File fwupdate-bsc1182057-add-sbat-support.patch of Package fwupdate.28667
From ed4d0fb9c5148ab4d534f4fbcde5c368eab3b0ee Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 24 Feb 2021 16:45:40 +0800
Subject: [PATCH] Add SBAT Support to EFI binaries
Signed-off-by: Gary Lin <glin@suse.com>
---
data/sbat.csv | 2 ++
efi/Makefile | 13 ++++++++++---
efi/elf_aarch64_efi.lds | 10 ++++++++++
efi/elf_ia32_efi.lds | 8 ++++++++
efi/elf_x86_64_efi.lds | 8 ++++++++
5 files changed, 38 insertions(+), 3 deletions(-)
create mode 100644 data/sbat.csv
Index: fwupdate-12/data/sbat.csv
===================================================================
--- /dev/null
+++ fwupdate-12/data/sbat.csv
@@ -0,0 +1,2 @@
+sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
+fwupdate,1,Firmware Update Utility,fwupdate,12,https://github.com/rhboot/fwupdate
Index: fwupdate-12/efi/Makefile
===================================================================
--- fwupdate-12.orig/efi/Makefile
+++ fwupdate-12/efi/Makefile
@@ -8,6 +8,7 @@ endif
include $(TOP)/Make.defaults
include $(TOP)/Make.rules
VPATH = $(TOP)/efi
+SBATPATH ?= $(TOP)/data/sbat.csv
CFLAGS ?= -Og -g3 -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 \
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 \
@@ -71,6 +72,12 @@ endif
TARGETS = fakeesrt2.efi fakeesrt.efi dumpesrt.efi $(FWUP).efi mkvar.efi dumpf.efi mkvar2.efi
+sbat.o : $(SBATPATH)
+ $(CC) -x c -c -o $@ /dev/null
+ $(OBJCOPY) --add-section .sbat=$(SBATPATH) \
+ --set-section-flags .sbat=contents,alloc,load,readonly,data \
+ $@
+
all : $(TARGETS)
abidw abicheck :
@@ -93,7 +100,7 @@ ifneq ($(OBJCOPY_GTE224),1)
$(error objcopy >= 2.24 is required)
endif
$(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic -j .dynsym \
- -j .rel* -j .rela* -j .reloc -j .eh_frame \
+ -j .rel* -j .rela* -j .reloc -j .eh_frame -j .sbat \
$(FORMAT) $^ $@
%.efi.debug : %.so
@@ -101,7 +108,7 @@ ifneq ($(OBJCOPY_GTE224),1)
$(error objcopy >= 2.24 is required)
endif
$(OBJCOPY) -j .text -j .sdata -j .data -j .dynamic -j .dynsym \
- -j .rel* -j .rela* -j .reloc -j .eh_frame \
+ -j .rel* -j .rela* -j .reloc -j .eh_frame -j .sbat \
-j .debug* -j .note.gnu.build-id \
$^ $@
@@ -109,7 +116,7 @@ endif
$(READELF) -n $^ | grep "Build ID:" | \
sed -e 's/^.*Build ID: //' -e 's,^\(..\),\1/,' > $@
-%.so : %.o
+%.so : %.o sbat.o
$(CC) $(CCLDFLAGS) -o $@ $^ -lefi -lgnuefi \
$(LIBGCC) \
-T elf_$(ARCH)_efi.lds
Index: fwupdate-12/efi/elf_aarch64_efi.lds
===================================================================
--- fwupdate-12.orig/efi/elf_aarch64_efi.lds
+++ fwupdate-12/efi/elf_aarch64_efi.lds
@@ -1,6 +1,12 @@
OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64")
OUTPUT_ARCH(aarch64)
ENTRY(_start)
+PHDRS
+{
+ text PT_LOAD FLAGS(5);
+ data PT_LOAD FLAGS(6);
+ sbat PT_LOAD FLAGS(4);
+}
SECTIONS
{
.text 0x0 : {
@@ -12,7 +18,7 @@ SECTIONS
*(.srodata)
*(.rodata*)
. = ALIGN(16);
- }
+ } :text
_etext = .;
_text_size = . - _text;
.dynamic : { *(.dynamic) }
@@ -37,7 +43,17 @@ SECTIONS
*(COMMON)
. = ALIGN(16);
_bss_end = .;
- }
+ } :data
+
+ . = ALIGN(4096);
+ .sbat :
+ {
+ _sbat = .;
+ *(.sbat)
+ *(.sbat.*)
+ _esbat = .;
+ } :sbat
+ . = ALIGN(4096);
.rela.dyn : { *(.rela.dyn) }
.rela.plt : { *(.rela.plt) }
Index: fwupdate-12/efi/elf_ia32_efi.lds
===================================================================
--- fwupdate-12.orig/efi/elf_ia32_efi.lds
+++ fwupdate-12/efi/elf_ia32_efi.lds
@@ -48,6 +48,14 @@ SECTIONS
.note.gnu.build-id : { *(.note.gnu.build-id) }
. = ALIGN(4096);
+ .sbat :
+ {
+ _sbat = .;
+ *(.sbat)
+ *(.sbat.*)
+ _esbat = .;
+ }
+ . = ALIGN(4096);
.dynamic : { *(.dynamic) }
. = ALIGN(4096);
.rel :
Index: fwupdate-12/efi/elf_x86_64_efi.lds
===================================================================
--- fwupdate-12.orig/efi/elf_x86_64_efi.lds
+++ fwupdate-12/efi/elf_x86_64_efi.lds
@@ -48,6 +48,14 @@ SECTIONS
.note.gnu.build-id : { *(.note.gnu.build-id) }
. = ALIGN(4096);
+ .sbat :
+ {
+ _sbat = .;
+ *(.sbat)
+ *(.sbat.*)
+ _esbat = .;
+ }
+ . = ALIGN(4096);
.dynamic : { *(.dynamic) }
. = ALIGN(4096);
.rela :
