Commit 61b57d35 authored by Vitaly Kuznetsov's avatar Vitaly Kuznetsov Committed by Borislav Petkov (AMD)
Browse files

x86/efi: Implement support for embedding SBAT data for x86 



Similar to zboot architectures, implement support for embedding SBAT data
for x86. Put '.sbat' section in between '.data' and '.text' as the former
also covers '.bss' and '.pgtable' and thus must be the last one in the
file.

Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/20250603091951.57775-1-vkuznets@redhat.com
parent ce2c403c

arch/x86/boot/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -71,7 +71,7 @@ $(obj)/vmlinux.bin: $(obj)/compressed/vmlinux FORCE 


SETUP_OBJS = $(addprefix $(obj)/,$(setup-y))



sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|z_.*\)$$/\#define ZO_\2 0x\1/p'

sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|_e\?sbat\|z_.*\)$$/\#define ZO_\2 0x\1/p'



quiet_cmd_zoffset = ZOFFSET $@

      cmd_zoffset = $(NM) $< | sed -n $(sed-zoffset) > $@

arch/x86/boot/compressed/Makefile

+5 −0
Original line number Diff line number Diff line
@@ -106,6 +106,11 @@ vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/mem.o 
vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o

vmlinux-libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a

vmlinux-libs-$(CONFIG_X86_64)	+= $(objtree)/arch/x86/boot/startup/lib.a

vmlinux-objs-$(CONFIG_EFI_SBAT) += $(obj)/sbat.o



ifdef CONFIG_EFI_SBAT

$(obj)/sbat.o: $(CONFIG_EFI_SBAT_FILE)

endif



$(obj)/vmlinux: $(vmlinux-objs-y) $(vmlinux-libs-y) FORCE

	$(call if_changed,ld)

arch/x86/boot/compressed/sbat.S

0 → 100644
+7 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Embed SBAT data in the kernel.

 */

	.pushsection ".sbat", "a", @progbits

	.incbin CONFIG_EFI_SBAT_FILE

	.popsection

arch/x86/boot/compressed/vmlinux.lds.S

+8 −0
Original line number Diff line number Diff line
@@ -43,6 +43,14 @@ SECTIONS 
		*(.rodata.*)

		_erodata = . ;

	}

#ifdef CONFIG_EFI_SBAT

	.sbat : ALIGN(0x1000) {

		_sbat = . ;

		*(.sbat)

		_esbat = ALIGN(0x1000);

		. = _esbat;

	}

#endif

	.data :	ALIGN(0x1000) {

		_data = . ;

		*(.data)

arch/x86/boot/header.S

+22 −9
Original line number Diff line number Diff line
@@ -179,15 +179,11 @@ pecompat_fstart: 
#else

	.set	pecompat_fstart, setup_size

#endif

	.ascii	".text"

	.byte	0

	.byte	0

	.byte	0

	.long	ZO__data

	.long	setup_size

	.long	ZO__data			# Size of initialized data

						# on disk

	.long	setup_size

	.ascii	".text\0\0\0"

	.long	textsize            		# VirtualSize

	.long	setup_size			# VirtualAddress

	.long	textsize			# SizeOfRawData

	.long	setup_size			# PointerToRawData

	.long	0				# PointerToRelocations

	.long	0				# PointerToLineNumbers

	.word	0				# NumberOfRelocations
@@ -196,6 +192,23 @@ pecompat_fstart: 
		IMAGE_SCN_MEM_READ		| \

		IMAGE_SCN_MEM_EXECUTE		# Characteristics



#ifdef CONFIG_EFI_SBAT

	.ascii	".sbat\0\0\0"

	.long	ZO__esbat - ZO__sbat            # VirtualSize

	.long	setup_size + ZO__sbat           # VirtualAddress

	.long	ZO__esbat - ZO__sbat            # SizeOfRawData

	.long	setup_size + ZO__sbat           # PointerToRawData



	.long	0, 0, 0

	.long	IMAGE_SCN_CNT_INITIALIZED_DATA	| \

		IMAGE_SCN_MEM_READ		| \

		IMAGE_SCN_MEM_DISCARDABLE	# Characteristics



	.set	textsize, ZO__sbat

#else

	.set	textsize, ZO__data

#endif



	.ascii	".data\0\0\0"

	.long	ZO__end - ZO__data		# VirtualSize

	.long	setup_size + ZO__data		# VirtualAddress