summaryrefslogtreecommitdiff
path: root/elf_ia32_efi.lds
AgeCommit message (Collapse)Author
2015-06-29Make sure our build-id notes wind up at a reasonable place.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-06-29Add a conditional point for a debugger to attach.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-09-30Revert header changesPeter Jones
Revert "Do the same for ia32..." and "Generate a sane PE header on shim, fallback, and MokManager." This reverts commit 6744a7ef8eca44948565c3d1244ec931ed3f6fee. and commit 0e7ba5947eb38b79de2051ecf3b95055e620475c. These are premature and I can do this without such drastic measures. Signed-off-by: Peter Jones <pjones@redhat.com>
2014-09-21Do the same for ia32...Peter Jones
Once again, on ia32 this time, we see: 00000120 47 84 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |G...............| Which is where the pointer on ia32 for the Base Relocation Table should be. It points to 0x8447, which isn't a particularly reasonable address as numbers go, and happens to have this data there: 00008440 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 65 00 |o.n.f.i.g.u.r.e.| 00008450 00 00 49 00 50 00 76 00 36 00 28 00 00 00 2c 00 |..I.P.v.6.(...,.| 00008460 25 00 73 00 2c 00 00 00 29 00 00 00 25 00 64 00 |%.s.,...)...%.d.| 00008470 2e 00 25 00 64 00 2e 00 25 00 64 00 2e 00 25 00 |..%.d...%.d...%.| 00008480 64 00 00 00 44 00 48 00 43 00 50 00 00 00 49 00 |d...D.H.C.P...I.| 00008490 50 00 76 00 34 00 28 00 00 00 2c 00 25 00 73 00 |P.v.4.(...,.%.s.| And so that table is, in theory, this part: 00008447 00 67 00 75 00 72 00 65 00 | .g.u.r.e.| 00008450 00 |. | Which is pretty clearly not a pointer table of any kind. So give ia32 the same treatment as x86_64, and now all arches work basically the same. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10Move embedded certificates to their own section.Peter Jones
With this change, the embedded certificate and dbx lists (vendor_cert, vendor_cert_size, vendor_dbx, and vendor_dbx_size) wind up being in a section named .vendor_cert, and so will look something like: ------ fenchurch:~/devel/github.com/shim$ objdump -h shim.efi shim.efi: file format pei-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .eh_frame 000174a8 0000000000005000 0000000000005000 00000400 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 1 .text 000aa7e1 000000000001d000 000000000001d000 00017a00 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 2 .reloc 0000000a 00000000000c8000 00000000000c8000 000c2200 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 3 .data 00031228 00000000000c9000 00000000000c9000 000c2400 2**5 CONTENTS, ALLOC, LOAD, DATA 4 .vendor_cert 00000375 00000000000fb000 00000000000fb000 000f3800 2**0 CONTENTS, READONLY 5 .dynamic 000000f0 00000000000fc000 00000000000fc000 000f3c00 2**3 CONTENTS, ALLOC, LOAD, DATA 6 .rela 0002afa8 00000000000fd000 00000000000fd000 000f3e00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 7 .dynsym 0000f1f8 0000000000128000 0000000000128000 0011ee00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA ------ This simplifies a security audit, because it means that different versions of shim with substantially the same code with different keys will be more easily comperable, and therefore logic differences may be more easily identified. This also means that if there's a trusted build you want to use, you can remove the certificates, implant new ones, and have it signed, and the code sections won't change. Signed-off-by: Peter Jones <pjones@redhat.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-01 22:47:14 +0000