File fwupdate-bsc1182057-add-sbat-support.patch of Package fwupdate.24672

From c357103a999610f72062d577d3f27a9a539272c8 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 24 Feb 2021 16:45:40 +0800
Subject: [PATCH] Add SBAT Support to EFI binaries

Signed-off-by: Gary Lin <glin@suse.com>
---
 data/sbat.csv           |  2 ++
 efi/Makefile            | 13 ++++++++++---
 efi/elf_aarch64_efi.lds | 10 ++++++++++
 efi/elf_ia32_efi.lds    |  8 ++++++++
 efi/elf_x86_64_efi.lds  |  8 ++++++++
 5 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 data/sbat.csv

diff --git a/data/sbat.csv b/data/sbat.csv
new file mode 100644
index 0000000..ed4daf8
--- /dev/null
+++ b/data/sbat.csv
@@ -0,0 +1,2 @@
+sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
+fwupdate,1,Firmware Update Utility,fwupdate,0.5,https://github.com/rhboot/fwupdate
diff --git a/efi/Makefile b/efi/Makefile
index 8a3c6bd..01fdb2d 100644
--- a/efi/Makefile
+++ b/efi/Makefile
@@ -14,6 +14,7 @@ CCLDFLAGS	?= -nostdlib -Wl,--warn-common \
 	-Wl,--build-id=sha1 -Wl,--hash-style=sysv \
 	$(GNUEFIDIR)/crt0-efi-$(ARCH).o
 OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.* //g' | cut -f1-2 -d.` \>= 2.24)
+SBATPATH ?= $(TOPDIR)/data/sbat.csv
 
 FWUP = fwupdate
 
@@ -48,6 +49,12 @@ endif
 
 TARGETS = fakeesrt2.efi fakeesrt.efi dumpesrt.efi $(FWUP).efi mkvar.efi dumpf.efi mkvar2.efi
 
+sbat.o : $(SBATPATH)
+	$(CC) -x c -c -o $@ /dev/null
+	$(OBJCOPY) --add-section .sbat=$(SBATPATH) \
+		--set-section-flags .sbat=contents,alloc,load,readonly,data \
+		$@
+
 all : $(TARGETS)
 
 .SECONDARY: $(foreach target,$(TARGETS),$(target).debug $(target).build-id)
@@ -65,7 +72,7 @@ ifneq ($(OBJCOPY_GTE224),1)
 	$(error objcopy >= 2.24 is required)
 endif
 	$(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic -j .dynsym \
-		-j .rel* -j .rela* -j .reloc -j .eh_frame \
+		-j .rel* -j .rela* -j .reloc -j .eh_frame -j .sbat \
 		$(FORMAT) $^ $@
 
 %.efi.debug : %.so
@@ -73,7 +80,7 @@ ifneq ($(OBJCOPY_GTE224),1)
 	$(error objcopy >= 2.24 is required)
 endif
 	$(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic -j .dynsym \
-		-j .rel* -j .rela* -j .reloc -j .eh_frame \
+		-j .rel* -j .rela* -j .reloc -j .eh_frame -j .sbat \
 		-j .debug* -j .note.gnu.build-id \
 		$^ $@
 
@@ -81,7 +88,7 @@ endif
 	$(READELF) -n $^ | grep "Build ID:" | \
 		sed -e 's/^.*Build ID: //' -e 's,^\(..\),\1/,' > $@
 
-%.so : %.o
+%.so : %.o sbat.o
 	$(CC) $(CCLDFLAGS) -o $@ $^ -lefi -lgnuefi \
 		$(shell $(CC) -print-libgcc-file-name) \
 		-T elf_$(ARCH)_efi.lds
diff --git a/efi/elf_aarch64_efi.lds b/efi/elf_aarch64_efi.lds
index 365692d..6ded938 100644
--- a/efi/elf_aarch64_efi.lds
+++ b/efi/elf_aarch64_efi.lds
@@ -39,6 +39,16 @@ SECTIONS
   }
   .note.gnu.build-id : { *(.note.gnu.build-id) }
 
+  . = ALIGN(4096);
+  .sbat :
+  {
+    _sbat = .;
+    *(.sbat)
+    *(.sbat.*)
+    _esbat = .;
+  }
+  . = ALIGN(4096);
+
   .rela.dyn : { *(.rela.dyn) }
   .rela.plt : { *(.rela.plt) }
   .rela.got : { *(.rela.got) }
diff --git a/efi/elf_ia32_efi.lds b/efi/elf_ia32_efi.lds
index af2f11c..9412257 100644
--- a/efi/elf_ia32_efi.lds
+++ b/efi/elf_ia32_efi.lds
@@ -46,6 +46,14 @@ SECTIONS
   }
   .note.gnu.build-id : { *(.note.gnu.build-id) }
 
+  . = ALIGN(4096);
+  .sbat :
+  {
+    _sbat = .;
+    *(.sbat)
+    *(.sbat.*)
+    _esbat = .;
+  }
   . = ALIGN(4096);
   .dynamic  : { *(.dynamic) }
   . = ALIGN(4096);
diff --git a/efi/elf_x86_64_efi.lds b/efi/elf_x86_64_efi.lds
index 573d29b..9b40338 100644
--- a/efi/elf_x86_64_efi.lds
+++ b/efi/elf_x86_64_efi.lds
@@ -46,6 +46,14 @@ SECTIONS
   }
   .note.gnu.build-id : { *(.note.gnu.build-id) }
 
+  . = ALIGN(4096);
+  .sbat :
+  {
+    _sbat = .;
+    *(.sbat)
+    *(.sbat.*)
+    _esbat = .;
+  }
   . = ALIGN(4096);
   .dynamic  : { *(.dynamic) }
   . = ALIGN(4096);
-- 
2.29.2