summaryrefslogtreecommitdiff
path: root/elf_ia32_efi.lds
AgeCommit message (Collapse)Author
2017-04-26Don't allow anything with a small alignment in our PE files.Peter Jones
When I added 4990d3f I inadvertantly made .data.ident and .rela.got sections appear in the top-level section headers at file offsets not aligned with PE->OptionalHeader.FileAlignment. This results in a section table that looks like: Sections: Idx Name Size VMA LMA File off Algn 0 .eh_frame 00018648 0000000000005000 0000000000005000 00000400 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 1 .text 00093f45 000000000001e000 000000000001e000 00018c00 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 2 .reloc 0000000a 00000000000b2000 00000000000b2000 000acc00 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 3 .data.ident 000000e4 00000000000b3040 00000000000b3040 000ace40 2**5 CONTENTS, ALLOC, LOAD, DATA 4 .data 000291e8 00000000000b4000 00000000000b4000 000ad200 2**5 CONTENTS, ALLOC, LOAD, DATA 5 .vendor_cert 000003e2 00000000000de000 00000000000de000 000d6400 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 6 .dynamic 000000f0 00000000000df000 00000000000df000 000d6800 2**3 CONTENTS, ALLOC, LOAD, DATA 7 .rela 0001aef8 00000000000e0000 00000000000e0000 000d6a00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 8 .rela.got 00000060 00000000000faef8 00000000000faef8 000f1af8 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 9 .dynsym 0000ecd0 00000000000fb000 00000000000fb000 000f1e00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA rather than: Sections: Idx Name Size VMA LMA File off Algn 0 .eh_frame 00018118 0000000000005000 0000000000005000 00000400 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 1 .text 00091898 000000000001e000 000000000001e000 00018600 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 2 .reloc 0000000a 00000000000b0000 00000000000b0000 000aa000 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 3 .data 00028848 00000000000b1000 00000000000b1000 000aa200 2**5 CONTENTS, ALLOC, LOAD, DATA 4 .vendor_cert 00000449 00000000000da000 00000000000da000 000d2c00 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 5 .dynamic 00000100 00000000000db000 00000000000db000 000d3200 2**3 CONTENTS, ALLOC, LOAD, DATA 6 .rela 0001ae50 00000000000dc000 00000000000dc000 000d3400 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 7 .dynsym 0000ea78 00000000000f7000 00000000000f7000 000ee400 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA (Note "File off" on sections #3 and #8 on the top one.) This seems to work fine with edk2's loader and shim's loader, as well as their Authenticode implementation, and pesign's as well. While PE loaders seem to be fine with sections with alignments smaller than PE->OptionalHeader.FileAlignment, MS's signtool.exe does ... something else with them. I'm not sure what. What it definitely does *not* do is extend the digest based on their file offset and size. So just don't allow anything that small, and don't allow anything smaller than SectionAlignment either, just to be on the safe side. Since most of our stuff gets stripped into the debuginfo anyway, and shim has relatively few sections, this should not be a very large burden. So just to be clear: If you have a binary with a section that's not aligned on PE->OptionalHeader.FileAlignment: - pesign hashes it to A - tiano hashes it to A - shim hashes it to A - signtool.exe hashes it to B Because that makes sense. This patch works around the bug in signtool.exe . Signed-off-by: Peter Jones <pjones@redhat.com>
2017-02-23Make shim_version live in a special aligned section.Peter Jones
This makes it so two builds of the same .deb on different hosts won't have wildly different file offsets. Signed-off-by: Peter Jones <pjones@redhat.com>
2015-06-29Make sure our build-id notes wind up at a reasonable place.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2015-06-29Add a conditional point for a debugger to attach.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-09-30Revert header changesPeter Jones
Revert "Do the same for ia32..." and "Generate a sane PE header on shim, fallback, and MokManager." This reverts commit 6744a7ef8eca44948565c3d1244ec931ed3f6fee. and commit 0e7ba5947eb38b79de2051ecf3b95055e620475c. These are premature and I can do this without such drastic measures. Signed-off-by: Peter Jones <pjones@redhat.com>
2014-09-21Do the same for ia32...Peter Jones
Once again, on ia32 this time, we see: 00000120 47 84 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 |G...............| Which is where the pointer on ia32 for the Base Relocation Table should be. It points to 0x8447, which isn't a particularly reasonable address as numbers go, and happens to have this data there: 00008440 6f 00 6e 00 66 00 69 00 67 00 75 00 72 00 65 00 |o.n.f.i.g.u.r.e.| 00008450 00 00 49 00 50 00 76 00 36 00 28 00 00 00 2c 00 |..I.P.v.6.(...,.| 00008460 25 00 73 00 2c 00 00 00 29 00 00 00 25 00 64 00 |%.s.,...)...%.d.| 00008470 2e 00 25 00 64 00 2e 00 25 00 64 00 2e 00 25 00 |..%.d...%.d...%.| 00008480 64 00 00 00 44 00 48 00 43 00 50 00 00 00 49 00 |d...D.H.C.P...I.| 00008490 50 00 76 00 34 00 28 00 00 00 2c 00 25 00 73 00 |P.v.4.(...,.%.s.| And so that table is, in theory, this part: 00008447 00 67 00 75 00 72 00 65 00 | .g.u.r.e.| 00008450 00 |. | Which is pretty clearly not a pointer table of any kind. So give ia32 the same treatment as x86_64, and now all arches work basically the same. Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-10Move embedded certificates to their own section.Peter Jones
With this change, the embedded certificate and dbx lists (vendor_cert, vendor_cert_size, vendor_dbx, and vendor_dbx_size) wind up being in a section named .vendor_cert, and so will look something like: ------ fenchurch:~/devel/github.com/shim$ objdump -h shim.efi shim.efi: file format pei-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .eh_frame 000174a8 0000000000005000 0000000000005000 00000400 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 1 .text 000aa7e1 000000000001d000 000000000001d000 00017a00 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 2 .reloc 0000000a 00000000000c8000 00000000000c8000 000c2200 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 3 .data 00031228 00000000000c9000 00000000000c9000 000c2400 2**5 CONTENTS, ALLOC, LOAD, DATA 4 .vendor_cert 00000375 00000000000fb000 00000000000fb000 000f3800 2**0 CONTENTS, READONLY 5 .dynamic 000000f0 00000000000fc000 00000000000fc000 000f3c00 2**3 CONTENTS, ALLOC, LOAD, DATA 6 .rela 0002afa8 00000000000fd000 00000000000fd000 000f3e00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 7 .dynsym 0000f1f8 0000000000128000 0000000000128000 0011ee00 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA ------ This simplifies a security audit, because it means that different versions of shim with substantially the same code with different keys will be more easily comperable, and therefore logic differences may be more easily identified. This also means that if there's a trusted build you want to use, you can remove the certificates, implant new ones, and have it signed, and the code sections won't change. Signed-off-by: Peter Jones <pjones@redhat.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-25 18:03:25 +0000