7e98da058f
This change reorganizes and cleanups our patches to reduce the patch number from 314 patches to 187. That's achieved by dropping patches that are later reverted and squashing fixes for earlier patches that introduced features. There are no code changes and the diff with upstream is the same before and after the cleanup. Having fewer patches makes easier to manage the patchset and also will ease to rebase them on top of the latest grub-2.04 release. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
56 lines
2.2 KiB
Diff
56 lines
2.2 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Alexander Graf <agraf@suse.de>
|
|
Date: Mon, 28 Jan 2019 14:35:28 +0100
|
|
Subject: [PATCH] mkimage: Align efi sections on 4k boundary
|
|
|
|
There is UEFI firmware popping up in the wild now that implements stricter
|
|
permission checks using NX and write protect page table entry bits.
|
|
|
|
This means that firmware now may fail to load binaries if its individual
|
|
sections are not page aligned, as otherwise it can not ensure permission
|
|
boundaries.
|
|
|
|
So let's bump all efi section alignments up to 4k (EFI page size). That way
|
|
we will stay compatible going forward.
|
|
|
|
Unfortunately our internals can't deal very well with a mismatch of alignment
|
|
between the virtual and file offsets, so we have to also pad our target
|
|
binary a bit.
|
|
|
|
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Tested-by: Julien ROBIN <julien.robin28@free.fr>
|
|
---
|
|
include/grub/efi/pe32.h | 11 +++++++++--
|
|
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
|
|
index c03cc599f63..f71da19f2f5 100644
|
|
--- a/include/grub/efi/pe32.h
|
|
+++ b/include/grub/efi/pe32.h
|
|
@@ -20,6 +20,7 @@
|
|
#define GRUB_EFI_PE32_HEADER 1
|
|
|
|
#include <grub/types.h>
|
|
+#include <grub/efi/memory.h>
|
|
|
|
/* The MSDOS compatibility stub. This was copied from the output of
|
|
objcopy, and it is not necessary to care about what this means. */
|
|
@@ -50,8 +51,14 @@
|
|
/* According to the spec, the minimal alignment is 512 bytes...
|
|
But some examples (such as EFI drivers in the Intel
|
|
Sample Implementation) use 32 bytes (0x20) instead, and it seems
|
|
- to be working. For now, GRUB uses 512 bytes for safety. */
|
|
-#define GRUB_PE32_SECTION_ALIGNMENT 0x200
|
|
+ to be working.
|
|
+
|
|
+ However, there is firmware showing up in the field now with
|
|
+ page alignment constraints to guarantee that page protection
|
|
+ bits take effect. Because currently existing GRUB code can not
|
|
+ properly distinguish between in-memory and in-file layout, let's
|
|
+ bump all alignment to GRUB_EFI_PAGE_SIZE. */
|
|
+#define GRUB_PE32_SECTION_ALIGNMENT GRUB_EFI_PAGE_SIZE
|
|
#define GRUB_PE32_FILE_ALIGNMENT GRUB_PE32_SECTION_ALIGNMENT
|
|
|
|
struct grub_pe32_coff_header
|