Commit 538bc0f4 authored by Ard Biesheuvel's avatar Ard Biesheuvel

efi/zboot: Set forward edge CFI compat header flag if supported

Add some plumbing to the zboot EFI header generation to set the newly
introduced DllCharacteristicsEx flag associated with forward edge CFI
enforcement instructions (BTI on arm64, IBT on x86)

x86 does not currently uses the zboot infrastructure, so let's wire it
up only for arm64.
Signed-off-by: default avatarArd Biesheuvel <ardb@kernel.org>
parent bca2f3a9
...@@ -42,5 +42,6 @@ $(obj)/Image.zst: $(obj)/Image FORCE ...@@ -42,5 +42,6 @@ $(obj)/Image.zst: $(obj)/Image FORCE
EFI_ZBOOT_PAYLOAD := Image EFI_ZBOOT_PAYLOAD := Image
EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64 EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64
EFI_ZBOOT_MACH_TYPE := ARM64 EFI_ZBOOT_MACH_TYPE := ARM64
EFI_ZBOOT_FORWARD_CFI := $(CONFIG_ARM64_BTI_KERNEL)
include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
# SPDX-License-Identifier: GPL-2.0 # SPDX-License-Identifier: GPL-2.0
# to be include'd by arch/$(ARCH)/boot/Makefile after setting # to be include'd by arch/$(ARCH)/boot/Makefile after setting
# EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET and EFI_ZBOOT_MACH_TYPE # EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET, EFI_ZBOOT_MACH_TYPE and
# EFI_ZBOOT_FORWARD_CFI
quiet_cmd_copy_and_pad = PAD $@ quiet_cmd_copy_and_pad = PAD $@
cmd_copy_and_pad = cp $< $@ && \ cmd_copy_and_pad = cp $< $@ && \
...@@ -44,10 +45,14 @@ OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \ ...@@ -44,10 +45,14 @@ OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \
$(obj)/vmlinuz.o: $(obj)/vmlinuz FORCE $(obj)/vmlinuz.o: $(obj)/vmlinuz FORCE
$(call if_changed,objcopy) $(call if_changed,objcopy)
aflags-zboot-header-$(EFI_ZBOOT_FORWARD_CFI) := \
-DPE_DLL_CHAR_EX=IMAGE_DLLCHARACTERISTICS_EX_FORWARD_CFI_COMPAT
AFLAGS_zboot-header.o += -DMACHINE_TYPE=IMAGE_FILE_MACHINE_$(EFI_ZBOOT_MACH_TYPE) \ AFLAGS_zboot-header.o += -DMACHINE_TYPE=IMAGE_FILE_MACHINE_$(EFI_ZBOOT_MACH_TYPE) \
-DZBOOT_EFI_PATH="\"$(realpath $(obj)/vmlinuz.efi.elf)\"" \ -DZBOOT_EFI_PATH="\"$(realpath $(obj)/vmlinuz.efi.elf)\"" \
-DZBOOT_SIZE_LEN=$(zboot-size-len-y) \ -DZBOOT_SIZE_LEN=$(zboot-size-len-y) \
-DCOMP_TYPE="\"$(comp-type-y)\"" -DCOMP_TYPE="\"$(comp-type-y)\"" \
$(aflags-zboot-header-y)
$(obj)/zboot-header.o: $(srctree)/drivers/firmware/efi/libstub/zboot-header.S FORCE $(obj)/zboot-header.o: $(srctree)/drivers/firmware/efi/libstub/zboot-header.S FORCE
$(call if_changed_rule,as_o_S) $(call if_changed_rule,as_o_S)
......
...@@ -78,9 +78,36 @@ __efistub_efi_zboot_header: ...@@ -78,9 +78,36 @@ __efistub_efi_zboot_header:
.quad 0 // ExceptionTable .quad 0 // ExceptionTable
.quad 0 // CertificationTable .quad 0 // CertificationTable
.quad 0 // BaseRelocationTable .quad 0 // BaseRelocationTable
#ifdef CONFIG_DEBUG_EFI #if defined(PE_DLL_CHAR_EX) || defined(CONFIG_DEBUG_EFI)
.long .Lefi_debug_table - .Ldoshdr // DebugTable .long .Lefi_debug_table - .Ldoshdr // DebugTable
.long .Lefi_debug_table_size .long .Lefi_debug_table_size
.section ".rodata", "a"
.p2align 2
.Lefi_debug_table:
// EFI_IMAGE_DEBUG_DIRECTORY_ENTRY[]
#ifdef PE_DLL_CHAR_EX
.long 0 // Characteristics
.long 0 // TimeDateStamp
.short 0 // MajorVersion
.short 0 // MinorVersion
.long IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS // Type
.long 4 // SizeOfData
.long 0 // RVA
.long .Lefi_dll_characteristics_ex - .Ldoshdr // FileOffset
#endif
#ifdef CONFIG_DEBUG_EFI
.long 0 // Characteristics
.long 0 // TimeDateStamp
.short 0 // MajorVersion
.short 0 // MinorVersion
.long IMAGE_DEBUG_TYPE_CODEVIEW // Type
.long .Lefi_debug_entry_size // SizeOfData
.long 0 // RVA
.long .Lefi_debug_entry - .Ldoshdr // FileOffset
#endif
.set .Lefi_debug_table_size, . - .Lefi_debug_table
.previous
#endif #endif
.Lsection_table: .Lsection_table:
...@@ -110,23 +137,11 @@ __efistub_efi_zboot_header: ...@@ -110,23 +137,11 @@ __efistub_efi_zboot_header:
.set .Lsection_count, (. - .Lsection_table) / 40 .set .Lsection_count, (. - .Lsection_table) / 40
#ifdef PE_DLL_CHAR_EX
.Lefi_dll_characteristics_ex:
.long PE_DLL_CHAR_EX
#endif
#ifdef CONFIG_DEBUG_EFI #ifdef CONFIG_DEBUG_EFI
.section ".rodata", "a"
.align 2
.Lefi_debug_table:
// EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
.long 0 // Characteristics
.long 0 // TimeDateStamp
.short 0 // MajorVersion
.short 0 // MinorVersion
.long IMAGE_DEBUG_TYPE_CODEVIEW // Type
.long .Lefi_debug_entry_size // SizeOfData
.long 0 // RVA
.long .Lefi_debug_entry - .Ldoshdr // FileOffset
.set .Lefi_debug_table_size, . - .Lefi_debug_table
.previous
.Lefi_debug_entry: .Lefi_debug_entry:
// EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
.ascii "NB10" // Signature .ascii "NB10" // Signature
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment