Re: [PATCH 1/2] x86/boot/compressed/64: Remove .bss/.pgtable from bzImage
From: Borislav Petkov
Date: Mon Apr 06 2020 - 07:20:50 EST
On Mon, Apr 06, 2020 at 11:11:21AM +0200, Ard Biesheuvel wrote:
> Yes, it is in the PE/COFF specification. [0]
>
> The whole problem is that we are conflating 'loading a PE/COFF image'
> with 'copying a PE/COFF image into memory', which are not the same
> thing. It is not just the layout issue, we are running into other
> problems with things like UEFI secure boot and TPM-based measured
> boot, where the fact that omitting the standard LoadImage() boot
> service (which takes care of these things under the hood) means that
> you now have to do your own checks and measurements. These things are
> literally all over the place at the moment, shim, GRUB, systemd-boot
> etc, with no authoritative spec that describes which component should
> be doing what.
Sounds to me like what LoadImage() does is what the authoritative spec
should be. Perhaps we should write it down as "Do what LoadImage()
does... " and then enumerate the requirements.
> Commit ec93fc371f014a6fb483e3556061ecad4b40735c has the background, but ...
Nice, I like the aspect of letting firmware do only a minimum amount of
work. :)
> ... I'll look into updating the documentation as well.
Thanks!
> Note that this stuff is hot off the press, so there may be some issues
> lurking (like this one) that we hadn't thought of yet.
Right.
> Actually, it may be sufficient to #define __efistub_global to
> __section(.data) like we already do for ARM, to ensure that these
> global flags are always initialized correctly. (I'll wait for Sergey
> to confirm that the spurious enabling of the PCI DMA protection
> resulting from this BSS issue is causing the boot regression)
Cool, but let's not jinx it. :-)
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette