|
 |
8845956 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
8845956 |
From: Alexander Graf <agraf@suse.de>
|
|
|
8845956 |
Date: Mon, 28 Jan 2019 14:35:28 +0100
|
|
|
8845956 |
Subject: [PATCH] mkimage: Align efi sections on 4k boundary
|
|
|
8845956 |
|
|
|
8845956 |
There is UEFI firmware popping up in the wild now that implements stricter
|
|
|
8845956 |
permission checks using NX and write protect page table entry bits.
|
|
|
8845956 |
|
|
|
8845956 |
This means that firmware now may fail to load binaries if its individual
|
|
|
8845956 |
sections are not page aligned, as otherwise it can not ensure permission
|
|
|
8845956 |
boundaries.
|
|
|
8845956 |
|
|
|
8845956 |
So let's bump all efi section alignments up to 4k (EFI page size). That way
|
|
|
8845956 |
we will stay compatible going forward.
|
|
|
8845956 |
|
|
|
8845956 |
Unfortunately our internals can't deal very well with a mismatch of alignment
|
|
|
8845956 |
between the virtual and file offsets, so we have to also pad our target
|
|
|
8845956 |
binary a bit.
|
|
|
8845956 |
|
|
|
8845956 |
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
|
8845956 |
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
|
8845956 |
Tested-by: Julien ROBIN <julien.robin28@free.fr>
|
|
|
8845956 |
---
|
|
|
8845956 |
include/grub/efi/pe32.h | 11 +++++++++--
|
|
|
8845956 |
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
|
8845956 |
|
|
|
8845956 |
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
|
|
|
8845956 |
index c03cc599f63..f71da19f2f5 100644
|
|
|
8845956 |
--- a/include/grub/efi/pe32.h
|
|
|
8845956 |
+++ b/include/grub/efi/pe32.h
|
|
|
8845956 |
@@ -20,6 +20,7 @@
|
|
|
8845956 |
#define GRUB_EFI_PE32_HEADER 1
|
|
|
8845956 |
|
|
|
8845956 |
#include <grub/types.h>
|
|
|
8845956 |
+#include <grub/efi/memory.h>
|
|
|
8845956 |
|
|
|
8845956 |
/* The MSDOS compatibility stub. This was copied from the output of
|
|
|
8845956 |
objcopy, and it is not necessary to care about what this means. */
|
|
|
8845956 |
@@ -50,8 +51,14 @@
|
|
|
8845956 |
/* According to the spec, the minimal alignment is 512 bytes...
|
|
|
8845956 |
But some examples (such as EFI drivers in the Intel
|
|
|
8845956 |
Sample Implementation) use 32 bytes (0x20) instead, and it seems
|
|
|
8845956 |
- to be working. For now, GRUB uses 512 bytes for safety. */
|
|
|
8845956 |
-#define GRUB_PE32_SECTION_ALIGNMENT 0x200
|
|
|
8845956 |
+ to be working.
|
|
|
8845956 |
+
|
|
|
8845956 |
+ However, there is firmware showing up in the field now with
|
|
|
8845956 |
+ page alignment constraints to guarantee that page protection
|
|
|
8845956 |
+ bits take effect. Because currently existing GRUB code can not
|
|
|
8845956 |
+ properly distinguish between in-memory and in-file layout, let's
|
|
|
8845956 |
+ bump all alignment to GRUB_EFI_PAGE_SIZE. */
|
|
|
8845956 |
+#define GRUB_PE32_SECTION_ALIGNMENT GRUB_EFI_PAGE_SIZE
|
|
|
8845956 |
#define GRUB_PE32_FILE_ALIGNMENT GRUB_PE32_SECTION_ALIGNMENT
|
|
|
8845956 |
|
|
|
8845956 |
struct grub_pe32_coff_header
|