* [PATCH v4 0/9] efi: implement generic compressed boot support
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Relatively modern architectures such as arm64 or RISC-V don't implement
a self-decompressing kernel, and leave it up to the bootloader to
decompress the compressed image before executing it. For bare metal
boot, this policy makes sense, as a self-decompressing image essentially
duplicates a lot of fiddly preparation work to create a 1:1 mapping and
set up the C runtime, and to discover or infer where DRAM lives from
device trees or other firmware tables.
For EFI boot, the situation is a bit different: the EFI entrypoint is
called with a 1:1 cached mapping covering all of DRAM already active,
and with a stack, a heap, a memory map and boot services to load and
start images. This means it is rather trivial to implement a
self-decompressing wrapper for EFI boot in a generic manner, and reuse
it across architectures that implement EFI boot.
The only slight downside is that when UEFI secure boot is enabled, the
generic LoadImage/StartImage only allow signed images to be loaded and
started, and we would prefer to avoid the need to sign both the inner
and outer PE/COFF images.
However, the only truly generic and portable way to achieve this is to
rely on LoadImage/StartImage as the EFI spec defines them, and avoid
making assumptions about how things might work under the hood, and how
we might circumvent that. This includes just loading the image into
memory and jumping to the PE entry point: in the context of secure boot,
measured boot and other hardening measures the firmware may take (such
as disallowing mappings that are both writable and executable), using
the firmware's image loading API is the only maintainable choice.
For this reason, this version of the series includes support for signing
the images using sbsign, if the signing key and cert are specified in
Kconfig.
The code is wired up for arm64, LoongArch and RISC-V. The latter was
build tested only.
Changes since v3:
- add support for XZ and ZSTD compression
- deal with exit data returned by StartImage()
- use LoadFile2 based image loading instead of passing the raw buffer -
this way, the provenance of the data is more visible, allowing us,
for instance, to deal with initrd= on arm64 transparently (this means
that systemd-boot on arm64 will work unmodified provided that the
[deprecated] command line initrd loader is enabled in the kernel
build)
- include LoongArch support
- rename compressed image to vmlinuz.efi on all architectures
Changes since v2:
- drop some of the refactoring work to make efi_printk() available in
the decompressor, and just use fixed strings instead;
- provide memcpy/memmove/memset based on the UEFI boot services, instead
of having to specify for each architecture how to wire these up;
- drop PI/DXE based signature check circumvention, and just sign the
inner image instead, if needed;
- add a header to the zimage binary that identifies it as a EFI zboot
image, and describes the compression algorithm and where the payload
lives in the image - this might be used by non-EFI loaders to locate
and decompress the bare metal image, given that the EFI zboot one is
not a hybrid like the one it encapsulates.
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Peter Jones <pjones@redhat.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Atish Patra <atishp@atishpatra.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Huacai Chen <chenhuacai@loongson.cn>
Cc: Xi Ruoyao <xry111@xry111.site>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Jeremy Linton <jeremy.linton@arm.com>
Ard Biesheuvel (9):
efi: name the ARCH-stub.c files uniformly
efi/libstub: add some missing boot service prototypes
efi/libstub: use EFI provided memcpy/memset routines
efi/libstub: move efi_system_table global var into separate object
efi/libstub: implement generic EFI zboot
arm64: efi: enable generic EFI compressed boot
riscv: efi: enable generic EFI compressed boot
loongarch: avoid orphan input sections
loongarch: efi: enable generic EFI compressed boot
arch/arm64/Makefile | 4 +-
arch/arm64/boot/Makefile | 6 +
arch/arm64/kernel/image-vars.h | 13 -
arch/loongarch/Kconfig | 1 +
arch/loongarch/Makefile | 2 +-
arch/loongarch/boot/Makefile | 6 +
arch/loongarch/kernel/image-vars.h | 3 -
arch/loongarch/kernel/vmlinux.lds.S | 2 +
arch/riscv/Makefile | 2 +-
arch/riscv/boot/Makefile | 6 +
arch/riscv/kernel/image-vars.h | 9 -
drivers/firmware/efi/Kconfig | 29 ++
drivers/firmware/efi/libstub/Makefile | 21 +-
drivers/firmware/efi/libstub/Makefile.zboot | 70 +++++
drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} | 0
drivers/firmware/efi/libstub/efi-stub.c | 2 -
drivers/firmware/efi/libstub/efistub.h | 35 ++-
drivers/firmware/efi/libstub/file.c | 17 ++
drivers/firmware/efi/libstub/intrinsics.c | 30 ++
drivers/firmware/efi/libstub/systable.c | 8 +
drivers/firmware/efi/libstub/zboot-header.S | 139 ++++++++++
drivers/firmware/efi/libstub/zboot.c | 289 ++++++++++++++++++++
drivers/firmware/efi/libstub/zboot.lds | 41 +++
include/linux/efi.h | 13 +
24 files changed, 699 insertions(+), 49 deletions(-)
create mode 100644 drivers/firmware/efi/libstub/Makefile.zboot
rename drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} (100%)
create mode 100644 drivers/firmware/efi/libstub/intrinsics.c
create mode 100644 drivers/firmware/efi/libstub/systable.c
create mode 100644 drivers/firmware/efi/libstub/zboot-header.S
create mode 100644 drivers/firmware/efi/libstub/zboot.c
create mode 100644 drivers/firmware/efi/libstub/zboot.lds
--
2.35.1
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PATCH v4 0/9] efi: implement generic compressed boot support
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Relatively modern architectures such as arm64 or RISC-V don't implement
a self-decompressing kernel, and leave it up to the bootloader to
decompress the compressed image before executing it. For bare metal
boot, this policy makes sense, as a self-decompressing image essentially
duplicates a lot of fiddly preparation work to create a 1:1 mapping and
set up the C runtime, and to discover or infer where DRAM lives from
device trees or other firmware tables.
For EFI boot, the situation is a bit different: the EFI entrypoint is
called with a 1:1 cached mapping covering all of DRAM already active,
and with a stack, a heap, a memory map and boot services to load and
start images. This means it is rather trivial to implement a
self-decompressing wrapper for EFI boot in a generic manner, and reuse
it across architectures that implement EFI boot.
The only slight downside is that when UEFI secure boot is enabled, the
generic LoadImage/StartImage only allow signed images to be loaded and
started, and we would prefer to avoid the need to sign both the inner
and outer PE/COFF images.
However, the only truly generic and portable way to achieve this is to
rely on LoadImage/StartImage as the EFI spec defines them, and avoid
making assumptions about how things might work under the hood, and how
we might circumvent that. This includes just loading the image into
memory and jumping to the PE entry point: in the context of secure boot,
measured boot and other hardening measures the firmware may take (such
as disallowing mappings that are both writable and executable), using
the firmware's image loading API is the only maintainable choice.
For this reason, this version of the series includes support for signing
the images using sbsign, if the signing key and cert are specified in
Kconfig.
The code is wired up for arm64, LoongArch and RISC-V. The latter was
build tested only.
Changes since v3:
- add support for XZ and ZSTD compression
- deal with exit data returned by StartImage()
- use LoadFile2 based image loading instead of passing the raw buffer -
this way, the provenance of the data is more visible, allowing us,
for instance, to deal with initrd= on arm64 transparently (this means
that systemd-boot on arm64 will work unmodified provided that the
[deprecated] command line initrd loader is enabled in the kernel
build)
- include LoongArch support
- rename compressed image to vmlinuz.efi on all architectures
Changes since v2:
- drop some of the refactoring work to make efi_printk() available in
the decompressor, and just use fixed strings instead;
- provide memcpy/memmove/memset based on the UEFI boot services, instead
of having to specify for each architecture how to wire these up;
- drop PI/DXE based signature check circumvention, and just sign the
inner image instead, if needed;
- add a header to the zimage binary that identifies it as a EFI zboot
image, and describes the compression algorithm and where the payload
lives in the image - this might be used by non-EFI loaders to locate
and decompress the bare metal image, given that the EFI zboot one is
not a hybrid like the one it encapsulates.
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Peter Jones <pjones@redhat.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Atish Patra <atishp@atishpatra.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Huacai Chen <chenhuacai@loongson.cn>
Cc: Xi Ruoyao <xry111@xry111.site>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Jeremy Linton <jeremy.linton@arm.com>
Ard Biesheuvel (9):
efi: name the ARCH-stub.c files uniformly
efi/libstub: add some missing boot service prototypes
efi/libstub: use EFI provided memcpy/memset routines
efi/libstub: move efi_system_table global var into separate object
efi/libstub: implement generic EFI zboot
arm64: efi: enable generic EFI compressed boot
riscv: efi: enable generic EFI compressed boot
loongarch: avoid orphan input sections
loongarch: efi: enable generic EFI compressed boot
arch/arm64/Makefile | 4 +-
arch/arm64/boot/Makefile | 6 +
arch/arm64/kernel/image-vars.h | 13 -
arch/loongarch/Kconfig | 1 +
arch/loongarch/Makefile | 2 +-
arch/loongarch/boot/Makefile | 6 +
arch/loongarch/kernel/image-vars.h | 3 -
arch/loongarch/kernel/vmlinux.lds.S | 2 +
arch/riscv/Makefile | 2 +-
arch/riscv/boot/Makefile | 6 +
arch/riscv/kernel/image-vars.h | 9 -
drivers/firmware/efi/Kconfig | 29 ++
drivers/firmware/efi/libstub/Makefile | 21 +-
drivers/firmware/efi/libstub/Makefile.zboot | 70 +++++
drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} | 0
drivers/firmware/efi/libstub/efi-stub.c | 2 -
drivers/firmware/efi/libstub/efistub.h | 35 ++-
drivers/firmware/efi/libstub/file.c | 17 ++
drivers/firmware/efi/libstub/intrinsics.c | 30 ++
drivers/firmware/efi/libstub/systable.c | 8 +
drivers/firmware/efi/libstub/zboot-header.S | 139 ++++++++++
drivers/firmware/efi/libstub/zboot.c | 289 ++++++++++++++++++++
drivers/firmware/efi/libstub/zboot.lds | 41 +++
include/linux/efi.h | 13 +
24 files changed, 699 insertions(+), 49 deletions(-)
create mode 100644 drivers/firmware/efi/libstub/Makefile.zboot
rename drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} (100%)
create mode 100644 drivers/firmware/efi/libstub/intrinsics.c
create mode 100644 drivers/firmware/efi/libstub/systable.c
create mode 100644 drivers/firmware/efi/libstub/zboot-header.S
create mode 100644 drivers/firmware/efi/libstub/zboot.c
create mode 100644 drivers/firmware/efi/libstub/zboot.lds
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* [PATCH v4 1/9] efi: name the ARCH-stub.c files uniformly
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 8:38 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Rename arm32-stub.c to arm-stub.c so that we can refer to all of them as
$(ARCH)-stub.c
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/libstub/Makefile | 9 ++-------
drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} | 0
2 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index a4915cc499f3..68c181dcb8cf 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -68,13 +68,8 @@ $(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o \
$(patsubst %.c,lib-%.o,$(efi-deps-y))
-lib-$(CONFIG_ARM) += arm32-stub.o
-lib-$(CONFIG_ARM64) += arm64-stub.o
-lib-$(CONFIG_X86) += x86-stub.o
-lib-$(CONFIG_RISCV) += riscv-stub.o
-lib-$(CONFIG_LOONGARCH) += loongarch-stub.o
-
-CFLAGS_arm32-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
+lib-y += $(ARCH)-stub.o
+CFLAGS_arm-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
# Even when -mbranch-protection=none is set, Clang will generate a
# .note.gnu.property for code-less object files (like lib/ctype.c),
diff --git a/drivers/firmware/efi/libstub/arm32-stub.c b/drivers/firmware/efi/libstub/arm-stub.c
similarity index 100%
rename from drivers/firmware/efi/libstub/arm32-stub.c
rename to drivers/firmware/efi/libstub/arm-stub.c
--
2.35.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 1/9] efi: name the ARCH-stub.c files uniformly
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Rename arm32-stub.c to arm-stub.c so that we can refer to all of them as
$(ARCH)-stub.c
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/libstub/Makefile | 9 ++-------
drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} | 0
2 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index a4915cc499f3..68c181dcb8cf 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -68,13 +68,8 @@ $(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o \
$(patsubst %.c,lib-%.o,$(efi-deps-y))
-lib-$(CONFIG_ARM) += arm32-stub.o
-lib-$(CONFIG_ARM64) += arm64-stub.o
-lib-$(CONFIG_X86) += x86-stub.o
-lib-$(CONFIG_RISCV) += riscv-stub.o
-lib-$(CONFIG_LOONGARCH) += loongarch-stub.o
-
-CFLAGS_arm32-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
+lib-y += $(ARCH)-stub.o
+CFLAGS_arm-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
# Even when -mbranch-protection=none is set, Clang will generate a
# .note.gnu.property for code-less object files (like lib/ctype.c),
diff --git a/drivers/firmware/efi/libstub/arm32-stub.c b/drivers/firmware/efi/libstub/arm-stub.c
similarity index 100%
rename from drivers/firmware/efi/libstub/arm32-stub.c
rename to drivers/firmware/efi/libstub/arm-stub.c
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 2/9] efi/libstub: add some missing EFI prototypes
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 8:38 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Define the correct prototypes for the load_image, start_image and
unload_image boot service pointers so we can call them from the EFI
zboot code.
Also add some prototypes related to installation and deinstallation of
protocols in to the EFI protocol database, including some definitions
related to device paths.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
Note that the device-path-to-text protocol is not used in this series,
but it was useful during development so I retained the definitions.
drivers/firmware/efi/libstub/efistub.h | 31 ++++++++++++++++----
include/linux/efi.h | 12 ++++++++
2 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index b0ae0a454404..c7efc404e663 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -171,6 +171,23 @@ struct efi_boot_memmap {
typedef struct efi_generic_dev_path efi_device_path_protocol_t;
+union efi_device_path_to_text_protocol {
+ struct {
+ efi_char16_t *(__efiapi *convert_device_node_to_text)(
+ const efi_device_path_protocol_t *,
+ bool, bool);
+ efi_char16_t *(__efiapi *convert_device_path_to_text)(
+ const efi_device_path_protocol_t *,
+ bool, bool);
+ };
+ struct {
+ u32 convert_device_node_to_text;
+ u32 convert_device_path_to_text;
+ } mixed_mode;
+};
+
+typedef union efi_device_path_to_text_protocol efi_device_path_to_text_protocol_t;
+
typedef void *efi_event_t;
/* Note that notifications won't work in mixed mode */
typedef void (__efiapi *efi_event_notify_t)(efi_event_t, void *);
@@ -254,13 +271,17 @@ union efi_boot_services {
efi_handle_t *);
efi_status_t (__efiapi *install_configuration_table)(efi_guid_t *,
void *);
- void *load_image;
- void *start_image;
+ efi_status_t (__efiapi *load_image)(bool, efi_handle_t,
+ efi_device_path_protocol_t *,
+ void *, unsigned long,
+ efi_handle_t *);
+ efi_status_t (__efiapi *start_image)(efi_handle_t, unsigned long *,
+ efi_char16_t **);
efi_status_t __noreturn (__efiapi *exit)(efi_handle_t,
efi_status_t,
unsigned long,
efi_char16_t *);
- void *unload_image;
+ efi_status_t (__efiapi *unload_image)(efi_handle_t);
efi_status_t (__efiapi *exit_boot_services)(efi_handle_t,
unsigned long);
void *get_next_monotonic_count;
@@ -277,8 +298,8 @@ union efi_boot_services {
void *locate_handle_buffer;
efi_status_t (__efiapi *locate_protocol)(efi_guid_t *, void *,
void **);
- void *install_multiple_protocol_interfaces;
- void *uninstall_multiple_protocol_interfaces;
+ efi_status_t (__efiapi *install_multiple_protocol_interfaces)(efi_handle_t *, ...);
+ efi_status_t (__efiapi *uninstall_multiple_protocol_interfaces)(efi_handle_t, ...);
void *calculate_crc32;
void *copy_mem;
void *set_mem;
diff --git a/include/linux/efi.h b/include/linux/efi.h
index d2b84c2fec39..af90f7989f80 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -368,6 +368,9 @@ void efi_native_runtime_setup(void);
#define UV_SYSTEM_TABLE_GUID EFI_GUID(0x3b13a7d4, 0x633e, 0x11dd, 0x93, 0xec, 0xda, 0x25, 0x56, 0xd8, 0x95, 0x93)
#define LINUX_EFI_CRASH_GUID EFI_GUID(0xcfc8fc79, 0xbe2e, 0x4ddc, 0x97, 0xf0, 0x9f, 0x98, 0xbf, 0xe2, 0x98, 0xa0)
#define LOADED_IMAGE_PROTOCOL_GUID EFI_GUID(0x5b1b31a1, 0x9562, 0x11d2, 0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
+#define LOADED_IMAGE_DEVICE_PATH_PROTOCOL_GUID EFI_GUID(0xbc62157e, 0x3e33, 0x4fec, 0x99, 0x20, 0x2d, 0x3b, 0x36, 0xd7, 0x50, 0xdf)
+#define EFI_DEVICE_PATH_PROTOCOL_GUID EFI_GUID(0x09576e91, 0x6d3f, 0x11d2, 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
+#define EFI_DEVICE_PATH_TO_TEXT_PROTOCOL_GUID EFI_GUID(0x8b843e20, 0x8132, 0x4852, 0x90, 0xcc, 0x55, 0x1a, 0x4e, 0x4a, 0x7f, 0x1c)
#define EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID EFI_GUID(0x9042a9de, 0x23dc, 0x4a38, 0x96, 0xfb, 0x7a, 0xde, 0xd0, 0x80, 0x51, 0x6a)
#define EFI_UGA_PROTOCOL_GUID EFI_GUID(0x982c298b, 0xf4fa, 0x41cb, 0xb8, 0x38, 0x77, 0xaa, 0x68, 0x8f, 0xb8, 0x39)
#define EFI_PCI_IO_PROTOCOL_GUID EFI_GUID(0x4cf5b200, 0x68b8, 0x4ca5, 0x9e, 0xec, 0xb2, 0x3e, 0x3f, 0x50, 0x02, 0x9a)
@@ -952,6 +955,7 @@ extern int efi_status_to_err(efi_status_t status);
#define EFI_DEV_MEDIA_VENDOR 3
#define EFI_DEV_MEDIA_FILE 4
#define EFI_DEV_MEDIA_PROTOCOL 5
+#define EFI_DEV_MEDIA_REL_OFFSET 8
#define EFI_DEV_BIOS_BOOT 0x05
#define EFI_DEV_END_PATH 0x7F
#define EFI_DEV_END_PATH2 0xFF
@@ -982,12 +986,20 @@ struct efi_vendor_dev_path {
u8 vendordata[];
} __packed;
+struct efi_rel_offset_dev_path {
+ struct efi_generic_dev_path header;
+ u32 reserved;
+ u64 starting_offset;
+ u64 ending_offset;
+} __packed;
+
struct efi_dev_path {
union {
struct efi_generic_dev_path header;
struct efi_acpi_dev_path acpi;
struct efi_pci_dev_path pci;
struct efi_vendor_dev_path vendor;
+ struct efi_rel_offset_dev_path rel_offset;
};
} __packed;
--
2.35.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 2/9] efi/libstub: add some missing EFI prototypes
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Define the correct prototypes for the load_image, start_image and
unload_image boot service pointers so we can call them from the EFI
zboot code.
Also add some prototypes related to installation and deinstallation of
protocols in to the EFI protocol database, including some definitions
related to device paths.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
Note that the device-path-to-text protocol is not used in this series,
but it was useful during development so I retained the definitions.
drivers/firmware/efi/libstub/efistub.h | 31 ++++++++++++++++----
include/linux/efi.h | 12 ++++++++
2 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index b0ae0a454404..c7efc404e663 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -171,6 +171,23 @@ struct efi_boot_memmap {
typedef struct efi_generic_dev_path efi_device_path_protocol_t;
+union efi_device_path_to_text_protocol {
+ struct {
+ efi_char16_t *(__efiapi *convert_device_node_to_text)(
+ const efi_device_path_protocol_t *,
+ bool, bool);
+ efi_char16_t *(__efiapi *convert_device_path_to_text)(
+ const efi_device_path_protocol_t *,
+ bool, bool);
+ };
+ struct {
+ u32 convert_device_node_to_text;
+ u32 convert_device_path_to_text;
+ } mixed_mode;
+};
+
+typedef union efi_device_path_to_text_protocol efi_device_path_to_text_protocol_t;
+
typedef void *efi_event_t;
/* Note that notifications won't work in mixed mode */
typedef void (__efiapi *efi_event_notify_t)(efi_event_t, void *);
@@ -254,13 +271,17 @@ union efi_boot_services {
efi_handle_t *);
efi_status_t (__efiapi *install_configuration_table)(efi_guid_t *,
void *);
- void *load_image;
- void *start_image;
+ efi_status_t (__efiapi *load_image)(bool, efi_handle_t,
+ efi_device_path_protocol_t *,
+ void *, unsigned long,
+ efi_handle_t *);
+ efi_status_t (__efiapi *start_image)(efi_handle_t, unsigned long *,
+ efi_char16_t **);
efi_status_t __noreturn (__efiapi *exit)(efi_handle_t,
efi_status_t,
unsigned long,
efi_char16_t *);
- void *unload_image;
+ efi_status_t (__efiapi *unload_image)(efi_handle_t);
efi_status_t (__efiapi *exit_boot_services)(efi_handle_t,
unsigned long);
void *get_next_monotonic_count;
@@ -277,8 +298,8 @@ union efi_boot_services {
void *locate_handle_buffer;
efi_status_t (__efiapi *locate_protocol)(efi_guid_t *, void *,
void **);
- void *install_multiple_protocol_interfaces;
- void *uninstall_multiple_protocol_interfaces;
+ efi_status_t (__efiapi *install_multiple_protocol_interfaces)(efi_handle_t *, ...);
+ efi_status_t (__efiapi *uninstall_multiple_protocol_interfaces)(efi_handle_t, ...);
void *calculate_crc32;
void *copy_mem;
void *set_mem;
diff --git a/include/linux/efi.h b/include/linux/efi.h
index d2b84c2fec39..af90f7989f80 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -368,6 +368,9 @@ void efi_native_runtime_setup(void);
#define UV_SYSTEM_TABLE_GUID EFI_GUID(0x3b13a7d4, 0x633e, 0x11dd, 0x93, 0xec, 0xda, 0x25, 0x56, 0xd8, 0x95, 0x93)
#define LINUX_EFI_CRASH_GUID EFI_GUID(0xcfc8fc79, 0xbe2e, 0x4ddc, 0x97, 0xf0, 0x9f, 0x98, 0xbf, 0xe2, 0x98, 0xa0)
#define LOADED_IMAGE_PROTOCOL_GUID EFI_GUID(0x5b1b31a1, 0x9562, 0x11d2, 0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
+#define LOADED_IMAGE_DEVICE_PATH_PROTOCOL_GUID EFI_GUID(0xbc62157e, 0x3e33, 0x4fec, 0x99, 0x20, 0x2d, 0x3b, 0x36, 0xd7, 0x50, 0xdf)
+#define EFI_DEVICE_PATH_PROTOCOL_GUID EFI_GUID(0x09576e91, 0x6d3f, 0x11d2, 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
+#define EFI_DEVICE_PATH_TO_TEXT_PROTOCOL_GUID EFI_GUID(0x8b843e20, 0x8132, 0x4852, 0x90, 0xcc, 0x55, 0x1a, 0x4e, 0x4a, 0x7f, 0x1c)
#define EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID EFI_GUID(0x9042a9de, 0x23dc, 0x4a38, 0x96, 0xfb, 0x7a, 0xde, 0xd0, 0x80, 0x51, 0x6a)
#define EFI_UGA_PROTOCOL_GUID EFI_GUID(0x982c298b, 0xf4fa, 0x41cb, 0xb8, 0x38, 0x77, 0xaa, 0x68, 0x8f, 0xb8, 0x39)
#define EFI_PCI_IO_PROTOCOL_GUID EFI_GUID(0x4cf5b200, 0x68b8, 0x4ca5, 0x9e, 0xec, 0xb2, 0x3e, 0x3f, 0x50, 0x02, 0x9a)
@@ -952,6 +955,7 @@ extern int efi_status_to_err(efi_status_t status);
#define EFI_DEV_MEDIA_VENDOR 3
#define EFI_DEV_MEDIA_FILE 4
#define EFI_DEV_MEDIA_PROTOCOL 5
+#define EFI_DEV_MEDIA_REL_OFFSET 8
#define EFI_DEV_BIOS_BOOT 0x05
#define EFI_DEV_END_PATH 0x7F
#define EFI_DEV_END_PATH2 0xFF
@@ -982,12 +986,20 @@ struct efi_vendor_dev_path {
u8 vendordata[];
} __packed;
+struct efi_rel_offset_dev_path {
+ struct efi_generic_dev_path header;
+ u32 reserved;
+ u64 starting_offset;
+ u64 ending_offset;
+} __packed;
+
struct efi_dev_path {
union {
struct efi_generic_dev_path header;
struct efi_acpi_dev_path acpi;
struct efi_pci_dev_path pci;
struct efi_vendor_dev_path vendor;
+ struct efi_rel_offset_dev_path rel_offset;
};
} __packed;
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 3/9] efi/libstub: use EFI provided memcpy/memset routines
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 8:38 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
The stub is used in different execution environments, but on arm64,
RISC-V and LoongArch, we still use the core kernel's implementation of
memcpy and memset, as they are just a branch instruction away, and can
generally be reused even from code such as the EFI stub that runs in a
completely different address space.
KAsan complicates this slightly, resulting in the need for some hacks to
expose the uninstrumented, __ prefixed versions as the normal ones, as
the latter are instrumented to include the KAsan checks, which only work
in the core kernel.
Unfortunately, #define'ing memcpy to __memcpy when building C code does
not guarantee that no explicit memcpy() calls will be emitted. And with
the upcoming zboot support, which consists of a separate binary which
therefore needs its own implementation of memcpy/memset anyway, it's
better to provide one explicitly instead of linking to the existing one.
Given that EFI exposes implementations of memmove() and memset() via the
boot services table, let's wire those up in the appropriate way, and
drop the references to the core kernel ones.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm64/kernel/image-vars.h | 13 ---------
arch/loongarch/kernel/image-vars.h | 3 --
arch/riscv/kernel/image-vars.h | 9 ------
drivers/firmware/efi/libstub/Makefile | 2 +-
drivers/firmware/efi/libstub/efistub.h | 4 +--
drivers/firmware/efi/libstub/intrinsics.c | 30 ++++++++++++++++++++
6 files changed, 33 insertions(+), 28 deletions(-)
diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
index afa69e04e75e..11643f4d864d 100644
--- a/arch/arm64/kernel/image-vars.h
+++ b/arch/arm64/kernel/image-vars.h
@@ -24,9 +24,6 @@ PROVIDE(__efistub_primary_entry_offset = primary_entry - _text);
*/
PROVIDE(__efistub_memcmp = __pi_memcmp);
PROVIDE(__efistub_memchr = __pi_memchr);
-PROVIDE(__efistub_memcpy = __pi_memcpy);
-PROVIDE(__efistub_memmove = __pi_memmove);
-PROVIDE(__efistub_memset = __pi_memset);
PROVIDE(__efistub_strlen = __pi_strlen);
PROVIDE(__efistub_strnlen = __pi_strnlen);
PROVIDE(__efistub_strcmp = __pi_strcmp);
@@ -40,16 +37,6 @@ PROVIDE(__efistub__edata = _edata);
PROVIDE(__efistub_screen_info = screen_info);
PROVIDE(__efistub__ctype = _ctype);
-/*
- * The __ prefixed memcpy/memset/memmove symbols are provided by KASAN, which
- * instruments the conventional ones. Therefore, any references from the EFI
- * stub or other position independent, low level C code should be redirected to
- * the non-instrumented versions as well.
- */
-PROVIDE(__efistub___memcpy = __pi_memcpy);
-PROVIDE(__efistub___memmove = __pi_memmove);
-PROVIDE(__efistub___memset = __pi_memset);
-
PROVIDE(__pi___memcpy = __pi_memcpy);
PROVIDE(__pi___memmove = __pi_memmove);
PROVIDE(__pi___memset = __pi_memset);
diff --git a/arch/loongarch/kernel/image-vars.h b/arch/loongarch/kernel/image-vars.h
index c901ebb903f2..88f5d81702df 100644
--- a/arch/loongarch/kernel/image-vars.h
+++ b/arch/loongarch/kernel/image-vars.h
@@ -9,9 +9,6 @@
__efistub_memcmp = memcmp;
__efistub_memchr = memchr;
-__efistub_memcpy = memcpy;
-__efistub_memmove = memmove;
-__efistub_memset = memset;
__efistub_strcat = strcat;
__efistub_strcmp = strcmp;
__efistub_strlen = strlen;
diff --git a/arch/riscv/kernel/image-vars.h b/arch/riscv/kernel/image-vars.h
index 71a76a623257..d6e5f739905e 100644
--- a/arch/riscv/kernel/image-vars.h
+++ b/arch/riscv/kernel/image-vars.h
@@ -25,21 +25,12 @@
*/
__efistub_memcmp = memcmp;
__efistub_memchr = memchr;
-__efistub_memcpy = memcpy;
-__efistub_memmove = memmove;
-__efistub_memset = memset;
__efistub_strlen = strlen;
__efistub_strnlen = strnlen;
__efistub_strcmp = strcmp;
__efistub_strncmp = strncmp;
__efistub_strrchr = strrchr;
-#ifdef CONFIG_KASAN
-__efistub___memcpy = memcpy;
-__efistub___memmove = memmove;
-__efistub___memset = memset;
-#endif
-
__efistub__start = _start;
__efistub__start_kernel = _start_kernel;
__efistub__end = _end;
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 68c181dcb8cf..498ea6f7a92a 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -65,7 +65,7 @@ efi-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c
$(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
$(call if_changed_rule,cc_o_c)
-lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o \
+lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o intrinsics.o \
$(patsubst %.c,lib-%.o,$(efi-deps-y))
lib-y += $(ARCH)-stub.o
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index c7efc404e663..54f37e886be7 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -301,8 +301,8 @@ union efi_boot_services {
efi_status_t (__efiapi *install_multiple_protocol_interfaces)(efi_handle_t *, ...);
efi_status_t (__efiapi *uninstall_multiple_protocol_interfaces)(efi_handle_t, ...);
void *calculate_crc32;
- void *copy_mem;
- void *set_mem;
+ void (__efiapi *copy_mem)(void *, const void *, unsigned long);
+ void (__efiapi *set_mem)(void *, unsigned long, unsigned char);
void *create_event_ex;
};
struct {
diff --git a/drivers/firmware/efi/libstub/intrinsics.c b/drivers/firmware/efi/libstub/intrinsics.c
new file mode 100644
index 000000000000..a04ab39292b6
--- /dev/null
+++ b/drivers/firmware/efi/libstub/intrinsics.c
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/efi.h>
+#include <asm/efi.h>
+#include <asm/string.h>
+
+#include "efistub.h"
+
+#ifdef CONFIG_KASAN
+#undef memcpy
+#undef memmove
+#undef memset
+void *__memcpy(void *__dest, const void *__src, size_t __n) __alias(memcpy);
+void *__memmove(void *__dest, const void *__src, size_t count) __alias(memmove);
+void *__memset(void *s, int c, size_t count) __alias(memset);
+#endif
+
+void *memcpy(void *dst, const void *src, size_t len)
+{
+ efi_bs_call(copy_mem, dst, src, len);
+ return dst;
+}
+
+extern void *memmove(void *dst, const void *src, size_t len) __alias(memcpy);
+
+void *memset(void *dst, int c, size_t len)
+{
+ efi_bs_call(set_mem, dst, len, c & U8_MAX);
+ return dst;
+}
--
2.35.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 3/9] efi/libstub: use EFI provided memcpy/memset routines
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
The stub is used in different execution environments, but on arm64,
RISC-V and LoongArch, we still use the core kernel's implementation of
memcpy and memset, as they are just a branch instruction away, and can
generally be reused even from code such as the EFI stub that runs in a
completely different address space.
KAsan complicates this slightly, resulting in the need for some hacks to
expose the uninstrumented, __ prefixed versions as the normal ones, as
the latter are instrumented to include the KAsan checks, which only work
in the core kernel.
Unfortunately, #define'ing memcpy to __memcpy when building C code does
not guarantee that no explicit memcpy() calls will be emitted. And with
the upcoming zboot support, which consists of a separate binary which
therefore needs its own implementation of memcpy/memset anyway, it's
better to provide one explicitly instead of linking to the existing one.
Given that EFI exposes implementations of memmove() and memset() via the
boot services table, let's wire those up in the appropriate way, and
drop the references to the core kernel ones.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm64/kernel/image-vars.h | 13 ---------
arch/loongarch/kernel/image-vars.h | 3 --
arch/riscv/kernel/image-vars.h | 9 ------
drivers/firmware/efi/libstub/Makefile | 2 +-
drivers/firmware/efi/libstub/efistub.h | 4 +--
drivers/firmware/efi/libstub/intrinsics.c | 30 ++++++++++++++++++++
6 files changed, 33 insertions(+), 28 deletions(-)
diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
index afa69e04e75e..11643f4d864d 100644
--- a/arch/arm64/kernel/image-vars.h
+++ b/arch/arm64/kernel/image-vars.h
@@ -24,9 +24,6 @@ PROVIDE(__efistub_primary_entry_offset = primary_entry - _text);
*/
PROVIDE(__efistub_memcmp = __pi_memcmp);
PROVIDE(__efistub_memchr = __pi_memchr);
-PROVIDE(__efistub_memcpy = __pi_memcpy);
-PROVIDE(__efistub_memmove = __pi_memmove);
-PROVIDE(__efistub_memset = __pi_memset);
PROVIDE(__efistub_strlen = __pi_strlen);
PROVIDE(__efistub_strnlen = __pi_strnlen);
PROVIDE(__efistub_strcmp = __pi_strcmp);
@@ -40,16 +37,6 @@ PROVIDE(__efistub__edata = _edata);
PROVIDE(__efistub_screen_info = screen_info);
PROVIDE(__efistub__ctype = _ctype);
-/*
- * The __ prefixed memcpy/memset/memmove symbols are provided by KASAN, which
- * instruments the conventional ones. Therefore, any references from the EFI
- * stub or other position independent, low level C code should be redirected to
- * the non-instrumented versions as well.
- */
-PROVIDE(__efistub___memcpy = __pi_memcpy);
-PROVIDE(__efistub___memmove = __pi_memmove);
-PROVIDE(__efistub___memset = __pi_memset);
-
PROVIDE(__pi___memcpy = __pi_memcpy);
PROVIDE(__pi___memmove = __pi_memmove);
PROVIDE(__pi___memset = __pi_memset);
diff --git a/arch/loongarch/kernel/image-vars.h b/arch/loongarch/kernel/image-vars.h
index c901ebb903f2..88f5d81702df 100644
--- a/arch/loongarch/kernel/image-vars.h
+++ b/arch/loongarch/kernel/image-vars.h
@@ -9,9 +9,6 @@
__efistub_memcmp = memcmp;
__efistub_memchr = memchr;
-__efistub_memcpy = memcpy;
-__efistub_memmove = memmove;
-__efistub_memset = memset;
__efistub_strcat = strcat;
__efistub_strcmp = strcmp;
__efistub_strlen = strlen;
diff --git a/arch/riscv/kernel/image-vars.h b/arch/riscv/kernel/image-vars.h
index 71a76a623257..d6e5f739905e 100644
--- a/arch/riscv/kernel/image-vars.h
+++ b/arch/riscv/kernel/image-vars.h
@@ -25,21 +25,12 @@
*/
__efistub_memcmp = memcmp;
__efistub_memchr = memchr;
-__efistub_memcpy = memcpy;
-__efistub_memmove = memmove;
-__efistub_memset = memset;
__efistub_strlen = strlen;
__efistub_strnlen = strnlen;
__efistub_strcmp = strcmp;
__efistub_strncmp = strncmp;
__efistub_strrchr = strrchr;
-#ifdef CONFIG_KASAN
-__efistub___memcpy = memcpy;
-__efistub___memmove = memmove;
-__efistub___memset = memset;
-#endif
-
__efistub__start = _start;
__efistub__start_kernel = _start_kernel;
__efistub__end = _end;
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 68c181dcb8cf..498ea6f7a92a 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -65,7 +65,7 @@ efi-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c
$(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
$(call if_changed_rule,cc_o_c)
-lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o \
+lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o intrinsics.o \
$(patsubst %.c,lib-%.o,$(efi-deps-y))
lib-y += $(ARCH)-stub.o
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index c7efc404e663..54f37e886be7 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -301,8 +301,8 @@ union efi_boot_services {
efi_status_t (__efiapi *install_multiple_protocol_interfaces)(efi_handle_t *, ...);
efi_status_t (__efiapi *uninstall_multiple_protocol_interfaces)(efi_handle_t, ...);
void *calculate_crc32;
- void *copy_mem;
- void *set_mem;
+ void (__efiapi *copy_mem)(void *, const void *, unsigned long);
+ void (__efiapi *set_mem)(void *, unsigned long, unsigned char);
void *create_event_ex;
};
struct {
diff --git a/drivers/firmware/efi/libstub/intrinsics.c b/drivers/firmware/efi/libstub/intrinsics.c
new file mode 100644
index 000000000000..a04ab39292b6
--- /dev/null
+++ b/drivers/firmware/efi/libstub/intrinsics.c
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/efi.h>
+#include <asm/efi.h>
+#include <asm/string.h>
+
+#include "efistub.h"
+
+#ifdef CONFIG_KASAN
+#undef memcpy
+#undef memmove
+#undef memset
+void *__memcpy(void *__dest, const void *__src, size_t __n) __alias(memcpy);
+void *__memmove(void *__dest, const void *__src, size_t count) __alias(memmove);
+void *__memset(void *s, int c, size_t count) __alias(memset);
+#endif
+
+void *memcpy(void *dst, const void *src, size_t len)
+{
+ efi_bs_call(copy_mem, dst, src, len);
+ return dst;
+}
+
+extern void *memmove(void *dst, const void *src, size_t len) __alias(memcpy);
+
+void *memset(void *dst, int c, size_t len)
+{
+ efi_bs_call(set_mem, dst, len, c & U8_MAX);
+ return dst;
+}
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 4/9] efi/libstub: move efi_system_table global var into separate object
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 8:38 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
To avoid pulling in the wrong object when using the libstub static
library to build the decompressor, define efi_system_table in a separate
compilation unit.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/libstub/Makefile | 3 ++-
drivers/firmware/efi/libstub/efi-stub.c | 2 --
drivers/firmware/efi/libstub/systable.c | 8 ++++++++
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 498ea6f7a92a..fbe1900f47c4 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -57,7 +57,8 @@ KCOV_INSTRUMENT := n
lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o \
file.o mem.o random.o randomalloc.o pci.o \
skip_spaces.o lib-cmdline.o lib-ctype.o \
- alignedmem.o relocate.o vsprintf.o
+ alignedmem.o relocate.o vsprintf.o \
+ systable.o
# include the stub's generic dependencies from lib/ when building for ARM/arm64
efi-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c
diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index 4bf751484e8b..57ea04378087 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -57,8 +57,6 @@
static u64 virtmap_base = EFI_RT_VIRTUAL_BASE;
static bool flat_va_mapping = (EFI_RT_VIRTUAL_OFFSET != 0);
-const efi_system_table_t *efi_system_table;
-
static struct screen_info *setup_graphics(void)
{
efi_guid_t gop_proto = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID;
diff --git a/drivers/firmware/efi/libstub/systable.c b/drivers/firmware/efi/libstub/systable.c
new file mode 100644
index 000000000000..91d016b02f8c
--- /dev/null
+++ b/drivers/firmware/efi/libstub/systable.c
@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/efi.h>
+#include <asm/efi.h>
+
+#include "efistub.h"
+
+const efi_system_table_t *efi_system_table;
--
2.35.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 4/9] efi/libstub: move efi_system_table global var into separate object
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
To avoid pulling in the wrong object when using the libstub static
library to build the decompressor, define efi_system_table in a separate
compilation unit.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/libstub/Makefile | 3 ++-
drivers/firmware/efi/libstub/efi-stub.c | 2 --
drivers/firmware/efi/libstub/systable.c | 8 ++++++++
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 498ea6f7a92a..fbe1900f47c4 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -57,7 +57,8 @@ KCOV_INSTRUMENT := n
lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o \
file.o mem.o random.o randomalloc.o pci.o \
skip_spaces.o lib-cmdline.o lib-ctype.o \
- alignedmem.o relocate.o vsprintf.o
+ alignedmem.o relocate.o vsprintf.o \
+ systable.o
# include the stub's generic dependencies from lib/ when building for ARM/arm64
efi-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c
diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index 4bf751484e8b..57ea04378087 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -57,8 +57,6 @@
static u64 virtmap_base = EFI_RT_VIRTUAL_BASE;
static bool flat_va_mapping = (EFI_RT_VIRTUAL_OFFSET != 0);
-const efi_system_table_t *efi_system_table;
-
static struct screen_info *setup_graphics(void)
{
efi_guid_t gop_proto = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID;
diff --git a/drivers/firmware/efi/libstub/systable.c b/drivers/firmware/efi/libstub/systable.c
new file mode 100644
index 000000000000..91d016b02f8c
--- /dev/null
+++ b/drivers/firmware/efi/libstub/systable.c
@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/efi.h>
+#include <asm/efi.h>
+
+#include "efistub.h"
+
+const efi_system_table_t *efi_system_table;
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 5/9] efi/libstub: implement generic EFI zboot
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 8:38 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Implement a minimal EFI app that decompresses the real kernel image and
launches it using the firmware's LoadImage and StartImage boot services.
This removes the need for any arch-specific hacks.
Note that on systems that have UEFI secure boot policies enabled,
LoadImage/StartImage require images to be signed, or their hashes known
a priori, in order to be permitted to boot.
There are various possible strategies to work around this requirement,
but they all rely either on overriding internal PI/DXE protocols (which
are not part of the EFI spec) or omitting the firmware provided
LoadImage() and StartImage() boot services, which is also undesirable,
given that they encapsulate platform specific policies related to secure
boot and measured boot, but also related to memory permissions (whether
or not and which types of heap allocations have both write and execute
permissions.)
The only generic and truly portable way around this is to simply sign
both the inner and the outer image with the same key/cert pair, so this
is what is implemented here.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/Kconfig | 29 ++
drivers/firmware/efi/libstub/Makefile | 9 +-
drivers/firmware/efi/libstub/Makefile.zboot | 70 +++++
drivers/firmware/efi/libstub/file.c | 17 ++
| 139 ++++++++++
drivers/firmware/efi/libstub/zboot.c | 289 ++++++++++++++++++++
drivers/firmware/efi/libstub/zboot.lds | 41 +++
include/linux/efi.h | 1 +
8 files changed, 592 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index cbf1c55dc224..5bdf3080e5da 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -105,6 +105,35 @@ config EFI_RUNTIME_WRAPPERS
config EFI_GENERIC_STUB
bool
+config EFI_ZBOOT
+ def_bool y
+ depends on EFI_GENERIC_STUB && !ARM
+ select HAVE_KERNEL_GZIP
+ select HAVE_KERNEL_LZ4
+ select HAVE_KERNEL_LZMA
+ select HAVE_KERNEL_LZO
+ select HAVE_KERNEL_XZ
+ select HAVE_KERNEL_ZSTD
+
+config EFI_ZBOOT_SIGNED
+ bool "Sign the EFI decompressor for UEFI secure boot"
+ depends on EFI_ZBOOT
+ help
+ Use the 'sbsign' command line tool (which must exist on the host
+ path) to sign both the EFI decompressor PE/COFF image, as well as the
+ encapsulated PE/COFF image, which is subsequently compressed and
+ wrapped by the former image.
+
+config EFI_ZBOOT_SIGNING_CERT
+ string "Certificate to use for signing the compressed EFI boot image"
+ depends on EFI_ZBOOT_SIGNED
+ default ""
+
+config EFI_ZBOOT_SIGNING_KEY
+ string "Private key to use for signing the compressed EFI boot image"
+ depends on EFI_ZBOOT_SIGNED
+ default ""
+
config EFI_ARMSTUB_DTB_LOADER
bool "Enable the DTB loader"
depends on EFI_GENERIC_STUB && !RISCV && !LOONGARCH
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index fbe1900f47c4..8931ed24379e 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -72,6 +72,12 @@ lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o intrinsics.o \
lib-y += $(ARCH)-stub.o
CFLAGS_arm-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
+zboot-obj-$(CONFIG_RISCV) := lib-clz_ctz.o lib-ashldi3.o
+lib-$(CONFIG_EFI_ZBOOT) += zboot.o $(zboot-obj-y)
+
+extra-y := $(lib-y)
+lib-y := $(patsubst %.o,%.stub.o,$(lib-y))
+
# Even when -mbranch-protection=none is set, Clang will generate a
# .note.gnu.property for code-less object files (like lib/ctype.c),
# so work around this by explicitly removing the unwanted section.
@@ -111,9 +117,6 @@ STUBCOPY_RELOC-$(CONFIG_ARM) := R_ARM_ABS
# a verification pass to see if any absolute relocations exist in any of the
# object files.
#
-extra-y := $(lib-y)
-lib-y := $(patsubst %.o,%.stub.o,$(lib-y))
-
STUBCOPY_FLAGS-$(CONFIG_ARM64) += --prefix-alloc-sections=.init \
--prefix-symbols=__efistub_
STUBCOPY_RELOC-$(CONFIG_ARM64) := R_AARCH64_ABS
diff --git a/drivers/firmware/efi/libstub/Makefile.zboot b/drivers/firmware/efi/libstub/Makefile.zboot
new file mode 100644
index 000000000000..cfacbad0c28a
--- /dev/null
+++ b/drivers/firmware/efi/libstub/Makefile.zboot
@@ -0,0 +1,70 @@
+# SPDX-License-Identifier: GPL-2.0
+
+# to be include'd by arch/$(ARCH)/boot/Makefile after setting
+# EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET and EFI_ZBOOT_MACH_TYPE
+
+comp-type-$(CONFIG_KERNEL_GZIP) := gzip
+comp-type-$(CONFIG_KERNEL_LZ4) := lz4
+comp-type-$(CONFIG_KERNEL_LZMA) := lzma
+comp-type-$(CONFIG_KERNEL_LZO) := lzo
+comp-type-$(CONFIG_KERNEL_XZ) := xzkern
+comp-type-$(CONFIG_KERNEL_ZSTD) := zstd22
+
+# in GZIP, the appended le32 carrying the uncompressed size is part of the
+# format, but in other cases, we just append it at the end for convenience,
+# causing the original tools to complain when checking image integrity.
+# So disregard it when calculating the payload size in the zimage header.
+zboot-method-y := $(comp-type-y)_with_size
+zboot-size-len-y := 4
+
+zboot-method-$(CONFIG_KERNEL_GZIP) := gzip
+zboot-size-len-$(CONFIG_KERNEL_GZIP) := 0
+
+quiet_cmd_sbsign = SBSIGN $@
+ cmd_sbsign = sbsign --out $@ $< \
+ --key $(CONFIG_EFI_ZBOOT_SIGNING_KEY) \
+ --cert $(CONFIG_EFI_ZBOOT_SIGNING_CERT)
+
+$(obj)/$(EFI_ZBOOT_PAYLOAD).signed: $(obj)/$(EFI_ZBOOT_PAYLOAD) FORCE
+ $(call if_changed,sbsign)
+
+ZBOOT_PAYLOAD-y := $(EFI_ZBOOT_PAYLOAD)
+ZBOOT_PAYLOAD-$(CONFIG_EFI_ZBOOT_SIGNED) := $(EFI_ZBOOT_PAYLOAD).signed
+
+$(obj)/vmlinuz: $(obj)/$(ZBOOT_PAYLOAD-y) FORCE
+ $(call if_changed,$(zboot-method-y))
+
+OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \
+ --rename-section .data=.gzdata,load,alloc,readonly,contents
+$(obj)/vmlinuz.o: $(obj)/vmlinuz FORCE
+ $(call if_changed,objcopy)
+
+AFLAGS_zboot-header.o += -DMACHINE_TYPE=IMAGE_FILE_MACHINE_$(EFI_ZBOOT_MACH_TYPE) \
+ -DZBOOT_EFI_PATH="\"$(realpath $(obj)/vmlinuz.efi.elf)\"" \
+ -DZBOOT_SIZE_LEN=$(zboot-size-len-y) \
+ -DCOMP_TYPE="\"$(comp-type-y)\""
+
+$(obj)/zboot-header.o: $(srctree)/drivers/firmware/efi/libstub/zboot-header.S FORCE
+ $(call if_changed_rule,as_o_S)
+
+ZBOOT_DEPS := $(obj)/zboot-header.o $(objtree)/drivers/firmware/efi/libstub/lib.a
+
+LDFLAGS_vmlinuz.efi.elf := -T $(srctree)/drivers/firmware/efi/libstub/zboot.lds
+$(obj)/vmlinuz.efi.elf: $(obj)/vmlinuz.o $(ZBOOT_DEPS) FORCE
+ $(call if_changed,ld)
+
+ZBOOT_EFI-y := vmlinuz.efi
+ZBOOT_EFI-$(CONFIG_EFI_ZBOOT_SIGNED) := vmlinuz.efi.unsigned
+
+OBJCOPYFLAGS_$(ZBOOT_EFI-y) := -O binary
+$(obj)/$(ZBOOT_EFI-y): $(obj)/vmlinuz.efi.elf FORCE
+ $(call if_changed,objcopy)
+
+targets += zboot-header.o vmlinuz vmlinuz.o vmlinuz.efi.elf vmlinuz.efi
+
+ifneq ($(CONFIG_EFI_ZBOOT_SIGNED),)
+$(obj)/vmlinuz.efi: $(obj)/vmlinuz.efi.unsigned FORCE
+ $(call if_changed,sbsign)
+
+targets += $(EFI_ZBOOT_PAYLOAD).signed vmlinuz.efi.unsigned
+endif
diff --git a/drivers/firmware/efi/libstub/file.c b/drivers/firmware/efi/libstub/file.c
index dd95f330fe6e..42b3338273aa 100644
--- a/drivers/firmware/efi/libstub/file.c
+++ b/drivers/firmware/efi/libstub/file.c
@@ -66,10 +66,27 @@ static efi_status_t efi_open_file(efi_file_protocol_t *volume,
static efi_status_t efi_open_volume(efi_loaded_image_t *image,
efi_file_protocol_t **fh)
{
+ struct efi_vendor_dev_path *dp = image->file_path;
+ efi_guid_t li_proto = LOADED_IMAGE_PROTOCOL_GUID;
efi_guid_t fs_proto = EFI_FILE_SYSTEM_GUID;
efi_simple_file_system_protocol_t *io;
efi_status_t status;
+ // If we are using EFI zboot, we should look for the file system
+ // protocol on the parent image's handle instead
+ if (IS_ENABLED(CONFIG_EFI_ZBOOT) &&
+ image->parent_handle != NULL &&
+ dp->header.type == EFI_DEV_MEDIA &&
+ dp->header.sub_type == EFI_DEV_MEDIA_VENDOR &&
+ !efi_guidcmp(dp->vendorguid, LINUX_EFI_ZBOOT_MEDIA_GUID)) {
+ status = efi_bs_call(handle_protocol, image->parent_handle,
+ &li_proto, (void *)&image);
+ if (status != EFI_SUCCESS) {
+ efi_err("Failed to locate parent image handle\n");
+ return status;
+ }
+ }
+
status = efi_bs_call(handle_protocol, image->device_handle, &fs_proto,
(void **)&io);
if (status != EFI_SUCCESS) {
--git a/drivers/firmware/efi/libstub/zboot-header.S b/drivers/firmware/efi/libstub/zboot-header.S
new file mode 100644
index 000000000000..a7bcc7c6b16d
--- /dev/null
+++ b/drivers/firmware/efi/libstub/zboot-header.S
@@ -0,0 +1,139 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#include <linux/pe.h>
+
+#ifdef CONFIG_64BIT
+ .set .Lextra_characteristics, 0x0
+ .set .Lpe_opt_magic, PE_OPT_MAGIC_PE32PLUS
+#else
+ .set .Lextra_characteristics, IMAGE_FILE_32BIT_MACHINE
+ .set .Lpe_opt_magic, PE_OPT_MAGIC_PE32
+#endif
+
+ .section ".head", "a"
+ .globl __efistub_efi_zboot_header
+__efistub_efi_zboot_header:
+.Ldoshdr:
+ .long MZ_MAGIC
+ .ascii "zimg" // image type
+ .long __efistub__gzdata_start - .Ldoshdr // payload offset
+ .long __efistub__gzdata_size - ZBOOT_SIZE_LEN // payload size
+ .long 0, 0 // reserved
+ .asciz COMP_TYPE // compression type
+ .org .Ldoshdr + 0x3c
+ .long .Lpehdr - .Ldoshdr // PE header offset
+
+.Lpehdr:
+ .long PE_MAGIC
+ .short MACHINE_TYPE
+ .short .Lsection_count
+ .long 0
+ .long 0
+ .long 0
+ .short .Lsection_table - .Loptional_header
+ .short IMAGE_FILE_DEBUG_STRIPPED | \
+ IMAGE_FILE_EXECUTABLE_IMAGE | \
+ IMAGE_FILE_LINE_NUMS_STRIPPED |\
+ .Lextra_characteristics
+
+.Loptional_header:
+ .short .Lpe_opt_magic
+ .byte 0, 0
+ .long _etext - .Lefi_header_end
+ .long __data_size
+ .long 0
+ .long __efistub_efi_zboot_entry - .Ldoshdr
+ .long .Lefi_header_end - .Ldoshdr
+
+#ifdef CONFIG_64BIT
+ .quad 0
+#else
+ .long _etext - .Ldoshdr, 0x0
+#endif
+ .long 4096
+ .long 512
+ .short 0, 0
+ .short LINUX_EFISTUB_MAJOR_VERSION // MajorImageVersion
+ .short LINUX_EFISTUB_MINOR_VERSION // MinorImageVersion
+ .short 0, 0
+ .long 0
+ .long _end - .Ldoshdr
+
+ .long .Lefi_header_end - .Ldoshdr
+ .long 0
+ .short IMAGE_SUBSYSTEM_EFI_APPLICATION
+ .short 0
+ .quad 0, 0, 0, 0
+ .long 0
+ .long (.Lsection_table - .) / 8
+
+ .quad 0 // ExportTable
+ .quad 0 // ImportTable
+ .quad 0 // ResourceTable
+ .quad 0 // ExceptionTable
+ .quad 0 // CertificationTable
+ .quad 0 // BaseRelocationTable
+#ifdef CONFIG_DEBUG_EFI
+ .long .Lefi_debug_table - .Ldoshdr // DebugTable
+ .long .Lefi_debug_table_size
+#endif
+
+.Lsection_table:
+ .ascii ".text\0\0\0"
+ .long _etext - .Lefi_header_end
+ .long .Lefi_header_end - .Ldoshdr
+ .long _etext - .Lefi_header_end
+ .long .Lefi_header_end - .Ldoshdr
+
+ .long 0, 0
+ .short 0, 0
+ .long IMAGE_SCN_CNT_CODE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_EXECUTE
+
+ .ascii ".data\0\0\0"
+ .long __data_size
+ .long _etext - .Ldoshdr
+ .long __data_rawsize
+ .long _etext - .Ldoshdr
+
+ .long 0, 0
+ .short 0, 0
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE
+
+ .set .Lsection_count, (. - .Lsection_table) / 40
+
+#ifdef CONFIG_DEBUG_EFI
+ .section ".rodata", "a"
+ .align 2
+.Lefi_debug_table:
+ // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
+ .long 0 // Characteristics
+ .long 0 // TimeDateStamp
+ .short 0 // MajorVersion
+ .short 0 // MinorVersion
+ .long IMAGE_DEBUG_TYPE_CODEVIEW // Type
+ .long .Lefi_debug_entry_size // SizeOfData
+ .long 0 // RVA
+ .long .Lefi_debug_entry - .Ldoshdr // FileOffset
+
+ .set .Lefi_debug_table_size, . - .Lefi_debug_table
+ .previous
+
+.Lefi_debug_entry:
+ // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
+ .ascii "NB10" // Signature
+ .long 0 // Unknown
+ .long 0 // Unknown2
+ .long 0 // Unknown3
+
+ .asciz ZBOOT_EFI_PATH
+
+ .set .Lefi_debug_entry_size, . - .Lefi_debug_entry
+#endif
+
+ .p2align 12
+.Lefi_header_end:
+
diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c
new file mode 100644
index 000000000000..e6fdcc957275
--- /dev/null
+++ b/drivers/firmware/efi/libstub/zboot.c
@@ -0,0 +1,289 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/efi.h>
+#include <linux/pe.h>
+#include <asm/efi.h>
+#include <asm/unaligned.h>
+
+#include "efistub.h"
+
+static unsigned char zboot_heap[SZ_256K] __aligned(64);
+static unsigned long free_mem_ptr, free_mem_end_ptr;
+
+#define STATIC static
+#if defined(CONFIG_KERNEL_GZIP)
+#include "../../../../lib/decompress_inflate.c"
+#elif defined(CONFIG_KERNEL_LZ4)
+#include "../../../../lib/decompress_unlz4.c"
+#elif defined(CONFIG_KERNEL_LZMA)
+#include "../../../../lib/decompress_unlzma.c"
+#elif defined(CONFIG_KERNEL_LZO)
+#include "../../../../lib/decompress_unlzo.c"
+#elif defined(CONFIG_KERNEL_XZ)
+#undef memcpy
+#define memcpy memcpy
+#undef memmove
+#define memmove memmove
+#include "../../../../lib/decompress_unxz.c"
+#elif defined(CONFIG_KERNEL_ZSTD)
+#include "../../../../lib/decompress_unzstd.c"
+#endif
+
+extern char efi_zboot_header[];
+extern char _gzdata_start[], _gzdata_end[];
+
+static void log(efi_char16_t str[])
+{
+ efi_call_proto(efi_table_attr(efi_system_table, con_out),
+ output_string, L"EFI decompressor: ");
+ efi_call_proto(efi_table_attr(efi_system_table, con_out),
+ output_string, str);
+ efi_call_proto(efi_table_attr(efi_system_table, con_out),
+ output_string, L"\n");
+}
+
+static void error(char *x)
+{
+ log(L"error() called from decompressor library\n");
+}
+
+// Local version to avoid pulling in memcmp()
+static bool guids_eq(const efi_guid_t *a, const efi_guid_t *b)
+{
+ const u32 *l = (u32 *)a;
+ const u32 *r = (u32 *)b;
+
+ return l[0] == r[0] && l[1] == r[1] && l[2] == r[2] && l[3] == r[3];
+}
+
+static efi_status_t __efiapi
+load_file(efi_load_file_protocol_t *this, efi_device_path_protocol_t *rem,
+ bool boot_policy, unsigned long *bufsize, void *buffer)
+{
+ struct efi_vendor_dev_path *vendor_dp;
+ bool decompress = false;
+ unsigned long size;
+ int ret;
+
+ if (rem == NULL || bufsize == NULL)
+ return EFI_INVALID_PARAMETER;
+
+ if (boot_policy)
+ return EFI_UNSUPPORTED;
+
+ // Look for our vendor media device node in the remaining file path
+ if (rem->type == EFI_DEV_MEDIA &&
+ rem->sub_type == EFI_DEV_MEDIA_VENDOR) {
+ vendor_dp = container_of(rem, struct efi_vendor_dev_path, header);
+ if (!guids_eq(&vendor_dp->vendorguid, &LINUX_EFI_ZBOOT_MEDIA_GUID))
+ return EFI_NOT_FOUND;
+
+ decompress = true;
+ rem = (void *)(vendor_dp + 1);
+ }
+
+ if (rem->type != EFI_DEV_END_PATH ||
+ rem->sub_type != EFI_DEV_END_ENTIRE)
+ return EFI_NOT_FOUND;
+
+ // The uncompressed size of the payload is appended to the raw bit
+ // stream, and may therefore appear misaligned in memory
+ size = decompress ? get_unaligned_le32(_gzdata_end - 4)
+ : (_gzdata_end - _gzdata_start);
+ if (buffer == NULL || *bufsize < size) {
+ *bufsize = size;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (decompress) {
+ ret = __decompress(_gzdata_start, _gzdata_end - _gzdata_start,
+ NULL, NULL, buffer, 0, NULL, error);
+ if (ret < 0) {
+ log(L"Decompression failed");
+ return EFI_DEVICE_ERROR;
+ }
+ } else {
+ memcpy(buffer, _gzdata_start, size);
+ }
+
+ return EFI_SUCCESS;
+}
+
+// Return the length in bytes of the device path up to the first end node.
+static int device_path_length(const efi_device_path_protocol_t *dp)
+{
+ int len = 0;
+
+ while (dp->type != EFI_DEV_END_PATH) {
+ len += dp->length;
+ dp = (void *)((u8 *)dp + dp->length);
+ }
+ return len;
+}
+
+static void append_rel_offset_node(efi_device_path_protocol_t **dp,
+ unsigned long start, unsigned long end)
+{
+ struct efi_rel_offset_dev_path *rodp = (void *)*dp;
+
+ rodp->header.type = EFI_DEV_MEDIA;
+ rodp->header.sub_type = EFI_DEV_MEDIA_REL_OFFSET;
+ rodp->header.length = sizeof(struct efi_rel_offset_dev_path);
+ rodp->reserved = 0;
+ rodp->starting_offset = start;
+ rodp->ending_offset = end;
+
+ *dp = (void *)(rodp + 1);
+}
+
+static void append_ven_media_node(efi_device_path_protocol_t **dp,
+ efi_guid_t *guid)
+{
+ struct efi_vendor_dev_path *vmdp = (void *)*dp;
+
+ vmdp->header.type = EFI_DEV_MEDIA;
+ vmdp->header.sub_type = EFI_DEV_MEDIA_VENDOR;
+ vmdp->header.length = sizeof(struct efi_vendor_dev_path);
+ vmdp->vendorguid = *guid;
+
+ *dp = (void *)(vmdp + 1);
+}
+
+static void append_end_node(efi_device_path_protocol_t **dp)
+{
+ (*dp)->type = EFI_DEV_END_PATH;
+ (*dp)->sub_type = EFI_DEV_END_ENTIRE;
+ (*dp)->length = sizeof(struct efi_generic_dev_path);
+
+ ++*dp;
+}
+
+efi_status_t __efiapi efi_zboot_entry(efi_handle_t handle,
+ efi_system_table_t *systab)
+{
+ efi_device_path_protocol_t *parent_dp, *dpp, *lf2_dp, *li_dp;
+ efi_load_file2_protocol_t zboot_load_file2;
+ efi_loaded_image_t *parent, *child;
+ unsigned long exit_data_size;
+ efi_handle_t child_handle;
+ efi_handle_t zboot_handle;
+ efi_char16_t *exit_data;
+ efi_status_t status;
+ void *dp_alloc;
+ int dp_len;
+
+ WRITE_ONCE(efi_system_table, systab);
+
+ free_mem_ptr = (unsigned long)&zboot_heap;
+ free_mem_end_ptr = free_mem_ptr + sizeof(zboot_heap);
+
+ exit_data = NULL;
+ exit_data_size = 0;
+
+ status = efi_bs_call(handle_protocol, handle,
+ &LOADED_IMAGE_PROTOCOL_GUID, (void **)&parent);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to locate parent's loaded image protocol");
+ return status;
+ }
+
+ status = efi_bs_call(handle_protocol, handle,
+ &LOADED_IMAGE_DEVICE_PATH_PROTOCOL_GUID,
+ (void **)&parent_dp);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to locate parent's loaded image device path protocol");
+ return status;
+ }
+
+ // Allocate some pool memory for device path protocol data
+ dp_len = parent_dp ? device_path_length(parent_dp) : 0;
+ status = efi_bs_call(allocate_pool, EFI_LOADER_DATA,
+ 2 * (dp_len + sizeof(struct efi_rel_offset_dev_path) +
+ sizeof(struct efi_generic_dev_path)) +
+ sizeof(struct efi_vendor_dev_path),
+ (void **)&dp_alloc);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to allocate device path pool memory");
+ return status;
+ }
+
+ // Create a device path describing the compressed payload in this image
+ // <...parent_dp...>/Offset(<start>, <end>)
+ lf2_dp = memcpy(dp_alloc, parent_dp, dp_len);
+ dpp = (void *)((u8 *)lf2_dp + dp_len);
+ append_rel_offset_node(&dpp,
+ (unsigned long)(_gzdata_start - efi_zboot_header),
+ (unsigned long)(_gzdata_end - efi_zboot_header - 1));
+ append_end_node(&dpp);
+
+ // Create a device path describing the decompressed payload in this image
+ // <...parent_dp...>/Offset(<start>, <end>)/VenMedia(ZBOOT_MEDIA_GUID)
+ dp_len += sizeof(struct efi_rel_offset_dev_path);
+ li_dp = memcpy(dpp, lf2_dp, dp_len);
+ dpp = (void *)((u8 *)li_dp + dp_len);
+ append_ven_media_node(&dpp, &LINUX_EFI_ZBOOT_MEDIA_GUID);
+ append_end_node(&dpp);
+
+ zboot_handle = NULL;
+ zboot_load_file2.load_file = load_file;
+ status = efi_bs_call(install_multiple_protocol_interfaces,
+ &zboot_handle,
+ &EFI_DEVICE_PATH_PROTOCOL_GUID, lf2_dp,
+ &EFI_LOAD_FILE2_PROTOCOL_GUID, &zboot_load_file2,
+ NULL);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to install LoadFile2 protocol and device path");
+ goto free_dpalloc;
+ }
+
+ status = efi_bs_call(load_image, false, handle, li_dp, NULL, 0,
+ &child_handle);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to load image");
+ goto uninstall_lf2;
+ }
+
+ status = efi_bs_call(handle_protocol, child_handle,
+ &LOADED_IMAGE_PROTOCOL_GUID, (void **)&child);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to locate child's loaded image protocol");
+ goto unload_image;
+ }
+
+ // Copy the kernel command line
+ child->load_options = parent->load_options;
+ child->load_options_size = parent->load_options_size;
+
+ status = efi_bs_call(start_image, child_handle, &exit_data_size,
+ &exit_data);
+ if (status != EFI_SUCCESS) {
+ log(L"StartImage() returned with error");
+ if (exit_data_size > 0)
+ log(exit_data);
+
+ // If StartImage() returns EFI_SECURITY_VIOLATION, the image is
+ // not unloaded so we need to do it by hand.
+ if (status == EFI_SECURITY_VIOLATION)
+unload_image:
+ efi_bs_call(unload_image, child_handle);
+ }
+
+uninstall_lf2:
+ efi_bs_call(uninstall_multiple_protocol_interfaces,
+ zboot_handle,
+ &EFI_DEVICE_PATH_PROTOCOL_GUID, lf2_dp,
+ &EFI_LOAD_FILE2_PROTOCOL_GUID, &zboot_load_file2,
+ NULL);
+
+free_dpalloc:
+ efi_bs_call(free_pool, dp_alloc);
+
+ efi_bs_call(exit, handle, status, exit_data_size, exit_data);
+
+ // Free ExitData in case Exit() returned with a failure code,
+ // but return the original status code.
+ log(L"Exit() returned with failure code");
+ if (exit_data != NULL)
+ efi_bs_call(free_pool, exit_data);
+ return status;
+}
diff --git a/drivers/firmware/efi/libstub/zboot.lds b/drivers/firmware/efi/libstub/zboot.lds
new file mode 100644
index 000000000000..509996988a9b
--- /dev/null
+++ b/drivers/firmware/efi/libstub/zboot.lds
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+ENTRY(__efistub_efi_zboot_header);
+
+SECTIONS
+{
+ .text : ALIGN(4096) {
+ *(.head)
+ *(.text* .init.text*)
+ }
+
+ .rodata : ALIGN(8) {
+ __efistub__gzdata_start = .;
+ *(.gzdata)
+ __efistub__gzdata_end = .;
+ *(.rodata* .init.rodata* .srodata*)
+ _etext = ALIGN(4096);
+ . = _etext;
+ }
+
+ .data : ALIGN(4096) {
+ *(.data* .init.data*)
+ _edata = ALIGN(512);
+ . = _edata;
+ }
+
+ .bss : {
+ *(.bss* .init.bss*)
+ _end = ALIGN(512);
+ . = _end;
+ }
+
+ /DISCARD/ : {
+ *(.modinfo .init.modinfo)
+ }
+}
+
+PROVIDE(__efistub__gzdata_size = ABSOLUTE(. - __efistub__gzdata_start));
+
+PROVIDE(__data_rawsize = ABSOLUTE(_edata - _etext));
+PROVIDE(__data_size = ABSOLUTE(_end - _etext));
diff --git a/include/linux/efi.h b/include/linux/efi.h
index af90f7989f80..5efc3105f8e0 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -411,6 +411,7 @@ void efi_native_runtime_setup(void);
#define LINUX_EFI_TPM_FINAL_LOG_GUID EFI_GUID(0x1e2ed096, 0x30e2, 0x4254, 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25)
#define LINUX_EFI_MEMRESERVE_TABLE_GUID EFI_GUID(0x888eb0c6, 0x8ede, 0x4ff5, 0xa8, 0xf0, 0x9a, 0xee, 0x5c, 0xb9, 0x77, 0xc2)
#define LINUX_EFI_INITRD_MEDIA_GUID EFI_GUID(0x5568e427, 0x68fc, 0x4f3d, 0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68)
+#define LINUX_EFI_ZBOOT_MEDIA_GUID EFI_GUID(0xe565a30d, 0x47da, 0x4dbd, 0xb3, 0x54, 0x9b, 0xb5, 0xc8, 0x4f, 0x8b, 0xe2)
#define LINUX_EFI_MOK_VARIABLE_TABLE_GUID EFI_GUID(0xc451ed2b, 0x9694, 0x45d3, 0xba, 0xba, 0xed, 0x9f, 0x89, 0x88, 0xa3, 0x89)
#define LINUX_EFI_COCO_SECRET_AREA_GUID EFI_GUID(0xadf956ad, 0xe98c, 0x484c, 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47)
--
2.35.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 5/9] efi/libstub: implement generic EFI zboot
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Implement a minimal EFI app that decompresses the real kernel image and
launches it using the firmware's LoadImage and StartImage boot services.
This removes the need for any arch-specific hacks.
Note that on systems that have UEFI secure boot policies enabled,
LoadImage/StartImage require images to be signed, or their hashes known
a priori, in order to be permitted to boot.
There are various possible strategies to work around this requirement,
but they all rely either on overriding internal PI/DXE protocols (which
are not part of the EFI spec) or omitting the firmware provided
LoadImage() and StartImage() boot services, which is also undesirable,
given that they encapsulate platform specific policies related to secure
boot and measured boot, but also related to memory permissions (whether
or not and which types of heap allocations have both write and execute
permissions.)
The only generic and truly portable way around this is to simply sign
both the inner and the outer image with the same key/cert pair, so this
is what is implemented here.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/Kconfig | 29 ++
drivers/firmware/efi/libstub/Makefile | 9 +-
drivers/firmware/efi/libstub/Makefile.zboot | 70 +++++
drivers/firmware/efi/libstub/file.c | 17 ++
| 139 ++++++++++
drivers/firmware/efi/libstub/zboot.c | 289 ++++++++++++++++++++
drivers/firmware/efi/libstub/zboot.lds | 41 +++
include/linux/efi.h | 1 +
8 files changed, 592 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index cbf1c55dc224..5bdf3080e5da 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -105,6 +105,35 @@ config EFI_RUNTIME_WRAPPERS
config EFI_GENERIC_STUB
bool
+config EFI_ZBOOT
+ def_bool y
+ depends on EFI_GENERIC_STUB && !ARM
+ select HAVE_KERNEL_GZIP
+ select HAVE_KERNEL_LZ4
+ select HAVE_KERNEL_LZMA
+ select HAVE_KERNEL_LZO
+ select HAVE_KERNEL_XZ
+ select HAVE_KERNEL_ZSTD
+
+config EFI_ZBOOT_SIGNED
+ bool "Sign the EFI decompressor for UEFI secure boot"
+ depends on EFI_ZBOOT
+ help
+ Use the 'sbsign' command line tool (which must exist on the host
+ path) to sign both the EFI decompressor PE/COFF image, as well as the
+ encapsulated PE/COFF image, which is subsequently compressed and
+ wrapped by the former image.
+
+config EFI_ZBOOT_SIGNING_CERT
+ string "Certificate to use for signing the compressed EFI boot image"
+ depends on EFI_ZBOOT_SIGNED
+ default ""
+
+config EFI_ZBOOT_SIGNING_KEY
+ string "Private key to use for signing the compressed EFI boot image"
+ depends on EFI_ZBOOT_SIGNED
+ default ""
+
config EFI_ARMSTUB_DTB_LOADER
bool "Enable the DTB loader"
depends on EFI_GENERIC_STUB && !RISCV && !LOONGARCH
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index fbe1900f47c4..8931ed24379e 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -72,6 +72,12 @@ lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o intrinsics.o \
lib-y += $(ARCH)-stub.o
CFLAGS_arm-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
+zboot-obj-$(CONFIG_RISCV) := lib-clz_ctz.o lib-ashldi3.o
+lib-$(CONFIG_EFI_ZBOOT) += zboot.o $(zboot-obj-y)
+
+extra-y := $(lib-y)
+lib-y := $(patsubst %.o,%.stub.o,$(lib-y))
+
# Even when -mbranch-protection=none is set, Clang will generate a
# .note.gnu.property for code-less object files (like lib/ctype.c),
# so work around this by explicitly removing the unwanted section.
@@ -111,9 +117,6 @@ STUBCOPY_RELOC-$(CONFIG_ARM) := R_ARM_ABS
# a verification pass to see if any absolute relocations exist in any of the
# object files.
#
-extra-y := $(lib-y)
-lib-y := $(patsubst %.o,%.stub.o,$(lib-y))
-
STUBCOPY_FLAGS-$(CONFIG_ARM64) += --prefix-alloc-sections=.init \
--prefix-symbols=__efistub_
STUBCOPY_RELOC-$(CONFIG_ARM64) := R_AARCH64_ABS
diff --git a/drivers/firmware/efi/libstub/Makefile.zboot b/drivers/firmware/efi/libstub/Makefile.zboot
new file mode 100644
index 000000000000..cfacbad0c28a
--- /dev/null
+++ b/drivers/firmware/efi/libstub/Makefile.zboot
@@ -0,0 +1,70 @@
+# SPDX-License-Identifier: GPL-2.0
+
+# to be include'd by arch/$(ARCH)/boot/Makefile after setting
+# EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET and EFI_ZBOOT_MACH_TYPE
+
+comp-type-$(CONFIG_KERNEL_GZIP) := gzip
+comp-type-$(CONFIG_KERNEL_LZ4) := lz4
+comp-type-$(CONFIG_KERNEL_LZMA) := lzma
+comp-type-$(CONFIG_KERNEL_LZO) := lzo
+comp-type-$(CONFIG_KERNEL_XZ) := xzkern
+comp-type-$(CONFIG_KERNEL_ZSTD) := zstd22
+
+# in GZIP, the appended le32 carrying the uncompressed size is part of the
+# format, but in other cases, we just append it at the end for convenience,
+# causing the original tools to complain when checking image integrity.
+# So disregard it when calculating the payload size in the zimage header.
+zboot-method-y := $(comp-type-y)_with_size
+zboot-size-len-y := 4
+
+zboot-method-$(CONFIG_KERNEL_GZIP) := gzip
+zboot-size-len-$(CONFIG_KERNEL_GZIP) := 0
+
+quiet_cmd_sbsign = SBSIGN $@
+ cmd_sbsign = sbsign --out $@ $< \
+ --key $(CONFIG_EFI_ZBOOT_SIGNING_KEY) \
+ --cert $(CONFIG_EFI_ZBOOT_SIGNING_CERT)
+
+$(obj)/$(EFI_ZBOOT_PAYLOAD).signed: $(obj)/$(EFI_ZBOOT_PAYLOAD) FORCE
+ $(call if_changed,sbsign)
+
+ZBOOT_PAYLOAD-y := $(EFI_ZBOOT_PAYLOAD)
+ZBOOT_PAYLOAD-$(CONFIG_EFI_ZBOOT_SIGNED) := $(EFI_ZBOOT_PAYLOAD).signed
+
+$(obj)/vmlinuz: $(obj)/$(ZBOOT_PAYLOAD-y) FORCE
+ $(call if_changed,$(zboot-method-y))
+
+OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \
+ --rename-section .data=.gzdata,load,alloc,readonly,contents
+$(obj)/vmlinuz.o: $(obj)/vmlinuz FORCE
+ $(call if_changed,objcopy)
+
+AFLAGS_zboot-header.o += -DMACHINE_TYPE=IMAGE_FILE_MACHINE_$(EFI_ZBOOT_MACH_TYPE) \
+ -DZBOOT_EFI_PATH="\"$(realpath $(obj)/vmlinuz.efi.elf)\"" \
+ -DZBOOT_SIZE_LEN=$(zboot-size-len-y) \
+ -DCOMP_TYPE="\"$(comp-type-y)\""
+
+$(obj)/zboot-header.o: $(srctree)/drivers/firmware/efi/libstub/zboot-header.S FORCE
+ $(call if_changed_rule,as_o_S)
+
+ZBOOT_DEPS := $(obj)/zboot-header.o $(objtree)/drivers/firmware/efi/libstub/lib.a
+
+LDFLAGS_vmlinuz.efi.elf := -T $(srctree)/drivers/firmware/efi/libstub/zboot.lds
+$(obj)/vmlinuz.efi.elf: $(obj)/vmlinuz.o $(ZBOOT_DEPS) FORCE
+ $(call if_changed,ld)
+
+ZBOOT_EFI-y := vmlinuz.efi
+ZBOOT_EFI-$(CONFIG_EFI_ZBOOT_SIGNED) := vmlinuz.efi.unsigned
+
+OBJCOPYFLAGS_$(ZBOOT_EFI-y) := -O binary
+$(obj)/$(ZBOOT_EFI-y): $(obj)/vmlinuz.efi.elf FORCE
+ $(call if_changed,objcopy)
+
+targets += zboot-header.o vmlinuz vmlinuz.o vmlinuz.efi.elf vmlinuz.efi
+
+ifneq ($(CONFIG_EFI_ZBOOT_SIGNED),)
+$(obj)/vmlinuz.efi: $(obj)/vmlinuz.efi.unsigned FORCE
+ $(call if_changed,sbsign)
+
+targets += $(EFI_ZBOOT_PAYLOAD).signed vmlinuz.efi.unsigned
+endif
diff --git a/drivers/firmware/efi/libstub/file.c b/drivers/firmware/efi/libstub/file.c
index dd95f330fe6e..42b3338273aa 100644
--- a/drivers/firmware/efi/libstub/file.c
+++ b/drivers/firmware/efi/libstub/file.c
@@ -66,10 +66,27 @@ static efi_status_t efi_open_file(efi_file_protocol_t *volume,
static efi_status_t efi_open_volume(efi_loaded_image_t *image,
efi_file_protocol_t **fh)
{
+ struct efi_vendor_dev_path *dp = image->file_path;
+ efi_guid_t li_proto = LOADED_IMAGE_PROTOCOL_GUID;
efi_guid_t fs_proto = EFI_FILE_SYSTEM_GUID;
efi_simple_file_system_protocol_t *io;
efi_status_t status;
+ // If we are using EFI zboot, we should look for the file system
+ // protocol on the parent image's handle instead
+ if (IS_ENABLED(CONFIG_EFI_ZBOOT) &&
+ image->parent_handle != NULL &&
+ dp->header.type == EFI_DEV_MEDIA &&
+ dp->header.sub_type == EFI_DEV_MEDIA_VENDOR &&
+ !efi_guidcmp(dp->vendorguid, LINUX_EFI_ZBOOT_MEDIA_GUID)) {
+ status = efi_bs_call(handle_protocol, image->parent_handle,
+ &li_proto, (void *)&image);
+ if (status != EFI_SUCCESS) {
+ efi_err("Failed to locate parent image handle\n");
+ return status;
+ }
+ }
+
status = efi_bs_call(handle_protocol, image->device_handle, &fs_proto,
(void **)&io);
if (status != EFI_SUCCESS) {
--git a/drivers/firmware/efi/libstub/zboot-header.S b/drivers/firmware/efi/libstub/zboot-header.S
new file mode 100644
index 000000000000..a7bcc7c6b16d
--- /dev/null
+++ b/drivers/firmware/efi/libstub/zboot-header.S
@@ -0,0 +1,139 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#include <linux/pe.h>
+
+#ifdef CONFIG_64BIT
+ .set .Lextra_characteristics, 0x0
+ .set .Lpe_opt_magic, PE_OPT_MAGIC_PE32PLUS
+#else
+ .set .Lextra_characteristics, IMAGE_FILE_32BIT_MACHINE
+ .set .Lpe_opt_magic, PE_OPT_MAGIC_PE32
+#endif
+
+ .section ".head", "a"
+ .globl __efistub_efi_zboot_header
+__efistub_efi_zboot_header:
+.Ldoshdr:
+ .long MZ_MAGIC
+ .ascii "zimg" // image type
+ .long __efistub__gzdata_start - .Ldoshdr // payload offset
+ .long __efistub__gzdata_size - ZBOOT_SIZE_LEN // payload size
+ .long 0, 0 // reserved
+ .asciz COMP_TYPE // compression type
+ .org .Ldoshdr + 0x3c
+ .long .Lpehdr - .Ldoshdr // PE header offset
+
+.Lpehdr:
+ .long PE_MAGIC
+ .short MACHINE_TYPE
+ .short .Lsection_count
+ .long 0
+ .long 0
+ .long 0
+ .short .Lsection_table - .Loptional_header
+ .short IMAGE_FILE_DEBUG_STRIPPED | \
+ IMAGE_FILE_EXECUTABLE_IMAGE | \
+ IMAGE_FILE_LINE_NUMS_STRIPPED |\
+ .Lextra_characteristics
+
+.Loptional_header:
+ .short .Lpe_opt_magic
+ .byte 0, 0
+ .long _etext - .Lefi_header_end
+ .long __data_size
+ .long 0
+ .long __efistub_efi_zboot_entry - .Ldoshdr
+ .long .Lefi_header_end - .Ldoshdr
+
+#ifdef CONFIG_64BIT
+ .quad 0
+#else
+ .long _etext - .Ldoshdr, 0x0
+#endif
+ .long 4096
+ .long 512
+ .short 0, 0
+ .short LINUX_EFISTUB_MAJOR_VERSION // MajorImageVersion
+ .short LINUX_EFISTUB_MINOR_VERSION // MinorImageVersion
+ .short 0, 0
+ .long 0
+ .long _end - .Ldoshdr
+
+ .long .Lefi_header_end - .Ldoshdr
+ .long 0
+ .short IMAGE_SUBSYSTEM_EFI_APPLICATION
+ .short 0
+ .quad 0, 0, 0, 0
+ .long 0
+ .long (.Lsection_table - .) / 8
+
+ .quad 0 // ExportTable
+ .quad 0 // ImportTable
+ .quad 0 // ResourceTable
+ .quad 0 // ExceptionTable
+ .quad 0 // CertificationTable
+ .quad 0 // BaseRelocationTable
+#ifdef CONFIG_DEBUG_EFI
+ .long .Lefi_debug_table - .Ldoshdr // DebugTable
+ .long .Lefi_debug_table_size
+#endif
+
+.Lsection_table:
+ .ascii ".text\0\0\0"
+ .long _etext - .Lefi_header_end
+ .long .Lefi_header_end - .Ldoshdr
+ .long _etext - .Lefi_header_end
+ .long .Lefi_header_end - .Ldoshdr
+
+ .long 0, 0
+ .short 0, 0
+ .long IMAGE_SCN_CNT_CODE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_EXECUTE
+
+ .ascii ".data\0\0\0"
+ .long __data_size
+ .long _etext - .Ldoshdr
+ .long __data_rawsize
+ .long _etext - .Ldoshdr
+
+ .long 0, 0
+ .short 0, 0
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE
+
+ .set .Lsection_count, (. - .Lsection_table) / 40
+
+#ifdef CONFIG_DEBUG_EFI
+ .section ".rodata", "a"
+ .align 2
+.Lefi_debug_table:
+ // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
+ .long 0 // Characteristics
+ .long 0 // TimeDateStamp
+ .short 0 // MajorVersion
+ .short 0 // MinorVersion
+ .long IMAGE_DEBUG_TYPE_CODEVIEW // Type
+ .long .Lefi_debug_entry_size // SizeOfData
+ .long 0 // RVA
+ .long .Lefi_debug_entry - .Ldoshdr // FileOffset
+
+ .set .Lefi_debug_table_size, . - .Lefi_debug_table
+ .previous
+
+.Lefi_debug_entry:
+ // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
+ .ascii "NB10" // Signature
+ .long 0 // Unknown
+ .long 0 // Unknown2
+ .long 0 // Unknown3
+
+ .asciz ZBOOT_EFI_PATH
+
+ .set .Lefi_debug_entry_size, . - .Lefi_debug_entry
+#endif
+
+ .p2align 12
+.Lefi_header_end:
+
diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c
new file mode 100644
index 000000000000..e6fdcc957275
--- /dev/null
+++ b/drivers/firmware/efi/libstub/zboot.c
@@ -0,0 +1,289 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/efi.h>
+#include <linux/pe.h>
+#include <asm/efi.h>
+#include <asm/unaligned.h>
+
+#include "efistub.h"
+
+static unsigned char zboot_heap[SZ_256K] __aligned(64);
+static unsigned long free_mem_ptr, free_mem_end_ptr;
+
+#define STATIC static
+#if defined(CONFIG_KERNEL_GZIP)
+#include "../../../../lib/decompress_inflate.c"
+#elif defined(CONFIG_KERNEL_LZ4)
+#include "../../../../lib/decompress_unlz4.c"
+#elif defined(CONFIG_KERNEL_LZMA)
+#include "../../../../lib/decompress_unlzma.c"
+#elif defined(CONFIG_KERNEL_LZO)
+#include "../../../../lib/decompress_unlzo.c"
+#elif defined(CONFIG_KERNEL_XZ)
+#undef memcpy
+#define memcpy memcpy
+#undef memmove
+#define memmove memmove
+#include "../../../../lib/decompress_unxz.c"
+#elif defined(CONFIG_KERNEL_ZSTD)
+#include "../../../../lib/decompress_unzstd.c"
+#endif
+
+extern char efi_zboot_header[];
+extern char _gzdata_start[], _gzdata_end[];
+
+static void log(efi_char16_t str[])
+{
+ efi_call_proto(efi_table_attr(efi_system_table, con_out),
+ output_string, L"EFI decompressor: ");
+ efi_call_proto(efi_table_attr(efi_system_table, con_out),
+ output_string, str);
+ efi_call_proto(efi_table_attr(efi_system_table, con_out),
+ output_string, L"\n");
+}
+
+static void error(char *x)
+{
+ log(L"error() called from decompressor library\n");
+}
+
+// Local version to avoid pulling in memcmp()
+static bool guids_eq(const efi_guid_t *a, const efi_guid_t *b)
+{
+ const u32 *l = (u32 *)a;
+ const u32 *r = (u32 *)b;
+
+ return l[0] == r[0] && l[1] == r[1] && l[2] == r[2] && l[3] == r[3];
+}
+
+static efi_status_t __efiapi
+load_file(efi_load_file_protocol_t *this, efi_device_path_protocol_t *rem,
+ bool boot_policy, unsigned long *bufsize, void *buffer)
+{
+ struct efi_vendor_dev_path *vendor_dp;
+ bool decompress = false;
+ unsigned long size;
+ int ret;
+
+ if (rem == NULL || bufsize == NULL)
+ return EFI_INVALID_PARAMETER;
+
+ if (boot_policy)
+ return EFI_UNSUPPORTED;
+
+ // Look for our vendor media device node in the remaining file path
+ if (rem->type == EFI_DEV_MEDIA &&
+ rem->sub_type == EFI_DEV_MEDIA_VENDOR) {
+ vendor_dp = container_of(rem, struct efi_vendor_dev_path, header);
+ if (!guids_eq(&vendor_dp->vendorguid, &LINUX_EFI_ZBOOT_MEDIA_GUID))
+ return EFI_NOT_FOUND;
+
+ decompress = true;
+ rem = (void *)(vendor_dp + 1);
+ }
+
+ if (rem->type != EFI_DEV_END_PATH ||
+ rem->sub_type != EFI_DEV_END_ENTIRE)
+ return EFI_NOT_FOUND;
+
+ // The uncompressed size of the payload is appended to the raw bit
+ // stream, and may therefore appear misaligned in memory
+ size = decompress ? get_unaligned_le32(_gzdata_end - 4)
+ : (_gzdata_end - _gzdata_start);
+ if (buffer == NULL || *bufsize < size) {
+ *bufsize = size;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (decompress) {
+ ret = __decompress(_gzdata_start, _gzdata_end - _gzdata_start,
+ NULL, NULL, buffer, 0, NULL, error);
+ if (ret < 0) {
+ log(L"Decompression failed");
+ return EFI_DEVICE_ERROR;
+ }
+ } else {
+ memcpy(buffer, _gzdata_start, size);
+ }
+
+ return EFI_SUCCESS;
+}
+
+// Return the length in bytes of the device path up to the first end node.
+static int device_path_length(const efi_device_path_protocol_t *dp)
+{
+ int len = 0;
+
+ while (dp->type != EFI_DEV_END_PATH) {
+ len += dp->length;
+ dp = (void *)((u8 *)dp + dp->length);
+ }
+ return len;
+}
+
+static void append_rel_offset_node(efi_device_path_protocol_t **dp,
+ unsigned long start, unsigned long end)
+{
+ struct efi_rel_offset_dev_path *rodp = (void *)*dp;
+
+ rodp->header.type = EFI_DEV_MEDIA;
+ rodp->header.sub_type = EFI_DEV_MEDIA_REL_OFFSET;
+ rodp->header.length = sizeof(struct efi_rel_offset_dev_path);
+ rodp->reserved = 0;
+ rodp->starting_offset = start;
+ rodp->ending_offset = end;
+
+ *dp = (void *)(rodp + 1);
+}
+
+static void append_ven_media_node(efi_device_path_protocol_t **dp,
+ efi_guid_t *guid)
+{
+ struct efi_vendor_dev_path *vmdp = (void *)*dp;
+
+ vmdp->header.type = EFI_DEV_MEDIA;
+ vmdp->header.sub_type = EFI_DEV_MEDIA_VENDOR;
+ vmdp->header.length = sizeof(struct efi_vendor_dev_path);
+ vmdp->vendorguid = *guid;
+
+ *dp = (void *)(vmdp + 1);
+}
+
+static void append_end_node(efi_device_path_protocol_t **dp)
+{
+ (*dp)->type = EFI_DEV_END_PATH;
+ (*dp)->sub_type = EFI_DEV_END_ENTIRE;
+ (*dp)->length = sizeof(struct efi_generic_dev_path);
+
+ ++*dp;
+}
+
+efi_status_t __efiapi efi_zboot_entry(efi_handle_t handle,
+ efi_system_table_t *systab)
+{
+ efi_device_path_protocol_t *parent_dp, *dpp, *lf2_dp, *li_dp;
+ efi_load_file2_protocol_t zboot_load_file2;
+ efi_loaded_image_t *parent, *child;
+ unsigned long exit_data_size;
+ efi_handle_t child_handle;
+ efi_handle_t zboot_handle;
+ efi_char16_t *exit_data;
+ efi_status_t status;
+ void *dp_alloc;
+ int dp_len;
+
+ WRITE_ONCE(efi_system_table, systab);
+
+ free_mem_ptr = (unsigned long)&zboot_heap;
+ free_mem_end_ptr = free_mem_ptr + sizeof(zboot_heap);
+
+ exit_data = NULL;
+ exit_data_size = 0;
+
+ status = efi_bs_call(handle_protocol, handle,
+ &LOADED_IMAGE_PROTOCOL_GUID, (void **)&parent);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to locate parent's loaded image protocol");
+ return status;
+ }
+
+ status = efi_bs_call(handle_protocol, handle,
+ &LOADED_IMAGE_DEVICE_PATH_PROTOCOL_GUID,
+ (void **)&parent_dp);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to locate parent's loaded image device path protocol");
+ return status;
+ }
+
+ // Allocate some pool memory for device path protocol data
+ dp_len = parent_dp ? device_path_length(parent_dp) : 0;
+ status = efi_bs_call(allocate_pool, EFI_LOADER_DATA,
+ 2 * (dp_len + sizeof(struct efi_rel_offset_dev_path) +
+ sizeof(struct efi_generic_dev_path)) +
+ sizeof(struct efi_vendor_dev_path),
+ (void **)&dp_alloc);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to allocate device path pool memory");
+ return status;
+ }
+
+ // Create a device path describing the compressed payload in this image
+ // <...parent_dp...>/Offset(<start>, <end>)
+ lf2_dp = memcpy(dp_alloc, parent_dp, dp_len);
+ dpp = (void *)((u8 *)lf2_dp + dp_len);
+ append_rel_offset_node(&dpp,
+ (unsigned long)(_gzdata_start - efi_zboot_header),
+ (unsigned long)(_gzdata_end - efi_zboot_header - 1));
+ append_end_node(&dpp);
+
+ // Create a device path describing the decompressed payload in this image
+ // <...parent_dp...>/Offset(<start>, <end>)/VenMedia(ZBOOT_MEDIA_GUID)
+ dp_len += sizeof(struct efi_rel_offset_dev_path);
+ li_dp = memcpy(dpp, lf2_dp, dp_len);
+ dpp = (void *)((u8 *)li_dp + dp_len);
+ append_ven_media_node(&dpp, &LINUX_EFI_ZBOOT_MEDIA_GUID);
+ append_end_node(&dpp);
+
+ zboot_handle = NULL;
+ zboot_load_file2.load_file = load_file;
+ status = efi_bs_call(install_multiple_protocol_interfaces,
+ &zboot_handle,
+ &EFI_DEVICE_PATH_PROTOCOL_GUID, lf2_dp,
+ &EFI_LOAD_FILE2_PROTOCOL_GUID, &zboot_load_file2,
+ NULL);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to install LoadFile2 protocol and device path");
+ goto free_dpalloc;
+ }
+
+ status = efi_bs_call(load_image, false, handle, li_dp, NULL, 0,
+ &child_handle);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to load image");
+ goto uninstall_lf2;
+ }
+
+ status = efi_bs_call(handle_protocol, child_handle,
+ &LOADED_IMAGE_PROTOCOL_GUID, (void **)&child);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to locate child's loaded image protocol");
+ goto unload_image;
+ }
+
+ // Copy the kernel command line
+ child->load_options = parent->load_options;
+ child->load_options_size = parent->load_options_size;
+
+ status = efi_bs_call(start_image, child_handle, &exit_data_size,
+ &exit_data);
+ if (status != EFI_SUCCESS) {
+ log(L"StartImage() returned with error");
+ if (exit_data_size > 0)
+ log(exit_data);
+
+ // If StartImage() returns EFI_SECURITY_VIOLATION, the image is
+ // not unloaded so we need to do it by hand.
+ if (status == EFI_SECURITY_VIOLATION)
+unload_image:
+ efi_bs_call(unload_image, child_handle);
+ }
+
+uninstall_lf2:
+ efi_bs_call(uninstall_multiple_protocol_interfaces,
+ zboot_handle,
+ &EFI_DEVICE_PATH_PROTOCOL_GUID, lf2_dp,
+ &EFI_LOAD_FILE2_PROTOCOL_GUID, &zboot_load_file2,
+ NULL);
+
+free_dpalloc:
+ efi_bs_call(free_pool, dp_alloc);
+
+ efi_bs_call(exit, handle, status, exit_data_size, exit_data);
+
+ // Free ExitData in case Exit() returned with a failure code,
+ // but return the original status code.
+ log(L"Exit() returned with failure code");
+ if (exit_data != NULL)
+ efi_bs_call(free_pool, exit_data);
+ return status;
+}
diff --git a/drivers/firmware/efi/libstub/zboot.lds b/drivers/firmware/efi/libstub/zboot.lds
new file mode 100644
index 000000000000..509996988a9b
--- /dev/null
+++ b/drivers/firmware/efi/libstub/zboot.lds
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+ENTRY(__efistub_efi_zboot_header);
+
+SECTIONS
+{
+ .text : ALIGN(4096) {
+ *(.head)
+ *(.text* .init.text*)
+ }
+
+ .rodata : ALIGN(8) {
+ __efistub__gzdata_start = .;
+ *(.gzdata)
+ __efistub__gzdata_end = .;
+ *(.rodata* .init.rodata* .srodata*)
+ _etext = ALIGN(4096);
+ . = _etext;
+ }
+
+ .data : ALIGN(4096) {
+ *(.data* .init.data*)
+ _edata = ALIGN(512);
+ . = _edata;
+ }
+
+ .bss : {
+ *(.bss* .init.bss*)
+ _end = ALIGN(512);
+ . = _end;
+ }
+
+ /DISCARD/ : {
+ *(.modinfo .init.modinfo)
+ }
+}
+
+PROVIDE(__efistub__gzdata_size = ABSOLUTE(. - __efistub__gzdata_start));
+
+PROVIDE(__data_rawsize = ABSOLUTE(_edata - _etext));
+PROVIDE(__data_size = ABSOLUTE(_end - _etext));
diff --git a/include/linux/efi.h b/include/linux/efi.h
index af90f7989f80..5efc3105f8e0 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -411,6 +411,7 @@ void efi_native_runtime_setup(void);
#define LINUX_EFI_TPM_FINAL_LOG_GUID EFI_GUID(0x1e2ed096, 0x30e2, 0x4254, 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25)
#define LINUX_EFI_MEMRESERVE_TABLE_GUID EFI_GUID(0x888eb0c6, 0x8ede, 0x4ff5, 0xa8, 0xf0, 0x9a, 0xee, 0x5c, 0xb9, 0x77, 0xc2)
#define LINUX_EFI_INITRD_MEDIA_GUID EFI_GUID(0x5568e427, 0x68fc, 0x4f3d, 0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68)
+#define LINUX_EFI_ZBOOT_MEDIA_GUID EFI_GUID(0xe565a30d, 0x47da, 0x4dbd, 0xb3, 0x54, 0x9b, 0xb5, 0xc8, 0x4f, 0x8b, 0xe2)
#define LINUX_EFI_MOK_VARIABLE_TABLE_GUID EFI_GUID(0xc451ed2b, 0x9694, 0x45d3, 0xba, 0xba, 0xed, 0x9f, 0x89, 0x88, 0xa3, 0x89)
#define LINUX_EFI_COCO_SECRET_AREA_GUID EFI_GUID(0xadf956ad, 0xe98c, 0x484c, 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47)
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 6/9] arm64: efi: enable generic EFI compressed boot
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 8:38 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Wire up the generic EFI zboot support for arm64.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm64/Makefile | 4 ++--
arch/arm64/boot/Makefile | 6 ++++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 6d9d4a58b898..92676ccc6363 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -153,10 +153,10 @@ libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
boot := arch/arm64/boot
KBUILD_IMAGE := $(boot)/Image.gz
-all: Image.gz
+all: $(notdir $(KBUILD_IMAGE))
-Image: vmlinux
+Image vmlinuz.efi: vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
Image.%: Image
diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile
index a0e3dedd2883..c65aee088410 100644
--- a/arch/arm64/boot/Makefile
+++ b/arch/arm64/boot/Makefile
@@ -38,3 +38,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
$(obj)/Image.zst: $(obj)/Image FORCE
$(call if_changed,zstd)
+
+EFI_ZBOOT_PAYLOAD := Image
+EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64
+EFI_ZBOOT_MACH_TYPE := ARM64
+
+include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
2.35.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 6/9] arm64: efi: enable generic EFI compressed boot
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Wire up the generic EFI zboot support for arm64.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/arm64/Makefile | 4 ++--
arch/arm64/boot/Makefile | 6 ++++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 6d9d4a58b898..92676ccc6363 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -153,10 +153,10 @@ libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
boot := arch/arm64/boot
KBUILD_IMAGE := $(boot)/Image.gz
-all: Image.gz
+all: $(notdir $(KBUILD_IMAGE))
-Image: vmlinux
+Image vmlinuz.efi: vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
Image.%: Image
diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile
index a0e3dedd2883..c65aee088410 100644
--- a/arch/arm64/boot/Makefile
+++ b/arch/arm64/boot/Makefile
@@ -38,3 +38,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
$(obj)/Image.zst: $(obj)/Image FORCE
$(call if_changed,zstd)
+
+EFI_ZBOOT_PAYLOAD := Image
+EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64
+EFI_ZBOOT_MACH_TYPE := ARM64
+
+include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 7/9] riscv: efi: enable generic EFI compressed boot
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 8:38 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Wire up the generic EFI zboot support for RISC-V.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/riscv/Makefile | 2 +-
arch/riscv/boot/Makefile | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile
index 3fa8ef336822..ee9c24db082c 100644
--- a/arch/riscv/Makefile
+++ b/arch/riscv/Makefile
@@ -139,7 +139,7 @@ else
KBUILD_IMAGE := $(boot)/Image.gz
endif
endif
-BOOT_TARGETS := Image Image.gz loader loader.bin xipImage
+BOOT_TARGETS := Image Image.gz loader loader.bin xipImage vmlinuz.efi
all: $(notdir $(KBUILD_IMAGE))
diff --git a/arch/riscv/boot/Makefile b/arch/riscv/boot/Makefile
index becd0621071c..d1a49adcb1d7 100644
--- a/arch/riscv/boot/Makefile
+++ b/arch/riscv/boot/Makefile
@@ -58,3 +58,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
$(obj)/loader.bin: $(obj)/loader FORCE
$(call if_changed,objcopy)
+
+EFI_ZBOOT_PAYLOAD := Image
+EFI_ZBOOT_BFD_TARGET := elf$(BITS)-littleriscv
+EFI_ZBOOT_MACH_TYPE := RISCV$(BITS)
+
+include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
2.35.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 7/9] riscv: efi: enable generic EFI compressed boot
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Wire up the generic EFI zboot support for RISC-V.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/riscv/Makefile | 2 +-
arch/riscv/boot/Makefile | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile
index 3fa8ef336822..ee9c24db082c 100644
--- a/arch/riscv/Makefile
+++ b/arch/riscv/Makefile
@@ -139,7 +139,7 @@ else
KBUILD_IMAGE := $(boot)/Image.gz
endif
endif
-BOOT_TARGETS := Image Image.gz loader loader.bin xipImage
+BOOT_TARGETS := Image Image.gz loader loader.bin xipImage vmlinuz.efi
all: $(notdir $(KBUILD_IMAGE))
diff --git a/arch/riscv/boot/Makefile b/arch/riscv/boot/Makefile
index becd0621071c..d1a49adcb1d7 100644
--- a/arch/riscv/boot/Makefile
+++ b/arch/riscv/boot/Makefile
@@ -58,3 +58,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
$(obj)/loader.bin: $(obj)/loader FORCE
$(call if_changed,objcopy)
+
+EFI_ZBOOT_PAYLOAD := Image
+EFI_ZBOOT_BFD_TARGET := elf$(BITS)-littleriscv
+EFI_ZBOOT_MACH_TYPE := RISCV$(BITS)
+
+include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 8/9] loongarch: avoid orphan input sections
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 8:38 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Ensure that all input sections are listed explicitly in the linker
script, and issue a warning otherwise. This ensures that the binary
image matches the PE/COFF and other image metadata exactly, which is
important for things like code signing.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/loongarch/Kconfig | 1 +
arch/loongarch/kernel/vmlinux.lds.S | 2 ++
2 files changed, 3 insertions(+)
diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
index fca106a8b8af..407502da4335 100644
--- a/arch/loongarch/Kconfig
+++ b/arch/loongarch/Kconfig
@@ -51,6 +51,7 @@ config LOONGARCH
select ARCH_USE_CMPXCHG_LOCKREF
select ARCH_USE_QUEUED_RWLOCKS
select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
+ select ARCH_WANT_LD_ORPHAN_WARN
select ARCH_WANTS_NO_INSTR
select BUILDTIME_TABLE_SORT
select COMMON_CLK
diff --git a/arch/loongarch/kernel/vmlinux.lds.S b/arch/loongarch/kernel/vmlinux.lds.S
index 36d042739f3c..17d33308dfba 100644
--- a/arch/loongarch/kernel/vmlinux.lds.S
+++ b/arch/loongarch/kernel/vmlinux.lds.S
@@ -74,6 +74,8 @@ SECTIONS
EXIT_DATA
}
+ .rela.dyn : { *(.rela.dyn) *(.rela*) }
+
#ifdef CONFIG_SMP
PERCPU_SECTION(1 << CONFIG_L1_CACHE_SHIFT)
#endif
--
2.35.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 8/9] loongarch: avoid orphan input sections
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Ensure that all input sections are listed explicitly in the linker
script, and issue a warning otherwise. This ensures that the binary
image matches the PE/COFF and other image metadata exactly, which is
important for things like code signing.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/loongarch/Kconfig | 1 +
arch/loongarch/kernel/vmlinux.lds.S | 2 ++
2 files changed, 3 insertions(+)
diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
index fca106a8b8af..407502da4335 100644
--- a/arch/loongarch/Kconfig
+++ b/arch/loongarch/Kconfig
@@ -51,6 +51,7 @@ config LOONGARCH
select ARCH_USE_CMPXCHG_LOCKREF
select ARCH_USE_QUEUED_RWLOCKS
select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
+ select ARCH_WANT_LD_ORPHAN_WARN
select ARCH_WANTS_NO_INSTR
select BUILDTIME_TABLE_SORT
select COMMON_CLK
diff --git a/arch/loongarch/kernel/vmlinux.lds.S b/arch/loongarch/kernel/vmlinux.lds.S
index 36d042739f3c..17d33308dfba 100644
--- a/arch/loongarch/kernel/vmlinux.lds.S
+++ b/arch/loongarch/kernel/vmlinux.lds.S
@@ -74,6 +74,8 @@ SECTIONS
EXIT_DATA
}
+ .rela.dyn : { *(.rela.dyn) *(.rela*) }
+
#ifdef CONFIG_SMP
PERCPU_SECTION(1 << CONFIG_L1_CACHE_SHIFT)
#endif
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 8:38 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Wire up the generic EFI zboot support for LoongArch64
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/loongarch/Makefile | 2 +-
arch/loongarch/boot/Makefile | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
index 4bc47f47cfd8..7051a95f7f31 100644
--- a/arch/loongarch/Makefile
+++ b/arch/loongarch/Makefile
@@ -93,7 +93,7 @@ vdso_install:
all: $(notdir $(KBUILD_IMAGE))
-vmlinux.elf vmlinux.efi: vmlinux
+vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
install:
diff --git a/arch/loongarch/boot/Makefile b/arch/loongarch/boot/Makefile
index fecf34f50e56..4e1c374c5782 100644
--- a/arch/loongarch/boot/Makefile
+++ b/arch/loongarch/boot/Makefile
@@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
targets += vmlinux.efi
$(obj)/vmlinux.efi: vmlinux FORCE
$(call if_changed,objcopy)
+
+EFI_ZBOOT_PAYLOAD := vmlinux.efi
+EFI_ZBOOT_BFD_TARGET := elf64-loongarch
+EFI_ZBOOT_MACH_TYPE := LOONGARCH64
+
+include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
2.35.1
^ permalink raw reply related [flat|nested] 42+ messages in thread
* [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
@ 2022-08-27 8:38 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 8:38 UTC (permalink / raw)
To: linux-efi
Cc: linux-arm-kernel, Ard Biesheuvel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Huacai Chen, Xi Ruoyao,
Lennart Poettering, Jeremy Linton
Wire up the generic EFI zboot support for LoongArch64
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/loongarch/Makefile | 2 +-
arch/loongarch/boot/Makefile | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
index 4bc47f47cfd8..7051a95f7f31 100644
--- a/arch/loongarch/Makefile
+++ b/arch/loongarch/Makefile
@@ -93,7 +93,7 @@ vdso_install:
all: $(notdir $(KBUILD_IMAGE))
-vmlinux.elf vmlinux.efi: vmlinux
+vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
install:
diff --git a/arch/loongarch/boot/Makefile b/arch/loongarch/boot/Makefile
index fecf34f50e56..4e1c374c5782 100644
--- a/arch/loongarch/boot/Makefile
+++ b/arch/loongarch/boot/Makefile
@@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
targets += vmlinux.efi
$(obj)/vmlinux.efi: vmlinux FORCE
$(call if_changed,objcopy)
+
+EFI_ZBOOT_PAYLOAD := vmlinux.efi
+EFI_ZBOOT_BFD_TARGET := elf64-loongarch
+EFI_ZBOOT_MACH_TYPE := LOONGARCH64
+
+include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-27 10:15 ` 陈华才
-1 siblings, 0 replies; 42+ messages in thread
From: 陈华才 @ 2022-08-27 10:15 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Xi Ruoyao, Lennart Poettering,
Jeremy Linton
Hi, Ard,
It seems that this patch is a normal bugfix and has no relation with this series. If so, I prefer to take into loongarch-fixes for 6.0-rc4. Thanks.
Huacai
> -----原始邮件-----
> 发件人: "Ard Biesheuvel" <ardb@kernel.org>
> 发送时间:2022-08-27 16:38:49 (星期六)
> 收件人: linux-efi@vger.kernel.org
> 抄送: linux-arm-kernel@lists.infradead.org, "Ard Biesheuvel" <ardb@kernel.org>, "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>, "Matthew Garrett" <mjg59@srcf.ucam.org>, "Peter Jones" <pjones@redhat.com>, "Ilias Apalodimas" <ilias.apalodimas@linaro.org>, "Heinrich Schuchardt" <heinrich.schuchardt@canonical.com>, "AKASHI Takahiro" <takahiro.akashi@linaro.org>, "Palmer Dabbelt" <palmer@dabbelt.com>, "Atish Patra" <atishp@atishpatra.org>, "Arnd Bergmann" <arnd@arndb.de>, "Huacai Chen" <chenhuacai@loongson.cn>, "Xi Ruoyao" <xry111@xry111.site>, "Lennart Poettering" <lennart@poettering.net>, "Jeremy Linton" <jeremy.linton@arm.com>
> 主题: [PATCH v4 8/9] loongarch: avoid orphan input sections
>
> Ensure that all input sections are listed explicitly in the linker
> script, and issue a warning otherwise. This ensures that the binary
> image matches the PE/COFF and other image metadata exactly, which is
> important for things like code signing.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> arch/loongarch/Kconfig | 1 +
> arch/loongarch/kernel/vmlinux.lds.S | 2 ++
> 2 files changed, 3 insertions(+)
>
> diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> index fca106a8b8af..407502da4335 100644
> --- a/arch/loongarch/Kconfig
> +++ b/arch/loongarch/Kconfig
> @@ -51,6 +51,7 @@ config LOONGARCH
> select ARCH_USE_CMPXCHG_LOCKREF
> select ARCH_USE_QUEUED_RWLOCKS
> select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
> + select ARCH_WANT_LD_ORPHAN_WARN
> select ARCH_WANTS_NO_INSTR
> select BUILDTIME_TABLE_SORT
> select COMMON_CLK
> diff --git a/arch/loongarch/kernel/vmlinux.lds.S b/arch/loongarch/kernel/vmlinux.lds.S
> index 36d042739f3c..17d33308dfba 100644
> --- a/arch/loongarch/kernel/vmlinux.lds.S
> +++ b/arch/loongarch/kernel/vmlinux.lds.S
> @@ -74,6 +74,8 @@ SECTIONS
> EXIT_DATA
> }
>
> + .rela.dyn : { *(.rela.dyn) *(.rela*) }
> +
> #ifdef CONFIG_SMP
> PERCPU_SECTION(1 << CONFIG_L1_CACHE_SHIFT)
> #endif
> --
> 2.35.1
本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
@ 2022-08-27 10:15 ` 陈华才
0 siblings, 0 replies; 42+ messages in thread
From: 陈华才 @ 2022-08-27 10:15 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Xi Ruoyao, Lennart Poettering,
Jeremy Linton
Hi, Ard,
It seems that this patch is a normal bugfix and has no relation with this series. If so, I prefer to take into loongarch-fixes for 6.0-rc4. Thanks.
Huacai
> -----原始邮件-----
> 发件人: "Ard Biesheuvel" <ardb@kernel.org>
> 发送时间:2022-08-27 16:38:49 (星期六)
> 收件人: linux-efi@vger.kernel.org
> 抄送: linux-arm-kernel@lists.infradead.org, "Ard Biesheuvel" <ardb@kernel.org>, "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>, "Matthew Garrett" <mjg59@srcf.ucam.org>, "Peter Jones" <pjones@redhat.com>, "Ilias Apalodimas" <ilias.apalodimas@linaro.org>, "Heinrich Schuchardt" <heinrich.schuchardt@canonical.com>, "AKASHI Takahiro" <takahiro.akashi@linaro.org>, "Palmer Dabbelt" <palmer@dabbelt.com>, "Atish Patra" <atishp@atishpatra.org>, "Arnd Bergmann" <arnd@arndb.de>, "Huacai Chen" <chenhuacai@loongson.cn>, "Xi Ruoyao" <xry111@xry111.site>, "Lennart Poettering" <lennart@poettering.net>, "Jeremy Linton" <jeremy.linton@arm.com>
> 主题: [PATCH v4 8/9] loongarch: avoid orphan input sections
>
> Ensure that all input sections are listed explicitly in the linker
> script, and issue a warning otherwise. This ensures that the binary
> image matches the PE/COFF and other image metadata exactly, which is
> important for things like code signing.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> arch/loongarch/Kconfig | 1 +
> arch/loongarch/kernel/vmlinux.lds.S | 2 ++
> 2 files changed, 3 insertions(+)
>
> diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> index fca106a8b8af..407502da4335 100644
> --- a/arch/loongarch/Kconfig
> +++ b/arch/loongarch/Kconfig
> @@ -51,6 +51,7 @@ config LOONGARCH
> select ARCH_USE_CMPXCHG_LOCKREF
> select ARCH_USE_QUEUED_RWLOCKS
> select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
> + select ARCH_WANT_LD_ORPHAN_WARN
> select ARCH_WANTS_NO_INSTR
> select BUILDTIME_TABLE_SORT
> select COMMON_CLK
> diff --git a/arch/loongarch/kernel/vmlinux.lds.S b/arch/loongarch/kernel/vmlinux.lds.S
> index 36d042739f3c..17d33308dfba 100644
> --- a/arch/loongarch/kernel/vmlinux.lds.S
> +++ b/arch/loongarch/kernel/vmlinux.lds.S
> @@ -74,6 +74,8 @@ SECTIONS
> EXIT_DATA
> }
>
> + .rela.dyn : { *(.rela.dyn) *(.rela*) }
> +
> #ifdef CONFIG_SMP
> PERCPU_SECTION(1 << CONFIG_L1_CACHE_SHIFT)
> #endif
> --
> 2.35.1
本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
2022-08-27 10:15 ` 陈华才
@ 2022-08-27 13:27 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 13:27 UTC (permalink / raw)
To: 陈华才
Cc: linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Xi Ruoyao, Lennart Poettering,
Jeremy Linton
On Sat, 27 Aug 2022 at 12:16, 陈华才 <chenhuacai@loongson.cn> wrote:
>
> Hi, Ard,
>
> It seems that this patch is a normal bugfix and has no relation with this series. If so, I prefer to take into loongarch-fixes for 6.0-rc4. Thanks.
>
It does have a relation: the signing tool will complain because the
PE/COFF metadata goes out of sync, like so
SBSIGN arch/loongarch/boot/vmlinux.efi.signed
warning: data remaining[20754944 vs 20755016]: gaps between PE/COFF sections?
This is because of the *(.rela.dyn) section created by the linker,
which is appended after the .data section, and so the PE/COFF .data
section size does not match the file size.
*However*, you explained to me that vmlinux is not a PIC binary, and
the link should be non-PIE as well. So this looks like another
toolchain issue to me, that you may want to look into.
(The .rela.dyn section typically contains relocations applied by
ld.so, either to PIE executables, or to shared libraries. It is
probably harmless given that the loongarch kernel runs from its link
time address, but it is still odd that this section is being
generated)
Anyway, I will drop this patch from the series - I will leave it up to
you entirely how you prefer to fix this.
>
> > -----原始邮件-----
> > 发件人: "Ard Biesheuvel" <ardb@kernel.org>
> > 发送时间:2022-08-27 16:38:49 (星期六)
> > 收件人: linux-efi@vger.kernel.org
> > 抄送: linux-arm-kernel@lists.infradead.org, "Ard Biesheuvel" <ardb@kernel.org>, "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>, "Matthew Garrett" <mjg59@srcf.ucam.org>, "Peter Jones" <pjones@redhat.com>, "Ilias Apalodimas" <ilias.apalodimas@linaro.org>, "Heinrich Schuchardt" <heinrich.schuchardt@canonical.com>, "AKASHI Takahiro" <takahiro.akashi@linaro.org>, "Palmer Dabbelt" <palmer@dabbelt.com>, "Atish Patra" <atishp@atishpatra.org>, "Arnd Bergmann" <arnd@arndb.de>, "Huacai Chen" <chenhuacai@loongson.cn>, "Xi Ruoyao" <xry111@xry111.site>, "Lennart Poettering" <lennart@poettering.net>, "Jeremy Linton" <jeremy.linton@arm.com>
> > 主题: [PATCH v4 8/9] loongarch: avoid orphan input sections
> >
> > Ensure that all input sections are listed explicitly in the linker
> > script, and issue a warning otherwise. This ensures that the binary
> > image matches the PE/COFF and other image metadata exactly, which is
> > important for things like code signing.
> >
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > ---
> > arch/loongarch/Kconfig | 1 +
> > arch/loongarch/kernel/vmlinux.lds.S | 2 ++
> > 2 files changed, 3 insertions(+)
> >
> > diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> > index fca106a8b8af..407502da4335 100644
> > --- a/arch/loongarch/Kconfig
> > +++ b/arch/loongarch/Kconfig
> > @@ -51,6 +51,7 @@ config LOONGARCH
> > select ARCH_USE_CMPXCHG_LOCKREF
> > select ARCH_USE_QUEUED_RWLOCKS
> > select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
> > + select ARCH_WANT_LD_ORPHAN_WARN
> > select ARCH_WANTS_NO_INSTR
> > select BUILDTIME_TABLE_SORT
> > select COMMON_CLK
> > diff --git a/arch/loongarch/kernel/vmlinux.lds.S b/arch/loongarch/kernel/vmlinux.lds.S
> > index 36d042739f3c..17d33308dfba 100644
> > --- a/arch/loongarch/kernel/vmlinux.lds.S
> > +++ b/arch/loongarch/kernel/vmlinux.lds.S
> > @@ -74,6 +74,8 @@ SECTIONS
> > EXIT_DATA
> > }
> >
> > + .rela.dyn : { *(.rela.dyn) *(.rela*) }
> > +
> > #ifdef CONFIG_SMP
> > PERCPU_SECTION(1 << CONFIG_L1_CACHE_SHIFT)
> > #endif
> > --
> > 2.35.1
>
>
> 本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
> This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
@ 2022-08-27 13:27 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-27 13:27 UTC (permalink / raw)
To: 陈华才
Cc: linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Xi Ruoyao, Lennart Poettering,
Jeremy Linton
On Sat, 27 Aug 2022 at 12:16, 陈华才 <chenhuacai@loongson.cn> wrote:
>
> Hi, Ard,
>
> It seems that this patch is a normal bugfix and has no relation with this series. If so, I prefer to take into loongarch-fixes for 6.0-rc4. Thanks.
>
It does have a relation: the signing tool will complain because the
PE/COFF metadata goes out of sync, like so
SBSIGN arch/loongarch/boot/vmlinux.efi.signed
warning: data remaining[20754944 vs 20755016]: gaps between PE/COFF sections?
This is because of the *(.rela.dyn) section created by the linker,
which is appended after the .data section, and so the PE/COFF .data
section size does not match the file size.
*However*, you explained to me that vmlinux is not a PIC binary, and
the link should be non-PIE as well. So this looks like another
toolchain issue to me, that you may want to look into.
(The .rela.dyn section typically contains relocations applied by
ld.so, either to PIE executables, or to shared libraries. It is
probably harmless given that the loongarch kernel runs from its link
time address, but it is still odd that this section is being
generated)
Anyway, I will drop this patch from the series - I will leave it up to
you entirely how you prefer to fix this.
>
> > -----原始邮件-----
> > 发件人: "Ard Biesheuvel" <ardb@kernel.org>
> > 发送时间:2022-08-27 16:38:49 (星期六)
> > 收件人: linux-efi@vger.kernel.org
> > 抄送: linux-arm-kernel@lists.infradead.org, "Ard Biesheuvel" <ardb@kernel.org>, "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>, "Matthew Garrett" <mjg59@srcf.ucam.org>, "Peter Jones" <pjones@redhat.com>, "Ilias Apalodimas" <ilias.apalodimas@linaro.org>, "Heinrich Schuchardt" <heinrich.schuchardt@canonical.com>, "AKASHI Takahiro" <takahiro.akashi@linaro.org>, "Palmer Dabbelt" <palmer@dabbelt.com>, "Atish Patra" <atishp@atishpatra.org>, "Arnd Bergmann" <arnd@arndb.de>, "Huacai Chen" <chenhuacai@loongson.cn>, "Xi Ruoyao" <xry111@xry111.site>, "Lennart Poettering" <lennart@poettering.net>, "Jeremy Linton" <jeremy.linton@arm.com>
> > 主题: [PATCH v4 8/9] loongarch: avoid orphan input sections
> >
> > Ensure that all input sections are listed explicitly in the linker
> > script, and issue a warning otherwise. This ensures that the binary
> > image matches the PE/COFF and other image metadata exactly, which is
> > important for things like code signing.
> >
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > ---
> > arch/loongarch/Kconfig | 1 +
> > arch/loongarch/kernel/vmlinux.lds.S | 2 ++
> > 2 files changed, 3 insertions(+)
> >
> > diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> > index fca106a8b8af..407502da4335 100644
> > --- a/arch/loongarch/Kconfig
> > +++ b/arch/loongarch/Kconfig
> > @@ -51,6 +51,7 @@ config LOONGARCH
> > select ARCH_USE_CMPXCHG_LOCKREF
> > select ARCH_USE_QUEUED_RWLOCKS
> > select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT
> > + select ARCH_WANT_LD_ORPHAN_WARN
> > select ARCH_WANTS_NO_INSTR
> > select BUILDTIME_TABLE_SORT
> > select COMMON_CLK
> > diff --git a/arch/loongarch/kernel/vmlinux.lds.S b/arch/loongarch/kernel/vmlinux.lds.S
> > index 36d042739f3c..17d33308dfba 100644
> > --- a/arch/loongarch/kernel/vmlinux.lds.S
> > +++ b/arch/loongarch/kernel/vmlinux.lds.S
> > @@ -74,6 +74,8 @@ SECTIONS
> > EXIT_DATA
> > }
> >
> > + .rela.dyn : { *(.rela.dyn) *(.rela*) }
> > +
> > #ifdef CONFIG_SMP
> > PERCPU_SECTION(1 << CONFIG_L1_CACHE_SHIFT)
> > #endif
> > --
> > 2.35.1
>
>
> 本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
> This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
2022-08-27 13:27 ` Ard Biesheuvel
@ 2022-08-28 3:31 ` Xi Ruoyao
-1 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-08-28 3:31 UTC (permalink / raw)
To: Ard Biesheuvel, 陈华才
Cc: linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Lennart Poettering, Jeremy Linton
On Sat, 2022-08-27 at 15:27 +0200, Ard Biesheuvel wrote:
> It does have a relation: the signing tool will complain because the
> PE/COFF metadata goes out of sync, like so
>
> SBSIGN arch/loongarch/boot/vmlinux.efi.signed
> warning: data remaining[20754944 vs 20755016]: gaps between PE/COFF
> sections?
>
> This is because of the *(.rela.dyn) section created by the linker,
> which is appended after the .data section, and so the PE/COFF .data
> section size does not match the file size.
>
> *However*, you explained to me that vmlinux is not a PIC binary, and
> the link should be non-PIE as well. So this looks like another
> toolchain issue to me, that you may want to look into.
In my builds:
With Binutils 2.39 and GCC 12, vmlinux rela.dyn contains 48 zero bytes
(or 3 R_LARCH_NONE relocations, which is defined "do thing" and is
ignored by ld, ld.so, and kernel module loader).
With Binutils trunk and GCC trunk, rela.dyn does not exist in
vmlinux.(But for using the trunks of Binutils and GCC we'll need to
either disable CONFIG_MODULES or apply [1].)
[1]:https://lore.kernel.org/loongarch/20220827175436.156464-1-xry111@xry111.site/T/
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
@ 2022-08-28 3:31 ` Xi Ruoyao
0 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-08-28 3:31 UTC (permalink / raw)
To: Ard Biesheuvel, 陈华才
Cc: linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Lennart Poettering, Jeremy Linton
On Sat, 2022-08-27 at 15:27 +0200, Ard Biesheuvel wrote:
> It does have a relation: the signing tool will complain because the
> PE/COFF metadata goes out of sync, like so
>
> SBSIGN arch/loongarch/boot/vmlinux.efi.signed
> warning: data remaining[20754944 vs 20755016]: gaps between PE/COFF
> sections?
>
> This is because of the *(.rela.dyn) section created by the linker,
> which is appended after the .data section, and so the PE/COFF .data
> section size does not match the file size.
>
> *However*, you explained to me that vmlinux is not a PIC binary, and
> the link should be non-PIE as well. So this looks like another
> toolchain issue to me, that you may want to look into.
In my builds:
With Binutils 2.39 and GCC 12, vmlinux rela.dyn contains 48 zero bytes
(or 3 R_LARCH_NONE relocations, which is defined "do thing" and is
ignored by ld, ld.so, and kernel module loader).
With Binutils trunk and GCC trunk, rela.dyn does not exist in
vmlinux.(But for using the trunks of Binutils and GCC we'll need to
either disable CONFIG_MODULES or apply [1].)
[1]:https://lore.kernel.org/loongarch/20220827175436.156464-1-xry111@xry111.site/T/
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
2022-08-28 3:31 ` Xi Ruoyao
@ 2022-08-28 9:36 ` Ard Biesheuvel
-1 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-28 9:36 UTC (permalink / raw)
To: Xi Ruoyao
Cc: 陈华才,
linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Lennart Poettering, Jeremy Linton
On Sun, 28 Aug 2022 at 05:31, Xi Ruoyao <xry111@xry111.site> wrote:
>
> On Sat, 2022-08-27 at 15:27 +0200, Ard Biesheuvel wrote:
> > It does have a relation: the signing tool will complain because the
> > PE/COFF metadata goes out of sync, like so
> >
> > SBSIGN arch/loongarch/boot/vmlinux.efi.signed
> > warning: data remaining[20754944 vs 20755016]: gaps between PE/COFF
> > sections?
> >
> > This is because of the *(.rela.dyn) section created by the linker,
> > which is appended after the .data section, and so the PE/COFF .data
> > section size does not match the file size.
> >
> > *However*, you explained to me that vmlinux is not a PIC binary, and
> > the link should be non-PIE as well. So this looks like another
> > toolchain issue to me, that you may want to look into.
>
> In my builds:
>
> With Binutils 2.39 and GCC 12, vmlinux rela.dyn contains 48 zero bytes
> (or 3 R_LARCH_NONE relocations, which is defined "do thing" and is
> ignored by ld, ld.so, and kernel module loader).
>
But does the ELF psABI for LoongArch describe L_ARCH_NONE as a dynamic
relocation? .rela.dyn typically only contains relocations that are
specified as being suitable for runtime relocation.
> With Binutils trunk and GCC trunk, rela.dyn does not exist in
> vmlinux.(But for using the trunks of Binutils and GCC we'll need to
> either disable CONFIG_MODULES or apply [1].)
>
If this is going to land in v6.1 as well, I suggest to drop the patch
entirely. By the time this gets released, you can document which
minimal toolchain version is required for UEFI secure boot signed
kernels.
> [1]:https://lore.kernel.org/loongarch/20220827175436.156464-1-xry111@xry111.site/T/
>
> --
> Xi Ruoyao <xry111@xry111.site>
> School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
@ 2022-08-28 9:36 ` Ard Biesheuvel
0 siblings, 0 replies; 42+ messages in thread
From: Ard Biesheuvel @ 2022-08-28 9:36 UTC (permalink / raw)
To: Xi Ruoyao
Cc: 陈华才,
linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Lennart Poettering, Jeremy Linton
On Sun, 28 Aug 2022 at 05:31, Xi Ruoyao <xry111@xry111.site> wrote:
>
> On Sat, 2022-08-27 at 15:27 +0200, Ard Biesheuvel wrote:
> > It does have a relation: the signing tool will complain because the
> > PE/COFF metadata goes out of sync, like so
> >
> > SBSIGN arch/loongarch/boot/vmlinux.efi.signed
> > warning: data remaining[20754944 vs 20755016]: gaps between PE/COFF
> > sections?
> >
> > This is because of the *(.rela.dyn) section created by the linker,
> > which is appended after the .data section, and so the PE/COFF .data
> > section size does not match the file size.
> >
> > *However*, you explained to me that vmlinux is not a PIC binary, and
> > the link should be non-PIE as well. So this looks like another
> > toolchain issue to me, that you may want to look into.
>
> In my builds:
>
> With Binutils 2.39 and GCC 12, vmlinux rela.dyn contains 48 zero bytes
> (or 3 R_LARCH_NONE relocations, which is defined "do thing" and is
> ignored by ld, ld.so, and kernel module loader).
>
But does the ELF psABI for LoongArch describe L_ARCH_NONE as a dynamic
relocation? .rela.dyn typically only contains relocations that are
specified as being suitable for runtime relocation.
> With Binutils trunk and GCC trunk, rela.dyn does not exist in
> vmlinux.(But for using the trunks of Binutils and GCC we'll need to
> either disable CONFIG_MODULES or apply [1].)
>
If this is going to land in v6.1 as well, I suggest to drop the patch
entirely. By the time this gets released, you can document which
minimal toolchain version is required for UEFI secure boot signed
kernels.
> [1]:https://lore.kernel.org/loongarch/20220827175436.156464-1-xry111@xry111.site/T/
>
> --
> Xi Ruoyao <xry111@xry111.site>
> School of Aerospace Science and Technology, Xidian University
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
2022-08-28 9:36 ` Ard Biesheuvel
@ 2022-08-28 9:44 ` Xi Ruoyao
-1 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-08-28 9:44 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: 陈华才,
linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Lennart Poettering, Jeremy Linton
On Sun, 2022-08-28 at 11:36 +0200, Ard Biesheuvel wrote:
> But does the ELF psABI for LoongArch describe L_ARCH_NONE as a dynamic
> relocation? .rela.dyn typically only contains relocations that are
> specified as being suitable for runtime relocation.
In Binutils 2.39 the BFD linker often over-estimate the size of .rela.*.
For example if there is only 42 relocations, it may allocate the space
for 47 relocations and fill the unused space in the section with zero.
Then 5 R_LARCH_NONE will appear.
This has already caused trouble when we reviewed LoongArch glibc port,
but at last the reviewers considered using NONE relocations as a
"padding" acceptable. So in glibc ld.so will treat R_LARCH_NONE as a
"dynamic" relocation with no real effect.
The issue (or "bug", if we want a more serious term) seems fixed in
Binutils trunk, but I've not rebuilt the entire system with it so I'm
not sure if it's completely fixed.
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
@ 2022-08-28 9:44 ` Xi Ruoyao
0 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-08-28 9:44 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: 陈华才,
linux-efi, linux-arm-kernel, James E.J. Bottomley,
Matthew Garrett, Peter Jones, Ilias Apalodimas,
Heinrich Schuchardt, AKASHI Takahiro, Palmer Dabbelt,
Atish Patra, Arnd Bergmann, Lennart Poettering, Jeremy Linton
On Sun, 2022-08-28 at 11:36 +0200, Ard Biesheuvel wrote:
> But does the ELF psABI for LoongArch describe L_ARCH_NONE as a dynamic
> relocation? .rela.dyn typically only contains relocations that are
> specified as being suitable for runtime relocation.
In Binutils 2.39 the BFD linker often over-estimate the size of .rela.*.
For example if there is only 42 relocations, it may allocate the space
for 47 relocations and fill the unused space in the section with zero.
Then 5 R_LARCH_NONE will appear.
This has already caused trouble when we reviewed LoongArch glibc port,
but at last the reviewers considered using NONE relocations as a
"padding" acceptable. So in glibc ld.so will treat R_LARCH_NONE as a
"dynamic" relocation with no real effect.
The issue (or "bug", if we want a more serious term) seems fixed in
Binutils trunk, but I've not rebuilt the entire system with it so I'm
not sure if it's completely fixed.
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-28 9:52 ` Xi Ruoyao
-1 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-08-28 9:52 UTC (permalink / raw)
To: Ard Biesheuvel, linux-efi
Cc: linux-arm-kernel, James E.J. Bottomley, Matthew Garrett,
Peter Jones, Ilias Apalodimas, Heinrich Schuchardt,
AKASHI Takahiro, Palmer Dabbelt, Atish Patra, Arnd Bergmann,
Huacai Chen, Lennart Poettering, Jeremy Linton
Hi Ard,
Should we also add
--
diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
index 063a578bbdaa..6ee3d7826893 100644
--- a/arch/loongarch/Makefile
+++ b/arch/loongarch/Makefile
@@ -9,10 +9,16 @@ KBUILD_DEFCONFIG := loongson3_defconfig
ifndef CONFIG_EFI_STUB
KBUILD_IMAGE := $(boot)/vmlinux.elf
-else
+else # CONFIG_EFI_STUB
+
+ifndef CONFIG_EFI_ZBOOT
KBUILD_IMAGE := $(boot)/vmlinux.efi
+else
+KBUILD_IMAGE := $(boot)/vmlinuz.efi
endif
+endif # CONFIG_EFI_STUB
+
#
# Select the object file format to substitute into the linker script.
#
--
or do we deliberately expect builders to run "make vmlinuz.efi"
explicitly?
On Sat, 2022-08-27 at 10:38 +0200, Ard Biesheuvel wrote:
> Wire up the generic EFI zboot support for LoongArch64
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> arch/loongarch/Makefile | 2 +-
> arch/loongarch/boot/Makefile | 6 ++++++
> 2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> index 4bc47f47cfd8..7051a95f7f31 100644
> --- a/arch/loongarch/Makefile
> +++ b/arch/loongarch/Makefile
> @@ -93,7 +93,7 @@ vdso_install:
>
> all: $(notdir $(KBUILD_IMAGE))
>
> -vmlinux.elf vmlinux.efi: vmlinux
> +vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
> $(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
>
> install:
> diff --git a/arch/loongarch/boot/Makefile
> b/arch/loongarch/boot/Makefile
> index fecf34f50e56..4e1c374c5782 100644
> --- a/arch/loongarch/boot/Makefile
> +++ b/arch/loongarch/boot/Makefile
> @@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
> targets += vmlinux.efi
> $(obj)/vmlinux.efi: vmlinux FORCE
> $(call if_changed,objcopy)
> +
> +EFI_ZBOOT_PAYLOAD := vmlinux.efi
> +EFI_ZBOOT_BFD_TARGET := elf64-loongarch
> +EFI_ZBOOT_MACH_TYPE := LOONGARCH64
> +
> +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply related [flat|nested] 42+ messages in thread
* Re: [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
@ 2022-08-28 9:52 ` Xi Ruoyao
0 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-08-28 9:52 UTC (permalink / raw)
To: Ard Biesheuvel, linux-efi
Cc: linux-arm-kernel, James E.J. Bottomley, Matthew Garrett,
Peter Jones, Ilias Apalodimas, Heinrich Schuchardt,
AKASHI Takahiro, Palmer Dabbelt, Atish Patra, Arnd Bergmann,
Huacai Chen, Lennart Poettering, Jeremy Linton
Hi Ard,
Should we also add
--
diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
index 063a578bbdaa..6ee3d7826893 100644
--- a/arch/loongarch/Makefile
+++ b/arch/loongarch/Makefile
@@ -9,10 +9,16 @@ KBUILD_DEFCONFIG := loongson3_defconfig
ifndef CONFIG_EFI_STUB
KBUILD_IMAGE := $(boot)/vmlinux.elf
-else
+else # CONFIG_EFI_STUB
+
+ifndef CONFIG_EFI_ZBOOT
KBUILD_IMAGE := $(boot)/vmlinux.efi
+else
+KBUILD_IMAGE := $(boot)/vmlinuz.efi
endif
+endif # CONFIG_EFI_STUB
+
#
# Select the object file format to substitute into the linker script.
#
--
or do we deliberately expect builders to run "make vmlinuz.efi"
explicitly?
On Sat, 2022-08-27 at 10:38 +0200, Ard Biesheuvel wrote:
> Wire up the generic EFI zboot support for LoongArch64
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> arch/loongarch/Makefile | 2 +-
> arch/loongarch/boot/Makefile | 6 ++++++
> 2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> index 4bc47f47cfd8..7051a95f7f31 100644
> --- a/arch/loongarch/Makefile
> +++ b/arch/loongarch/Makefile
> @@ -93,7 +93,7 @@ vdso_install:
>
> all: $(notdir $(KBUILD_IMAGE))
>
> -vmlinux.elf vmlinux.efi: vmlinux
> +vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
> $(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
>
> install:
> diff --git a/arch/loongarch/boot/Makefile
> b/arch/loongarch/boot/Makefile
> index fecf34f50e56..4e1c374c5782 100644
> --- a/arch/loongarch/boot/Makefile
> +++ b/arch/loongarch/boot/Makefile
> @@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
> targets += vmlinux.efi
> $(obj)/vmlinux.efi: vmlinux FORCE
> $(call if_changed,objcopy)
> +
> +EFI_ZBOOT_PAYLOAD := vmlinux.efi
> +EFI_ZBOOT_BFD_TARGET := elf64-loongarch
> +EFI_ZBOOT_MACH_TYPE := LOONGARCH64
> +
> +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 42+ messages in thread
* Re: [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
2022-08-28 9:52 ` Xi Ruoyao
@ 2022-08-28 10:57 ` Xi Ruoyao
-1 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-08-28 10:57 UTC (permalink / raw)
To: Ard Biesheuvel, linux-efi
Cc: linux-arm-kernel, James E.J. Bottomley, Matthew Garrett,
Peter Jones, Ilias Apalodimas, Heinrich Schuchardt,
AKASHI Takahiro, Palmer Dabbelt, Atish Patra, Arnd Bergmann,
Huacai Chen, Lennart Poettering, Jeremy Linton
On Sun, 2022-08-28 at 17:52 +0800, Xi Ruoyao wrote:
> Hi Ard,
>
> Should we also add
>
> --
>
> diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> index 063a578bbdaa..6ee3d7826893 100644
> --- a/arch/loongarch/Makefile
> +++ b/arch/loongarch/Makefile
> @@ -9,10 +9,16 @@ KBUILD_DEFCONFIG := loongson3_defconfig
>
> ifndef CONFIG_EFI_STUB
> KBUILD_IMAGE := $(boot)/vmlinux.elf
> -else
> +else # CONFIG_EFI_STUB
> +
> +ifndef CONFIG_EFI_ZBOOT
> KBUILD_IMAGE := $(boot)/vmlinux.efi
> +else
> +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> endif
>
> +endif # CONFIG_EFI_STUB
> +
Oh, it depends on Huacai's not-merged-yet patch... Sorry for noise.
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
@ 2022-08-28 10:57 ` Xi Ruoyao
0 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-08-28 10:57 UTC (permalink / raw)
To: Ard Biesheuvel, linux-efi
Cc: linux-arm-kernel, James E.J. Bottomley, Matthew Garrett,
Peter Jones, Ilias Apalodimas, Heinrich Schuchardt,
AKASHI Takahiro, Palmer Dabbelt, Atish Patra, Arnd Bergmann,
Huacai Chen, Lennart Poettering, Jeremy Linton
On Sun, 2022-08-28 at 17:52 +0800, Xi Ruoyao wrote:
> Hi Ard,
>
> Should we also add
>
> --
>
> diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> index 063a578bbdaa..6ee3d7826893 100644
> --- a/arch/loongarch/Makefile
> +++ b/arch/loongarch/Makefile
> @@ -9,10 +9,16 @@ KBUILD_DEFCONFIG := loongson3_defconfig
>
> ifndef CONFIG_EFI_STUB
> KBUILD_IMAGE := $(boot)/vmlinux.elf
> -else
> +else # CONFIG_EFI_STUB
> +
> +ifndef CONFIG_EFI_ZBOOT
> KBUILD_IMAGE := $(boot)/vmlinux.efi
> +else
> +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> endif
>
> +endif # CONFIG_EFI_STUB
> +
Oh, it depends on Huacai's not-merged-yet patch... Sorry for noise.
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
2022-08-28 9:44 ` Xi Ruoyao
@ 2022-08-29 3:59 ` 陈华才
-1 siblings, 0 replies; 42+ messages in thread
From: 陈华才 @ 2022-08-29 3:59 UTC (permalink / raw)
To: Xi Ruoyao
Cc: Ard Biesheuvel, linux-efi, linux-arm-kernel,
James E.J. Bottomley, Matthew Garrett, Peter Jones,
Ilias Apalodimas, Heinrich Schuchardt, AKASHI Takahiro,
Palmer Dabbelt, Atish Patra, Arnd Bergmann, Lennart Poettering,
Jeremy Linton
OK, I think this is the root cause, but this patch is still worthy to go 6.0-rc4.
Huacai
> -----原始邮件-----
> 发件人: "Xi Ruoyao" <xry111@xry111.site>
> 发送时间:2022-08-28 17:44:24 (星期日)
> 收件人: "Ard Biesheuvel" <ardb@kernel.org>
> 抄送: "陈华才" <chenhuacai@loongson.cn>, linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, "James
> E.J. Bottomley" <James.Bottomley@hansenpartnership.com>, "Matthew Garrett" <mjg59@srcf.ucam.org>, "Peter Jones" <pjones@redhat.com>, "Ilias Apalodimas" <ilias.apalodimas@linaro.org>, "Heinrich Schuchardt" <heinrich.schuchardt@canonical.com>, "AKASHI Takahiro" <takahiro.akashi@linaro.org>, "Palmer Dabbelt" <palmer@dabbelt.com>, "Atish
> Patra" <atishp@atishpatra.org>, "Arnd Bergmann" <arnd@arndb.de>, "Lennart
> Poettering" <lennart@poettering.net>, "Jeremy Linton" <jeremy.linton@arm.com>
> 主题: Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
>
> On Sun, 2022-08-28 at 11:36 +0200, Ard Biesheuvel wrote:
> > But does the ELF psABI for LoongArch describe L_ARCH_NONE as a dynamic
> > relocation? .rela.dyn typically only contains relocations that are
> > specified as being suitable for runtime relocation.
>
> In Binutils 2.39 the BFD linker often over-estimate the size of .rela.*.
> For example if there is only 42 relocations, it may allocate the space
> for 47 relocations and fill the unused space in the section with zero.
> Then 5 R_LARCH_NONE will appear.
>
> This has already caused trouble when we reviewed LoongArch glibc port,
> but at last the reviewers considered using NONE relocations as a
> "padding" acceptable. So in glibc ld.so will treat R_LARCH_NONE as a
> "dynamic" relocation with no real effect.
>
> The issue (or "bug", if we want a more serious term) seems fixed in
> Binutils trunk, but I've not rebuilt the entire system with it so I'm
> not sure if it's completely fixed.
>
> --
> Xi Ruoyao <xry111@xry111.site>
> School of Aerospace Science and Technology, Xidian University
本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
@ 2022-08-29 3:59 ` 陈华才
0 siblings, 0 replies; 42+ messages in thread
From: 陈华才 @ 2022-08-29 3:59 UTC (permalink / raw)
To: Xi Ruoyao
Cc: Ard Biesheuvel, linux-efi, linux-arm-kernel,
James E.J. Bottomley, Matthew Garrett, Peter Jones,
Ilias Apalodimas, Heinrich Schuchardt, AKASHI Takahiro,
Palmer Dabbelt, Atish Patra, Arnd Bergmann, Lennart Poettering,
Jeremy Linton
OK, I think this is the root cause, but this patch is still worthy to go 6.0-rc4.
Huacai
> -----原始邮件-----
> 发件人: "Xi Ruoyao" <xry111@xry111.site>
> 发送时间:2022-08-28 17:44:24 (星期日)
> 收件人: "Ard Biesheuvel" <ardb@kernel.org>
> 抄送: "陈华才" <chenhuacai@loongson.cn>, linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, "James
> E.J. Bottomley" <James.Bottomley@hansenpartnership.com>, "Matthew Garrett" <mjg59@srcf.ucam.org>, "Peter Jones" <pjones@redhat.com>, "Ilias Apalodimas" <ilias.apalodimas@linaro.org>, "Heinrich Schuchardt" <heinrich.schuchardt@canonical.com>, "AKASHI Takahiro" <takahiro.akashi@linaro.org>, "Palmer Dabbelt" <palmer@dabbelt.com>, "Atish
> Patra" <atishp@atishpatra.org>, "Arnd Bergmann" <arnd@arndb.de>, "Lennart
> Poettering" <lennart@poettering.net>, "Jeremy Linton" <jeremy.linton@arm.com>
> 主题: Re: [PATCH v4 8/9] loongarch: avoid orphan input sections
>
> On Sun, 2022-08-28 at 11:36 +0200, Ard Biesheuvel wrote:
> > But does the ELF psABI for LoongArch describe L_ARCH_NONE as a dynamic
> > relocation? .rela.dyn typically only contains relocations that are
> > specified as being suitable for runtime relocation.
>
> In Binutils 2.39 the BFD linker often over-estimate the size of .rela.*.
> For example if there is only 42 relocations, it may allocate the space
> for 47 relocations and fill the unused space in the section with zero.
> Then 5 R_LARCH_NONE will appear.
>
> This has already caused trouble when we reviewed LoongArch glibc port,
> but at last the reviewers considered using NONE relocations as a
> "padding" acceptable. So in glibc ld.so will treat R_LARCH_NONE as a
> "dynamic" relocation with no real effect.
>
> The issue (or "bug", if we want a more serious term) seems fixed in
> Binutils trunk, but I've not rebuilt the entire system with it so I'm
> not sure if it's completely fixed.
>
> --
> Xi Ruoyao <xry111@xry111.site>
> School of Aerospace Science and Technology, Xidian University
本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: Re: [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
2022-08-28 9:52 ` Xi Ruoyao
@ 2022-08-29 8:13 ` 陈华才
-1 siblings, 0 replies; 42+ messages in thread
From: 陈华才 @ 2022-08-29 8:13 UTC (permalink / raw)
To: Xi Ruoyao
Cc: Ard Biesheuvel, linux-efi, linux-arm-kernel,
James E.J. Bottomley, Matthew Garrett, Peter Jones,
Ilias Apalodimas, Heinrich Schuchardt, AKASHI Takahiro,
Palmer Dabbelt, Atish Patra, Arnd Bergmann, Lennart Poettering,
Jeremy Linton
Hi, all,
> -----原始邮件-----
> 发件人: "Xi Ruoyao" <xry111@xry111.site>
> 发送时间:2022-08-28 17:52:20 (星期日)
> 收件人: "Ard Biesheuvel" <ardb@kernel.org>, linux-efi@vger.kernel.org
> 抄送: linux-arm-kernel@lists.infradead.org, "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>, "Matthew Garrett" <mjg59@srcf.ucam.org>, "Peter Jones" <pjones@redhat.com>, "Ilias Apalodimas" <ilias.apalodimas@linaro.org>, "Heinrich Schuchardt" <heinrich.schuchardt@canonical.com>, "AKASHI Takahiro" <takahiro.akashi@linaro.org>, "Palmer Dabbelt" <palmer@dabbelt.com>, "Atish
> Patra" <atishp@atishpatra.org>, "Arnd Bergmann" <arnd@arndb.de>, "Huacai Chen" <chenhuacai@loongson.cn>, "Lennart Poettering" <lennart@poettering.net>, "Jeremy Linton" <jeremy.linton@arm.com>
> 主题: Re: [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
>
> Hi Ard,
>
> Should we also add
>
> --
>
> diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> index 063a578bbdaa..6ee3d7826893 100644
> --- a/arch/loongarch/Makefile
> +++ b/arch/loongarch/Makefile
> @@ -9,10 +9,16 @@ KBUILD_DEFCONFIG := loongson3_defconfig
>
> ifndef CONFIG_EFI_STUB
> KBUILD_IMAGE := $(boot)/vmlinux.elf
> -else
> +else # CONFIG_EFI_STUB
> +
> +ifndef CONFIG_EFI_ZBOOT
> KBUILD_IMAGE := $(boot)/vmlinux.efi
> +else
> +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> endif
>
> +endif # CONFIG_EFI_STUB
> +
> #
> # Select the object file format to substitute into the linker script.
> #
>
> --
>
> or do we deliberately expect builders to run "make vmlinuz.efi"
> explicitly?
I prefer to add to KBUILD_IMAGE, we can even add to make install.
Huacai
>
> On Sat, 2022-08-27 at 10:38 +0200, Ard Biesheuvel wrote:
> > Wire up the generic EFI zboot support for LoongArch64
> >
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > ---
> > arch/loongarch/Makefile | 2 +-
> > arch/loongarch/boot/Makefile | 6 ++++++
> > 2 files changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> > index 4bc47f47cfd8..7051a95f7f31 100644
> > --- a/arch/loongarch/Makefile
> > +++ b/arch/loongarch/Makefile
> > @@ -93,7 +93,7 @@ vdso_install:
> >
> > all: $(notdir $(KBUILD_IMAGE))
> >
> > -vmlinux.elf vmlinux.efi: vmlinux
> > +vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
> > $(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
> >
> > install:
> > diff --git a/arch/loongarch/boot/Makefile
> > b/arch/loongarch/boot/Makefile
> > index fecf34f50e56..4e1c374c5782 100644
> > --- a/arch/loongarch/boot/Makefile
> > +++ b/arch/loongarch/boot/Makefile
> > @@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
> > targets += vmlinux.efi
> > $(obj)/vmlinux.efi: vmlinux FORCE
> > $(call if_changed,objcopy)
> > +
> > +EFI_ZBOOT_PAYLOAD := vmlinux.efi
> > +EFI_ZBOOT_BFD_TARGET := elf64-loongarch
> > +EFI_ZBOOT_MACH_TYPE := LOONGARCH64
> > +
> > +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
>
> --
> Xi Ruoyao <xry111@xry111.site>
> School of Aerospace Science and Technology, Xidian University
本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: Re: [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
@ 2022-08-29 8:13 ` 陈华才
0 siblings, 0 replies; 42+ messages in thread
From: 陈华才 @ 2022-08-29 8:13 UTC (permalink / raw)
To: Xi Ruoyao
Cc: Ard Biesheuvel, linux-efi, linux-arm-kernel,
James E.J. Bottomley, Matthew Garrett, Peter Jones,
Ilias Apalodimas, Heinrich Schuchardt, AKASHI Takahiro,
Palmer Dabbelt, Atish Patra, Arnd Bergmann, Lennart Poettering,
Jeremy Linton
Hi, all,
> -----原始邮件-----
> 发件人: "Xi Ruoyao" <xry111@xry111.site>
> 发送时间:2022-08-28 17:52:20 (星期日)
> 收件人: "Ard Biesheuvel" <ardb@kernel.org>, linux-efi@vger.kernel.org
> 抄送: linux-arm-kernel@lists.infradead.org, "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>, "Matthew Garrett" <mjg59@srcf.ucam.org>, "Peter Jones" <pjones@redhat.com>, "Ilias Apalodimas" <ilias.apalodimas@linaro.org>, "Heinrich Schuchardt" <heinrich.schuchardt@canonical.com>, "AKASHI Takahiro" <takahiro.akashi@linaro.org>, "Palmer Dabbelt" <palmer@dabbelt.com>, "Atish
> Patra" <atishp@atishpatra.org>, "Arnd Bergmann" <arnd@arndb.de>, "Huacai Chen" <chenhuacai@loongson.cn>, "Lennart Poettering" <lennart@poettering.net>, "Jeremy Linton" <jeremy.linton@arm.com>
> 主题: Re: [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot
>
> Hi Ard,
>
> Should we also add
>
> --
>
> diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> index 063a578bbdaa..6ee3d7826893 100644
> --- a/arch/loongarch/Makefile
> +++ b/arch/loongarch/Makefile
> @@ -9,10 +9,16 @@ KBUILD_DEFCONFIG := loongson3_defconfig
>
> ifndef CONFIG_EFI_STUB
> KBUILD_IMAGE := $(boot)/vmlinux.elf
> -else
> +else # CONFIG_EFI_STUB
> +
> +ifndef CONFIG_EFI_ZBOOT
> KBUILD_IMAGE := $(boot)/vmlinux.efi
> +else
> +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> endif
>
> +endif # CONFIG_EFI_STUB
> +
> #
> # Select the object file format to substitute into the linker script.
> #
>
> --
>
> or do we deliberately expect builders to run "make vmlinuz.efi"
> explicitly?
I prefer to add to KBUILD_IMAGE, we can even add to make install.
Huacai
>
> On Sat, 2022-08-27 at 10:38 +0200, Ard Biesheuvel wrote:
> > Wire up the generic EFI zboot support for LoongArch64
> >
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> > ---
> > arch/loongarch/Makefile | 2 +-
> > arch/loongarch/boot/Makefile | 6 ++++++
> > 2 files changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> > index 4bc47f47cfd8..7051a95f7f31 100644
> > --- a/arch/loongarch/Makefile
> > +++ b/arch/loongarch/Makefile
> > @@ -93,7 +93,7 @@ vdso_install:
> >
> > all: $(notdir $(KBUILD_IMAGE))
> >
> > -vmlinux.elf vmlinux.efi: vmlinux
> > +vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
> > $(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
> >
> > install:
> > diff --git a/arch/loongarch/boot/Makefile
> > b/arch/loongarch/boot/Makefile
> > index fecf34f50e56..4e1c374c5782 100644
> > --- a/arch/loongarch/boot/Makefile
> > +++ b/arch/loongarch/boot/Makefile
> > @@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
> > targets += vmlinux.efi
> > $(obj)/vmlinux.efi: vmlinux FORCE
> > $(call if_changed,objcopy)
> > +
> > +EFI_ZBOOT_PAYLOAD := vmlinux.efi
> > +EFI_ZBOOT_BFD_TARGET := elf64-loongarch
> > +EFI_ZBOOT_MACH_TYPE := LOONGARCH64
> > +
> > +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
>
> --
> Xi Ruoyao <xry111@xry111.site>
> School of Aerospace Science and Technology, Xidian University
本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 6/9] arm64: efi: enable generic EFI compressed boot
2022-08-27 8:38 ` Ard Biesheuvel
@ 2022-08-31 22:05 ` Jeremy Linton
-1 siblings, 0 replies; 42+ messages in thread
From: Jeremy Linton @ 2022-08-31 22:05 UTC (permalink / raw)
To: Ard Biesheuvel, linux-efi
Cc: linux-arm-kernel, James E.J. Bottomley, Matthew Garrett,
Peter Jones, Ilias Apalodimas, Heinrich Schuchardt,
AKASHI Takahiro, Palmer Dabbelt, Atish Patra, Arnd Bergmann,
Huacai Chen, Xi Ruoyao, Lennart Poettering
Hi,
On 8/27/22 03:38, Ard Biesheuvel wrote:
> Wire up the generic EFI zboot support for arm64.
Thanks for this series, its very helpful when using a boot manager that
isn't grub (ex: systemd-boot, ipxe, etc) since those boot managers have
the expectation that they are simply executing efi images. Given how
large some of the uncompressed images get, and having a half dozen of
them on a machine isn't ideal. So this series solves that problem, as
well as cleans up some of the less than ideal grubisms that aren't
needed on !x86 platforms.
So, I've been testing this series with a clean (as in grub/grubby/etc
was never near the system) systemd-boot, which now works given the fixes
to the initrd= option. It seems that the resulting boot path is
noticeably faster as well. Given I've been testing both gziped and
Lz4'ed images it could just be the latter option is faster, or it could
be grubs decompressor/load sequence is just slow.
That said, I think there are a couple build tweaks in order. First, I
would expect that just a normal 'make' (rather than 'make vmlinuz.efi')
would make the resulting image when ZBOOT is enabled . Then I would
expect 'make install' (or maybe a new 'make ezinstall?') to pass the new
compressed efi to the installkernel utility. The install option would
work without changes if the make pass just renames/creates the resulting
vmlinuz.efi as Image. So.. there are a bunch of choices here, but my
assumption is that the ZBOOT changes the resulting image, and the normal
make/make install sequence just does the right thing.
So, now the fun bit. At the moment my shim->grub->efi-stubbed kernel
path (which is the default fedora/rhel sequence) appears to be broken if
I swap the compressed image (not the .gz version) in for a normal
decompressed kernel. That appears to be a grub bug in fedora at the
moment, but I've not fully tracked it down.
I was going to test secure boot, but the above problem has temporary
stalled that, and I'm still cleaning up a few things on the sd-boot side
(there isn't a shim in the path) before that is a workable testing path
for anything other than a test signed kernel.
Thanks again for this, its extremely helpful.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> arch/arm64/Makefile | 4 ++--
> arch/arm64/boot/Makefile | 6 ++++++
> 2 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
> index 6d9d4a58b898..92676ccc6363 100644
> --- a/arch/arm64/Makefile
> +++ b/arch/arm64/Makefile
> @@ -153,10 +153,10 @@ libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
> boot := arch/arm64/boot
> KBUILD_IMAGE := $(boot)/Image.gz
>
> -all: Image.gz
> +all: $(notdir $(KBUILD_IMAGE))
>
>
> -Image: vmlinux
> +Image vmlinuz.efi: vmlinux
> $(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
>
> Image.%: Image
> diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile
> index a0e3dedd2883..c65aee088410 100644
> --- a/arch/arm64/boot/Makefile
> +++ b/arch/arm64/boot/Makefile
> @@ -38,3 +38,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
>
> $(obj)/Image.zst: $(obj)/Image FORCE
> $(call if_changed,zstd)
> +
> +EFI_ZBOOT_PAYLOAD := Image
> +EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64
> +EFI_ZBOOT_MACH_TYPE := ARM64
> +
> +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 6/9] arm64: efi: enable generic EFI compressed boot
@ 2022-08-31 22:05 ` Jeremy Linton
0 siblings, 0 replies; 42+ messages in thread
From: Jeremy Linton @ 2022-08-31 22:05 UTC (permalink / raw)
To: Ard Biesheuvel, linux-efi
Cc: linux-arm-kernel, James E.J. Bottomley, Matthew Garrett,
Peter Jones, Ilias Apalodimas, Heinrich Schuchardt,
AKASHI Takahiro, Palmer Dabbelt, Atish Patra, Arnd Bergmann,
Huacai Chen, Xi Ruoyao, Lennart Poettering
Hi,
On 8/27/22 03:38, Ard Biesheuvel wrote:
> Wire up the generic EFI zboot support for arm64.
Thanks for this series, its very helpful when using a boot manager that
isn't grub (ex: systemd-boot, ipxe, etc) since those boot managers have
the expectation that they are simply executing efi images. Given how
large some of the uncompressed images get, and having a half dozen of
them on a machine isn't ideal. So this series solves that problem, as
well as cleans up some of the less than ideal grubisms that aren't
needed on !x86 platforms.
So, I've been testing this series with a clean (as in grub/grubby/etc
was never near the system) systemd-boot, which now works given the fixes
to the initrd= option. It seems that the resulting boot path is
noticeably faster as well. Given I've been testing both gziped and
Lz4'ed images it could just be the latter option is faster, or it could
be grubs decompressor/load sequence is just slow.
That said, I think there are a couple build tweaks in order. First, I
would expect that just a normal 'make' (rather than 'make vmlinuz.efi')
would make the resulting image when ZBOOT is enabled . Then I would
expect 'make install' (or maybe a new 'make ezinstall?') to pass the new
compressed efi to the installkernel utility. The install option would
work without changes if the make pass just renames/creates the resulting
vmlinuz.efi as Image. So.. there are a bunch of choices here, but my
assumption is that the ZBOOT changes the resulting image, and the normal
make/make install sequence just does the right thing.
So, now the fun bit. At the moment my shim->grub->efi-stubbed kernel
path (which is the default fedora/rhel sequence) appears to be broken if
I swap the compressed image (not the .gz version) in for a normal
decompressed kernel. That appears to be a grub bug in fedora at the
moment, but I've not fully tracked it down.
I was going to test secure boot, but the above problem has temporary
stalled that, and I'm still cleaning up a few things on the sd-boot side
(there isn't a shim in the path) before that is a workable testing path
for anything other than a test signed kernel.
Thanks again for this, its extremely helpful.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
> arch/arm64/Makefile | 4 ++--
> arch/arm64/boot/Makefile | 6 ++++++
> 2 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
> index 6d9d4a58b898..92676ccc6363 100644
> --- a/arch/arm64/Makefile
> +++ b/arch/arm64/Makefile
> @@ -153,10 +153,10 @@ libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
> boot := arch/arm64/boot
> KBUILD_IMAGE := $(boot)/Image.gz
>
> -all: Image.gz
> +all: $(notdir $(KBUILD_IMAGE))
>
>
> -Image: vmlinux
> +Image vmlinuz.efi: vmlinux
> $(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
>
> Image.%: Image
> diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile
> index a0e3dedd2883..c65aee088410 100644
> --- a/arch/arm64/boot/Makefile
> +++ b/arch/arm64/boot/Makefile
> @@ -38,3 +38,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
>
> $(obj)/Image.zst: $(obj)/Image FORCE
> $(call if_changed,zstd)
> +
> +EFI_ZBOOT_PAYLOAD := Image
> +EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64
> +EFI_ZBOOT_MACH_TYPE := ARM64
> +
> +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 6/9] arm64: efi: enable generic EFI compressed boot
2022-08-31 22:05 ` Jeremy Linton
@ 2022-09-01 0:48 ` Xi Ruoyao
-1 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-09-01 0:48 UTC (permalink / raw)
To: Jeremy Linton, Ard Biesheuvel, linux-efi
Cc: linux-arm-kernel, James E.J. Bottomley, Matthew Garrett,
Peter Jones, Ilias Apalodimas, Heinrich Schuchardt,
AKASHI Takahiro, Palmer Dabbelt, Atish Patra, Arnd Bergmann,
Huacai Chen, Lennart Poettering
On Wed, 2022-08-31 at 17:05 -0500, Jeremy Linton wrote:
> So, now the fun bit. At the moment my shim->grub->efi-stubbed kernel
> path (which is the default fedora/rhel sequence) appears to be broken if
> I swap the compressed image (not the .gz version) in for a normal
> decompressed kernel. That appears to be a grub bug in fedora at the
> moment, but I've not fully tracked it down.
GRUB will need to be patched for generic EFI zboot:
https://lists.gnu.org/archive/html/grub-devel/2022-08/msg00113.html
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 42+ messages in thread
* Re: [PATCH v4 6/9] arm64: efi: enable generic EFI compressed boot
@ 2022-09-01 0:48 ` Xi Ruoyao
0 siblings, 0 replies; 42+ messages in thread
From: Xi Ruoyao @ 2022-09-01 0:48 UTC (permalink / raw)
To: Jeremy Linton, Ard Biesheuvel, linux-efi
Cc: linux-arm-kernel, James E.J. Bottomley, Matthew Garrett,
Peter Jones, Ilias Apalodimas, Heinrich Schuchardt,
AKASHI Takahiro, Palmer Dabbelt, Atish Patra, Arnd Bergmann,
Huacai Chen, Lennart Poettering
On Wed, 2022-08-31 at 17:05 -0500, Jeremy Linton wrote:
> So, now the fun bit. At the moment my shim->grub->efi-stubbed kernel
> path (which is the default fedora/rhel sequence) appears to be broken if
> I swap the compressed image (not the .gz version) in for a normal
> decompressed kernel. That appears to be a grub bug in fedora at the
> moment, but I've not fully tracked it down.
GRUB will need to be patched for generic EFI zboot:
https://lists.gnu.org/archive/html/grub-devel/2022-08/msg00113.html
--
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 42+ messages in thread
end of thread, other threads:[~2022-09-01 0:50 UTC | newest]
Thread overview: 42+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-27 8:38 [PATCH v4 0/9] efi: implement generic compressed boot support Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-27 8:38 ` [PATCH v4 1/9] efi: name the ARCH-stub.c files uniformly Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-27 8:38 ` [PATCH v4 2/9] efi/libstub: add some missing EFI prototypes Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-27 8:38 ` [PATCH v4 3/9] efi/libstub: use EFI provided memcpy/memset routines Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-27 8:38 ` [PATCH v4 4/9] efi/libstub: move efi_system_table global var into separate object Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-27 8:38 ` [PATCH v4 5/9] efi/libstub: implement generic EFI zboot Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-27 8:38 ` [PATCH v4 6/9] arm64: efi: enable generic EFI compressed boot Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-31 22:05 ` Jeremy Linton
2022-08-31 22:05 ` Jeremy Linton
2022-09-01 0:48 ` Xi Ruoyao
2022-09-01 0:48 ` Xi Ruoyao
2022-08-27 8:38 ` [PATCH v4 7/9] riscv: " Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-27 8:38 ` [PATCH v4 8/9] loongarch: avoid orphan input sections Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-27 10:15 ` 陈华才
2022-08-27 10:15 ` 陈华才
2022-08-27 13:27 ` Ard Biesheuvel
2022-08-27 13:27 ` Ard Biesheuvel
2022-08-28 3:31 ` Xi Ruoyao
2022-08-28 3:31 ` Xi Ruoyao
2022-08-28 9:36 ` Ard Biesheuvel
2022-08-28 9:36 ` Ard Biesheuvel
2022-08-28 9:44 ` Xi Ruoyao
2022-08-28 9:44 ` Xi Ruoyao
2022-08-29 3:59 ` 陈华才
2022-08-29 3:59 ` 陈华才
2022-08-27 8:38 ` [PATCH v4 9/9] loongarch: efi: enable generic EFI compressed boot Ard Biesheuvel
2022-08-27 8:38 ` Ard Biesheuvel
2022-08-28 9:52 ` Xi Ruoyao
2022-08-28 9:52 ` Xi Ruoyao
2022-08-28 10:57 ` Xi Ruoyao
2022-08-28 10:57 ` Xi Ruoyao
2022-08-29 8:13 ` 陈华才
2022-08-29 8:13 ` 陈华才
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.