From patchwork Thu Jun 29 08:18:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 106613 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp818337qge; Thu, 29 Jun 2017 01:19:04 -0700 (PDT) X-Received: by 10.99.137.66 with SMTP id v63mr14310403pgd.182.1498724344789; Thu, 29 Jun 2017 01:19:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1498724344; cv=none; d=google.com; s=arc-20160816; b=M9UzCmoDCoGUr+DDS0PYNIj2gjE/M25q7r+Df+9sdu5dfTtAlujn6+8PQeHX6LTq5N BAXSTUSAXrE0WizZGILpwto+NCPboenNrUGt99DoYVs9739SpL6AxFrq0ncxSgb8Xk4G sWYZeEFZvpJxgZnk0qwQ5/uudSFQiHVbl6jx8V70e+NJkiXteqvHhabBAbV9AMIdHOKE Vi4G975UI1cpidwKiwTwKDkmVHKACV2sKiQyNpL4p5DeJxQsoD/YGRfZ9ZcqmAGnvYq7 N9q3RkprOMCn/unzWUrA044MFB8OWKCCn5i3ZSGH3oNEWC+lZA9zwqR+WsD/Rgp5+hMj un0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=23cTGdFYafZ95VOjs9X0ByqBbdjYXvToDsXSTSXjh1E=; b=suZgPyuuZmEAQQu5VOzPS++SjMCnvu6I5OHQrixm+k45ay1I2CSW62RcVO0EUL7zch nULAQGDyGNGtqNSvzDIzC+yRT58Lcbww9fRERC9fJNH1CKBMxpM5l6N2snAiyILHTJE2 br8hh8mCZR7IWDS47JBi9tsrKYlPtPotxi7mm91Jy8HTW8lyMzHybjtkblu/Vm65YF8i ePmElX7ryHObACfOkXZQdEZnFp+yBFAsHSAOpo3gG8IJJXP/azR+EiC6aufqQS+M/5/L A8QGBKwW05dWu9HfLBZA68aNUpEj7oqsLdkZBniUFLtr5Mk8NxZrb7dqAzZmqofTUbuP wpNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.b=ZALf8bab; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h68si3195921pfc.73.2017.06.29.01.19.04; Thu, 29 Jun 2017 01:19:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.b=ZALf8bab; spf=pass (google.com: best guess record for domain of linux-efi-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752090AbdF2ITE (ORCPT + 2 others); Thu, 29 Jun 2017 04:19:04 -0400 Received: from mail-wm0-f48.google.com ([74.125.82.48]:38069 "EHLO mail-wm0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751986AbdF2ITC (ORCPT ); Thu, 29 Jun 2017 04:19:02 -0400 Received: by mail-wm0-f48.google.com with SMTP id b184so5807316wme.1 for ; Thu, 29 Jun 2017 01:19:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=EGF2AKIx2ZFGzmmifBl1oKYzO+uM7Y6fZnvcmlV4Bps=; b=ZALf8babZlaa/LeetUlTz8TXWfnJOD4i2itmxqNAr0QaG4Qzg4GYNUWu4fWRf5eWLy dbf9jABsERWg0XI/QvAdvUztJlO/pOKh4cYUQ2BSJq5bvl2hgp9yVdVPfQWyX7aa2uOO Y9MeP2sSIk368efaaGq3wKix5wu0qY743tiOk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=EGF2AKIx2ZFGzmmifBl1oKYzO+uM7Y6fZnvcmlV4Bps=; b=dFwSckOC6hgG0RE41ISZPXHoKaUBc6lMKuC7SVPsfESO8qbuF1Wzu6R6DJxc2WXjQw pas/nkXnzN4GI/P8s+wUs2F8IW2krdXZqSYRXYsg7pnNjVRc0m5N4QaoZRMWLLdNOE8Z dlxR0rH7eJpvzwTp6Wdorw/WpI4vp4kv2TXzQpqAf1vgXOUXRBiU1aDRS15Y9sDYJ3yy qJ7YZp6Z2/mCmud7Op2y50vXl32vXehab8GwfjJ123/84W1B1fOlXPuY2rknVFddxTwi YZsmMejVZ+3+4BMEySs9K6aR1OnIM+23pHbGjch+18ZlCFx7jTswdfMSqLUjd/3O1owT JMRA== X-Gm-Message-State: AKS2vOxg0Fdn1osB70rAer9PClLyaw/FGJGRKiUt3bE+6mJKUgHpjhhL mbUjXwf+Se4ydj7TKbFJEw== X-Received: by 10.28.180.66 with SMTP id d63mr10732379wmf.78.1498724340732; Thu, 29 Jun 2017 01:19:00 -0700 (PDT) Received: from localhost.localdomain ([196.90.227.203]) by smtp.gmail.com with ESMTPSA id p34sm5268190wrc.66.2017.06.29.01.18.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Jun 2017 01:19:00 -0700 (PDT) From: Ard Biesheuvel To: linux-efi@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux@armlinux.org.uk Cc: matt@codeblueprint.co.uk, leif.lindholm@linaro.org, Ard Biesheuvel Subject: [PATCH v2 0/7] ARM: efi: PE/COFF cleanup/hardening Date: Thu, 29 Jun 2017 08:18:42 +0000 Message-Id: <20170629081849.15081-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.9.3 Sender: linux-efi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org This is the ARM counterpart of the changes now in v4.12 to clean up the PE/COFF header (which makes the kernel zImage loadable directly from UEFI), and to enhance it with hardening and debug features. Russell: patches #4 - #7 need your ack before I can take them via the EFI tree. Please let me know if you have any objections, either to the patches themselves, or to them going via another tree. Thanks. v1 blurb: First of all, the cleanup consists of making the header comply with the PE/COFF spec (#1), removing the .reloc section (#2) and replacing all open coded constants with #defines from linux/pe.h (#3) Patch #4 is a standalone patch that removes ksymtab/kcrctab sections that may get pulled in inadvertently when the decompressor is built with EFI support. Note that these sections are tiny and harmless by themselves, but the linker may dump them in unexpected places if they are not placed explicitly, which may interfere with the image layout. This is especially important when signing zImages for UEFI secure boot. Patch #5 changes the description of the decompressor in memory, so that the UEFI firmware can apply strict ro/nx protections, resulting in a more secure execution environment for the UEFI stub. Patch #6 splits the decompressor .start and .text output sections, so that the ELF view aligns with the PE/COFF view of the binary. This is necessary for patch #7 to work as expected. Patch #7 enhances the decompressor binary with a NB10 Codeview debug entry referring to the path to arch/arm/boot/compressed/vmlinux on the build host. This is a debug feature that allows seamless source level single step debugging of the UEFI stub while executing in the context of the firmware. v2: - rebase onto v4.12-rc7+ - simplify #3 Ard Biesheuvel (7): arm: efi: remove forbidden values from the PE/COFF header arm: efi: remove pointless dummy .reloc section arm: efi: replace open coded constants with symbolic ones arm: compressed: discard ksymtab/kcrctab sections arm: efi: split zImage code and data into separate PE/COFF sections arm: compressed: put zImage header and EFI header in dedicated section arm: efi: add PE/COFF debug table to EFI header arch/arm/boot/compressed/Makefile | 4 + arch/arm/boot/compressed/efi-header.S | 214 ++++++++++++-------- arch/arm/boot/compressed/vmlinux.lds.S | 39 +++- 3 files changed, 168 insertions(+), 89 deletions(-) -- 2.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html