Re: [Gnu-efi-discuss] Add the .sbat section to the section map
Brought to you by:
noxorc
Menu
▾
▴
Re: [Gnu-efi-discuss] Add the .sbat section to the section map
|
From: Nigel C. <nc...@re...> - 2024-03-27 13:38:58
|
Enabled... https://github.com/ncroxon/gnu-efi/discussions -Nigel On 3/27/24 7:48 AM, Callum Farmer wrote: > > > On Tue, 26 Mar 2024, 17:54 Heinrich Schuchardt via Gnu-efi-discuss, > <gnu...@li...> wrote: > > On 3/25/24 11:06, Richard Hughes wrote: > > This has been part of fwupd-efi for a long time now. > > > > Also; I can't pretend to understand all this, so please review this > > carefully and let me know what you think. For those following along, > > I'm trying to unfork the fedora gnu-efi version of gnu-efi (99% > done), > > and also unfork the lds and .S parts of fwupd-efi that we use as a > > fallback. > > > > Richard. > > Hello Richard, > > Getting the different version of gnu-efi into line is a good idea. > > Could you, please, fork gnu-efi on > https://sourceforge.net/p/gnu-efi/code/ and create a merge request. > > > Migrated to GitHub since March 22 > (https://github.com/ncroxon/gnu-efi) > > Mainly for Nigel; We also could do with enabling GH Discussions so > this mailing list can also go aswell > (Reference: > https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/enabling-or-disabling-github-discussions-for-a-repository) > > > As .sbat sections are not in the PE/COFF and UEFI specifications the > commit message should provide some context, e.g. > > "Multiple projects including fwupd, shim, and GRUB use a CSV file > copied > to a section named .sbat for fine grained security control in a UEFI > secure boot environment. For details see > https://github.com/rhboot/shim/blob/main/SBAT.md." > > Your patch only modifies the linker scripts. Without modifying > ./gnuefi/crt0-efi-<arch>.S the .sbat section will be missing in the > section table. Without updating Make.rules no .sbat section data > will be > copied into the EFI binary. README.gnuefi should describe how to > build a > binary with .sbat data. > > Best regards > > Heinrich > > The only issue I have with this patch, is I believe there used to be > an issue with empty sections (if no SBAT data, the section will be > empty) with the UEFI loader, I don't know if it's been fixed > > Although SBAT is (mostly) always needed now (Secure Boot) so we could > just simply require it > > > > > _______________________________________________ > Gnu-efi-discuss mailing list > Gnu...@li... > https://lists.sourceforge.net/lists/listinfo/gnu-efi-discuss > > > Many thanks, > > Callum F > > > > > _______________________________________________ > Gnu-efi-discuss mailing list > Gnu...@li... > https://lists.sourceforge.net/lists/listinfo/gnu-efi-discuss |
