Currently we load module sections at whatever alignment gcc+ld happened
to dump into the ELF section header, which is often less then the page
size. Since NX protections are page based, this alignment must be
rounded up to page size on platforms supporting NX protections.
This patch switches most
From: Peter Jones
Currently when loading grub modules, we allocate space for all sections,
including those without SHF_ALLOC set. We then copy the sections that
/do/ have SHF_ALLOC set into the allocated memory, leaving some of our
allocation untouched forever. Additionally, on platforms with G
For NX, we need to set the page access permission attributes for write
and execute permissions.
This patch adds two new primitives, grub_set_mem_attrs() and
grub_clear_mem_attrs(), and associated constant definitions, to be used
for that purpose.
For most platforms, it adds a dummy implementation
Signed-off-by: Mate Kukri
---
grub-core/loader/efi/linux.c | 41 +++-
1 file changed, 36 insertions(+), 5 deletions(-)
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 99365536a..e44692c92 100644
--- a/grub-core/loader/efi/linux.c
+++
From: Julian Andres Klode
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/efi.c | 57 ++
grub-core/loader/efi/chainloader.c |
For NX, we need to set write and executable permissions on the sections
of grub modules when we load them.
On sections with SHF_ALLOC set, which is typically everything except
.modname and the symbol and string tables, this patch clears the Read
Only flag on sections that have the ELF flag SHF_WRI
For NX, we need the grub binary to announce that it is compatible with
the NX feature. This implies that when loading the executable grub
image, several attributes are true:
- the binary doesn't need an executable stack
- the binary doesn't need sections to be both executable and writable
- the b
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 39 +---
grub-core/loader/efi/linux.c | 16 ---
include/grub/efi/api.h | 5 +
include/grub/efi/efi.h | 19 +++---
include/grub/efi/sb.h| 3 ---
5 files ch
From: Peter Jones
Currently grub modules built with clang or gcc have several sections
which we don't actually need or support.
We already have a list of section to skip in genmod.sh, and this patch
adds the following sections to that list (as well as a few newlines):
.note.gnu.property
.llvm*
Currently the patchset consists of:
- Reworked Fedora NX patches to make GRUB itself work under NX.
- Julian Andres Klode's loader framework patch (used in Debian and Ubuntu for
the downstream loader).
- Implemented shim loader protocol support using the above loader framework.
- Added patch to di
From: Peter Jones
Currently .module_license is set writable (that is, the section has the
SHF_WRITE flag set) in the module's ELF headers. This probably never
actually matters, but it can't possibly be correct.
This patch sets that data as "const", which causes that flag not to be
set.
Signed-
11 matches
Mail list logo