diff --git a/0002-Initial-RISC-V-support.patch b/0002-Initial-RISC-V-support.patch new file mode 100644 index 0000000..2e3a014 --- /dev/null +++ b/0002-Initial-RISC-V-support.patch @@ -0,0 +1,339 @@ +From 20624b14a2dd78931af70241ed4b80e049edea65 Mon Sep 17 00:00:00 2001 +From: Heinrich Schuchardt +Date: Mon, 5 Apr 2021 12:14:44 +0200 +Subject: [PATCH 2/7] Initial RISC-V support + +Add what is needed to build on riscv64. + +Signed-off-by: Heinrich Schuchardt + +This is an update to #420 which brings it in alignment with the current +upstream. + +Signed-off-by: Brian 'redbeard' Harrington +(cherry picked from commit 5031a997425fa84a18b407c76775ec72cbfc5eb7) +--- + Cryptlib/Include/OpenSslSupport.h | 3 +- + Cryptlib/Makefile | 3 + + Cryptlib/OpenSSL/Makefile | 3 + + Make.defaults | 10 +++ + elf_riscv64_efi.lds | 111 ++++++++++++++++++++++++++++++ + include/asm.h | 2 + + include/peimage.h | 2 + + include/system/stdarg.h | 12 +++- + lib/Makefile | 3 + + pe-relocate.c | 6 ++ + shim.h | 15 ++++ + 11 files changed, 168 insertions(+), 2 deletions(-) + create mode 100644 elf_riscv64_efi.lds + +diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h +index 0c2fb8b..a0a7124 100644 +--- a/Cryptlib/Include/OpenSslSupport.h ++++ b/Cryptlib/Include/OpenSslSupport.h +@@ -61,7 +61,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + #define CONFIG_HEADER_BN_H + +-#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64) ++#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || \ ++ defined(MDE_CPU_IA64) || defined(MDE_CPU_RISCV64) + // + // With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs + // SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index 626788c..7d7478e 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -37,6 +37,9 @@ endif + ifeq ($(ARCH),arm) + DEFINES += -DMDE_CPU_ARM + endif ++ifeq ($(ARCH),riscv64) ++DEFINES += -DMDE_CPU_RISCV64 ++endif + + LDFLAGS = -nostdlib -znocombreloc + +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index d59c5d7..931fda1 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -49,6 +49,9 @@ endif + ifeq ($(ARCH),arm) + DEFINES += -DMDE_CPU_ARM + endif ++ifeq ($(ARCH),riscv64) ++DEFINES += -DMDE_CPU_RISCV64 ++endif + + LDFLAGS = -nostdlib -znocombreloc + +diff --git a/Make.defaults b/Make.defaults +index e75cd3c..54a483d 100644 +--- a/Make.defaults ++++ b/Make.defaults +@@ -96,6 +96,16 @@ ifeq ($(ARCH),arm) + SUBSYSTEM := 0xa + ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + endif ++ifeq ($(ARCH),riscv64) ++ ARCH_CFLAGS ?= -DMDE_CPU_RISCV64 -DPAGE_SIZE=4096 ++ ARCH_GNUEFI ?= riscv64 ++ ARCH_SUFFIX ?= riscv64 ++ ARCH_SUFFIX_UPPER ?= RISCV64 ++ FORMAT := -O binary ++ SUBSYSTEM := 0xa ++ ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ++ TIMESTAMP_LOCATION := 72 ++endif + + DEFINES = -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \ + -DDEFAULT_LOADER_CHAR='"$(DEFAULT_LOADER)"' +diff --git a/elf_riscv64_efi.lds b/elf_riscv64_efi.lds +new file mode 100644 +index 0000000..82bf118 +--- /dev/null ++++ b/elf_riscv64_efi.lds +@@ -0,0 +1,111 @@ ++OUTPUT_FORMAT("elf64-littleriscv", "elf64-littleriscv", "elf64-littleriscv") ++OUTPUT_ARCH(riscv) ++ENTRY(_start) ++SECTIONS ++{ ++ .text 0x0 : { ++ _text = .; ++ *(.text.head) ++ *(.text) ++ *(.text.*) ++ *(.gnu.linkonce.t.*) ++ _evtext = .; ++ . = ALIGN(4096); ++ } ++ _etext = .; ++ _text_size = . - _text; ++ _text_vsize = _evtext - _text; ++ ++ . = ALIGN(4096); ++ .data : ++ { ++ _data = .; ++ *(.sdata) ++ *(.data) ++ *(.data1) ++ *(.data.*) ++ *(.got.plt) ++ *(.got) ++ ++ *(.dynamic) ++ ++ /* the EFI loader doesn't seem to like a .bss section, so we stick ++ it all into .data: */ ++ . = ALIGN(16); ++ _bss = .; ++ *(.sbss) ++ *(.scommon) ++ *(.dynbss) ++ *(.bss) ++ *(COMMON) ++ _evdata = .; ++ . = ALIGN(4096); ++ _bss_end = .; ++ } ++ _edata = .; ++ _data_vsize = _evdata - _data; ++ _data_size = . - _data; ++ ++ /* ++ * Note that _sbat must be the beginning of the data, and _esbat must be the ++ * end and must be before any section padding. The sbat self-check uses ++ * _esbat to find the bounds of the data, and if the padding is included, the ++ * CSV parser (correctly) rejects the data as having NUL values in one of the ++ * required columns. ++ */ ++ . = ALIGN(4096); ++ .sbat : ++ { ++ _sbat = .; ++ *(.sbat) ++ *(.sbat.*) ++ _esbat = .; ++ . = ALIGN(4096); ++ _epsbat = .; ++ } ++ _sbat_size = _epsbat - _sbat; ++ _sbat_vsize = _esbat - _sbat; ++ ++ . = ALIGN(4096); ++ .rodata : ++ { ++ _rodata = .; ++ *(.rodata*) ++ *(.srodata) ++ . = ALIGN(16); ++ *(.note.gnu.build-id) ++ . = ALIGN(4096); ++ *(.vendor_cert) ++ *(.data.ident) ++ . = ALIGN(4096); ++ } ++ . = ALIGN(4096); ++ .rela : ++ { ++ *(.rela.dyn) ++ *(.rela.plt) ++ *(.rela.got) ++ *(.rela.data) ++ *(.rela.data*) ++ } ++ . = ALIGN(4096); ++ .dyn : ++ { ++ *(.dynsym) ++ *(.dynstr) ++ _evrodata = .; ++ . = ALIGN(4096); ++ } ++ _erodata = .; ++ _rodata_size = . - _rodata; ++ _rodata_vsize = _evrodata - _rodata; ++ _alldata_size = . - _data; ++ ++ /DISCARD/ : ++ { ++ *(.rel.reloc) ++ *(.eh_frame) ++ *(.note.GNU-stack) ++ } ++ .comment 0 : { *(.comment) } ++} +diff --git a/include/asm.h b/include/asm.h +index f5118b2..5596d93 100644 +--- a/include/asm.h ++++ b/include/asm.h +@@ -19,6 +19,8 @@ static inline uint64_t read_counter(void) + __asm__ __volatile__ ("mrs %0, pmccntr_el0" : "=r" (val)); + #elif defined(__arm__) + __asm__ __volatile__ ("mrc p15, 0, %0, c9, c13, 0" : "=r" (val)); ++#elif defined(__riscv) && __riscv_xlen == 64 ++ __asm__ __volatile__ ("csrr %0, 0xc01" : "=r" (val) : : "memory"); + #else + #error unsupported arch + #endif +diff --git a/include/peimage.h b/include/peimage.h +index 6eef105..fda48ee 100644 +--- a/include/peimage.h ++++ b/include/peimage.h +@@ -50,6 +50,8 @@ + #define IMAGE_FILE_MACHINE_X64 0x8664 + #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x01c2 + #define IMAGE_FILE_MACHINE_ARM64 0xaa64 ++#define IMAGE_FILE_MACHINE_RISCV32 0x5032 ++#define IMAGE_FILE_MACHINE_RISCV64 0x5064 + + // + // EXE file formats +diff --git a/include/system/stdarg.h b/include/system/stdarg.h +index 68c171b..6f8a63e 100644 +--- a/include/system/stdarg.h ++++ b/include/system/stdarg.h +@@ -24,7 +24,7 @@ typedef __builtin_va_list __builtin_sysv_va_list; + #endif + + #if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \ +- defined(__i486__) || defined(__i686__) || defined(__COVERITY__) ++ defined(__i486__) || defined(__i686__) || defined(__COVERITY__) || defined(__riscv) + + typedef __builtin_va_list ms_va_list; + typedef __builtin_va_list __builtin_ms_va_list; +@@ -38,6 +38,16 @@ typedef __builtin_va_list sysv_va_list; + #define sysv_va_start(marker, arg) __builtin_va_start(marker, arg) + #define sysv_va_arg(marker, type) __builtin_va_arg(marker, type) + #define sysv_va_end(marker) __builtin_va_end(marker) ++ ++/* ++ * gnu-efi needs this. ++ */ ++typedef __builtin_va_list va_list; ++# define va_start(v,l) __builtin_va_start(v,l) ++# define va_end(v) __builtin_va_end(v) ++# define va_arg(v,l) __builtin_va_arg(v,l) ++# define va_copy(d,s) __builtin_va_copy(d,s) ++ + /* + * OpenSSL's X509ConstructCertificateStack needs this. + */ +diff --git a/lib/Makefile b/lib/Makefile +index f81c5c9..0b79246 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -30,6 +30,9 @@ endif + ifeq ($(ARCH),arm) + DEFINES += -DMDE_CPU_ARM + endif ++ifeq ($(ARCH),riscv64) ++DEFINES += -DMDE_CPU_RISCV64 ++endif + + LDFLAGS = -nostdlib -znocombreloc + +diff --git a/pe-relocate.c b/pe-relocate.c +index bde7172..ab521b6 100644 +--- a/pe-relocate.c ++++ b/pe-relocate.c +@@ -280,6 +280,8 @@ allow_64_bit(void) + if (in_protocol) + return 1; + return 0; ++#elif defined (__riscv) && __riscv_xlen == 64 ++ return 1; + #else /* assuming everything else is 32-bit... */ + return 0; + #endif +@@ -300,6 +302,8 @@ allow_32_bit(void) + return 1; + #elif defined(__aarch64__) + return 0; ++#elif defined (__riscv) && __riscv_xlen == 64 ++ return 0; + #else /* assuming everything else is 32-bit... */ + return 1; + #endif +@@ -326,6 +330,8 @@ static const UINT16 machine_type = + IMAGE_FILE_MACHINE_I386; + #elif defined(__ia64__) + IMAGE_FILE_MACHINE_IA64; ++#elif defined(__riscv) && __riscv_xlen == 64 ++ IMAGE_FILE_MACHINE_RISCV64; + #else + #error this architecture is not supported by shim + #endif +diff --git a/shim.h b/shim.h +index 5791a03..bc8588d 100644 +--- a/shim.h ++++ b/shim.h +@@ -128,6 +128,21 @@ + #endif + #endif + ++#if defined(__riscv) && __riscv_xlen == 64 ++#ifndef DEFAULT_LOADER ++#define DEFAULT_LOADER L"\\grubriscv64.efi" ++#endif ++#ifndef DEFAULT_LOADER_CHAR ++#define DEFAULT_LOADER_CHAR "\\grubriscv64.efi" ++#endif ++#ifndef EFI_ARCH ++#define EFI_ARCH L"riscv64" ++#endif ++#ifndef DEBUGDIR ++#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/riscv64/" ++#endif ++#endif ++ + #ifndef DEBUGSRC + #define DEBUGSRC L"/usr/src/debug/shim-" VERSIONSTR "." EFI_ARCH + #endif +-- +2.44.0 + diff --git a/0003-bug-Remove-extraneous-configuration-from-RISC-V.patch b/0003-bug-Remove-extraneous-configuration-from-RISC-V.patch new file mode 100644 index 0000000..d807d92 --- /dev/null +++ b/0003-bug-Remove-extraneous-configuration-from-RISC-V.patch @@ -0,0 +1,33 @@ +From cab715f714617abaaa600ad5658dadf85c4fe46f Mon Sep 17 00:00:00 2001 +From: Brian 'redbeard' Harrington +Date: Tue, 26 Mar 2024 17:13:50 -0700 +Subject: [PATCH 3/7] bug: Remove extraneous configuration from RISC-V + +@davidlt and @xypron pointed out prior changed to binutils 2.42 which +added support for RISC-V EFI objects. This reflects the upstream +preference to avoid adding additional architectures which are emitting +flat binary files via `objcopy` (i.e. `-O binary` architectures). + +(cherry picked from commit 9f9813bcd29bf196cd2e92c0d05947fafaf32efe) +--- + Make.defaults | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/Make.defaults b/Make.defaults +index 54a483d..17b53d8 100644 +--- a/Make.defaults ++++ b/Make.defaults +@@ -101,10 +101,6 @@ ifeq ($(ARCH),riscv64) + ARCH_GNUEFI ?= riscv64 + ARCH_SUFFIX ?= riscv64 + ARCH_SUFFIX_UPPER ?= RISCV64 +- FORMAT := -O binary +- SUBSYSTEM := 0xa +- ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) +- TIMESTAMP_LOCATION := 72 + endif + + DEFINES = -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \ +-- +2.44.0 + diff --git a/0004-Sync-elf_riscv64_efi.lds-with-gnu-efi.patch b/0004-Sync-elf_riscv64_efi.lds-with-gnu-efi.patch new file mode 100644 index 0000000..5d76fa3 --- /dev/null +++ b/0004-Sync-elf_riscv64_efi.lds-with-gnu-efi.patch @@ -0,0 +1,195 @@ +From cfb0c462b822a8b611044981f0f76a73a16e61ed Mon Sep 17 00:00:00 2001 +From: Jason Montleon +Date: Mon, 24 Jun 2024 02:29:30 -0400 +Subject: [PATCH 4/7] Sync elf_riscv64_efi.lds with gnu-efi + +Signed-off-by: Jason Montleon +--- + elf_riscv64_efi.lds | 134 ++++++++++++++++++++++++++------------------ + 1 file changed, 79 insertions(+), 55 deletions(-) + +diff --git a/elf_riscv64_efi.lds b/elf_riscv64_efi.lds +index 82bf118..e2bd896 100644 +--- a/elf_riscv64_efi.lds ++++ b/elf_riscv64_efi.lds +@@ -1,21 +1,37 @@ ++/* SPDX-License-Identifier: GPL-2.0+ OR BSD-2-Clause */ ++ + OUTPUT_FORMAT("elf64-littleriscv", "elf64-littleriscv", "elf64-littleriscv") + OUTPUT_ARCH(riscv) + ENTRY(_start) + SECTIONS + { +- .text 0x0 : { ++ . = 0; ++ ImageBase = .; ++ /* .hash and/or .gnu.hash MUST come first! */ ++ .hash : { *(.hash) } ++ .gnu.hash : { *(.gnu.hash) } ++ . = ALIGN(4096); ++ .eh_frame : { *(.eh_frame) } ++ .eh_frame_hdr : { *(.eh_frame_hdr) } ++ .gcc_except_table : { *(.gcc_except_table*) } ++ . = ALIGN(4096); ++ .text : { + _text = .; +- *(.text.head) + *(.text) + *(.text.*) + *(.gnu.linkonce.t.*) +- _evtext = .; +- . = ALIGN(4096); ++ *(.plt) ++ . = ALIGN(16); + } + _etext = .; +- _text_size = . - _text; +- _text_vsize = _evtext - _text; +- ++ _text_size = _etext - _text; ++ . = ALIGN(65536); ++ .reloc : ++ { ++ KEEP (*(.reloc)) ++ } ++ . = ALIGN(4096); ++ .dynamic : { *(.dynamic) } + . = ALIGN(4096); + .data : + { +@@ -27,7 +43,32 @@ SECTIONS + *(.got.plt) + *(.got) + +- *(.dynamic) ++ /* ++ * Note that these aren't the using the GNU "CONSTRUCTOR" output section ++ * command, so they don't start with a size. Because of p2align and the ++ * end/END definitions, and the fact that they're mergeable, they can also ++ * have NULLs which aren't guaranteed to be at the end. ++ */ ++ . = ALIGN(16); ++ __init_array_start = .; ++ *(SORT(.init_array.*)) ++ *(.init_array) ++ __init_array_end = .; ++ . = ALIGN(16); ++ __CTOR_LIST__ = .; ++ *(SORT(.ctors.*)) ++ *(.ctors) ++ __CTOR_END__ = .; ++ . = ALIGN(16); ++ __DTOR_LIST__ = .; ++ *(SORT(.dtors.*)) ++ *(.dtors) ++ __DTOR_END__ = .; ++ . = ALIGN(16); ++ __fini_array_start = .; ++ *(SORT(.fini_array.*)) ++ *(.fini_array) ++ __fini_array_end = .; + + /* the EFI loader doesn't seem to like a .bss section, so we stick + it all into .data: */ +@@ -36,23 +77,36 @@ SECTIONS + *(.sbss) + *(.scommon) + *(.dynbss) +- *(.bss) ++ *(.bss*) + *(COMMON) +- _evdata = .; +- . = ALIGN(4096); ++ *(.rel.local) ++ . = ALIGN(16); ++ + _bss_end = .; + } ++ ++ . = ALIGN(4096); ++ .rela : ++ { ++ *(.rela.text*) ++ *(.rela.data*) ++ *(.rela.got) ++ *(.rela.dyn) ++ *(.rela.stab) ++ *(.rela.init_array*) ++ *(.rela.fini_array*) ++ *(.rela.ctors*) ++ *(.rela.dtors*) ++ ++ } ++ . = ALIGN(4096); ++ .rela.plt : { *(.rela.plt) } ++ . = ALIGN(4096); ++ .rodata : { *(.rodata*) } ++ . = ALIGN(512); + _edata = .; +- _data_vsize = _evdata - _data; +- _data_size = . - _data; ++ _data_size = _edata - _data; + +- /* +- * Note that _sbat must be the beginning of the data, and _esbat must be the +- * end and must be before any section padding. The sbat self-check uses +- * _esbat to find the bounds of the data, and if the padding is included, the +- * CSV parser (correctly) rejects the data as having NUL values in one of the +- * required columns. +- */ + . = ALIGN(4096); + .sbat : + { +@@ -67,44 +121,14 @@ SECTIONS + _sbat_vsize = _esbat - _sbat; + + . = ALIGN(4096); +- .rodata : +- { +- _rodata = .; +- *(.rodata*) +- *(.srodata) +- . = ALIGN(16); +- *(.note.gnu.build-id) +- . = ALIGN(4096); +- *(.vendor_cert) +- *(.data.ident) +- . = ALIGN(4096); +- } ++ .dynsym : { *(.dynsym) } + . = ALIGN(4096); +- .rela : +- { +- *(.rela.dyn) +- *(.rela.plt) +- *(.rela.got) +- *(.rela.data) +- *(.rela.data*) +- } ++ .dynstr : { *(.dynstr) } + . = ALIGN(4096); +- .dyn : +- { +- *(.dynsym) +- *(.dynstr) +- _evrodata = .; +- . = ALIGN(4096); +- } +- _erodata = .; +- _rodata_size = . - _rodata; +- _rodata_vsize = _evrodata - _rodata; +- _alldata_size = . - _data; +- +- /DISCARD/ : ++ .note.gnu.build-id : { *(.note.gnu.build-id) } ++ .ignored.reloc : + { +- *(.rel.reloc) +- *(.eh_frame) ++ *(.rela.reloc) + *(.note.GNU-stack) + } + .comment 0 : { *(.comment) } +-- +2.44.0 + diff --git a/0005-Implement-__riscv_flush_icache.patch b/0005-Implement-__riscv_flush_icache.patch new file mode 100644 index 0000000..5c80dd0 --- /dev/null +++ b/0005-Implement-__riscv_flush_icache.patch @@ -0,0 +1,57 @@ +From eeb898078a9c5a97b4684bb1182a63c203d9b11e Mon Sep 17 00:00:00 2001 +From: Jason Montleon +Date: Tue, 25 Jun 2024 23:11:38 -0400 +Subject: [PATCH 5/7] Implement __riscv_flush_icache + +Signed-off-by: Jason Montleon +--- + lib/Makefile | 1 + + lib/riscv64/cache.S | 10 ++++++++++ + lib/riscv64/edk2asm.h | 6 ++++++ + 3 files changed, 17 insertions(+) + create mode 100644 lib/riscv64/cache.S + create mode 100644 lib/riscv64/edk2asm.h + +diff --git a/lib/Makefile b/lib/Makefile +index 0b79246..2846167 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -32,6 +32,7 @@ DEFINES += -DMDE_CPU_ARM + endif + ifeq ($(ARCH),riscv64) + DEFINES += -DMDE_CPU_RISCV64 ++LIBFILES += $(ARCH)/cache.o + endif + + LDFLAGS = -nostdlib -znocombreloc +diff --git a/lib/riscv64/cache.S b/lib/riscv64/cache.S +new file mode 100644 +index 0000000..b31d6d7 +--- /dev/null ++++ b/lib/riscv64/cache.S +@@ -0,0 +1,10 @@ ++#include "edk2asm.h" ++ ++ .file "cache.S" ++ .text ++ ++GCC_ASM_EXPORT(__riscv_flush_icache) ++ ++ASM_PFX(__riscv_flush_icache): ++ fence.i ++ ret +diff --git a/lib/riscv64/edk2asm.h b/lib/riscv64/edk2asm.h +new file mode 100644 +index 0000000..9515eaf +--- /dev/null ++++ b/lib/riscv64/edk2asm.h +@@ -0,0 +1,6 @@ ++ ++#define ASM_PFX(x) x ++#define GCC_ASM_EXPORT(x) \ ++ .globl x ; \ ++ .type x, %function ++ +-- +2.44.0 + diff --git a/0006-Use-correct-ReallocatePool-ABI.patch b/0006-Use-correct-ReallocatePool-ABI.patch new file mode 100644 index 0000000..cec4143 --- /dev/null +++ b/0006-Use-correct-ReallocatePool-ABI.patch @@ -0,0 +1,25 @@ +From c6855aea382efd71161815d51d5f14200afd2fbb Mon Sep 17 00:00:00 2001 +From: Jason Montleon +Date: Tue, 25 Jun 2024 23:38:40 -0400 +Subject: [PATCH 6/7] Use correct ReallocatePool ABI + +Signed-off-by: Jason Montleon +--- + Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Makefile b/Makefile +index 1698186..7869b4d 100644 +--- a/Makefile ++++ b/Makefile +@@ -24,6 +24,7 @@ include $(TOPDIR)/include/coverity.mk + include $(TOPDIR)/include/scan-build.mk + include $(TOPDIR)/include/fanalyzer.mk + ++CFLAGS += -DGNU_EFI_USE_REALLOCATEPOOL_ABI=0 + TARGETS = $(SHIMNAME) + TARGETS += $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug + ifneq ($(origin ENABLE_SHIM_HASH),undefined) +-- +2.44.0 + diff --git a/0007-Correct-signedness-when-calling-string-functions.patch b/0007-Correct-signedness-when-calling-string-functions.patch new file mode 100644 index 0000000..4a46b63 --- /dev/null +++ b/0007-Correct-signedness-when-calling-string-functions.patch @@ -0,0 +1,267 @@ +From caa2b9fc1d6a73a29efd8a90c663f2b8e761ba54 Mon Sep 17 00:00:00 2001 +From: Jason Montleon +Date: Mon, 8 Jul 2024 12:04:32 -0400 +Subject: [PATCH 7/7] Correct signedness when calling string functions. + +Signed-off-by: Jason Montleon +--- + Cryptlib/SysCall/BaseStrings.c | 4 ++-- + csv.c | 2 +- + httpboot.c | 20 ++++++++++---------- + mok.c | 2 +- + netboot.c | 22 +++++++++++----------- + sbat.c | 18 +++++++++--------- + tpm.c | 2 +- + 7 files changed, 35 insertions(+), 35 deletions(-) + +diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c +index 29a1610..11f9567 100644 +--- a/Cryptlib/SysCall/BaseStrings.c ++++ b/Cryptlib/SysCall/BaseStrings.c +@@ -3,7 +3,7 @@ + CHAR8 * + AsciiStrCat(CHAR8 *Destination, const CHAR8 *Source) + { +- UINTN dest_len = strlen((CHAR8 *)Destination); ++ UINTN dest_len = strlen((char *)Destination); + UINTN i; + + for (i = 0; Source[i] != '\0'; i++) +@@ -61,7 +61,7 @@ WriteUnaligned32(UINT32 *Buffer, UINT32 Value) + UINTN + AsciiStrSize(const CHAR8 *string) + { +- return strlen(string) + 1; ++ return strlen((char *)string) + 1; + } + + /* Based on AsciiStrDecimalToUintnS() in edk2 +diff --git a/csv.c b/csv.c +index 18460cd..81dbb83 100644 +--- a/csv.c ++++ b/csv.c +@@ -63,7 +63,7 @@ parse_csv_data(char *data, char *data_end, size_t n_columns, list_t *list) + } + + max = (uintptr_t)end - (uintptr_t)line + (end > line ? 1 : 0); +- if (is_utf8_bom(line, max)) ++ if (is_utf8_bom((CHAR8 *)line, max)) + + line += UTF8_BOM_SIZE; + +diff --git a/httpboot.c b/httpboot.c +index ac9ea25..5bdf1c8 100644 +--- a/httpboot.c ++++ b/httpboot.c +@@ -130,7 +130,7 @@ find_httpboot (EFI_HANDLE device) + + /* Save the current URI */ + UriNode = (URI_DEVICE_PATH *)Node; +- uri_size = strlen(UriNode->Uri); ++ uri_size = strlen((char *)UriNode->Uri); + uri = AllocatePool(uri_size + 1); + if (!uri) { + perror(L"Failed to allocate uri\n"); +@@ -156,10 +156,10 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader, + UINTN path_len = 0; + UINTN count = 0; + +- if (strncmp(current_uri, (CHAR8 *)"http://", 7) == 0) { ++ if (strncmp((char *)current_uri, "http://", 7) == 0) { + ptr = current_uri + 7; + count += 7; +- } else if (strncmp(current_uri, (CHAR8 *)"https://", 8) == 0) { ++ } else if (strncmp((char *)current_uri, "https://", 8) == 0) { + ptr = current_uri + 8; + count += 8; + } else { +@@ -167,7 +167,7 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader, + } + + /* Extract the path */ +- next_len = strlen(next_loader); ++ next_len = strlen((char *)next_loader); + while (*ptr != '\0') { + count++; + if (*ptr == '/') +@@ -192,9 +192,9 @@ extract_hostname (CONST CHAR8 *url, CHAR8 **hostname) + CONST CHAR8 *ptr, *start; + UINTN host_len = 0; + +- if (strncmp(url, (CHAR8 *)"http://", 7) == 0) ++ if (strncmp((char *)url, "http://", 7) == 0) + start = url + 7; +- else if (strncmp(url, (CHAR8 *)"https://", 8) == 0) ++ else if (strncmp((char *)url, "https://", 8) == 0) + start = url + 8; + else + return EFI_INVALID_PARAMETER; +@@ -571,8 +571,8 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size) + + /* Check the length of the file */ + for (i = 0; i < rx_message.HeaderCount; i++) { +- if (!strcasecmp(rx_message.Headers[i].FieldName, +- (CHAR8 *)"Content-Length")) { ++ if (!strcasecmp((char *)rx_message.Headers[i].FieldName, ++ "Content-Length")) { + *buf_size = ascii_to_int(rx_message.Headers[i].FieldValue); + } + } +@@ -731,8 +731,8 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size, + if (!uri) + return EFI_NOT_READY; + +- next_loader = (CHAR8 *)AllocatePool((strlen(name) + 1) * sizeof (CHAR8)); +- translate_slashes(next_loader, name); ++ next_loader = (CHAR8 *)AllocatePool((strlen((char *)name) + 1) * sizeof (CHAR8)); ++ translate_slashes((char *)next_loader, (char *)name); + + /* Create the URI for the next loader based on the original URI */ + efi_status = generate_next_uri(uri, next_loader, &next_uri); +diff --git a/mok.c b/mok.c +index 0ac3415..9563046 100644 +--- a/mok.c ++++ b/mok.c +@@ -1012,7 +1012,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) + struct mok_state_variable *v = &mok_state_variables[i]; + + ZeroMem(&config_template, sizeof(config_template)); +- strncpy(config_template.name, (CHAR8 *)v->rtname8, 255); ++ strncpy((char *)config_template.name, v->rtname8, 255); + config_template.name[255] = '\0'; + + config_template.data_size = v->data_size; +diff --git a/netboot.c b/netboot.c +index d8b1093..1e471af 100644 +--- a/netboot.c ++++ b/netboot.c +@@ -135,7 +135,7 @@ static CHAR8 *str2ip6(CHAR8 *str) + if (dotcount > MAX_IP6_DOTS) + return (CHAR8 *)ip; + +- len = strlen(str); ++ len = strlen((char *)str); + a = b = str; + for (i = p = 0; i < len; i++, b++) { + if (*b != ':') +@@ -170,7 +170,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name) + + while (name[template_len++] != '\0'); + template = (CHAR8 *)AllocatePool((template_len + 1) * sizeof (CHAR8)); +- translate_slashes(template, name); ++ translate_slashes((char *)template, (char *)name); + + // to check against str2ip6() errors + memset(ip6inv, 0, sizeof(ip6inv)); +@@ -210,17 +210,17 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name) + FreePool(template); + return FALSE; + } +- full_path = AllocateZeroPool(strlen(end)+strlen(template)+1); ++ full_path = AllocateZeroPool(strlen((char *)end)+strlen((char *)template)+1); + if (!full_path) { + FreePool(template); + return FALSE; + } +- memcpy(full_path, end, strlen(end)); ++ memcpy(full_path, end, strlen((char *)end)); + end = (CHAR8 *)strrchr((char *)full_path, '/'); + if (!end) + end = (CHAR8 *)full_path; +- memcpy(end, template, strlen(template)); +- end[strlen(template)] = '\0'; ++ memcpy(end, template, strlen((char *)template)); ++ end[strlen((char *)template)] = '\0'; + + FreePool(template); + return TRUE; +@@ -251,8 +251,8 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) + + while (name[template_len++] != '\0'); + template = (CHAR8 *)AllocatePool((template_len + 1) * sizeof (CHAR8)); +- translate_slashes(template, name); +- template_len = strlen(template) + 1; ++ translate_slashes((char *)template, (char *)name); ++ template_len = strlen((char *)template) + 1; + + if(pxe->Mode->ProxyOfferReceived) { + /* +@@ -272,7 +272,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) + pkt_v4 = &pxe->Mode->PxeReply.Dhcpv4; + } + +- INTN dir_len = strnlen((CHAR8 *)pkt_v4->BootpBootFile, 127); ++ INTN dir_len = strnlen((char *)pkt_v4->BootpBootFile, 127); + INTN i; + UINT8 *dir = pkt_v4->BootpBootFile; + +@@ -290,7 +290,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) + } + + if (dir_len > 0) { +- strncpy(full_path, (CHAR8 *)dir, dir_len); ++ strncpy((char *)full_path, (char *)dir, dir_len); + if (full_path[dir_len-1] == '/' && template[0] == '/') + full_path[dir_len-1] = '\0'; + /* +@@ -305,7 +305,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name) + } + if (dir_len == 0 && dir[0] != '/' && template[0] == '/') + template_ofs++; +- strcat(full_path, template + template_ofs); ++ strcat((char *)full_path, (char *)template + template_ofs); + memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4); + + FreePool(template); +diff --git a/sbat.c b/sbat.c +index 0695612..96b0631 100644 +--- a/sbat.c ++++ b/sbat.c +@@ -95,12 +95,12 @@ parse_sbat_section(char *section_base, size_t section_size, + struct csv_row * row; + size_t i; + const char **ptrs[] = { +- &entry->component_name, +- &entry->component_generation, +- &entry->vendor_name, +- &entry->vendor_package_name, +- &entry->vendor_version, +- &entry->vendor_url, ++ (const char **)&entry->component_name, ++ (const char **)&entry->component_generation, ++ (const char **)&entry->vendor_name, ++ (const char **)&entry->vendor_package_name, ++ (const char **)&entry->vendor_version, ++ (const char **)&entry->vendor_url, + }; + + +@@ -280,9 +280,9 @@ parse_sbat_var_data(list_t *entry_list, UINT8 *data, UINTN datasize) + struct csv_row * row; + size_t i; + const char **ptrs[] = { +- &entry->component_name, +- &entry->component_generation, +- &entry->sbat_datestamp, ++ (const char **)&entry->component_name, ++ (const char **)&entry->component_generation, ++ (const char **)&entry->sbat_datestamp, + }; + + row = list_entry(pos, struct csv_row, list); +diff --git a/tpm.c b/tpm.c +index 388f8d1..a1d00a0 100644 +--- a/tpm.c ++++ b/tpm.c +@@ -261,7 +261,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr, + const CHAR8 *description) + { + return tpm_log_event_raw(buf, size, pcr, description, +- strlen(description) + 1, EV_IPL, NULL); ++ strlen((char *)description) + 1, EV_IPL, NULL); + } + + EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, +-- +2.44.0 + diff --git a/BOOTRISCV64.csv b/BOOTRISCV64.csv new file mode 100644 index 0000000..d29e21d Binary files /dev/null and b/BOOTRISCV64.csv differ diff --git a/gnu-efi-33727c2abe8a77dca612f04abd19e10cc5e487fd.tar.gz b/gnu-efi-33727c2abe8a77dca612f04abd19e10cc5e487fd.tar.gz new file mode 100644 index 0000000..be2bbef Binary files /dev/null and b/gnu-efi-33727c2abe8a77dca612f04abd19e10cc5e487fd.tar.gz differ diff --git a/shim-0287c6b14c77eeb3e3c61996330850d43d937a2b.tar.gz b/shim-0287c6b14c77eeb3e3c61996330850d43d937a2b.tar.gz new file mode 100644 index 0000000..4ff0fa9 Binary files /dev/null and b/shim-0287c6b14c77eeb3e3c61996330850d43d937a2b.tar.gz differ diff --git a/shim.conf b/shim.conf index d25f720..aa68fae 100644 --- a/shim.conf +++ b/shim.conf @@ -1,4 +1,5 @@ shim-aa64 shim-arm shim-ia32 +shim-riscv64 shim-x64 diff --git a/shim.spec b/shim.spec index d84f3b8..0d6bfa6 100644 --- a/shim.spec +++ b/shim.spec @@ -3,9 +3,13 @@ %global _dist %{expand:%{?_module_build:%%{?dist}}} %global dist %{expand:%%{_dist}} -Name: shim -Version: 15.6 -Release: 2%{?dist} +%define debug_package %{nil} +%define shim_git_sha 0287c6b14c77eeb3e3c61996330850d43d937a2b +%define gnu_efi_git_sha 33727c2abe8a77dca612f04abd19e10cc5e487fd + +Name: shim-riscv64 +Version: 15.8 +Release: 3.0.riscv64%{?dist} Summary: First-stage UEFI bootloader License: BSD-3-Clause URL: https://github.com/rhboot/shim/ @@ -18,22 +22,20 @@ ExcludeArch: %{ix86} # but we don't build a .arm package, just a shim-arm.aarch64 package ExcludeArch: %{arm} -Source0: shim.rpmmacros -Source1: shim.conf +Source0: shim-%{shim_git_sha}.tar.gz +Source1: gnu-efi-%{gnu_efi_git_sha}.tar.gz +Source2: BOOTRISCV64.csv +Source3: shim.rpmmacros +Source4: shim.conf -# keep these two lists of sources synched up arch-wise. That is 0 and 10 -# match, 1 and 11 match, ... -Source10: BOOTAA64.CSV -Source20: shimaa64.efi -Source11: BOOTIA32.CSV -Source21: shimia32.efi -Source12: BOOTX64.CSV -Source22: shimx64.efi -#Source13: BOOTARM.CSV -#Source23: shimarm.efi - -%include %{SOURCE0} +Patch1: 0002-Initial-RISC-V-support.patch +Patch2: 0003-bug-Remove-extraneous-configuration-from-RISC-V.patch +Patch3: 0004-Sync-elf_riscv64_efi.lds-with-gnu-efi.patch +Patch4: 0005-Implement-__riscv_flush_icache.patch +Patch5: 0006-Use-correct-ReallocatePool-ABI.patch +Patch6: 0007-Correct-signedness-when-calling-string-functions.patch +BuildRequires: make BuildRequires: pesign >= 0.112-20.fc27 # We need this because %%{efi} won't expand before choosing where to make # the src.rpm in koji, and we could be on a non-efi architecture, in which @@ -60,53 +62,55 @@ the UEFI signing service. %endif %prep -cd %{_builddir} -rm -rf shim-%{version} -mkdir shim-%{version} +%setup -n shim-%{shim_git_sha} +%patch 1 -p1 +%patch 2 -p1 +%patch 3 -p1 +%patch 4 -p1 +%patch 5 -p1 +%patch 6 -p1 + +tar zxf %{SOURCE1} +rm -rf gnu-efi +mv gnu-efi-%{gnu_efi_git_sha} gnu-efi %build - -cd shim-%{version} -%if %{efi_has_alt_arch} -%define_build -a %{efi_alt_arch} -A %{efi_alt_arch_upper} -i %{shimefialt} -b no -c %{is_alt_signed} -d %{shimdiralt} -%endif -%define_build -a %{efi_arch} -A %{efi_arch_upper} -i %{shimefi} -b no -c %{is_signed} -d %{shimdir} +# Setting CFLAGS seems to break shim/gnu-efi/lib build +unset CFLAGS +make %install rm -rf $RPM_BUILD_ROOT -cd shim-%{version} install -D -d -m 0755 $RPM_BUILD_ROOT/boot/ install -D -d -m 0700 $RPM_BUILD_ROOT%{efi_esp_root}/ install -D -d -m 0700 $RPM_BUILD_ROOT%{efi_esp_efi}/ install -D -d -m 0700 $RPM_BUILD_ROOT%{efi_esp_dir}/ install -D -d -m 0700 $RPM_BUILD_ROOT%{efi_esp_boot}/ -%do_install -a %{efi_arch} -A %{efi_arch_upper} -b %{bootcsv} -%if %{efi_has_alt_arch} -%do_install -a %{efi_alt_arch} -A %{efi_alt_arch_upper} -b %{bootcsvalt} -%endif +install -m 0700 shim%{efi_arch}.efi $RPM_BUILD_ROOT%{efi_esp_dir}/shim%{efi_arch}.efi +install -m 0700 mm%{efi_arch}.efi $RPM_BUILD_ROOT%{efi_esp_dir}/mm%{efi_arch}.efi +install -m 0700 %{SOURCE2} $RPM_BUILD_ROOT%{efi_esp_dir}/BOOT%{efi_arch_upper}.CSV +install -m 0700 shim%{efi_arch}.efi $RPM_BUILD_ROOT%{efi_esp_boot}/BOOT%{efi_arch_upper}.EFI +install -m 0700 fb%{efi_arch}.efi $RPM_BUILD_ROOT%{efi_esp_boot}/fb%{efi_arch}.efi -%if %{provide_legacy_shim} -install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi -%endif install -D -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/ -install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/ +install -m 0644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/ ( cd $RPM_BUILD_ROOT ; find .%{efi_esp_root} -type f ) \ | sed -e 's/\./\^/' -e 's,^\\\./,.*/,' -e 's,$,$,' > %{__brp_mangle_shebangs_exclude_from_file} -%define_files -a %{efi_arch} -A %{efi_arch_upper} -%if %{provide_legacy_shim} -%{efi_esp_dir}/shim.efi -%endif +%files +%{efi_esp_dir}/shim%{efi_arch}.efi +%{efi_esp_dir}/mm%{efi_arch}.efi +%{efi_esp_dir}/BOOT%{efi_arch_upper}.CSV +%{efi_esp_boot}/BOOT%{efi_arch_upper}.EFI +%{efi_esp_boot}/fb%{efi_arch}.efi %{_sysconfdir}/dnf/protected.d/shim.conf -%if %{efi_has_alt_arch} -%define_files -a %{efi_alt_arch} -A %{efi_alt_arch_upper} -%{_sysconfdir}/dnf/protected.d/shim.conf -%endif - %changelog +* Tue Jun 25 2024 Jason Montleon - 15.8-3.0.riscv64 +- Build for riscv64 + * Thu Jul 07 2022 Robbie Harwood - 15.6-2 - Update aarch64 (only) with relocation fixes - Resolves: #2101248