From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: x86@kernel.org, linux-efi@vger.kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Peter Jones <pjones@redhat.com>,
Daniel Berrange <berrange@redhat.com>,
Emanuele Giuseppe Esposito <eesposit@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Greg KH <gregkh@linuxfoundation.org>,
Luca Boccassi <bluca@debian.org>,
Peter Zijlstra <peterz@infradead.org>,
Matthew Garrett <mjg59@srcf.ucam.org>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Eric Snowberg <eric.snowberg@oracle.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Alexandre Ghiti <alex@ghiti.fr>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] x86/efi: Implement support for embedding SBAT data for x86
Date: Tue, 29 Apr 2025 11:55:29 +0200 [thread overview]
Message-ID: <87ikmn9tri.fsf@redhat.com> (raw)
In-Reply-To: <CAMj1kXFMmhROmaDZ0gsw+ozG5iSkMvSXb15qexToUSAFyBn5hQ@mail.gmail.com>
Ard Biesheuvel <ardb@kernel.org> writes:
> On Thu, 24 Apr 2025 at 10:10, Vitaly Kuznetsov <vkuznets@redhat.com> wrote:
...
>> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
>> index fdbce022db55..b9b80eccdc02 100644
>> --- a/arch/x86/boot/compressed/Makefile
>> +++ b/arch/x86/boot/compressed/Makefile
>> @@ -107,6 +107,8 @@ vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/mem.o
>> vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o
>> vmlinux-libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
>>
>> +vmlinux-objs-$(CONFIG_EFI_SBAT) += $(objtree)/drivers/firmware/efi/libstub/sbat.o
>> +
>
> Please drop this, and put the .incbin directly into header.S
>
I'm sorry I'm probably missing something important but my understanding
is that that header.S is compiled into setup.elf:
ld -m elf_x86_64 -z noexecstack --no-warn-rwx-segments -m elf_i386 -z
noexecstack -T arch/x86/boot/setup.ld ... arch/x86/boot/header.o ... -o arch/x86/boot/setup.elf
and then the result gets concatenated with vmlinux.bin to get bzImage:
objcopy -O binary arch/x86/boot/setup.elf arch/x86/boot/setup.bin
cp arch/x86/boot/setup.bin arch/x86/boot/bzImage; truncate -s %4K arch/x86/boot/bzImage; cat arch/x86/boot/vmlinux.bin >>arch/x86/boot/bzImage
so if we want to have SBAT at the very end of bzImage without dirty
tricks it must be at the very end of vmlinux.bin, not setup.bin. I can,
of course, use some existing compilation unit but to be honest I can't
find anything suitable.
--
Vitaly
WARNING: multiple messages have this Message-ID (diff)
From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: x86@kernel.org, linux-efi@vger.kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Peter Jones <pjones@redhat.com>,
Daniel Berrange <berrange@redhat.com>,
Emanuele Giuseppe Esposito <eesposit@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Greg KH <gregkh@linuxfoundation.org>,
Luca Boccassi <bluca@debian.org>,
Peter Zijlstra <peterz@infradead.org>,
Matthew Garrett <mjg59@srcf.ucam.org>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Eric Snowberg <eric.snowberg@oracle.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Alexandre Ghiti <alex@ghiti.fr>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] x86/efi: Implement support for embedding SBAT data for x86
Date: Tue, 29 Apr 2025 11:55:29 +0200 [thread overview]
Message-ID: <87ikmn9tri.fsf@redhat.com> (raw)
In-Reply-To: <CAMj1kXFMmhROmaDZ0gsw+ozG5iSkMvSXb15qexToUSAFyBn5hQ@mail.gmail.com>
Ard Biesheuvel <ardb@kernel.org> writes:
> On Thu, 24 Apr 2025 at 10:10, Vitaly Kuznetsov <vkuznets@redhat.com> wrote:
...
>> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
>> index fdbce022db55..b9b80eccdc02 100644
>> --- a/arch/x86/boot/compressed/Makefile
>> +++ b/arch/x86/boot/compressed/Makefile
>> @@ -107,6 +107,8 @@ vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/mem.o
>> vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o
>> vmlinux-libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
>>
>> +vmlinux-objs-$(CONFIG_EFI_SBAT) += $(objtree)/drivers/firmware/efi/libstub/sbat.o
>> +
>
> Please drop this, and put the .incbin directly into header.S
>
I'm sorry I'm probably missing something important but my understanding
is that that header.S is compiled into setup.elf:
ld -m elf_x86_64 -z noexecstack --no-warn-rwx-segments -m elf_i386 -z
noexecstack -T arch/x86/boot/setup.ld ... arch/x86/boot/header.o ... -o arch/x86/boot/setup.elf
and then the result gets concatenated with vmlinux.bin to get bzImage:
objcopy -O binary arch/x86/boot/setup.elf arch/x86/boot/setup.bin
cp arch/x86/boot/setup.bin arch/x86/boot/bzImage; truncate -s %4K arch/x86/boot/bzImage; cat arch/x86/boot/vmlinux.bin >>arch/x86/boot/bzImage
so if we want to have SBAT at the very end of bzImage without dirty
tricks it must be at the very end of vmlinux.bin, not setup.bin. I can,
of course, use some existing compilation unit but to be honest I can't
find anything suitable.
--
Vitaly
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2025-04-29 9:55 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-24 8:09 [PATCH 0/2] efi: Add a mechanism for embedding SBAT section Vitaly Kuznetsov
2025-04-24 8:09 ` Vitaly Kuznetsov
2025-04-24 8:09 ` [PATCH 1/2] efi/libstub: zboot specific " Vitaly Kuznetsov
2025-04-24 8:09 ` Vitaly Kuznetsov
2025-04-24 16:37 ` Ard Biesheuvel
2025-04-24 16:37 ` Ard Biesheuvel
2025-04-28 10:54 ` Vitaly Kuznetsov
2025-04-28 10:54 ` Vitaly Kuznetsov
2025-04-28 14:54 ` Ard Biesheuvel
2025-04-28 14:54 ` Ard Biesheuvel
2025-04-24 8:09 ` [PATCH 2/2] x86/efi: Implement support for embedding SBAT data for x86 Vitaly Kuznetsov
2025-04-24 8:09 ` Vitaly Kuznetsov
2025-04-25 6:03 ` Ard Biesheuvel
2025-04-25 6:03 ` Ard Biesheuvel
2025-04-28 10:59 ` Vitaly Kuznetsov
2025-04-28 10:59 ` Vitaly Kuznetsov
2025-04-28 15:16 ` Ard Biesheuvel
2025-04-28 15:16 ` Ard Biesheuvel
2025-05-02 12:09 ` Vitaly Kuznetsov
2025-05-02 12:09 ` Vitaly Kuznetsov
2025-05-02 13:01 ` Ard Biesheuvel
2025-05-02 13:01 ` Ard Biesheuvel
2025-05-02 13:46 ` Vitaly Kuznetsov
2025-05-02 13:46 ` Vitaly Kuznetsov
2025-05-02 13:59 ` Ard Biesheuvel
2025-05-02 13:59 ` Ard Biesheuvel
2025-04-29 9:55 ` Vitaly Kuznetsov [this message]
2025-04-29 9:55 ` Vitaly Kuznetsov
2025-04-29 10:08 ` Ard Biesheuvel
2025-04-29 10:08 ` Ard Biesheuvel
2025-04-29 10:24 ` Vitaly Kuznetsov
2025-04-29 10:24 ` Vitaly Kuznetsov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ikmn9tri.fsf@redhat.com \
--to=vkuznets@redhat.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=alex@ghiti.fr \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=berrange@redhat.com \
--cc=bluca@debian.org \
--cc=dave.hansen@linux.intel.com \
--cc=eesposit@redhat.com \
--cc=eric.snowberg@oracle.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=kraxel@redhat.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=pjones@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.