Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
aarch64-gnuefi-old.patch | shim 15.6 onwards needs newer binutils to build on aarch64. That works better, but we don't have that binutils update in older Debian releases. Undo the build changes here so that we can build for aarch64 on older stable releases. We're not going to sign them, but we need the binaries for aarch64. diff --git a/gnu-efi/Make.defaults b/gnu-efi/Make.defaults index 3b56150..5ce8f7c 100755 |
no | ||||
aarch64-shim-old.patch | shim 15.6 onwards needs newer binutils to build on aarch64. That works better, but we don't have that binutils update in older Debian releases. Undo the build changes here so that we can build for aarch64 on older stable releases. We're not going to sign them, but we need the binaries for aarch64. diff --git a/Make.defaults b/Make.defaults index dfed9c4a..18677daa 100644 |
no | ||||
Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch | [PATCH] Make sbat_var.S parse right with buggy gcc/binutils In https://github.com/rhboot/shim/issues/533 , iokomin noticed that gas in binutils before 2.36 appears to be incorrectly concatenating string literals in '.asciz' directives, including an extra NUL character in between the strings, and this will cause us to incorrectly parse the .sbatlevel section in shim binaries. This patch adds test cases that will cause the build to fail if this has happened, as well as changing sbat_var.S to to use '.ascii' and '.byte' to construct the data, rather than using '.asciz'. |
Peter Jones <pjones@redhat.com> | no | 2022-12-05 | ||
Enable-NX.patch | commit 7c7642530fab73facaf3eac233cfbce29e10b0ef Enable the NX compatibility flag by default. Currently by default, when we build shim we do not set the PE NX-compatibility DLL Characteristic flag. This signifies to the firmware that shim (including the components it loads) is not prepared for several related firmware changes: - non-executable stack - non-executable pages from AllocatePages()/AllocatePool()/etc. - non-writable 0 page (not strictly related but some firmware will be transitioning at the same time) - the need to use the UEFI 2.10 Memory Attribute Protocol to set page permissions. This patch changes that default to be enabled by default. Distributors of shim will need to ensure that either their builds disable this bit (using "post-process-pe -N"), or that the bootloaders and kernels you support loading are all compliant with this change. A new make variable, POST_PROCESS_PE_FLAGS, has been added to simplify doing so. Signed-off-by: Peter Jones <pjones@redhat.com> diff --git a/BUILDING b/BUILDING index 3b2e85d3..17cd98d3 100644 |
Peter Jones <pjones@redhat.com> | no | 2022-11-17 | ||
block-grub-sbat3-debian.patch | diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h index 6b01573e..5b1a764f 100644 |
no |