summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile12
-rw-r--r--elf_aarch64_efi.lds4
-rw-r--r--elf_arm_efi.lds4
-rw-r--r--elf_ia32_efi.lds5
-rw-r--r--elf_ia64_efi.lds5
-rw-r--r--elf_x86_64_efi.lds6
-rw-r--r--fallback.c35
-rw-r--r--shim.c49
8 files changed, 113 insertions, 7 deletions
diff --git a/Makefile b/Makefile
index 83cf374a..547cec5e 100644
--- a/Makefile
+++ b/Makefile
@@ -35,11 +35,16 @@ endif
ifeq ($(ARCH),x86_64)
CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \
-maccumulate-outgoing-args \
- -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
+ -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \
+ "-DEFI_ARCH=L\"x64\""
endif
ifeq ($(ARCH),ia32)
CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \
- -maccumulate-outgoing-args -m32
+ -maccumulate-outgoing-args -m32 \
+ "-DEFI_ARCH=L\"ia32\""
+endif
+ifeq ($(ARCH),aarch64)
+ CFLAGS += "-DEFI_ARCH=L\"aa64\""
endif
ifneq ($(origin VENDOR_CERT_FILE), undefined)
@@ -49,7 +54,7 @@ ifneq ($(origin VENDOR_DBX_FILE), undefined)
CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
endif
-LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS)
+LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1
VERSION = 0.8
@@ -141,6 +146,7 @@ endif
-j .rela* -j .reloc -j .eh_frame \
-j .debug_info -j .debug_abbrev -j .debug_aranges \
-j .debug_line -j .debug_str -j .debug_ranges \
+ -j .note.gnu.build-id \
$(FORMAT) $^ $@.debug
%.efi.signed: %.efi certdb/secmod.db
diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds
index 9c9a0555..d4f3a503 100644
--- a/elf_aarch64_efi.lds
+++ b/elf_aarch64_efi.lds
@@ -4,6 +4,7 @@ ENTRY(_start)
SECTIONS
{
.text 0x0 : {
+ _text = .;
*(.text.head)
*(.text)
*(.text.*)
@@ -16,6 +17,7 @@ SECTIONS
.dynamic : { *(.dynamic) }
.data :
{
+ _data = .;
*(.sdata)
*(.data)
*(.data1)
@@ -48,7 +50,7 @@ SECTIONS
.rela.got : { *(.rela.got) }
.rela.data : { *(.rela.data) *(.rela.data*) }
_edata = .;
- _data_size = . - _etext;
+ _data_size = . - _data;
. = ALIGN(4096);
.dynsym : { *(.dynsym) }
diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds
index c5dc2983..1a64a3bb 100644
--- a/elf_arm_efi.lds
+++ b/elf_arm_efi.lds
@@ -4,6 +4,7 @@ ENTRY(_start)
SECTIONS
{
.text 0x0 : {
+ _text = .;
*(.text.head)
*(.text)
*(.text.*)
@@ -16,6 +17,7 @@ SECTIONS
.dynamic : { *(.dynamic) }
.data :
{
+ _data = .;
*(.sdata)
*(.data)
*(.data1)
@@ -48,7 +50,7 @@ SECTIONS
.rel.got : { *(.rel.got) }
.rel.data : { *(.rel.data) *(.rel.data*) }
_edata = .;
- _data_size = . - _etext;
+ _data_size = . - _data;
. = ALIGN(4096);
.dynsym : { *(.dynsym) }
diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
index 12d4085b..9030fea8 100644
--- a/elf_ia32_efi.lds
+++ b/elf_ia32_efi.lds
@@ -9,9 +9,11 @@ SECTIONS
. = ALIGN(4096);
.text :
{
+ _text = .;
*(.text)
*(.text.*)
*(.gnu.linkonce.t.*)
+ _etext = .;
}
.reloc :
{
@@ -20,6 +22,7 @@ SECTIONS
. = ALIGN(4096);
.data :
{
+ _data = .;
*(.rodata*)
*(.data)
*(.data1)
@@ -54,6 +57,8 @@ SECTIONS
*(.data.rel.ro)
*(.data.rel*)
}
+ _edata = .;
+ _data_size = . - _data;
. = ALIGN(4096);
.dynsym : { *(.dynsym) }
. = ALIGN(4096);
diff --git a/elf_ia64_efi.lds b/elf_ia64_efi.lds
index d8dea4b7..7cb506dc 100644
--- a/elf_ia64_efi.lds
+++ b/elf_ia64_efi.lds
@@ -9,14 +9,17 @@ SECTIONS
. = ALIGN(4096);
.text :
{
+ _text = .;
*(.text)
*(.text.*)
*(.gnu.linkonce.t.*)
+ _etext = .;
}
. = ALIGN(4096);
__gp = ALIGN (8) + 0x200000;
.sdata :
{
+ _data = .;
*(.got.plt)
*(.got)
*(.srodata)
@@ -56,6 +59,8 @@ SECTIONS
*(.rela.stab)
*(.rela.ctors)
}
+ _edata = .;
+ _data_size = . - _data;
. = ALIGN(4096);
.reloc : /* This is the PECOFF .reloc section! */
{
diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds
index f9811028..68072105 100644
--- a/elf_x86_64_efi.lds
+++ b/elf_x86_64_efi.lds
@@ -15,7 +15,9 @@ SECTIONS
. = ALIGN(4096);
.text :
{
+ _text = .;
*(.text)
+ _etext = .;
}
. = ALIGN(4096);
.reloc :
@@ -25,6 +27,7 @@ SECTIONS
. = ALIGN(4096);
.data :
{
+ _data = .;
*(.rodata*)
*(.got.plt)
*(.got)
@@ -53,6 +56,9 @@ SECTIONS
*(.rela.got)
*(.rela.stab)
}
+ _edata = .;
+ _data_size = . - _data;
+
. = ALIGN(4096);
.dynsym : { *(.dynsym) }
. = ALIGN(4096);
diff --git a/fallback.c b/fallback.c
index 8489b2e8..cf578d69 100644
--- a/fallback.c
+++ b/fallback.c
@@ -11,6 +11,7 @@
#include <efilib.h>
#include "ucs2.h"
+#include "variables.h"
EFI_LOADED_IMAGE *this_image = NULL;
@@ -791,6 +792,35 @@ try_start_first_option(EFI_HANDLE parent_image_handle)
return rc;
}
+EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };
+extern EFI_STATUS
+efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab);
+
+static void
+__attribute__((__optimize__("0")))
+debug_hook(void)
+{
+ EFI_GUID guid = SHIM_LOCK_GUID;
+ UINT8 *data = NULL;
+ UINTN dataSize = 0;
+ EFI_STATUS efi_status;
+ volatile register int x = 0;
+ extern char _etext, _edata;
+
+ efi_status = get_variable(L"SHIM_DEBUG", &data, &dataSize, guid);
+ if (EFI_ERROR(efi_status)) {
+ return;
+ }
+
+ if (x)
+ return;
+
+ x = 1;
+ Print(L"add-symbol-file /usr/lib/debug/usr/share/shim/"
+ EFI_ARCH"/fallback.debug %p -s .data %p\n", &_etext,
+ &_edata);
+}
+
EFI_STATUS
efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
{
@@ -798,6 +828,11 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab)
InitializeLib(image, systab);
+ /*
+ * if SHIM_DEBUG is set, wait for a debugger to attach.
+ */
+ debug_hook();
+
rc = uefi_call_wrapper(BS->HandleProtocol, 3, image, &LoadedImageProtocol, (void *)&this_image);
if (EFI_ERROR(rc)) {
Print(L"Error: could not find loaded image: %d\n", rc);
diff --git a/shim.c b/shim.c
index c8dc8926..751878f7 100644
--- a/shim.c
+++ b/shim.c
@@ -2136,8 +2136,48 @@ shim_fini(void)
setup_console(0);
}
-EFI_STATUS efi_main (EFI_HANDLE passed_image_handle,
- EFI_SYSTEM_TABLE *passed_systab)
+extern EFI_STATUS
+efi_main(EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab);
+
+static void
+__attribute__((__optimize__("0")))
+debug_hook(void)
+{
+ EFI_GUID guid = SHIM_LOCK_GUID;
+ UINT8 *data = NULL;
+ UINTN dataSize = 0;
+ EFI_STATUS efi_status;
+ volatile register int x = 0;
+ extern char _text, _data;
+
+ if (x)
+ return;
+
+ efi_status = get_variable(L"SHIM_DEBUG", &data, &dataSize, guid);
+ if (EFI_ERROR(efi_status)) {
+ return;
+ }
+
+ Print(L"add-symbol-file /usr/lib/debug/usr/share/shim/"
+ EFI_ARCH"/shim.debug 0x%08x -s .data 0x%08x\n", &_text,
+ &_data);
+
+ Print(L"Pausing for debugger attachment.\n");
+ x = 1;
+ while (x) {
+#if defined(__x86_64__) || defined(__i386__) || defined(__i686__)
+ __asm__ __volatile__("pause");
+#elif defined(__aarch64__)
+ __asm__ __volatile__("wfi");
+#else
+ uefi_call_wrapper(BS->Stall, 1, 50000);
+#endif
+ }
+ x = 1;
+}
+
+EFI_STATUS
+efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
{
EFI_STATUS efi_status;
@@ -2165,6 +2205,11 @@ EFI_STATUS efi_main (EFI_HANDLE passed_image_handle,
InitializeLib(image_handle, systab);
/*
+ * if SHIM_DEBUG is set, wait for a debugger to attach.
+ */
+ debug_hook();
+
+ /*
* Check whether the user has configured the system to run in
* insecure mode
*/
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-17 19:56:17 +0000