diff options
| author | Peter Jones <pjones@redhat.com> | 2019-03-15 09:52:02 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2020-07-23 20:52:12 -0400 |
| commit | 10d6e3d90f1ea504a1dedaea50478c444e92951c (patch) | |
| tree | 65780af930ad2fc0097d23e9350eb479684831da | |
| parent | 344a8364cb05cdaafc43231d0f73d5217c4e118c (diff) | |
| download | efi-boot-shim-10d6e3d90f1ea504a1dedaea50478c444e92951c.tar.gz efi-boot-shim-10d6e3d90f1ea504a1dedaea50478c444e92951c.zip | |
Once again, try even harder to get binaries without timestamps in them.
$ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date'
Time/Date Thu Jan 1 00:00:08 1970
$ _
"What is despair? I have known it—hear my song. Despair is when you’re
debugging a kernel driver and you look at a memory dump and you see that
a pointer has a value of 7."
- http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf
objcopy only knows about -D for some targets.
ld only believes in --no-insert-timestamp in some versions.
dd takes off and nukes the site from orbit.
It's the only way to be sure.
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: a4a1fbe728c
| -rw-r--r-- | Make.defaults | 4 | ||||
| -rw-r--r-- | Makefile | 6 |
2 files changed, 8 insertions, 2 deletions
diff --git a/Make.defaults b/Make.defaults index 09807bd8..f0bfa9fd 100644 --- a/Make.defaults +++ b/Make.defaults @@ -50,6 +50,7 @@ ifeq ($(ARCH),x86_64) ARCH_SUFFIX ?= x64 ARCH_SUFFIX_UPPER ?= X64 ARCH_LDFLAGS ?= + TIMESTAMP_LOCATION := 136 endif ifeq ($(ARCH),ia32) ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ @@ -60,6 +61,7 @@ ifeq ($(ARCH),ia32) ARCH_SUFFIX_UPPER ?= IA32 ARCH_LDFLAGS ?= ARCH_CFLAGS ?= -m32 + TIMESTAMP_LOCATION := 136 endif ifeq ($(ARCH),aarch64) ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align @@ -70,6 +72,7 @@ ifeq ($(ARCH),aarch64) SUBSYSTEM := 0xa ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ARCH_CFLAGS ?= + TIMESTAMP_LOCATION := 72 endif ifeq ($(ARCH),arm) ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access @@ -79,6 +82,7 @@ ifeq ($(ARCH),arm) FORMAT := -O binary SUBSYSTEM := 0xa ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + TIMESTAMP_LOCATION := 72 endif CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ @@ -189,11 +189,13 @@ endif ifneq ($(OBJCOPY_GTE224),1) $(error objcopy >= 2.24 is required) endif - $(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \ + $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \ -j .dynamic -j .dynsym -j .rel* \ -j .rela* -j .reloc -j .eh_frame \ -j .vendor_cert \ $(FORMAT) $^ $@ + # I am tired of wasting my time fighting binutils timestamp code. + dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@ ifneq ($(origin ENABLE_SHIM_HASH),undefined) %.hash : %.efi @@ -204,7 +206,7 @@ endif ifneq ($(OBJCOPY_GTE224),1) $(error objcopy >= 2.24 is required) endif - $(OBJCOPY) -j .text -j .sdata -j .data \ + $(OBJCOPY) -D -j .text -j .sdata -j .data \ -j .dynamic -j .dynsym -j .rel* \ -j .rela* -j .reloc -j .eh_frame \ -j .debug_info -j .debug_abbrev -j .debug_aranges \ |