From patchwork Tue Apr 4 15:19:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13200468 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A7CF9C761A6 for ; Tue, 4 Apr 2023 15:20:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=nxfFroI3hJr/XiLzjfwhi40aOClpk6tJ4ijd/Fgfkmc=; b=x72qermMAshhf2 +HvjQMHwfMJHWp5x1jWeewauD6NLOE6SM+NvMfLaNUyGLOqm3rE1rChFPnU/KyepZWz/hgWpozEel HKyZmXLMEWTakNkEE5xLA/rRTROHh6wO5JbHjrvACcOydwbaAEPlnMHM6QWbXvOKK3puvhdB11FgG we/ZrtC/7toK8JpyAj7GTknh54KosIgPylBVj0HZqTw33aGqjKC26r+CMnd3Qib84cn5vOw2iO5VW IFCUtFxJZvBpYhgMiCAqsjIGzJwDQgcS9oksqMHaYtqn7X6hUqYzRewPdFlY0CyCI87uKihbiFRE2 bgLihcLiSW2QDzcK4/FQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSD-001xnt-1q; Tue, 04 Apr 2023 15:20:13 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1pjiSA-001xlO-0t for linux-arm-kernel@lists.infradead.org; Tue, 04 Apr 2023 15:20:11 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 53A4D635CB; Tue, 4 Apr 2023 15:20:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2D8DCC433EF; Tue, 4 Apr 2023 15:20:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1680621606; bh=bmx05/9L9HmqEuX9FxtcTRzHw8Tj9+xjoqSPcHU9RrE=; h=From:To:Cc:Subject:Date:From; b=gWYnS+BHUWP927mDpZBhn2USrwWBCauWknnLAEc78npzuFfs2L52FOOx7eJlz/WmN xnsv95l1s54ky3JysdOnIADN8Eror4TLgWZ1fNGovoPjFySQHYbRFjrosmKT/zJlpH bd3v6DGyunRpE8Z1nSHYAmmeQ0LaBGdMHOm6vdz+V6MJe6ObL8yxqYaUeEvdAMooq3 XUbGRFjgJ6dtMUe1o9yo99CqJMMoF1dA8QjtQ/YXhb1wqn76A+MutsRKCSq6mVSqnW 4MOTiCGrYt1qxU1jJxyE4OIZXVPDGDaszPzqgfwVM5hBMAsqo6pqPZ00ZpxA7lVSy5 DdcBpxRYM+tcw== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com, broonie@Kernel.org, Ard Biesheuvel Subject: [PATCH 0/6] arm64/efi/zboot: Clean up and enable BTI annotation Date: Tue, 4 Apr 2023 17:19:53 +0200 Message-Id: <20230404151959.2774612-1-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1533; i=ardb@kernel.org; h=from:subject; bh=bmx05/9L9HmqEuX9FxtcTRzHw8Tj9+xjoqSPcHU9RrE=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIUXHQWx38d6qeBP1CxE1xWfc1k8pcrnWd+rZ2vrXJr9yp RZz7W3qKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABNZps3wV252uPl20bIrZybJ 7I6y+p+Y+yfsI0d9mP4rJp6lF6/d0mf47xKjf6ru87flMnU6Cl9eFd//0uxp5rjZflsL17at6Z0 2rAA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230404_082010_352563_E832E357 X-CRM114-Status: GOOD ( 11.11 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Some tweaks for the arm64 EFI header and the zboot version, to add the annotation that informs the loader that the code regions may be mapped with BTI enforcement enabled. As a related cleanup, add the combined codesize (text+rodata+inittext) to the arm64 Image header, so the EFI zboot loader can grab it from the image after decompressing it. Ard Biesheuvel (6): efi/pe: Import new BTI/IBT header flags from the spec arm64: efi: Enable BTI codegen and add PE/COFF annotation arm64: image: Add code size to the image header efi/zboot: Add BSS padding before compression efi/zboot: Set forward edge CFI compat header flag if supported efi/zboot: arm64: Grab code size from image header Documentation/arm64/booting.rst | 3 +- arch/arm64/boot/Makefile | 1 + arch/arm64/include/asm/image.h | 3 +- arch/arm64/kernel/efi-header.S | 71 ++++++++++++-------- arch/arm64/kernel/head.S | 3 +- arch/arm64/kernel/image.h | 10 ++- drivers/firmware/efi/libstub/Makefile | 3 +- drivers/firmware/efi/libstub/Makefile.zboot | 41 +++++++---- drivers/firmware/efi/libstub/arm64.c | 18 +++-- drivers/firmware/efi/libstub/efistub.h | 3 +- drivers/firmware/efi/libstub/zboot-header.S | 51 +++++++++----- drivers/firmware/efi/libstub/zboot.c | 13 +--- include/linux/pe.h | 4 ++ 13 files changed, 139 insertions(+), 85 deletions(-)