From patchwork Mon Jan 28 13:35:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Graf X-Patchwork-Id: 156736 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp3435505jaa; Mon, 28 Jan 2019 05:35:58 -0800 (PST) X-Google-Smtp-Source: ALg8bN7AO7tMl6+XhBteKsO1mhbXQMBzOSLQ6OIEn/Jxm/mnsiePofM/HjkMRtrqDnbwNFz9i6zZ X-Received: by 2002:adf:f9cb:: with SMTP id w11mr21457521wrr.201.1548682558914; Mon, 28 Jan 2019 05:35:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548682558; cv=none; d=google.com; s=arc-20160816; b=NenyrvZPckhZ+wFfzhKXCwmbnN4Xxna3xQOpVa7t2qTUcfnUueokWPCtoZkLJOPOBH mG6nQj3n91zXgrzvrPj+RmBUqKHEAtQ4oHXjC9PFwQUvP9FeALFjgtYfOzHviHEJBwxK wdYCBFXrLgw/zT/6WeyrYCM06P6DBSNp/WdhUW0icnFAxIrbKZbJ0BvrlDzJ+7xHmEqj LPccQCAtU3s4atQ1cvmUXGrtzLx17gfVoP1WvWrqYi1VEX5EHiH08wcG6bZW61cngEmB sWhpTGwZS+4fwzj+UJF1iMhU9xlmAEn5MpTrexGkIJ1nMYNbwz/SyLSDuP9cVZJICuOe S9JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:references:in-reply-to:message-id:date:subject :to:from; bh=fxJ9pufsbU0rT/iujhjZ5F5z/O9n/eb3hTiqELuY3Ok=; b=f5G7FNc02ZS52aeOExcDUSHPS4LXMeCaPDdI+2UiK1m40zp5zsczf+VQ0nZqFdY6he sKsokWOAfoR9v3qQHHIJSB4I9HZkKx1NxtqBq7XuLBe0NBQjW3G1Hx+xob9Mt+beN5qL QE+tl+kQS5/BgfrxtnoPOevZQgXB+HlBg0nZm+PanW3tHb9arP0tPNs6BFLznFTrQKAZ 7qnEIIYWOVWcPx7yZIT9fBkJQu548voeoNgLJ/eAlA7kP5IRF+HQ9X1pKCLkExWY1RcP rj3Q/vSSm7zbqxUJInLKwRETXUP41G7ZtoyUqb7N4RSf9oepo/TQoa18EvUOodpa33Mc l2QA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id h17si79596136wrx.323.2019.01.28.05.35.58 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 28 Jan 2019 05:35:58 -0800 (PST) Received-SPF: pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of grub-devel-bounces+patch=linaro.org@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="grub-devel-bounces+patch=linaro.org@gnu.org" Received: from localhost ([127.0.0.1]:60319 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1go74v-00036q-Ss for patch@linaro.org; Mon, 28 Jan 2019 08:35:57 -0500 Received: from eggs.gnu.org ([209.51.188.92]:58618) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1go74i-00035k-KL for grub-devel@gnu.org; Mon, 28 Jan 2019 08:35:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1go74h-0000zW-Mi for grub-devel@gnu.org; Mon, 28 Jan 2019 08:35:44 -0500 Received: from mx2.suse.de ([195.135.220.15]:39744 helo=mx1.suse.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1go74h-0000MB-Br for grub-devel@gnu.org; Mon, 28 Jan 2019 08:35:43 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 9BD62ABB1; Mon, 28 Jan 2019 13:35:29 +0000 (UTC) From: Alexander Graf To: grub-devel@gnu.org Subject: [PATCH v6 2/3] mkimage: Align efi sections on 4k boundary Date: Mon, 28 Jan 2019 14:35:28 +0100 Message-Id: <20190128133529.82445-3-agraf@suse.de> X-Mailer: git-send-email 2.12.3 In-Reply-To: <20190128133529.82445-1-agraf@suse.de> References: <20190128133529.82445-1-agraf@suse.de> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] X-Received-From: 195.135.220.15 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The development of GNU GRUB Cc: Jon Masters , Leif Lindholm , Daniel Kiper MIME-Version: 1.0 Errors-To: grub-devel-bounces+patch=linaro.org@gnu.org Sender: "Grub-devel" There is UEFI firmware popping up in the wild now that implements stricter permission checks using NX and write protect page table entry bits. This means that firmware now may fail to load binaries if its individual sections are not page aligned, as otherwise it can not ensure permission boundaries. So let's bump all efi section alignments up to 4k (EFI page size). That way we will stay compatible going forward. Unfortunately our internals can't deal very well with a mismatch of alignment between the virtual and file offsets, so we have to also pad our target binary a bit. Signed-off-by: Alexander Graf --- v4 -> v5: - Use GRUB_EFI_PAGE_SIZE - Add include to have above const defined v5 -> v6: - Fix comment --- include/grub/efi/pe32.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) -- 2.12.3 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h index 7d44732d2..207b0382e 100644 --- a/include/grub/efi/pe32.h +++ b/include/grub/efi/pe32.h @@ -20,6 +20,7 @@ #define GRUB_EFI_PE32_HEADER 1 #include +#include /* The MSDOS compatibility stub. This was copied from the output of objcopy, and it is not necessary to care about what this means. */ @@ -50,8 +51,14 @@ /* According to the spec, the minimal alignment is 512 bytes... But some examples (such as EFI drivers in the Intel Sample Implementation) use 32 bytes (0x20) instead, and it seems - to be working. For now, GRUB uses 512 bytes for safety. */ -#define GRUB_PE32_SECTION_ALIGNMENT 0x200 + to be working. + + However, there is firmware showing up in the field now with + page alignment constraints to guarantee that page protection + bits take effect. Because currently existing GRUB code can not + properly distinguish between in-memory and in-file layout, let's + bump all alignment to GRUB_EFI_PAGE_SIZE. */ +#define GRUB_PE32_SECTION_ALIGNMENT GRUB_EFI_PAGE_SIZE #define GRUB_PE32_FILE_ALIGNMENT GRUB_PE32_SECTION_ALIGNMENT struct grub_pe32_coff_header