[PATCH v3 0/8] arm64: efi: PE/COFF cleanup/hardening

Ard Biesheuvel ard.biesheuvel at linaro.org
Tue Apr 4 08:33:27 PDT 2017 

On 23 March 2017 at 19:00, Ard Biesheuvel <ard.biesheuvel at linaro.org> wrote:
> This cleans up the PE/COFF EFI header, by taking some of Mark's patches
> and use them to replace open coded constants with symbolic ones, and
> remove incorrect values or unused sections.
>
> Finally, it updates the section layout so that the kernel Image can be
> mapped in a way that does not require setting RWX permissions anywhere.
> Note that this is currently not a huge win, given that most current UEFI
> implementations map all of RAM RWX by default, but this is finally gaining
> some attention in the Tianocore community, and patches have been merged into
> EDK2 to apply strict permissions to all of memory (to the extent possible
> without breaking loaders like GRUB that assume EFI_LOADER_DATA memory is
> mapped executable)
>
> Changes since v2:
> - drop ARM patches for now
> - rebase onto today's arm64 for-next/core
>
> Changes since v1:
> - added missing secondary SOB on Mark's patches
> - leave Image header as before, only move the PE header to a separate file
> - put PE header fixes in a separate patch
> - add acks from Mark and Peter (#6)
> - give ARM the same treatment as arm64 (#10 - #13)
> - add NB10 PE debuglink entry to ARM PE/COFF header as well (#9, #14)
>
> Ard Biesheuvel (6):
>   arm64: efi: move EFI header and related data to a separate .S file
>   arm64: efi: clean up Image header after PE header has been split off
>   arm64: efi: remove forbidden values from the PE/COFF header
>   arm64: efi: remove pointless dummy .reloc section
>   arm64: efi: replace open coded constants with symbolic ones
>   arm64: efi: split Image code and data into separate PE/COFF sections
>
> Mark Rutland (2):
>   include: pe.h: allow for use in assembly
>   include: pe.h: add some missing definitions
>
>  arch/arm64/kernel/efi-header.S  | 155 +++++++++++++++++
>  arch/arm64/kernel/head.S        | 162 +-----------------
>  arch/arm64/kernel/vmlinux.lds.S |   2 +
>  include/linux/pe.h              | 177 ++++++++++----------
>  4 files changed, 255 insertions(+), 241 deletions(-)
>  create mode 100644 arch/arm64/kernel/efi-header.S
>

Catalin, Will,

Even if this is mostly EFI specific, the diffstat suggests that this
should go through the arm64 tree, given that <linux/pe.h> does not
appear to have an owner.

Are you ok to take this for v4.12?

More information about the linux-arm-kernel mailing list