File tree Expand file tree Collapse file tree 6 files changed +44
-11
lines changed Expand file tree Collapse file tree 6 files changed +44
-11
lines changed Original file line number Diff line number Diff line change @@ -71,7 +71,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE
7171
7272SETUP_OBJS = $(addprefix $(obj ) /,$(setup-y ) )
7373
74- sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|z_.*\)$$/\# define ZO_\2 0x\1/p'
74+ sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|_e\?sbat\| z_.*\)$$/\# define ZO_\2 0x\1/p'
7575
7676quiet_cmd_zoffset = ZOFFSET $@
7777 cmd_zoffset = $(NM ) $< | sed -n $(sed-zoffset ) > $@
Original file line number Diff line number Diff line change @@ -106,6 +106,11 @@ vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/mem.o
106106vmlinux-objs-$(CONFIG_EFI) += $(obj ) /efi.o
107107vmlinux-libs-$(CONFIG_EFI_STUB) += $(objtree ) /drivers/firmware/efi/libstub/lib.a
108108vmlinux-libs-$(CONFIG_X86_64) += $(objtree ) /arch/x86/boot/startup/lib.a
109+ vmlinux-objs-$(CONFIG_EFI_SBAT) += $(obj ) /sbat.o
110+
111+ ifdef CONFIG_EFI_SBAT
112+ $(obj ) /sbat.o$(CONFIG_EFI_SBAT_FILE )
113+ endif
109114
110115$(obj ) /vmlinux$(vmlinux-objs-y ) $(vmlinux-libs-y ) FORCE
111116 $(call if_changed,ld)
Original file line number Diff line number Diff line change 1+ /* SPDX-License-Identifier: GPL-2.0 */
2+ /*
3+ * Embed SBAT data in the kernel.
4+ */
5+ .pushsection ".sbat" , "a" , @progbits
6+ .incbin CONFIG_EFI_SBAT_FILE
7+ .popsection
Original file line number Diff line number Diff line change @@ -43,6 +43,14 @@ SECTIONS
4343 *(.rodata.*)
4444 _erodata =
4545 }
46+ #ifdef CONFIG_EFI_SBAT
47+ .sbat : ALIGN(0x1000 ) {
48+ _sbat =
49+ *(.sbat)
50+ _esbat = 0x1000 );
51+ . = _esbat;
52+ }
53+ #endif
4654 .data : ALIGN(0x1000 ) {
4755 _data =
4856 *(.data )
Original file line number Diff line number Diff line change @@ -179,15 +179,11 @@ pecompat_fstart:
179179#else
180180 .set pecompat_fstart, setup_size
181181#endif
182- .ascii ".text"
183- .byte 0
184- .byte 0
185- .byte 0
186- .long ZO__data
187- .long setup_size
188- .long ZO__data # Size of initialized data
189- # on disk
190- .long setup_size
182+ .ascii ".text\0\0\0"
183+ .long textsize # VirtualSize
184+ .long setup_size # VirtualAddress
185+ .long textsize # SizeOfRawData
186+ .long setup_size # PointerToRawData
191187 .long 0 # PointerToRelocations
192188 .long 0 # PointerToLineNumbers
193189 .word 0 # NumberOfRelocations
@@ -196,6 +192,23 @@ pecompat_fstart:
196192 IMAGE_SCN_MEM_READ | \
197193 IMAGE_SCN_MEM_EXECUTE # Characteristics
198194
195+ #ifdef CONFIG_EFI_SBAT
196+ .ascii ".sbat\0\0\0"
197+ .long ZO__esbat - ZO__sbat # VirtualSize
198+ .long setup_size + ZO__sbat # VirtualAddress
199+ .long ZO__esbat - ZO__sbat # SizeOfRawData
200+ .long setup_size + ZO__sbat # PointerToRawData
201+
202+ .long 0 , 0 , 0
203+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
204+ IMAGE_SCN_MEM_READ | \
205+ IMAGE_SCN_MEM_DISCARDABLE # Characteristics
206+
207+ .set textsize, ZO__sbat
208+ #else
209+ .set textsize, ZO__data
210+ #endif
211+
199212 .ascii ".data\0\0\0"
200213 .long ZO__end - ZO__data # VirtualSize
201214 .long setup_size + ZO__data # VirtualAddress
Original file line number Diff line number Diff line change @@ -286,7 +286,7 @@ config EFI_SBAT
286286
287287config EFI_SBAT_FILE
288288 string "Embedded SBAT section file path"
289- depends on EFI_ZBOOT
289+ depends on EFI_ZBOOT || (EFI_STUB && X86)
290290 help
291291 SBAT section provides a way to improve SecureBoot revocations of UEFI
292292 binaries by introducing a generation-based mechanism. With SBAT, older
You can’t perform that action at this time.
0 commit comments