[PATCH 00/17] x86/boot: Rework PE header generation

[Ard Biesheuvel <ardb@kernel.org>]

Now that the EFI stub boot flow no longer relies on memory that is
executable and writable at the same time, we can reorganize the PE/COFF
view of the kernel image and expose the decompressor binary's code and
r/o data as a .text section and data/bss as a .data section, using 4k
alignment and limited permissions.

Doing so is necessary for compatibility with hardening measures that are
being rolled out on x86 PCs built to run Windows (i.e., the majority of
them). The EFI boot environment that the Linux EFI stub executes in is
especially sensitive to safety issues, given that a vulnerability in the
loader of one OS can be abused to attack another.

In true x86 fashion, this is more complicated than on other
architectures, which have implemented this code/data split with 4k
alignment from the beginning. The complicating factor here is that the
boot image consists of two different parts, which are stitched together
and fixed up using a special build tool.

The first three patches simplify the x86 EFI stub code so it does not
even bother reading the setup header from the image - passing arguments
this way is not supported by EFI boot anyway.

Then, the bzImage is simplified and reorganized, primarily by:
- dropping the ancient 'bugger off' message occupying much of the header
  space
- using a fixed size of 16k for the setup block
- setting header values from asm instead of via the build tool

Finally, the payload is split into .text and .data, and the section and
file alignment increased to 4k/512 respectively.

The only remaining task performed by the build tool is generating the
CRC-32 that is fundamentally broken in practice and never used, so that
is dropped entirely at the end.

This supersedes the work proposed by Evgeniy last year, which did a
major rewrite of the build tool in order to clean it up, before updating
it to generate the new 4k aligned image layout. As this series proves,
the build tool is mostly unnecessary, and we have too many of those
already.

Cc: Evgeniy Baskov <baskov@ispras.ru>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Jones <pjones@redhat.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Marvin Häuser <mhaeuser@posteo.de>

Ard Biesheuvel (17):
  x86/efi: Drop EFI stub .bss from .data section
  x86/efi: Disregard setup header of loaded image
  x86/efi: Drop alignment flags from PE section headers
  x86/boot: Remove the 'bugger off' message
  x86/boot: Omit compression buffer from PE/COFF image memory footprint
  x86/boot: Drop redundant code setting the root device
  x86/boot: Grab kernel_info offset from zoffset header directly
  x86/boot: Drop references to startup_64
  x86/boot: Set EFI handover offset directly in header asm
  x86/boot: Drop workaround for binutils 2.14 in linker script ASSERTs
  x86/boot: Use fixed size of 16k for setup block
  x86/boot: Derive file size from _edata symbol
  x86/boot: Construct PE/COFF .text section from assembler
  x86/boot: Drop PE/COFF .reloc section
  x86/boot: Split off PE/COFF .data section
  x86/boot: Increase section and file alignment to 4k/512
  x86/boot: Drop CRC-32 checksum and the build tool that generates it

 Documentation/arch/x86/boot.rst         |  10 -
 arch/x86/boot/Makefile                  |  12 +-
 arch/x86/boot/compressed/vmlinux.lds.S  |   5 +-
 arch/x86/boot/header.S                  | 217 ++++-----
 arch/x86/boot/setup.ld                  |  21 +-
 arch/x86/boot/tools/.gitignore          |   2 -
 arch/x86/boot/tools/build.c             | 502 --------------------
 drivers/firmware/efi/libstub/Makefile   |   7 -
 drivers/firmware/efi/libstub/x86-stub.c |  46 +-
 9 files changed, 113 insertions(+), 709 deletions(-)
 delete mode 100644 arch/x86/boot/tools/.gitignore
 delete mode 100644 arch/x86/boot/tools/build.c

-- 
2.39.2