[RFC v3 PATCH 2/2] arm64/efi: Introduce Security Version to ARM64
Gary Lin
glin at suse.com
Tue Dec 5 02:01:48 PST 2017
This commit introduces Security Version for ARM64. As in x86, it
utilizes the resource section defined in the PE/COFF format(*) to locate
the struct of Security Version.
Similar to the debug table, the resource table is stored in .init.rodata
section while the struct of Security Version is in the 4K padding area of
the EFI header.
(*) PE Format: The .rsrc Section
https://msdn.microsoft.com/zh-tw/library/windows/desktop/ms680547(v=vs.85).aspx#the_.rsrc_section
Cc: Catalin Marinas <catalin.marinas at arm.com>
Cc: Will Deacon <will.deacon at arm.com>
Cc: Matt Fleming <matt at codeblueprint.co.uk>
Cc: Ard Biesheuvel <ard.biesheuvel at linaro.org>
Cc: Joey Lee <jlee at suse.com>
Signed-off-by: Gary Lin <glin at suse.com>
---
arch/arm64/kernel/efi-header.S | 57 ++++++++++++++++++++++++++++++++++++++++++
drivers/firmware/efi/Kconfig | 6 ++---
2 files changed, 60 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/efi-header.S b/arch/arm64/kernel/efi-header.S
index 613fc3000677..f4404db6ca5c 100644
--- a/arch/arm64/kernel/efi-header.S
+++ b/arch/arm64/kernel/efi-header.S
@@ -61,7 +61,12 @@ extra_header_fields:
.quad 0 // ExportTable
.quad 0 // ImportTable
+#ifdef CONFIG_SECURITY_VERSION_SUPPORT
+ .long rsrc_table - _head // ResourceTable
+ .long rsrc_table_size
+#else
.quad 0 // ResourceTable
+#endif
.quad 0 // ExceptionTable
.quad 0 // CertificationTable
.quad 0 // BaseRelocationTable
@@ -103,6 +108,58 @@ section_table:
.set section_count, (. - section_table) / 40
+#ifdef CONFIG_SECURITY_VERSION_SUPPORT
+ /*
+ * Resource Table
+ */
+ __INITRODATA
+
+ .align 2
+rsrc_table:
+ // Resource Directory
+ .long 0 // Characteristics
+ .long 0 // TimeDateStamp
+ .short 0 // MajorVersion
+ .short 0 // MinorVersion
+ .short 1 // NumberOfNamedEntries
+ .short 0 // NumberOfIdEntries
+
+ // Resource Directory Entry
+ .long name_offset | 0x80000000 // NameOffset:31
+ // NameIsString:1
+ .long rsrc_data_entry - rsrc_table // OffsetToData
+
+ .set name_offset, . - rsrc_table
+ // Resource Directory String
+ .short 7 // Length
+ .short 0x4C00 // 'L'
+ .short 0x6900 // 'i'
+ .short 0x6E00 // 'n'
+ .short 0x7500 // 'u'
+ .short 0x7800 // 'x'
+ .short 0x5300 // 'S'
+ .short 0x5600 // 'V'
+
+ // Resource Data Entry
+rsrc_data_entry:
+ .long svdata_begin - _head // OffsetToData
+ .long svdata_end - svdata_begin // Size
+ .long 0 // CodePage
+ .long 0 // Reserved
+
+ .set rsrc_table_size, . - rsrc_table
+ .previous
+
+ // Security Version
+svdata_begin:
+ .short sv_signer - svdata_begin
+ .short CONFIG_SECURITY_VERSION
+ .long CONFIG_DISTRO_VERSION
+sv_signer:
+ .string CONFIG_SIGNER_NAME
+svdata_end:
+#endif
+
#ifdef CONFIG_DEBUG_EFI
/*
* The debug table is referenced via its Relative Virtual Address (RVA),
diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index 1dd82f1dd094..3cad8d63897e 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -179,14 +179,14 @@ menuconfig SECURITY_VERSION_SUPPORT
config SIGNER_NAME
string "Signer Name" if SECURITY_VERSION_SUPPORT
- depends on EFI && X86
+ depends on EFI && (X86 || ARM64)
default ""
help
This option specifies who signs or releases this kernel.
config DISTRO_VERSION
int "Distribution Version" if SECURITY_VERSION_SUPPORT
- depends on EFI && X86
+ depends on EFI && (X86 || ARM64)
default 0
range 0 4294967295
help
@@ -195,7 +195,7 @@ config DISTRO_VERSION
config SECURITY_VERSION
int "Security Version" if SECURITY_VERSION_SUPPORT
- depends on EFI && X86
+ depends on EFI && (X86 || ARM64)
default 0
range 0 65535
help
--
2.15.0
More information about the linux-arm-kernel
mailing list