These patches improve support for Secure boot.
UEFI CA memory mitigation requires memory pages to be not executable and
writable at the same time. So changing permissions and splitting some section
is required.
Remove multiboot pieces from EFI executable.
Changes since v1:
- improved some comments;
- merged 2 pacthes removing multiboot support in x86 PE;
- removed a patch dealing with SBAT;
- other minor changes (see single patches).
Changes since v2:
- improved some comments.
Changes since v3:
- Added Acked-by;
- Improve commit message.
Changes since v4:
- Messages updates;
- Clean some dependencies cause by code removal;
- Add small commit to remove a possibly unused string.
Frediano Ziglio (3):
Align relevant sections to 4KB
x86: Split .init section to satisfy UEFI CA memory mitigation
x86/boot: Exclude not used string
Roger Pau Monné (2):
x86/efi: discard multiboot and PVH support for PE binary
x86/efi: avoid a relocation in efi_arch_post_exit_boot()
docs/hypervisor-guide/x86/how-xen-boots.rst | 6 -----
xen/arch/x86/boot/head.S | 10 +++++---
xen/arch/x86/efi/efi-boot.h | 7 ++++--
xen/arch/x86/xen.lds.S | 27 +++++++++++++--------
4 files changed, 28 insertions(+), 22 deletions(-)
--
2.43.0