All of lore.kernel.org
 help / color / mirror / Atom feed
From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
To: grub-devel@gnu.org
Cc: dja@axtens.net, jan.setjeeilers@oracle.com,
	julian.klode@canonical.com, mate.kukri@canonical.com,
	pjones@redhat.com, Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Subject: [PATCH v3 1/2] mkimage: create new ELF Note for SBAT
Date: Fri, 13 Sep 2024 16:57:58 +0530	[thread overview]
Message-ID: <20240913112759.3055065-2-sudhakar@linux.ibm.com> (raw)
In-Reply-To: <20240913112759.3055065-1-sudhakar@linux.ibm.com>

In order to store the SBAT data, we create a new ELF note. The string "Secure-Boot-Advanced-Targeting",
zero-padded to 4 byte alignment, shall be entered in the name field. The string "sbat"'s ASCII values,
0x41536967, should be entered in the type field.

Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Co-authored-by: Daniel Axtens <dja@axtens.net>
---
 include/grub/util/mkimage.h |  4 +--
 util/grub-mkimagexx.c       | 51 +++++++++++++++++++++++++++++++++++--
 util/mkimage.c              |  5 ++--
 3 files changed, 54 insertions(+), 6 deletions(-)

diff --git a/include/grub/util/mkimage.h b/include/grub/util/mkimage.h
index 3819a6744..9d74f82c5 100644
--- a/include/grub/util/mkimage.h
+++ b/include/grub/util/mkimage.h
@@ -51,12 +51,12 @@ grub_mkimage_load_image64 (const char *kernel_path,
 			   const struct grub_install_image_target_desc *image_target);
 void
 grub_mkimage_generate_elf32 (const struct grub_install_image_target_desc *image_target,
-			     int note, char **core_img, size_t *core_size,
+			     int note, char *sbat, char **core_img, size_t *core_size,
 			     Elf32_Addr target_addr,
 			     struct grub_mkimage_layout *layout);
 void
 grub_mkimage_generate_elf64 (const struct grub_install_image_target_desc *image_target,
-			     int note, char **core_img, size_t *core_size,
+			     int note, char *sbat, char **core_img, size_t *core_size,
 			     Elf64_Addr target_addr,
 			     struct grub_mkimage_layout *layout);
 
diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
index e50b29533..99f6ab05e 100644
--- a/util/grub-mkimagexx.c
+++ b/util/grub-mkimagexx.c
@@ -107,6 +107,14 @@ struct section_metadata
   const char *strtab;
 };
 
+#define GRUB_SBAT_NOTE_NAME "Secure-Boot-Advanced-Targeting"
+#define GRUB_SBAT_NOTE_TYPE 0x73626174 /* "sbat" */
+
+struct grub_sbat_note {
+  Elf32_Nhdr header;
+  char name[ALIGN_UP(sizeof(GRUB_SBAT_NOTE_NAME), 4)];
+};
+
 static int
 is_relocatable (const struct grub_install_image_target_desc *image_target)
 {
@@ -208,7 +216,7 @@ grub_arm_reloc_jump24 (grub_uint32_t *target, Elf32_Addr sym_addr)
 
 void
 SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc *image_target,
-				    int note, char **core_img, size_t *core_size,
+				    int note, char *sbat, char **core_img, size_t *core_size,
 				    Elf_Addr target_addr,
 				    struct grub_mkimage_layout *layout)
 {
@@ -217,10 +225,17 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc
   Elf_Ehdr *ehdr;
   Elf_Phdr *phdr;
   Elf_Shdr *shdr;
-  int header_size, footer_size = 0;
+  int header_size, footer_size = 0, footer_offset = 0;
   int phnum = 1;
   int shnum = 4;
   int string_size = sizeof (".text") + sizeof ("mods") + 1;
+  char *footer;
+
+  if (sbat)
+    {
+      phnum++;
+      footer_size += ALIGN_UP (sizeof (struct grub_sbat_note) + layout->sbat_size, 4);
+    }
 
   if (image_target->id != IMAGE_LOONGSON_ELF)
     phnum += 2;
@@ -248,6 +263,7 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc
   ehdr = (void *) elf_img;
   phdr = (void *) (elf_img + sizeof (*ehdr));
   shdr = (void *) (elf_img + sizeof (*ehdr) + phnum * sizeof (*phdr));
+  footer = elf_img + program_size + header_size;
   memcpy (ehdr->e_ident, ELFMAG, SELFMAG);
   ehdr->e_ident[EI_CLASS] = ELFCLASSXX;
   if (!image_target->bigendian)
@@ -420,6 +436,8 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc
       phdr->p_filesz = grub_host_to_target32 (XEN_NOTE_SIZE);
       phdr->p_memsz = 0;
       phdr->p_offset = grub_host_to_target32 (header_size + program_size);
+      footer = ptr;
+      footer_offset = XEN_NOTE_SIZE;
     }
 
   if (image_target->id == IMAGE_XEN_PVH)
@@ -453,6 +471,8 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc
       phdr->p_filesz = grub_host_to_target32 (XEN_PVH_NOTE_SIZE);
       phdr->p_memsz = 0;
       phdr->p_offset = grub_host_to_target32 (header_size + program_size);
+      footer = ptr;
+      footer_offset = XEN_PVH_NOTE_SIZE;
     }
 
   if (note)
@@ -483,6 +503,33 @@ SUFFIX (grub_mkimage_generate_elf) (const struct grub_install_image_target_desc
       phdr->p_filesz = grub_host_to_target32 (note_size);
       phdr->p_memsz = 0;
       phdr->p_offset = grub_host_to_target32 (header_size + program_size);
+      footer = (elf_img + program_size + header_size + note_size);
+      footer_offset += note_size;
+    }
+
+  if (sbat)
+    {
+      int note_size = ALIGN_UP(sizeof (struct grub_sbat_note) + layout->sbat_size, 4);
+      struct grub_sbat_note *note_ptr = (struct grub_sbat_note *)footer;
+
+      note_ptr->header.n_namesz = grub_host_to_target32 (sizeof (GRUB_SBAT_NOTE_NAME));
+      note_ptr->header.n_descsz = grub_host_to_target32 (ALIGN_UP(layout->sbat_size, 4));
+      note_ptr->header.n_type = grub_host_to_target32 (GRUB_SBAT_NOTE_TYPE);
+      memcpy (note_ptr->name, GRUB_SBAT_NOTE_NAME, sizeof (GRUB_SBAT_NOTE_NAME));
+      memcpy ((char *)(note_ptr + 1), sbat, layout->sbat_size);
+
+      phdr++;
+      phdr->p_type = grub_host_to_target32 (PT_NOTE);
+      phdr->p_flags = grub_host_to_target32 (PF_R);
+      phdr->p_align = grub_host_to_target32 (image_target->voidp_sizeof);
+      phdr->p_vaddr = 0;
+      phdr->p_paddr = 0;
+      phdr->p_filesz = grub_host_to_target32 (note_size);
+      phdr->p_memsz = 0;
+      phdr->p_offset = grub_host_to_target32 (header_size + program_size + footer_offset);
+
+      footer += note_size;
+      footer_offset += note_size;
     }
 
   {
diff --git a/util/mkimage.c b/util/mkimage.c
index 8c5660825..e67f7ce73 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -1813,6 +1813,7 @@ grub_install_generate_image (const char *dir, const char *prefix,
     case IMAGE_I386_IEEE1275:
       {
 	grub_uint64_t target_addr;
+	char *sbat = NULL;
 	if (image_target->id == IMAGE_LOONGSON_ELF)
 	  {
 	    if (comp == GRUB_COMPRESSION_NONE)
@@ -1824,10 +1825,10 @@ grub_install_generate_image (const char *dir, const char *prefix,
 	else
 	  target_addr = image_target->link_addr;
 	if (image_target->voidp_sizeof == 4)
-	  grub_mkimage_generate_elf32 (image_target, note, &core_img, &core_size,
+	  grub_mkimage_generate_elf32 (image_target, note, sbat, &core_img, &core_size,
 				       target_addr, &layout);
 	else
-	  grub_mkimage_generate_elf64 (image_target, note, &core_img, &core_size,
+	  grub_mkimage_generate_elf64 (image_target, note, sbat, &core_img, &core_size,
 				       target_addr, &layout);
       }
       break;
-- 
2.43.5


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

  reply	other threads:[~2024-09-13 11:29 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-13 11:27 [PATCH v3 0/2] Secure Boot Advanced Targeting (SBAT) support on powerpc Sudhakar Kuppusamy
2024-09-13 11:27 ` Sudhakar Kuppusamy [this message]
2024-10-16 15:06   ` [PATCH v3 1/2] mkimage: create new ELF Note for SBAT Daniel Kiper
2024-10-23  5:06     ` sudhakar
2024-09-13 11:27 ` [PATCH v3 2/2] mkimage: adding sbat metadata into sbat ELF Note on powerpc Sudhakar Kuppusamy
2024-10-16 15:12   ` Daniel Kiper
2024-10-22  8:32     ` sudhakar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240913112759.3055065-2-sudhakar@linux.ibm.com \
    --to=sudhakar@linux.ibm.com \
    --cc=dja@axtens.net \
    --cc=grub-devel@gnu.org \
    --cc=jan.setjeeilers@oracle.com \
    --cc=julian.klode@canonical.com \
    --cc=mate.kukri@canonical.com \
    --cc=pjones@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.