From patchwork Tue Apr 18 13:49:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13215740 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 64574C77B78 for ; Tue, 18 Apr 2023 13:50:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=ysgnD4SrJoeQecAW+S8zu8qKd6S2BTreltyJSqAfvlk=; b=fregNTFRufeBrF WhQLpl7IITJnjSpHARyt7hqyVYxumWli+0APous4HzT8oQTJupbJB4whQDVV/U5zjS8tLh+xOuKYV psK7nOe09ec4xsjn/cnt/AQrFRVsHAgu49nCFp+gC5zKlwQuB8d3/yQDPOyAnFZWvcG/2rFxdTXa+ zFxZLsmzaAG5TI/dBKtW25C9aeXDEOfc/xSzCPDWoWL0HOrSpJTc+y+85ptt3YP4FUhtKeoPRI7E3 vD1EcaSaBbJ6H02/NTxDxATu8EzW0IKtmrKYiumiJa7j7bk3lLawzL3QWJ+kwlyiv4MTPPKr0LyYt Y2CsurpI8MY9l379wl4Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1polif-002K4V-1f; Tue, 18 Apr 2023 13:50:05 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1polic-002K3o-0w for linux-arm-kernel@lists.infradead.org; Tue, 18 Apr 2023 13:50:03 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CC3FC62816; Tue, 18 Apr 2023 13:50:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B6E59C433D2; Tue, 18 Apr 2023 13:49:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1681825801; bh=2ByK/0kia9G6JKOfj69pt/lG+ugP0FXXlC2klH9ZMxs=; h=From:To:Cc:Subject:Date:From; b=jga1qyp7YCXGuwFH+cZwO+jj3GyYezmfToRx57St1O7dl1TU0nG5ChSxHBaFjUXVL 4EELv6SAtxnODxgyGfrJ2CoF29QbuBHxIVkskklfQ3C4nRY5R+geshpxM16JVOlPFq Qp8htAb0ktrSGx5W4+V91xYsXHaaI99w/fi4EEN0crY3yM92IDJ/PTtTAWZEwQ1msr kEq05PcqEC9wn63CMnN+L7IgMRcSabDAs/UWrmvFytM1v7G2F/FKdZX95eT0+i5JMQ pZeDPnqiD9INWmIf28HR/in/A93DHgQmr00CmtNZEMa5jseoH/He/NzjNscQvd5tQU a5mQQisAMZtTA== From: Ard Biesheuvel To: linux-efi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, broonie@kernel.org, will@kernel.org, catalin.marinas@arm.com, Ard Biesheuvel Subject: [PATCH v2 0/6] arm64/efi/zboot: Clean up and enable BTI annotation Date: Tue, 18 Apr 2023 15:49:46 +0200 Message-Id: <20230418134952.1170141-1-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1722; i=ardb@kernel.org; h=from:subject; bh=2ByK/0kia9G6JKOfj69pt/lG+ugP0FXXlC2klH9ZMxs=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIcVu/g/rdCn7voedi+9tz3A5nMQtKjvjzsb//BNEvNJe3 T7b9jqjo5SFQYyDQVZMkUVg9t93O09PlKp1niULM4eVCWQIAxenAExk8mVGhsPSjxZMsXqz3e3R J3Yfofvfim2vvHpxlDOu9lTbm+ctcx4wMiw6dDuUTc6e4/m6bWvmTglX+6OaxPPmhdfmfwaO4qn LxdgA X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230418_065002_365978_B2E2FCCD X-CRM114-Status: GOOD ( 12.19 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Some tweaks for the arm64 EFI header and the zboot version, to add the annotation that informs the loader that the code regions may be mapped with BTI enforcement enabled. As a related cleanup, add the combined codesize (text+rodata+inittext) to the arm64 Image header, so the EFI zboot loader can grab it from the image after decompressing it. Changes since v1: - instead of adding a proper header field, only pass the code size via the image header when generating the zboot image, using the text_offset field which still has meaning in the bare metal ABI (which means bare metal loaders must honour it) but is actually no longer in use. Ard Biesheuvel (6): efi/pe: Import new BTI/IBT header flags from the spec arm64: efi: Enable BTI codegen and add PE/COFF annotation efi/zboot: arm64: Poke kernel code size into the zboot payload image header efi/zboot: Add BSS padding before compression efi/zboot: Set forward edge CFI compat header flag if supported efi/zboot: arm64: Grab code size from image header arch/arm64/boot/Makefile | 24 ++++++- arch/arm64/kernel/efi-header.S | 71 ++++++++++++-------- arch/arm64/kernel/image-vars.h | 4 ++ drivers/firmware/efi/libstub/Makefile | 3 +- drivers/firmware/efi/libstub/Makefile.zboot | 41 +++++++---- drivers/firmware/efi/libstub/arm64.c | 26 +++++-- drivers/firmware/efi/libstub/efistub.h | 3 +- drivers/firmware/efi/libstub/zboot-header.S | 51 +++++++++----- drivers/firmware/efi/libstub/zboot.c | 13 +--- include/linux/pe.h | 4 ++ 10 files changed, 160 insertions(+), 80 deletions(-)