Various patches to improve Secure Boot support

[PATCH 0/6] Various patches to improve Secure Boot support

Frediano Ziglio posted 6 patches 19 hours ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20260529153531.1341542-1-frediano.ziglio@cloud.com

xen/arch/x86/Makefile       |  4 ++++
xen/arch/x86/boot/head.S    |  3 ++-
xen/arch/x86/efi/efi-boot.h |  7 +++++--
xen/arch/x86/xen.lds.S      | 25 +++++++++++++++----------
xen/include/xen/xen.lds.h   |  3 ++-
5 files changed, 28 insertions(+), 14 deletions(-)

Expand all Fold all

[PATCH 0/6] Various patches to improve Secure Boot support

Posted by Frediano Ziglio 19 hours ago

These patches improve support for Secure boot.
UEFI CA memory mitigation requires memory pages to be not executable and
writable at the same time. So changing permissions and splitting some section
is required.
SBAT is the preferred way to revocate executables.
Remove multiboot pieces from EFI executable.

Frediano Ziglio (2):
  Align all sections to 4KB
  x86: Split .init section to satisfy UEFI CA memory mitigation

Gerald Elder-Vass (1):
  Add SBAT section to the PE binary

Roger Pau Monné (3):
  x86/efi: discard .text.header for PE binary
  x86/efi: discard multiboot related entry code for PE binary
  x86/efi: avoid a relocation in efi_arch_post_exit_boot()

 xen/arch/x86/Makefile       |  4 ++++
 xen/arch/x86/boot/head.S    |  3 ++-
 xen/arch/x86/efi/efi-boot.h |  7 +++++--
 xen/arch/x86/xen.lds.S      | 25 +++++++++++++++----------
 xen/include/xen/xen.lds.h   |  3 ++-
 5 files changed, 28 insertions(+), 14 deletions(-)

-- 
2.43.0