| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch | [PATCH] Make sbat_var.S parse right with buggy gcc/binutils In https://github.com/rhboot/shim/issues/533 , iokomin noticed that gas in binutils before 2.36 appears to be incorrectly concatenating string literals in '.asciz' directives, including an extra NUL character in between the strings, and this will cause us to incorrectly parse the .sbatlevel section in shim binaries. This patch adds test cases that will cause the build to fail if this has happened, as well as changing sbat_var.S to to use '.ascii' and '.byte' to construct the data, rather than using '.asciz'. |
Peter Jones <pjones@redhat.com> | no | 2022-12-05 | ||
| Enable-NX.patch | commit 7c7642530fab73facaf3eac233cfbce29e10b0ef Enable the NX compatibility flag by default. Currently by default, when we build shim we do not set the PE NX-compatibility DLL Characteristic flag. This signifies to the firmware that shim (including the components it loads) is not prepared for several related firmware changes: - non-executable stack - non-executable pages from AllocatePages()/AllocatePool()/etc. - non-writable 0 page (not strictly related but some firmware will be transitioning at the same time) - the need to use the UEFI 2.10 Memory Attribute Protocol to set page permissions. This patch changes that default to be enabled by default. Distributors of shim will need to ensure that either their builds disable this bit (using "post-process-pe -N"), or that the bootloaders and kernels you support loading are all compliant with this change. A new make variable, POST_PROCESS_PE_FLAGS, has been added to simplify doing so. Signed-off-by: Peter Jones <pjones@redhat.com> diff --git a/BUILDING b/BUILDING index 3b2e85d3..17cd98d3 100644 |
Peter Jones <pjones@redhat.com> | no | 2022-11-17 | ||
| block-grub-sbat3-debian.patch | diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h index 6b01573e..5b1a764f 100644 |
no |