diff mbox series

[v2,3/6] efi/zboot: arm64: Poke kernel code size into the zboot payload image header

Message ID 20230418134952.1170141-4-ardb@kernel.org
State New
Headers show
Series arm64/efi/zboot: Clean up and enable BTI annotation | expand

Commit Message

Ard Biesheuvel April 18, 2023, 1:49 p.m. UTC 
The EFI zboot code is not built as part of the kernel proper, like the
ordinary EFI stub, but still needs access to symbols that are defined
only internally in the kernel, and are left unexposed deliberately to
avoid creating ABI inadvertently that we're stuck with later.

So instead of passing the ordinary Image file to the zboot make rules,
create an alternate version Image.zboot that has the code size copied
into the header into a field that has meaning in the bare metal boot
ABI, but is actually not used anymore, and is always set to 0x0.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/boot/Makefile       | 23 +++++++++++++++++++-
 arch/arm64/kernel/image-vars.h |  4 ++++
 2 files changed, 26 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile
index c65aee0884103c6f..5d73229604b11061 100644
--- a/arch/arm64/boot/Makefile
+++ b/arch/arm64/boot/Makefile
@@ -39,8 +39,29 @@  $(obj)/Image.lzo: $(obj)/Image FORCE
 $(obj)/Image.zst: $(obj)/Image FORCE
 	$(call if_changed,zstd)
 
-EFI_ZBOOT_PAYLOAD	:= Image
+EFI_ZBOOT_PAYLOAD	:= Image.zboot
 EFI_ZBOOT_BFD_TARGET	:= elf64-littleaarch64
 EFI_ZBOOT_MACH_TYPE	:= ARM64
 
+#
+# The EFI zboot logic needs to know the size of the executable region in the
+# image, so let's poke that into the text_offset field of the image header of
+# the zboot payload, as that field is no longer used and can thus be repurposed
+# for other, purely internal uses.
+#
+quiet_cmd_copy_and_poke = $(quiet_cmd_objcopy)
+      cmd_copy_and_poke = $(cmd_objcopy) && /bin/echo -ne "$(POKE_DATA)" | dd bs=1 \
+				status=none conv=notrunc seek=$(POKE_OFFSET) of=$@
+
+# grab the code size and convert it into something we can echo
+$(obj)/$(EFI_ZBOOT_PAYLOAD): POKE_DATA = $(shell $(NM) $<|grep _kernel_codesize|\
+				sed -E 's/0+(..)(..)(..)(..) .+/\\x\4\\x\3\\x\2\\x\1/')
+$(obj)/$(EFI_ZBOOT_PAYLOAD): POKE_OFFSET := 8
+$(obj)/$(EFI_ZBOOT_PAYLOAD): vmlinux FORCE
+	$(call if_changed,copy_and_poke)
+
+OBJCOPYFLAGS_$(EFI_ZBOOT_PAYLOAD) := $(OBJCOPYFLAGS_Image)
+
+targets += $(EFI_ZBOOT_PAYLOAD)
+
 include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
index 8309197c0ebd4a8e..35f3c79595137354 100644
--- a/arch/arm64/kernel/image-vars.h
+++ b/arch/arm64/kernel/image-vars.h
@@ -108,4 +108,8 @@  KVM_NVHE_ALIAS(kvm_protected_mode_initialized);
 
 #endif /* CONFIG_KVM */
 
+#ifdef CONFIG_EFI_ZBOOT
+_kernel_codesize = ABSOLUTE(__inittext_end - _text);
+#endif
+
 #endif /* __ARM64_KERNEL_IMAGE_VARS_H */