* [GIT PULL] EFI updates for v6.16
@ 2025-05-30 18:34 Ard Biesheuvel
2025-05-30 23:17 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Ard Biesheuvel @ 2025-05-30 18:34 UTC (permalink / raw)
To: torvalds; +Cc: linux-efi, Ard Biesheuvel
From: Ard Biesheuvel <ardb@kernel.org>
Hi Linus,
Not a lot going on in the EFI tree this cycle. The only thing that stands out
is the new support for SBAT metadata, which was a bit contentious when it was
first proposed, because in the initial incarnation, it would have required us
to maintain a revocation index, and bump it each time a vulnerability affecting
UEFI secure boot got fixed. This was shot down for obvious reasons.
This time, only the changes needed to emit the SBAT section into the PE/COFF
image are being carried upstream, and it is up to the distros to decide what to
put in there when creating and signing the build. This PR only has the EFI
zboot bits (which the distros will be using for arm64); the x86 bzImage changes
should be arriving next cycle, presumably via the -tip tree.
Please pull.
The following changes since commit 0af2f6be1b4281385b618cb86ad946eded089ac8:
Linux 6.15-rc1 (2025-04-06 13:11:33 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git tags/efi-next-for-v6.16
for you to fetch changes up to 46550e2b878d60923c72f0526a7aac02e8eda3d5:
include: pe.h: Fix PE definitions (2025-05-21 16:46:37 +0200)
----------------------------------------------------------------
EFI updates for v6.16
- Add support for emitting a .sbat section into the EFI zboot image, so
that downstreams can easily include revocation metadata in the signed
EFI images
- Align PE symbolic constant names with other projects
- Bug fix for the efi_test module
- Log the physical address and size of the EFI memory map when failing
to map it
- A kerneldoc fix for the EFI stub code
----------------------------------------------------------------
Ard Biesheuvel (1):
Merge branch 'efi-sbat' into efi/next
Bartosz Szczepanek (1):
efi: Improve logging around memmap init
Hans Zhang (1):
efi/libstub: Describe missing 'out' parameter in efi_load_initrd
Ivan Hu (1):
efi/efi_test: Fix missing pending status update in getwakeuptime
Pali Rohar (1):
include: pe.h: Fix PE definitions
Vitaly Kuznetsov (1):
efi: zboot specific mechanism for embedding SBAT section
arch/arm/boot/compressed/efi-header.S | 6 +-
arch/arm64/kernel/efi-header.S | 6 +-
arch/loongarch/kernel/efi-header.S | 4 +-
arch/loongarch/kernel/head.S | 2 +-
arch/riscv/kernel/efi-header.S | 8 +-
arch/x86/boot/header.S | 10 +-
crypto/asymmetric_keys/verify_pefile.c | 8 +-
drivers/firmware/efi/Kconfig | 24 +++
drivers/firmware/efi/libstub/Makefile.zboot | 4 +
drivers/firmware/efi/libstub/efi-stub-helper.c | 1 +
drivers/firmware/efi/libstub/zboot-header.S | 32 ++-
drivers/firmware/efi/libstub/zboot.lds | 11 +
drivers/firmware/efi/memmap.c | 3 +-
drivers/firmware/efi/test/efi_test.c | 4 +
include/linux/pe.h | 279 +++++++++++++++----------
15 files changed, 267 insertions(+), 135 deletions(-)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-05-30 23:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-30 18:34 [GIT PULL] EFI updates for v6.16 Ard Biesheuvel
2025-05-30 23:17 ` pr-tracker-bot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.