFI Image\n" unless ($e_magic == 0x4D5A);
>+
>+ # Get the offset to the PE signature
>+ my ($e_lfanew) = unpack("V", substr($image, 0x3C, 4));
>+
>+ # Match Signature 'P''E''\0''\0'
>+ my ($Signature) = unpack("N", substr($image, $e_lfanew, 4));
>+ die "not a PE Image\n" unless ($Signature == 0x50450000);
>+
>+ return $e_lfanew;
>+}
>+
>+sub write_file($)
>+{
>+ my ($file, $contents) = @_;
>+
>+ open(FD, ">$file") || die $file;
>+ binmode FD;
>+ print FD $contents;
>+ close(FD) || die $file;
>+}
>+
>+sub set_version($)
>+{
>+ my ($image_ptr, $offset, $value) = @_;
>+ my $packed = pack("v", $value);
>+ substr($$image_ptr, $offset, 2, $packed);
>+}
>+
>+die "invalid arguments\n" unless check_args;
>+
>+my ($file) = @ARGV;
>+my $pe_image = read_file($file) if ($file);
>+my $e_lfanew = get_signature_offset($pe_image);
>+
>+# [PE Signature][COFF File Header][Optional Header]
>+# 4 bytes 20 bytes
>+#
>+# The offset of MajorOperatingSystemVersion in the Optional Header: 40
>+#
>+# The file offset of MajorOperatingSystemVersion: $e_lfanew + 24 + 40
>+#
>+# Our targets:
>+# UINT16 MajorOperatingSystemVersion;
>+# UINT16 MinorOperatingSystemVersion;
>+# UINT16 MajorImageVersion;
>+# UINT16 MinorImageVersion;
>+my $os_offset = $e_lfanew + 64;
>+
>+if ($overwrite) {
>+ # Write the file
>+ &set_version(\$pe_image, $os_offset, $major_os) if
>($major_os);
>+ &set_version(\$pe_image, $os_offset + 2, $minor_os) if
>($minor_os);
>+ &set_version(\$pe_image, $os_offset + 4, $major_image) if
>($major_image);
>+ &set_version(\$pe_image, $os_offset + 6, $minor_image) if
>($minor_image);
>+ &write_file($file, $pe_image);
>+} else {
>+ # Get the versions
>+ (my @versions) = unpack("v6", substr($pe_image, $os_offset, 12));
>+
>+ printf "MajorOperatingSystemVersion\t0x%X\n", $versions[0];
>+ printf "MinorOperatingSystemVersion\t0x%X\n", $versions[1];
>+ printf "MajorImageVersion\t\t0x%X\n", $versions[2];
>+ printf "MinorImageVersion\t\t0x%X\n", $versions[3];
>+}
Reusing PECOFF fields seems doubleplusunsafe: we don't own those fields, the UEFI forum does. It would make a lot more sense to add these fields to the bzImage header directly or indirectly (via a pointer), the latter would be more economical since the bzImage header size is bounded.
We could even define it as a pointer to a "security information header" with its own size field, so it can be grown in the future as needed.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-14 3:51 ` Gary Lin
0 siblings, 0 replies; 11+ messages in thread
From: Gary Lin @ 2017-04-14 3:51 UTC (permalink / raw)
To: hpa
Cc: Thomas Gleixner, Ingo Molnar, x86, linux-kernel, linux-efi,
Masahiro Yamada, Michal Marek, Matt Fleming, Ard Biesheuvel,
Joey Lee, Vojtech Pavlik
On Thu, Apr 13, 2017 at 03:21:20PM -0700, hpa@zytor.com wrote:
> On April 11, 2017 3:20:41 AM PDT, Gary Lin <glin@suse.com> wrote:
> >This commit adds the new config options to allow the user to modify the
> >following fields in the PE-COFF header.
> >
> >UINT16 MajorOperatingSystemVersion
> >UINT16 MinorOperatingSystemVersion
> >UINT16 MajorImageVersion
> >UINT16 MinorImageVersion
> >
> >Those fields are mainly for the executables or libraries in Windows NT
> >or higher to specify the minimum supported Windows version and the
> >version of the image itself.
> >
> >Given the fact that those fields are ignored in UEFI, we can safely
> >reuse
> >those fields for other purposes, e.g. Security Version(*).
> >
> >(*) https://github.com/lcp/shim/wiki/Security-Version
> >
> >Cc: Thomas Gleixner <tglx@linutronix.de>
> >Cc: Ingo Molnar <mingo@redhat.com>
> >Cc: "H. Peter Anvin" <hpa@zytor.com>
> >Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
> >Cc: Michal Marek <mmarek@suse.com>
> >Cc: Matt Fleming <matt@codeblueprint.co.uk>
> >Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >Cc: Joey Lee <jlee@suse.com>
> >Cc: Vojtech Pavlik <vojtech@suse.cz>
> >Signed-off-by: Gary Lin <glin@suse.com>
> >Tested-by: Joey Lee <jlee@suse.com>
> >---
[snip]
>
> Reusing PECOFF fields seems doubleplusunsafe: we don't own those fields, the UEFI forum does. It would make a lot more sense to add these fields to the bzImage header directly or indirectly (via a pointer), the latter would be more economical since the bzImage header size is bounded.
>
> We could even define it as a pointer to a "security information header" with its own size field, so it can be grown in the future as needed.
Reusing PE-COFF simplifies the implementation since shim can parse the
header directly. I can raise the issue to the UEFI forum to clarify the
usage of those fields.
Meanwhile, I'll also look into the bzImage header in case the PE-COFF
header is really a NO-GO.
Thanks,
Gary Lin
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-14 3:51 ` Gary Lin
0 siblings, 0 replies; 11+ messages in thread
From: Gary Lin @ 2017-04-14 3:51 UTC (permalink / raw)
To: hpa-YMNOUZJC4hwAvxtiuMwx3w
Cc: Thomas Gleixner, Ingo Molnar, x86-DgEjT+Ai2ygdnm+yROfE0A,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Masahiro Yamada, Michal Marek,
Matt Fleming, Ard Biesheuvel, Joey Lee, Vojtech Pavlik
On Thu, Apr 13, 2017 at 03:21:20PM -0700, hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org wrote:
> On April 11, 2017 3:20:41 AM PDT, Gary Lin <glin-IBi9RG/b67k@public.gmane.org> wrote:
> >This commit adds the new config options to allow the user to modify the
> >following fields in the PE-COFF header.
> >
> >UINT16 MajorOperatingSystemVersion
> >UINT16 MinorOperatingSystemVersion
> >UINT16 MajorImageVersion
> >UINT16 MinorImageVersion
> >
> >Those fields are mainly for the executables or libraries in Windows NT
> >or higher to specify the minimum supported Windows version and the
> >version of the image itself.
> >
> >Given the fact that those fields are ignored in UEFI, we can safely
> >reuse
> >those fields for other purposes, e.g. Security Version(*).
> >
> >(*) https://github.com/lcp/shim/wiki/Security-Version
> >
> >Cc: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
> >Cc: Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> >Cc: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
> >Cc: Masahiro Yamada <yamada.masahiro-uWyLwvC0a2jby3iVrkZq2A@public.gmane.org>
> >Cc: Michal Marek <mmarek-IBi9RG/b67k@public.gmane.org>
> >Cc: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
> >Cc: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
> >Cc: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
> >Cc: Vojtech Pavlik <vojtech-AlSwsSmVLrQ@public.gmane.org>
> >Signed-off-by: Gary Lin <glin-IBi9RG/b67k@public.gmane.org>
> >Tested-by: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
> >---
[snip]
>
> Reusing PECOFF fields seems doubleplusunsafe: we don't own those fields, the UEFI forum does. It would make a lot more sense to add these fields to the bzImage header directly or indirectly (via a pointer), the latter would be more economical since the bzImage header size is bounded.
>
> We could even define it as a pointer to a "security information header" with its own size field, so it can be grown in the future as needed.
Reusing PE-COFF simplifies the implementation since shim can parse the
header directly. I can raise the issue to the UEFI forum to clarify the
usage of those fields.
Meanwhile, I'll also look into the bzImage header in case the PE-COFF
header is really a NO-GO.
Thanks,
Gary Lin
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
2017-04-14 3:51 ` Gary Lin
@ 2017-04-14 5:17 ` hpa-YMNOUZJC4hwAvxtiuMwx3w
-1 siblings, 0 replies; 11+ messages in thread
From: hpa @ 2017-04-14 5:17 UTC (permalink / raw)
To: Gary Lin
Cc: Thomas Gleixner, Ingo Molnar, x86, linux-kernel, linux-efi,
Masahiro Yamada, Michal Marek, Matt Fleming, Ard Biesheuvel,
Joey Lee, Vojtech Pavlik
On April 13, 2017 8:51:19 PM PDT, Gary Lin <glin@suse.com> wrote:
>On Thu, Apr 13, 2017 at 03:21:20PM -0700, hpa@zytor.com wrote:
>> On April 11, 2017 3:20:41 AM PDT, Gary Lin <glin@suse.com> wrote:
>> >This commit adds the new config options to allow the user to modify
>the
>> >following fields in the PE-COFF header.
>> >
>> >UINT16 MajorOperatingSystemVersion
>> >UINT16 MinorOperatingSystemVersion
>> >UINT16 MajorImageVersion
>> >UINT16 MinorImageVersion
>> >
>> >Those fields are mainly for the executables or libraries in Windows
>NT
>> >or higher to specify the minimum supported Windows version and the
>> >version of the image itself.
>> >
>> >Given the fact that those fields are ignored in UEFI, we can safely
>> >reuse
>> >those fields for other purposes, e.g. Security Version(*).
>> >
>> >(*) https://github.com/lcp/shim/wiki/Security-Version
>> >
>> >Cc: Thomas Gleixner <tglx@linutronix.de>
>> >Cc: Ingo Molnar <mingo@redhat.com>
>> >Cc: "H. Peter Anvin" <hpa@zytor.com>
>> >Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
>> >Cc: Michal Marek <mmarek@suse.com>
>> >Cc: Matt Fleming <matt@codeblueprint.co.uk>
>> >Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> >Cc: Joey Lee <jlee@suse.com>
>> >Cc: Vojtech Pavlik <vojtech@suse.cz>
>> >Signed-off-by: Gary Lin <glin@suse.com>
>> >Tested-by: Joey Lee <jlee@suse.com>
>> >---
>[snip]
>>
>> Reusing PECOFF fields seems doubleplusunsafe: we don't own those
>fields, the UEFI forum does. It would make a lot more sense to add
>these fields to the bzImage header directly or indirectly (via a
>pointer), the latter would be more economical since the bzImage header
>size is bounded.
>>
>> We could even define it as a pointer to a "security information
>header" with its own size field, so it can be grown in the future as
>needed.
>Reusing PE-COFF simplifies the implementation since shim can parse the
>header directly. I can raise the issue to the UEFI forum to clarify the
>usage of those fields.
>
>Meanwhile, I'll also look into the bzImage header in case the PE-COFF
>header is really a NO-GO.
>
>Thanks,
>
>Gary Lin
If we are going to use the PE-COFF hear then you need to write a proposal and get the UEFI forum to sign off on it.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [RFC PATCH] x86: Config options to assign versions in the PE-COFF header
@ 2017-04-14 5:17 ` hpa-YMNOUZJC4hwAvxtiuMwx3w
0 siblings, 0 replies; 11+ messages in thread
From: hpa-YMNOUZJC4hwAvxtiuMwx3w @ 2017-04-14 5:17 UTC (permalink / raw)
To: Gary Lin
Cc: Thomas Gleixner, Ingo Molnar, x86-DgEjT+Ai2ygdnm+yROfE0A,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-efi-u79uwXL29TY76Z2rM5mHXA, Masahiro Yamada, Michal Marek,
Matt Fleming, Ard Biesheuvel, Joey Lee, Vojtech Pavlik
On April 13, 2017 8:51:19 PM PDT, Gary Lin <glin-IBi9RG/b67k@public.gmane.org> wrote:
>On Thu, Apr 13, 2017 at 03:21:20PM -0700, hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org wrote:
>> On April 11, 2017 3:20:41 AM PDT, Gary Lin <glin-IBi9RG/b67k@public.gmane.org> wrote:
>> >This commit adds the new config options to allow the user to modify
>the
>> >following fields in the PE-COFF header.
>> >
>> >UINT16 MajorOperatingSystemVersion
>> >UINT16 MinorOperatingSystemVersion
>> >UINT16 MajorImageVersion
>> >UINT16 MinorImageVersion
>> >
>> >Those fields are mainly for the executables or libraries in Windows
>NT
>> >or higher to specify the minimum supported Windows version and the
>> >version of the image itself.
>> >
>> >Given the fact that those fields are ignored in UEFI, we can safely
>> >reuse
>> >those fields for other purposes, e.g. Security Version(*).
>> >
>> >(*) https://github.com/lcp/shim/wiki/Security-Version
>> >
>> >Cc: Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>
>> >Cc: Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
>> >Cc: "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>
>> >Cc: Masahiro Yamada <yamada.masahiro-uWyLwvC0a2jby3iVrkZq2A@public.gmane.org>
>> >Cc: Michal Marek <mmarek-IBi9RG/b67k@public.gmane.org>
>> >Cc: Matt Fleming <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
>> >Cc: Ard Biesheuvel <ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
>> >Cc: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
>> >Cc: Vojtech Pavlik <vojtech-AlSwsSmVLrQ@public.gmane.org>
>> >Signed-off-by: Gary Lin <glin-IBi9RG/b67k@public.gmane.org>
>> >Tested-by: Joey Lee <jlee-IBi9RG/b67k@public.gmane.org>
>> >---
>[snip]
>>
>> Reusing PECOFF fields seems doubleplusunsafe: we don't own those
>fields, the UEFI forum does. It would make a lot more sense to add
>these fields to the bzImage header directly or indirectly (via a
>pointer), the latter would be more economical since the bzImage header
>size is bounded.
>>
>> We could even define it as a pointer to a "security information
>header" with its own size field, so it can be grown in the future as
>needed.
>Reusing PE-COFF simplifies the implementation since shim can parse the
>header directly. I can raise the issue to the UEFI forum to clarify the
>usage of those fields.
>
>Meanwhile, I'll also look into the bzImage header in case the PE-COFF
>header is really a NO-GO.
>
>Thanks,
>
>Gary Lin
If we are going to use the PE-COFF hear then you need to write a proposal and get the UEFI forum to sign off on it.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-04-14 5:22 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-11 10:20 [RFC PATCH] x86: Config options to assign versions in the PE-COFF header Gary Lin
2017-04-11 17:37 ` Ard Biesheuvel
2017-04-11 17:37 ` Ard Biesheuvel
2017-04-12 3:30 ` Gary Lin
2017-04-12 3:30 ` Gary Lin
2017-04-13 22:21 ` hpa
2017-04-13 22:21 ` hpa-YMNOUZJC4hwAvxtiuMwx3w
2017-04-14 3:51 ` Gary Lin
2017-04-14 3:51 ` Gary Lin
2017-04-14 5:17 ` hpa
2017-04-14 5:17 ` hpa-YMNOUZJC4hwAvxtiuMwx3w
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.