Re: [Gnu-efi-discuss] Add the .sbat section to the section map
Brought to you by:
noxorc
Menu
▾
▴
Re: [Gnu-efi-discuss] Add the .sbat section to the section map
|
From: Heinrich S. <xyp...@gm...> - 2024-03-26 17:54:31
|
On 3/25/24 11:06, Richard Hughes wrote: > This has been part of fwupd-efi for a long time now. > > Also; I can't pretend to understand all this, so please review this > carefully and let me know what you think. For those following along, > I'm trying to unfork the fedora gnu-efi version of gnu-efi (99% done), > and also unfork the lds and .S parts of fwupd-efi that we use as a > fallback. > > Richard. Hello Richard, Getting the different version of gnu-efi into line is a good idea. Could you, please, fork gnu-efi on https://sourceforge.net/p/gnu-efi/code/ and create a merge request. As .sbat sections are not in the PE/COFF and UEFI specifications the commit message should provide some context, e.g. "Multiple projects including fwupd, shim, and GRUB use a CSV file copied to a section named .sbat for fine grained security control in a UEFI secure boot environment. For details see https://github.com/rhboot/shim/blob/main/SBAT.md." Your patch only modifies the linker scripts. Without modifying ./gnuefi/crt0-efi-<arch>.S the .sbat section will be missing in the section table. Without updating Make.rules no .sbat section data will be copied into the EFI binary. README.gnuefi should describe how to build a binary with .sbat data. Best regards Heinrich |
