From ce0ae3c869dccaff3ed976d58b2d63ce461507e6 Mon Sep 17 00:00:00 2001
From: Steffen Eiden <seiden@linux.ibm.com>
Date: Mon, 25 Jul 2022 12:57:53 +0200
Subject: [PATCH 1/2] zipl: Add missing check for a nullpointer.

Fixes a bug that leads to a segmentation fault when no parmline is
provided.

Fixes: 11b401b5 ("zipl: move and make check for maximum command line length dynamic")
Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Stefan Haberland <sth@linux.ibm.com>
---
 zipl/src/job.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zipl/src/job.c b/zipl/src/job.c
index ffdc297..b5bf5b2 100644
--- a/zipl/src/job.c
+++ b/zipl/src/job.c
@@ -790,7 +790,7 @@ check_common_ipl_data(struct job_common_ipl_data *common, const char *section,
 		if (!max_parm_size)
 			max_parm_size = LEGACY_MAXIMUM_PARMLINE_SIZE;
 
-		len = strlen(common->parmline);
+		len = common->parmline ? strlen(common->parmline) : 0;
 		if (len > max_parm_size) {
 			error_text("The length of the parameters line "
 				   "(%d bytes) exceeds the allowed maximum "
-- 
2.38.1


From 5066a940f7a705c342deba8296a57dc786a19c5f Mon Sep 17 00:00:00 2001
From: Peter Oberparleiter <oberpar@linux.ibm.com>
Date: Fri, 16 Sep 2022 15:13:01 +0200
Subject: [PATCH 2/2] zipl/boot: add secure boot trailer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This patch enhances the zipl stage3 loader image adding a trailer as
required for secure boot by future firmware versions.

Note: with the change in this patch the padding via objcopy command line
options is replaced by padding via linker script directives with the
same effect.

Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
---
 zipl/boot/Makefile     |  2 +-
 zipl/boot/stage3.lds.S | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/zipl/boot/Makefile b/zipl/boot/Makefile
index c2ec76a..f195df0 100644
--- a/zipl/boot/Makefile
+++ b/zipl/boot/Makefile
@@ -106,7 +106,7 @@ stage3.bin:	stage3.exec
 		--only-section=.stage2dump.tail \
 		--only-section=.eckd2dump_mv.tail \
 		--only-section=.fixup \
-		--pad-to=0xe000 \
+		--only-section=.sb.trailer \
 		$< $@
 
 data.o: $(FILES)
diff --git a/zipl/boot/stage3.lds.S b/zipl/boot/stage3.lds.S
index fa4c81f..d8305f1 100644
--- a/zipl/boot/stage3.lds.S
+++ b/zipl/boot/stage3.lds.S
@@ -14,6 +14,7 @@
  */
 
 #include "boot/loaders_layout.h"
+#include "boot/s390.h"
 
 SECTIONS
 {
@@ -46,6 +47,15 @@ SECTIONS
   .rodata : {*(.rodata) }
   .data : { *(.data) }
 
+  /* Trailer needed for Secure Boot */
+  . = COMMAND_LINE_EXTRA - 32;
+  .sb.trailer : {
+    QUAD(0x0000c00000000000)
+    QUAD(STAGE3_ENTRY + PSW_LOAD)
+    QUAD(STAGE3_ENTRY)
+    QUAD(0x000000207a49504c)
+  }
+
   . = COMMAND_LINE_EXTRA;
   .cmdline_extra : {
     . += COMMAND_LINE_EXTRA_SIZE;
-- 
2.38.1