From: Greg KH <greg@kroah.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: "# 3.4.x" <stable@vger.kernel.org>,
linux-efi <linux-efi@vger.kernel.org>,
jan.setjeeilers@oracle.com, Peter Jones <pjones@redhat.com>,
Steve McIntyre <steve@einval.com>,
Julian Andres Klode <julian.klode@canonical.com>,
Luca Boccassi <bluca@debian.org>,
James Bottomley <jejb@linux.ibm.com>
Subject: Re: x86 efistub stable backports for v6.6
Date: Tue, 20 Feb 2024 16:19:53 +0100 [thread overview]
Message-ID: <2024022045-eclair-twisty-250a@gregkh> (raw)
In-Reply-To: <CAMj1kXEGzHW07X963Q3q4VPEqUtKC==y152JyfuK_t=cZ0CKYA@mail.gmail.com>
On Thu, Feb 15, 2024 at 10:17:20AM +0100, Ard Biesheuvel wrote:
> (cc stakeholders from various distros - apologies if I missed anyone)
>
> Please consider the patches below for backporting to the linux-6.6.y
> stable tree.
>
> These are prerequisites for building a signed x86 efistub kernel image
> that complies with the tightened UEFI boot requirements imposed by
> MicroSoft, and this is the condition under which it is willing to sign
> future Linux secure boot shim builds with its 3rd party CA
> certificate. (Such builds must enforce a strict separation between
> executable and writable code, among other things)
>
> The patches apply cleanly onto 6.6.17 (-rc2), resulting in a defconfig
> build that boots as expected under OVMF/KVM.
>
> 5f51c5d0e905 x86/efi: Drop EFI stub .bss from .data section
> 7e50262229fa x86/efi: Disregard setup header of loaded image
> bfab35f552ab x86/efi: Drop alignment flags from PE section headers
> 768171d7ebbc x86/boot: Remove the 'bugger off' message
> 8eace5b35556 x86/boot: Omit compression buffer from PE/COFF image
> memory footprint
> 7448e8e5d15a x86/boot: Drop redundant code setting the root device
> b618d31f112b x86/boot: Drop references to startup_64
> 2e765c02dcbf x86/boot: Grab kernel_info offset from zoffset header directly
> eac956345f99 x86/boot: Set EFI handover offset directly in header asm
> 093ab258e3fb x86/boot: Define setup size in linker script
> aeb92067f6ae x86/boot: Derive file size from _edata symbol
> efa089e63b56 x86/boot: Construct PE/COFF .text section from assembler
> fa5750521e0a x86/boot: Drop PE/COFF .reloc section
> 34951f3c28bd x86/boot: Split off PE/COFF .data section
> 3e3eabe26dc8 x86/boot: Increase section and file alignment to 4k/512
>
> 1ad55cecf22f x86/efistub: Use 1:1 file:memory mapping for PE/COFF
> .compat section
All now queued up, thanks!
greg k-h
prev parent reply other threads:[~2024-02-20 15:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-15 9:17 x86 efistub stable backports for v6.6 Ard Biesheuvel
2024-02-15 9:27 ` Greg KH
2024-02-15 9:41 ` Ard Biesheuvel
2024-02-15 11:12 ` Greg KH
2024-02-15 11:29 ` Ard Biesheuvel
2024-02-20 1:03 ` xnox
2024-02-20 8:36 ` Ard Biesheuvel
2024-02-20 9:41 ` Dimitri John Ledkov
2024-02-20 15:19 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024022045-eclair-twisty-250a@gregkh \
--to=greg@kroah.com \
--cc=ardb@kernel.org \
--cc=bluca@debian.org \
--cc=jan.setjeeilers@oracle.com \
--cc=jejb@linux.ibm.com \
--cc=julian.klode@canonical.com \
--cc=linux-efi@vger.kernel.org \
--cc=pjones@redhat.com \
--cc=stable@vger.kernel.org \
--cc=steve@einval.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.