From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id AD5C7158013 for ; Tue, 5 Dec 2023 15:57:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BC0562BC016; Tue, 5 Dec 2023 15:57:13 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 963BC2BC016 for ; Tue, 5 Dec 2023 15:57:13 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 917D633CEF2 for ; Tue, 5 Dec 2023 15:57:12 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id CC100F26 for ; Tue, 5 Dec 2023 15:57:10 +0000 (UTC) From: "Marek Szuba" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Marek Szuba" Message-ID: <1701791815.606aeaebf581d0e5c8bd771d6413a64676fec9cf.marecki@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/fwupd-efi/, sys-apps/fwupd-efi/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/fwupd-efi/files/fwupd-efi-1.4-uefi_210_fixes.patch sys-apps/fwupd-efi/fwupd-efi-1.4-r1.ebuild X-VCS-Directories: sys-apps/fwupd-efi/files/ sys-apps/fwupd-efi/ X-VCS-Committer: marecki X-VCS-Committer-Name: Marek Szuba X-VCS-Revision: 606aeaebf581d0e5c8bd771d6413a64676fec9cf X-VCS-Branch: master Date: Tue, 5 Dec 2023 15:57:10 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 7ccb3180-b4b7-450f-9252-9da7e2834c2a X-Archives-Hash: 45cb892ba64163b81435d724c23b136f commit: 606aeaebf581d0e5c8bd771d6413a64676fec9cf Author: Marek Szuba gentoo org> AuthorDate: Tue Dec 5 15:53:20 2023 +0000 Commit: Marek Szuba gentoo org> CommitDate: Tue Dec 5 15:56:55 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=606aeaeb sys-apps/fwupd-efi: fix llvm-objcopy build error Upstream began passing --section-alignment to objcopy before 1.4 and that option remains unsupported by llvm-objcopy. However, the change has since been reverted as non-compliant. Closes: https://bugs.gentoo.org/919118 Signed-off-by: Marek Szuba gentoo.org> .../files/fwupd-efi-1.4-uefi_210_fixes.patch | 107 +++++++++++++++++++++ sys-apps/fwupd-efi/fwupd-efi-1.4-r1.ebuild | 71 ++++++++++++++ 2 files changed, 178 insertions(+) diff --git a/sys-apps/fwupd-efi/files/fwupd-efi-1.4-uefi_210_fixes.patch b/sys-apps/fwupd-efi/files/fwupd-efi-1.4-uefi_210_fixes.patch new file mode 100644 index 000000000000..d4de5f174857 --- /dev/null +++ b/sys-apps/fwupd-efi/files/fwupd-efi-1.4-uefi_210_fixes.patch @@ -0,0 +1,107 @@ +From bd958f2e8f03a85a7e1fe40a3ca7b78e0b24b79f Mon Sep 17 00:00:00 2001 +From: Callum Farmer +Date: Sat, 11 Feb 2023 15:39:06 +0000 +Subject: [PATCH] UEFI 2.10 fixes + +Revert "Align sections to 512 bytes" + +This is not permitted according to the Microsoft +guidelines which require section alignment to be +the same as the page size of the architecture which +for all supported archs is the default in Binutils + +https://techcommunity.microsoft.com/t5/hardware-dev-center/new-uefi-ca-memory-mitigation-requirements-for-signing/ba-p/3608714 + +This reverts commit c60c0b8dfda71275ab40bdb316a6ca650c7a8948. + +Keep .areloc ARM32 section + +This is the psuedo .reloc section but renamed only on ARM32 to avoid +a bad RELSZ value (gnu-efi 3.0.18+) + +Only use 4KiB pages on aarch64 + +Binutils is currently configured by default +to use 64KiB pages on aarch64, however this +is not allowed by the UEFI specification + +Check if crt0 contains .note.GNU-stack section + +We need the .note.GNU-stack section for NX +compat. If we don't have a new enough +gnu-efi, error as the gnu-efi libraries +themselves must have been built as NX +for this to work + +Signed-off-by: Callum Farmer +--- + efi/crt0/meson.build | 1 + + efi/generate_binary.py | 4 ++-- + efi/meson.build | 12 +++++++++++- + 3 files changed, 14 insertions(+), 3 deletions(-) + +diff --git a/efi/crt0/meson.build b/efi/crt0/meson.build +index f5f45c5..fbd943e 100644 +--- a/efi/crt0/meson.build ++++ b/efi/crt0/meson.build +@@ -1,3 +1,4 @@ ++arch_crt_source = 'crt0-efi-@0@.S'.format(gnu_efi_path_arch) + o_crt0 = custom_target('efi_crt0', + input : arch_crt_source, + output : arch_crt, +diff --git a/efi/generate_binary.py b/efi/generate_binary.py +index bd2d959..e27f926 100755 +--- a/efi/generate_binary.py ++++ b/efi/generate_binary.py +@@ -31,9 +31,9 @@ def _run_objcopy(args): + "-j", + ".rodata", + "-j", ++ ".areloc", ++ "-j", + ".rel*", +- "--section-alignment", +- "512", + args.infile, + args.outfile, + ] +diff --git a/efi/meson.build b/efi/meson.build +index 1931855..a476884 100644 +--- a/efi/meson.build ++++ b/efi/meson.build +@@ -95,6 +95,11 @@ else + coff_header_in_crt0 = false + endif + ++# For NX compat, we must ensure we have .note.GNU-stack ++if run_command('grep', '-q', '.note.GNU-stack', join_paths(efi_crtdir, arch_crt), check: false).returncode() != 0 ++ error('Cannot find NX section in @0@, update to gnu-efi 3.0.15+'.format(join_paths(efi_crtdir, arch_crt))) ++endif ++ + # older objcopy for Aarch64 and ARM32 are not EFI capable. + # Use 'binary' instead, and add required symbols manually. + if host_cpu == 'arm' or (host_cpu == 'aarch64' and (objcopy_version.version_compare ('< 2.38') or coff_header_in_crt0)) +@@ -119,7 +124,6 @@ endif + # is the system crt0 for arm and aarch64 new enough to know about SBAT? + if objcopy_manualsymbols + if get_option('efi_sbat_distro_id') != '' +- arch_crt_source = 'crt0-efi-@0@.S'.format(gnu_efi_path_arch) + cmd = run_command('grep', '-q', 'sbat', join_paths(efi_crtdir, arch_crt)) + if cmd.returncode() != 0 + warning('Cannot find SBAT section in @0@, using local copy'.format(join_paths(efi_crtdir, arch_crt))) +@@ -187,6 +191,12 @@ efi_ldflags = ['-T', + '-L', efi_libdir, + join_paths(efi_crtdir, arch_crt)] + ++if host_cpu == 'aarch64' ++# Don't use 64KiB pages ++ efi_ldflags += ['-z', 'common-page-size=4096'] ++ efi_ldflags += ['-z', 'max-page-size=4096'] ++endif ++ + if objcopy_manualsymbols + # older objcopy for Aarch64 and ARM32 are not EFI capable. + # Use 'binary' instead, and add required symbols manually. +-- +2.34.1 + diff --git a/sys-apps/fwupd-efi/fwupd-efi-1.4-r1.ebuild b/sys-apps/fwupd-efi/fwupd-efi-1.4-r1.ebuild new file mode 100644 index 000000000000..5a890daf01a9 --- /dev/null +++ b/sys-apps/fwupd-efi/fwupd-efi-1.4-r1.ebuild @@ -0,0 +1,71 @@ +# Copyright 2021-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit meson python-any-r1 secureboot toolchain-funcs + +DESCRIPTION="EFI executable for fwupd" +HOMEPAGE="https://fwupd.org" + +if [[ ${PV} = *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/fwupd/fwupd-efi.git" +else + SRC_URI="https://github.com/fwupd/${PN}/releases/download/${PV}/${P}.tar.xz" + KEYWORDS="~amd64 ~arm ~arm64 ~x86" +fi + +LICENSE="LGPL-2.1+" +SLOT="0" +IUSE="" + +BDEPEND="$(python_gen_any_dep ' + dev-python/pefile[${PYTHON_USEDEP}] + ') + virtual/pkgconfig" + +DEPEND="sys-boot/gnu-efi" + +RDEPEND="!