diff options
| author | Peter Jones <pjones@redhat.com> | 2021-05-13 20:42:18 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2021-05-25 11:03:26 -0400 |
| commit | 05875f3aed1c90fe071c66de05744ca2bcbc2b9e (patch) | |
| tree | f5b63763e51d5332458a2aa43ec941df4a20f278 /Makefile | |
| parent | 493bd940e5c6e28e673034687de7adef9529efff (diff) | |
| download | efi-boot-shim-05875f3aed1c90fe071c66de05744ca2bcbc2b9e.tar.gz efi-boot-shim-05875f3aed1c90fe071c66de05744ca2bcbc2b9e.zip | |
Post-process our PE to be sure.
On some versions of binutils[0], including binutils-2.23.52.0.1-55.el7,
do not correctly initialize the data when computing the PE optional
header checksum. Unfortunately, this means that any time you get a
build that reproduces correctly using the version of objcopy from those
versions, it's just a matter of luck.
This patch introduces a new utility program, post-process-pe, which does
some basic validation of the resulting binaries, and if necessary,
performs some minor repairs:
- sets the timestamp to 0
- this was previously done with dd using constant offsets that aren't
really safe.
- re-computes the checksum.
[0] I suspect, but have not yet fully verified, that this is
accidentally fixed by the following upstream binutils commit:
commit cf7a3c01d82abdf110ef85ab770e5997d8ac28ac
Author: Alan Modra <amodra@gmail.com>
Date: Tue Dec 15 22:09:30 2020 +1030
Lose some COFF/PE static vars, and peicode.h constify
This patch tidies some COFF and PE code that unnecessarily used static
variables to communicate between functions.
v2 - MAP_PRIVATE was totally wrong...
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -121,9 +121,10 @@ sbat_data.o : /dev/null $@ $(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@)) -$(SHIMNAME) : $(SHIMSONAME) -$(MMNAME) : $(MMSONAME) -$(FBNAME) : $(FBSONAME) +$(SHIMNAME) : $(SHIMSONAME) post-process-pe +$(MMNAME) : $(MMSONAME) post-process-pe +$(FBNAME) : $(FBSONAME) post-process-pe +$(SHIMNAME) $(MMNAME) $(FBNAME) : | post-process-pe LIBS = Cryptlib/libcryptlib.a \ Cryptlib/OpenSSL/libopenssl.a \ @@ -164,6 +165,9 @@ lib/lib.a: | $(TOPDIR)/lib/Makefile $(wildcard $(TOPDIR)/include/*.[ch]) mkdir -p lib $(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) -C lib -f $(TOPDIR)/lib/Makefile +post-process-pe : $(TOPDIR)/post-process-pe.c + $(HOSTCC) -std=gnu11 -Og -g3 -Wall -Wextra -Wno-missing-field-initializers -Werror -o $@ $< + buildid : $(TOPDIR)/buildid.c $(HOSTCC) -I/usr/include -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf @@ -246,8 +250,7 @@ endif -j .rela* -j .reloc -j .eh_frame \ -j .vendor_cert -j .sbat \ $(FORMAT) $< $@ - # I am tired of wasting my time fighting binutils timestamp code. - dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@ + ./post-process-pe -vv $@ ifneq ($(origin ENABLE_SHIM_HASH),undefined) %.hash : %.efi |