From patchwork Wed Jan 23 15:34:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Graf X-Patchwork-Id: 156385 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp850447jaa; Wed, 23 Jan 2019 07:35:24 -0800 (PST) X-Google-Smtp-Source: ALg8bN51EKi8qlswMmq+A/6/4fWZYiyxTRHhyS9x2NYGyL+BtApJzsNtoWbAHHu/0VZ9Put1KmGy X-Received: by 2002:a1c:de57:: with SMTP id v84mr3168796wmg.55.1548257724814; Wed, 23 Jan 2019 07:35:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548257724; cv=none; d=google.com; s=arc-20160816; b=zQf3g0qLx2HGQN9gXzX+8EjgDYvuTgBAKuMfZJu7Cbi+39+vv2Dqmj5r7HHVDVvhTF RoRZx9BYY4SpJ8jpm/DJJurJRGCMJH7DRBWGKo4C9dDpRK+SpCfgi2QrAWkHvG/JbyFx rEW1oAfrIG5EPC40HiOpNL5KBqtnE69Sib4DUH0p4sRSpzUzTutMuPERcG4g8s3VnueD N3PYMshyNfm4vVh5yyd2tYRbr0LCRoox60ANQCsU7ofvXlMZkIbDT7HZBWPcjtVy5kkl rgZeUfkW50z7eOf5vOD8wqzZMMRirx41LZbuD+SkKWqpaoEfCUpFYuY9INE4O29DPeAf ZGSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:references:in-reply-to:message-id:date:subject :to:from; bh=6OAzLFcMvZSdo/zG+mfFzRjEovPQ8Y7VBu4oghwev0A=; b=Vl8t9ObNOfiYHp9blD+FSGbzSzGjX86lV7cVqDK0KZEEf0CLuOkcaWYPqGqIdangHq DscWs0r6jG883sDT7ojK4gpdRP0lJBCQLJwoD44SbiuVp6gCF5xiQaPw3POh1UknTpyv 8QOuALjCWtuEqkcKIIgn5h+AmPrYp4f1MdaybIHWyoL6uyuA5V3lktjLAtQK3360JpJT 7QVEpBtLLDzlXOGu0+/sygAV3Vgm/uQ2EotgUsPtmXCycpXDL1gbz9LWbAD8fHuBMxoK CCa9IHNqyHw5sgjZxdkWak0/itFiLrv6K1nC+IOfH0i7pDUJmDdYwZIOnd39SoDfjbyD EMog== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id s26si77897339wrs.72.2019.01.23.07.35.24 for (version=TLS1 cipher=AES128-SHA bits=128/128); Wed, 23 Jan 2019 07:35:24 -0800 (PST) Received-SPF: pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org" Received: from localhost ([127.0.0.1]:36944 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gmKYl-0001Zl-Ki for patch@linaro.org; Wed, 23 Jan 2019 10:35:23 -0500 Received: from eggs.gnu.org ([209.51.188.92]:35611) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gmKYU-0001VJ-SK for grub-devel@gnu.org; Wed, 23 Jan 2019 10:35:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gmKYT-000897-Kr for grub-devel@gnu.org; Wed, 23 Jan 2019 10:35:06 -0500 Received: from mx2.suse.de ([195.135.220.15]:39698 helo=mx1.suse.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gmKYT-000843-AI for grub-devel@gnu.org; Wed, 23 Jan 2019 10:35:05 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 1EC3AB030; Wed, 23 Jan 2019 15:34:59 +0000 (UTC) From: Alexander Graf To: grub-devel@gnu.org Subject: [PATCH v4 2/2] mkimage: Align efi sections on 4k boundary Date: Wed, 23 Jan 2019 16:34:58 +0100 Message-Id: <20190123153458.35215-3-agraf@suse.de> X-Mailer: git-send-email 2.12.3 In-Reply-To: <20190123153458.35215-1-agraf@suse.de> References: <20190123153458.35215-1-agraf@suse.de> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] X-Received-From: 195.135.220.15 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The development of GNU GRUB Cc: Jon Masters , Daniel Kiper , Leif Lindholm , Ard Biesheuvel MIME-Version: 1.0 Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org Sender: "Grub-devel" There is UEFI firmware popping up in the wild now that implements stricter permission checks using NX and write protect page table entry bits. This means that firmware now may fail to load binaries if its individual sections are not page aligned, as otherwise it can not ensure permission boundaries. So let's bump all efi section alignments up to 4k (EFI page size). That way we will stay compatible going forward. Unfortunately our internals can't deal very well with a mismatch of alignment between the virtual and file offsets, so we have to also pad our target binary a bit. Signed-off-by: Alexander Graf --- include/grub/efi/pe32.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) -- 2.12.3 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h index 7d44732d2..52ff208c0 100644 --- a/include/grub/efi/pe32.h +++ b/include/grub/efi/pe32.h @@ -50,8 +50,13 @@ /* According to the spec, the minimal alignment is 512 bytes... But some examples (such as EFI drivers in the Intel Sample Implementation) use 32 bytes (0x20) instead, and it seems - to be working. For now, GRUB uses 512 bytes for safety. */ -#define GRUB_PE32_SECTION_ALIGNMENT 0x200 + to be working. + + However, there is firmware showing up in the field now with + page alignment constraints to guarantee that page protection + bits take effect. Because we can not easily distinguish between + in-memory and in-file layout, let's bump all alignment to 4k. */ +#define GRUB_PE32_SECTION_ALIGNMENT 0x1000 #define GRUB_PE32_FILE_ALIGNMENT GRUB_PE32_SECTION_ALIGNMENT struct grub_pe32_coff_header