From patchwork Wed Feb 8 11:55:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 93616 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp2648889qgi; Wed, 8 Feb 2017 04:05:18 -0800 (PST) X-Received: by 10.98.163.23 with SMTP id s23mr25783049pfe.60.1486555518882; Wed, 08 Feb 2017 04:05:18 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 72si6933694pfj.150.2017.02.08.04.05.18; Wed, 08 Feb 2017 04:05:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932192AbdBHMEv (ORCPT + 2 others); Wed, 8 Feb 2017 07:04:51 -0500 Received: from mail-wm0-f50.google.com ([74.125.82.50]:38027 "EHLO mail-wm0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754313AbdBHMEY (ORCPT ); Wed, 8 Feb 2017 07:04:24 -0500 Received: by mail-wm0-f50.google.com with SMTP id r141so184349994wmg.1 for ; Wed, 08 Feb 2017 04:04:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=F43gN/gFFg5WjOW96NwYrIQJydGGGW1VVDowTmCP36s=; b=b30a1Xntc3BZsPO9v2UXAjAkYGLchU/YTQqAvdWoHix9TM9zgPC2VzAvjEybWpY/Lo iQc0GeWBFKK0aGVjxqGpqS8SplpW6NCTzAMXL/dWZ1sAwOaRDQkYXkkJQH0+j3zzPt/A /mD6uZHFtx+G6gigQ7pHKrRpomFG3IhO4pGHA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=F43gN/gFFg5WjOW96NwYrIQJydGGGW1VVDowTmCP36s=; b=Y8nV/v4UtDECVskhYt/h1Uhdd8y/tBuc/+gliOF6Fo/sj61naa8d9oS0dN66AXhz5O APmbHbAVMpwy3AvHq5EA/sIvzsf58h6nXadH9lPie/QxHnrykCciO7X55CvHETbrkL91 mgVjB2+vyi5oQorBiIP0Ifjp0Il7gqZAUnAUP4awykc2umo0KQZYqIJaO5Q127Cu+gm3 Z/YQw/0O/5N+enjF0gM/9UoeA1vZ78/qUtZmXomZw2p+Qdlpf0MN5VnL0+d7glv5Tnus 1vQo/WAkkxHXMAeJ9Z7XVpM2fWzKHgiDU3jhAodRj5vw/9GPDwiN0ebk83g8TtoOGmEx SrGg== X-Gm-Message-State: AIkVDXI1pvERYlCrcg0znw3PCbY0JEmtWRb/QjQjssFrxPryIsrpoJ1yVPmHr7+NT8JsGUIC X-Received: by 10.223.135.146 with SMTP id b18mr18346167wrb.189.1486554961754; Wed, 08 Feb 2017 03:56:01 -0800 (PST) Received: from localhost.localdomain ([160.169.163.122]) by smtp.gmail.com with ESMTPSA id 123sm2974815wml.6.2017.02.08.03.55.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 08 Feb 2017 03:56:00 -0800 (PST) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, leif.lindholm@linaro.org Cc: catalin.marinas@arm.com, linux@armlinux.org.uk, kernel-hardening@lists.openwall.com, labbott@fedoraproject.org, Ard Biesheuvel Subject: [PATCH v2 00/14] arm64+ARM: efi: PE/COFF cleanup/hardening Date: Wed, 8 Feb 2017 11:55:33 +0000 Message-Id: <1486554947-3964-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org This cleans up the PE/COFF EFI header, by taking some of Mark's patches and use them to replace open coded constants with symbolic ones, and remove incorrect values or unused sections. Finally, it updates the section layout so that the kernel Image can be mapped in a way that does not require setting RWX permissions anywhere. Note that this is currently not a huge win, given that most current UEFI implementations map all of RAM RWX by default, but this is finally gaining some attention, and work is underway to make the PE/COFF loader in EDK2 adhere to the section permissions, which would also allow the RAM mapping to default to non-executable. Work in progress nonetheless... Changes since v1: - added missing secondary SOB on Mark's patches - leave Image header as before, only move the PE header to a separate file - put PE header fixes in a separate patch - add acks from Mark and Peter (#6) - give ARM the same treatment as arm64 (#10 - #13) - add NB10 PE debuglink entry to ARM PE/COFF header as well (#9, #14) Ard Biesheuvel (12): arm64: efi: move EFI header and related data to a separate .S file arm64: efi: clean up Image header after PE header has been split off arm64: efi: remove forbidden values from the PE/COFF header arm64: efi: remove pointless dummy .reloc section arm64: efi: replace open coded constants with symbolic ones arm64: efi: split Image code and data into separate PE/COFF sections arm: compressed: put zImage header and EFI header in dedicated section arm: efi: remove forbidden values from the PE/COFF header arm: efi: remove pointless dummy .reloc section arm: efi: replace open coded constants with symbolic ones arm: efi: split zImage code and data into separate PE/COFF sections arm: efi: add PE/COFF debug table to EFI header Mark Rutland (2): include: pe.h: allow for use in assembly include: pe.h: add some missing definitions arch/arm/boot/compressed/Makefile | 4 + arch/arm/boot/compressed/efi-header.S | 253 ++++++++++++-------- arch/arm/boot/compressed/head.S | 14 +- arch/arm/boot/compressed/vmlinux.lds.S | 32 ++- arch/arm64/kernel/efi-header.S | 155 ++++++++++++ arch/arm64/kernel/head.S | 167 +------------ arch/arm64/kernel/vmlinux.lds.S | 5 + include/linux/pe.h | 177 +++++++------- 8 files changed, 449 insertions(+), 358 deletions(-) create mode 100644 arch/arm64/kernel/efi-header.S -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html