[PATCH v1 50/54] efi: runtime: add relocation check
Ahmad Fatoum
a.fatoum at pengutronix.de
Thu Dec 18 02:38:10 PST 2025
I am not happy with the way we embed the runtime services. While we make
use of NOCROSSREFS_TO() to catch stray references, we need to list all
sections that may not be referenced and things can slip through.
Also, Clang does not support the directive. I anticipate this be solved
properly when barebox proper is packaged as proper ELF: Then PBL would
be responsible for applying relocations, setting up MMU protections and
can at the same time relocate a distinct EFI runtime services DSO.
Until then, let's a hacky check to verify that we don't access
efi_runtime_data global variables through the GOT as we only have a
single GOT and it's not marked as runtime data.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
efi/runtime/Makefile | 9 +++++++++
scripts/check-efi-runtime.sh | 13 +++++++++++++
2 files changed, 22 insertions(+)
create mode 100755 scripts/check-efi-runtime.sh
diff --git a/efi/runtime/Makefile b/efi/runtime/Makefile
index a9af06de60ab..0aca6aeedc38 100644
--- a/efi/runtime/Makefile
+++ b/efi/runtime/Makefile
@@ -42,3 +42,12 @@ $(obj)/%.efirt.o: $(obj)/%.o FORCE
$(call if_changed,efirtcopy)
obj-y := $(patsubst %.o,%.efirt.o,$(lib-y))
+BAREBOX_EFIRT_OBJS := $(patsubst %.o,$(obj)/%.o,$(obj-y))
+
+quiet_cmd_chkrel__ ?= CHKREL $@
+ cmd_chkrel__ ?= $(srctree)/scripts/check-efi-runtime.sh $@ $(2)
+
+$(obj)/efirt.so: $(BAREBOX_EFIRT_OBJS) FORCE
+ $(call if_changed,chkrel__,$(BAREBOX_EFIRT_OBJS))
+
+always-y += efirt.so
diff --git a/scripts/check-efi-runtime.sh b/scripts/check-efi-runtime.sh
new file mode 100755
index 000000000000..46688b724d8e
--- /dev/null
+++ b/scripts/check-efi-runtime.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0
+
+if [ "$#" -lt 2 ]; then
+ 2>&1 echo "USAGE: $0 OUTPUT INPUT..."
+ exit 2
+fi
+
+${LD} -shared --gc-sections --whole-archive -o "$@" || {
+ 2>&1 echo
+ 2>&1 echo "Link check failed. Relocations to outside EFI runtime code?"
+ exit 1;
+}
--
2.47.3
More information about the barebox
mailing list