[GIT PULL] EFI updates for v6.16

[Ard Biesheuvel <ardb+git@google.com>]

From: Ard Biesheuvel <ardb@kernel.org>

Hi Linus,

Not a lot going on in the EFI tree this cycle. The only thing that stands out
is the new support for SBAT metadata, which was a bit contentious when it was
first proposed, because in the initial incarnation, it would have required us
to maintain a revocation index, and bump it each time a vulnerability affecting
UEFI secure boot got fixed. This was shot down for obvious reasons.

This time, only the changes needed to emit the SBAT section into the PE/COFF
image are being carried upstream, and it is up to the distros to decide what to
put in there when creating and signing the build. This PR only has the EFI
zboot bits (which the distros will be using for arm64); the x86 bzImage changes
should be arriving next cycle, presumably via the -tip tree.

Please pull.

The following changes since commit 0af2f6be1b4281385b618cb86ad946eded089ac8:

  Linux 6.15-rc1 (2025-04-06 13:11:33 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git tags/efi-next-for-v6.16

for you to fetch changes up to 46550e2b878d60923c72f0526a7aac02e8eda3d5:

  include: pe.h: Fix PE definitions (2025-05-21 16:46:37 +0200)

----------------------------------------------------------------
EFI updates for v6.16

- Add support for emitting a .sbat section into the EFI zboot image, so
  that downstreams can easily include revocation metadata in the signed
  EFI images

- Align PE symbolic constant names with other projects

- Bug fix for the efi_test module

- Log the physical address and size of the EFI memory map when failing
  to map it

- A kerneldoc fix for the EFI stub code

----------------------------------------------------------------
Ard Biesheuvel (1):
      Merge branch 'efi-sbat' into efi/next

Bartosz Szczepanek (1):
      efi: Improve logging around memmap init

Hans Zhang (1):
      efi/libstub: Describe missing 'out' parameter in efi_load_initrd

Ivan Hu (1):
      efi/efi_test: Fix missing pending status update in getwakeuptime

Pali Rohar (1):
      include: pe.h: Fix PE definitions

Vitaly Kuznetsov (1):
      efi: zboot specific mechanism for embedding SBAT section

 arch/arm/boot/compressed/efi-header.S          |   6 +-
 arch/arm64/kernel/efi-header.S                 |   6 +-
 arch/loongarch/kernel/efi-header.S             |   4 +-
 arch/loongarch/kernel/head.S                   |   2 +-
 arch/riscv/kernel/efi-header.S                 |   8 +-
 arch/x86/boot/header.S                         |  10 +-
 crypto/asymmetric_keys/verify_pefile.c         |   8 +-
 drivers/firmware/efi/Kconfig                   |  24 +++
 drivers/firmware/efi/libstub/Makefile.zboot    |   4 +
 drivers/firmware/efi/libstub/efi-stub-helper.c |   1 +
 drivers/firmware/efi/libstub/zboot-header.S    |  32 ++-
 drivers/firmware/efi/libstub/zboot.lds         |  11 +
 drivers/firmware/efi/memmap.c                  |   3 +-
 drivers/firmware/efi/test/efi_test.c           |   4 +
 include/linux/pe.h                             | 279 +++++++++++++++----------
 15 files changed, 267 insertions(+), 135 deletions(-)