rpms/shim-unsigned-riscv64
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c10s
Branches Tags
rpms:c10s
rpms:a10s
rpms:changed/a10s/shim-unsigned-riscv64-15.8-3.el10.alma.1
rpms:imports/c10/shim-unsigned-riscv64-15.8-3.rv.0.el10
...
pull from: rpms:a10s
Branches Tags
rpms:a10s
rpms:c10s
rpms:changed/a10s/shim-unsigned-riscv64-15.8-3.el10.alma.1
rpms:imports/c10/shim-unsigned-riscv64-15.8-3.rv.0.el10

3 Commits
c10s ... a10s

Author SHA1 Message Date
Andrew Lukoshko
845e29e580 Update to shim 16.1 with RISC-V 64-bit support 
- Update shim from 15.8 to 16.1
- Replace separate gnu-efi 4.0.0 tarball with patch-based approach
  (shim 16.1 bundles gnu-efi from rhboot, apply riscv64 support as patch)
- Add 0001-Add-RISC-V-64-support-to-gnu-efi.patch (ncroxon/gnu-efi 4.0.0
  riscv64 files adapted for rhboot/gnu-efi shim-16.1)
- Add 0008-Fix-additional-signedness-warnings-for-riscv64.patch
- Remove 0001-Adopt-modern-ReallocatePool-ABI.patch (not needed with
  rhboot's gnu-efi)
- Rebase all patches for 16.1
- Update SBAT, commit ID, and source checksums
 2026-02-23 17:23:04 +00:00
Andrew Lukoshko
286e972772 Fix vendor_db.esl location 2025-07-19 21:15:48 +00:00
Andrew Lukoshko
cf375d678f Use AlmaLinux cert 2025-07-18 16:59:08 +00:00
18 changed files with 1275 additions and 488 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,3 +1 @@
gnu-efi-4.0.0.tar.gz
securebootca.cer
shim-15.8.tar.bz2
shim-16.1.tar.bz2

809
0001-Add-RISC-V-64-support-to-gnu-efi.patch Normal file
View File

@ -0,0 +1,809 @@
diff --git a/gnu-efi/Make.defaults b/gnu-efi/Make.defaults
index 59b6508..eca3c67 100755
--- a/gnu-efi/Make.defaults
+++ b/gnu-efi/Make.defaults
@@ -36,7 +36,7 @@
TOPDIR ?= $(shell if [ "$$PWD" != "" ]; then echo $$PWD; else pwd; fi)
-ARCHES = ia32 x86_64 ia64 aarch64 arm mips64el
+ARCHES = ia32 x86_64 ia64 aarch64 arm mips64el riscv64
#
# Variables below overridable from command-line:
diff --git a/gnu-efi/gnuefi/crt0-efi-riscv64.S b/gnu-efi/gnuefi/crt0-efi-riscv64.S
new file mode 100644
index 0000000..296d03d
--- /dev/null
+++ b/gnu-efi/gnuefi/crt0-efi-riscv64.S
@@ -0,0 +1,54 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later OR BSD-2-Clause */
+/*
+ * Copyright (C) 2014 Linaro Ltd. <ard.biesheuvel@linaro.org>
+ * Copyright (C) 2018 Alexander Graf <agraf@suse.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice and this list of conditions, without modification.
+ * 2. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * Alternatively, this software may be distributed under the terms of the
+ * GNU General Public License as published by the Free Software Foundation;
+ * either version 2 of the License, or (at your option) any later version.
+ */
+
+ .text
+ .globl _start
+ .type _start,%function
+_start:
+ addi sp, sp, -24
+ sd a0, 0(sp)
+ sd a1, 8(sp)
+ sd ra, 16(sp)
+ lla a0, ImageBase
+ lla a1, _DYNAMIC
+ call _relocate
+ bne a0, zero, .L_exit
+ ld a1, 8(sp)
+ ld a0, 0(sp)
+ call efi_main
+ ld ra, 16(sp)
+.L_exit:
+ addi sp, sp, 24
+ ret
+
+// hand-craft a dummy .reloc section so EFI knows it's a relocatable executable:
+
+ .data
+dummy0: .4byte 0
+dummy1: .4byte 0
+
+#define IMAGE_REL_ABSOLUTE 0
+ .section .reloc, "a", %progbits
+ .4byte dummy1 - dummy0 // Page RVA
+ .4byte 12 // Block Size (2*4+2*2), must be aligned by 32 Bits
+ .2byte (IMAGE_REL_ABSOLUTE<<12) + 0 // reloc for dummy
+ .2byte (IMAGE_REL_ABSOLUTE<<12) + 0 // reloc for dummy
+
+#if defined(__ELF__) && defined(__linux__)
+ .section .note.GNU-stack,"",%progbits
+#endif
diff --git a/gnu-efi/gnuefi/elf_riscv64_efi.lds b/gnu-efi/gnuefi/elf_riscv64_efi.lds
new file mode 100644
index 0000000..d6663ee
--- /dev/null
+++ b/gnu-efi/gnuefi/elf_riscv64_efi.lds
@@ -0,0 +1,123 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later OR BSD-2-Clause */
+
+OUTPUT_FORMAT("elf64-littleriscv", "elf64-littleriscv", "elf64-littleriscv")
+OUTPUT_ARCH(riscv)
+ENTRY(_start)
+SECTIONS
+{
+ . = 0;
+ ImageBase = .;
+ /* .hash and/or .gnu.hash MUST come first! */
+ .hash : { *(.hash) }
+ .gnu.hash : { *(.gnu.hash) }
+ . = ALIGN(4096);
+ .eh_frame : { *(.eh_frame) }
+ .eh_frame_hdr : { *(.eh_frame_hdr) }
+ .gcc_except_table : { *(.gcc_except_table*) }
+ . = ALIGN(4096);
+ .text : {
+ _text = .;
+ *(.text)
+ *(.text.*)
+ *(.gnu.linkonce.t.*)
+ *(.plt)
+ . = ALIGN(16);
+ }
+ _etext = .;
+ _text_size = _etext - _text;
+ . = ALIGN(65536);
+ _DYNAMIC = .;
+ .dynamic : { *(.dynamic) }
+ . = ALIGN(4096);
+ .data :
+ {
+ _data = .;
+ *(.sdata)
+ *(.data)
+ *(.data1)
+ *(.data.*)
+ *(.got.plt)
+ *(.got)
+
+ /*
+ * Note that these aren't the using the GNU "CONSTRUCTOR" output section
+ * command, so they don't start with a size. Because of p2align and the
+ * end/END definitions, and the fact that they're mergeable, they can also
+ * have NULLs which aren't guaranteed to be at the end.
+ */
+ . = ALIGN(16);
+ __init_array_start = .;
+ *(SORT(.init_array.*))
+ *(.init_array)
+ __init_array_end = .;
+ . = ALIGN(16);
+ __CTOR_LIST__ = .;
+ *(SORT(.ctors.*))
+ *(.ctors)
+ __CTOR_END__ = .;
+ . = ALIGN(16);
+ __DTOR_LIST__ = .;
+ *(SORT(.dtors.*))
+ *(.dtors)
+ __DTOR_END__ = .;
+ . = ALIGN(16);
+ __fini_array_start = .;
+ *(SORT(.fini_array.*))
+ *(.fini_array)
+ __fini_array_end = .;
+
+ /* the EFI loader doesn't seem to like a .bss section, so we stick
+ it all into .data: */
+ . = ALIGN(16);
+ _bss = .;
+ *(.sbss)
+ *(.scommon)
+ *(.dynbss)
+ *(.bss*)
+ *(COMMON)
+ *(.rel.local)
+ . = ALIGN(16);
+
+ _bss_end = .;
+ }
+ . = ALIGN(4096);
+ .reloc :
+ {
+ KEEP (*(.reloc))
+ }
+
+ . = ALIGN(4096);
+ .rela :
+ {
+ *(.rela.text*)
+ *(.rela.data*)
+ *(.rela.got)
+ *(.rela.dyn)
+ *(.rela.stab)
+ *(.rela.init_array*)
+ *(.rela.fini_array*)
+ *(.rela.ctors*)
+ *(.rela.dtors*)
+
+ }
+ . = ALIGN(4096);
+ .rela.plt : { *(.rela.plt) }
+ . = ALIGN(4096);
+ .rodata : { *(.rodata*) }
+ . = ALIGN(512);
+ _edata = .;
+ _data_size = _edata - _data;
+
+ . = ALIGN(4096);
+ .dynsym : { *(.dynsym) }
+ . = ALIGN(4096);
+ .dynstr : { *(.dynstr) }
+ . = ALIGN(4096);
+ .note.gnu.build-id : { *(.note.gnu.build-id) }
+ .ignored.reloc :
+ {
+ *(.rela.reloc)
+ *(.note.GNU-stack)
+ }
+ .comment 0 : { *(.comment) }
+}
diff --git a/gnu-efi/gnuefi/reloc_riscv64.c b/gnu-efi/gnuefi/reloc_riscv64.c
new file mode 100644
index 0000000..207a76b
--- /dev/null
+++ b/gnu-efi/gnuefi/reloc_riscv64.c
@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR BSD-3-Clause
+/* reloc_riscv.c - position independent ELF shared object relocator
+ Copyright (C) 2018 Alexander Graf <agraf@suse.de>
+ Copyright (C) 2014 Linaro Ltd. <ard.biesheuvel@linaro.org>
+ Copyright (C) 1999 Hewlett-Packard Co.
+ Contributed by David Mosberger <davidm@hpl.hp.com>.
+
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials
+ provided with the distribution.
+ * Neither the name of Hewlett-Packard Co. nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+ BE LIABLE FOR ANYDIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+*/
+
+#include <efi.h>
+
+#include "subst/elf.h"
+
+#define Elf_Dyn Elf64_Dyn
+#define Elf_Rela Elf64_Rela
+#define ELF_R_TYPE ELF64_R_TYPE
+
+EFI_STATUS EFIAPI _relocate(long ldbase, Elf_Dyn *dyn)
+{
+ long relsz = 0, relent = 0;
+ Elf_Rela *rel = NULL;
+ unsigned long *addr;
+ int i;
+
+ for (i = 0; dyn[i].d_tag != DT_NULL; ++i) {
+ switch (dyn[i].d_tag) {
+ case DT_RELA:
+ rel = (Elf_Rela *)((unsigned long)dyn[i].d_un.d_ptr + ldbase);
+ break;
+ case DT_RELASZ:
+ relsz = dyn[i].d_un.d_val;
+ break;
+ case DT_RELAENT:
+ relent = dyn[i].d_un.d_val;
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (!rel && relent == 0)
+ return EFI_SUCCESS;
+
+ if (!rel || relent == 0)
+ return EFI_LOAD_ERROR;
+
+ while (relsz > 0) {
+ /* apply the relocs */
+ switch (ELF_R_TYPE(rel->r_info)) {
+ case R_RISCV_RELATIVE:
+ addr = (unsigned long *)(ldbase + rel->r_offset);
+ *addr = ldbase + rel->r_addend;
+ break;
+ default:
+ break;
+ }
+ rel = (Elf_Rela *)((char *)rel + relent);
+ relsz -= relent;
+ }
+ return EFI_SUCCESS;
+}
diff --git a/gnu-efi/inc/efi.h b/gnu-efi/inc/efi.h
index bd99451..f87477b 100644
--- a/gnu-efi/inc/efi.h
+++ b/gnu-efi/inc/efi.h
@@ -50,6 +50,8 @@ Revision History
#include "arm/efibind.h"
#elif defined (_M_MIPS64) || defined(__mips64__)
#include "mips64el/efibind.h"
+#elif defined (__riscv) && __riscv_xlen == 64
+#include "riscv64/efibind.h"
#else
#error Usupported architecture
#endif
diff --git a/gnu-efi/inc/efilib.h b/gnu-efi/inc/efilib.h
index 6c34653..568d327 100644
--- a/gnu-efi/inc/efilib.h
+++ b/gnu-efi/inc/efilib.h
@@ -33,6 +33,8 @@ Revision History
#include "arm/efilibplat.h"
#elif defined (_M_MIPS64) || defined(__mips64__)
#include "mips64el/efilibplat.h"
+#elif defined (__riscv) && __riscv_xlen == 64
+#include "riscv64/efilibplat.h"
#endif
#include "efilink.h"
#include "efirtlib.h"
diff --git a/gnu-efi/inc/efirtlib.h b/gnu-efi/inc/efirtlib.h
index 5071493..8643061 100644
--- a/gnu-efi/inc/efirtlib.h
+++ b/gnu-efi/inc/efirtlib.h
@@ -32,6 +32,8 @@ Revision History
#include "arm/efilibplat.h"
#elif defined (_M_MIPS64) || defined(__mips64__)
#include "mips64el/efilibplat.h"
+#elif defined (__riscv) && __riscv_xlen == 64
+#include "riscv64/efilibplat.h"
#endif
diff --git a/gnu-efi/inc/riscv64/efibind.h b/gnu-efi/inc/riscv64/efibind.h
new file mode 100644
index 0000000..a2b9c18
--- /dev/null
+++ b/gnu-efi/inc/riscv64/efibind.h
@@ -0,0 +1,127 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later OR BSD-2-Clause */
+/*
+ * Copyright (C) 2014 - 2015 Linaro Ltd.
+ * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice and this list of conditions, without modification.
+ * 2. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * Alternatively, this software may be distributed under the terms of the
+ * GNU General Public License as published by the Free Software Foundation;
+ * either version 2 of the License, or (at your option) any later version.
+ */
+
+#include <stdint.h>
+#include <stddef.h>
+
+//
+// Basic EFI types of various widths
+//
+
+typedef uint64_t UINT64;
+typedef int64_t INT64;
+typedef uint32_t UINT32;
+typedef int32_t INT32;
+typedef uint16_t UINT16;
+typedef int16_t INT16;
+typedef uint8_t UINT8;
+typedef int8_t INT8;
+typedef unsigned char CHAR8;
+typedef uint16_t CHAR16;
+#define WCHAR CHAR16
+#undef VOID
+typedef void VOID;
+typedef int64_t INTN;
+typedef uint64_t UINTN;
+
+#define EFI_ERROR_MASK 0x8000000000000000
+#define EFIERR(a) (EFI_ERROR_MASK | a)
+#define EFIERR_OEM(a) (0xc000000000000000 | a)
+
+#define BAD_POINTER 0xFBFBFBFBFBFBFBFB
+#define MAX_ADDRESS 0xFFFFFFFFFFFFFFFF
+
+#define BREAKPOINT() while(1);
+
+//
+// Pointers must be aligned to these address to function
+//
+#define MIN_ALIGNMENT_SIZE 8
+
+#define ALIGN_VARIABLE(Value, Adjustment) \
+ (UINTN)Adjustment = 0; \
+ if((UINTN)Value % MIN_ALIGNMENT_SIZE) \
+ (UINTN)Adjustment = MIN_ALIGNMENT_SIZE - ((UINTN)Value % MIN_ALIGNMENT_SIZE); \
+ Value = (UINTN)Value + (UINTN)Adjustment
+
+//
+// Define macros to build data structure signatures from characters.
+//
+#define EFI_SIGNATURE_16(A,B) ((A) | (B<<8))
+#define EFI_SIGNATURE_32(A,B,C,D) (EFI_SIGNATURE_16(A,B) | (EFI_SIGNATURE_16(C,D) << 16))
+#define EFI_SIGNATURE_64(A,B,C,D,E,F,G,H) (EFI_SIGNATURE_32(A,B,C,D) | ((UINT64)(EFI_SIGNATURE_32(E,F,G,H)) << 32))
+
+//
+// EFIAPI - prototype calling convention for EFI function pointers
+// BOOTSERVICE - prototype for implementation of a boot service interface
+// RUNTIMESERVICE - prototype for implementation of a runtime service interface
+// RUNTIMEFUNCTION - prototype for implementation of a runtime function that is not a service
+// RUNTIME_CODE - pragma macro for declaring runtime code
+//
+#ifndef EFIAPI // Forces EFI calling conventions reguardless of compiler options
+#define EFIAPI // Substitute expresion to force C calling convention
+#endif
+#define BOOTSERVICE
+#define RUNTIMESERVICE
+#define RUNTIMEFUNCTION
+#define RUNTIME_CODE(a) alloc_text("rtcode", a)
+#define BEGIN_RUNTIME_DATA() data_seg("rtdata")
+#define END_RUNTIME_DATA() data_seg("")
+
+#define VOLATILE volatile
+#define MEMORY_FENCE __sync_synchronize
+
+//
+// When build similiar to FW, then link everything together as
+// one big module. For the MSVC toolchain, we simply tell the
+// linker what our driver init function is using /ENTRY.
+//
+#if defined(_MSC_EXTENSIONS)
+#define EFI_DRIVER_ENTRY_POINT(InitFunction) \
+ __pragma(comment(linker, "/ENTRY:" # InitFunction))
+#else
+#define EFI_DRIVER_ENTRY_POINT(InitFunction) \
+ UINTN \
+ InitializeDriver ( \
+ VOID *ImageHandle, \
+ VOID *SystemTable \
+ ) \
+ { \
+ return InitFunction(ImageHandle, \
+ SystemTable); \
+ } \
+ \
+ EFI_STATUS efi_main( \
+ EFI_HANDLE image, \
+ EFI_SYSTEM_TABLE *systab \
+ ) __attribute__((weak, \
+ alias ("InitializeDriver")));
+#endif
+
+#define LOAD_INTERNAL_DRIVER(_if, type, name, entry) \
+ (_if)->LoadInternal(type, name, entry)
+
+//
+// Some compilers don't support the forward reference construct:
+// typedef struct XXXXX
+//
+// The following macro provide a workaround for such cases.
+#define INTERFACE_DECL(x) struct x
+
+#define uefi_call_wrapper(func, va_num, ...) func(__VA_ARGS__)
+#define EFI_FUNCTION
diff --git a/gnu-efi/inc/riscv64/efilibplat.h b/gnu-efi/inc/riscv64/efilibplat.h
new file mode 100644
index 0000000..055cb47
--- /dev/null
+++ b/gnu-efi/inc/riscv64/efilibplat.h
@@ -0,0 +1,7 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later OR BSD-2-Clause */
+
+VOID
+InitializeLibPlatform (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ );
diff --git a/gnu-efi/inc/riscv64/efisetjmp_arch.h b/gnu-efi/inc/riscv64/efisetjmp_arch.h
new file mode 100644
index 0000000..b9fab7c
--- /dev/null
+++ b/gnu-efi/inc/riscv64/efisetjmp_arch.h
@@ -0,0 +1,40 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later OR BSD-2-Clause */
+
+#ifndef GNU_EFI_RISCV64_SETJMP_H
+#define GNU_EFI_RISCV64_SETJMP_H
+
+#define JMPBUF_ALIGN 8
+
+typedef struct {
+ /* GP regs */
+ UINT64 s0;
+ UINT64 s1;
+ UINT64 s2;
+ UINT64 s3;
+ UINT64 s4;
+ UINT64 s5;
+ UINT64 s6;
+ UINT64 s7;
+ UINT64 s8;
+ UINT64 s9;
+ UINT64 s10;
+ UINT64 s11;
+ UINT64 sp;
+ UINT64 ra;
+
+ /* FP regs */
+ UINT64 fs0;
+ UINT64 fs1;
+ UINT64 fs2;
+ UINT64 fs3;
+ UINT64 fs4;
+ UINT64 fs5;
+ UINT64 fs6;
+ UINT64 fs7;
+ UINT64 fs8;
+ UINT64 fs9;
+ UINT64 fs10;
+ UINT64 fs11;
+} __attribute__((__aligned__(JMPBUF_ALIGN))) jmp_buf[1];
+
+#endif /* GNU_EFI_RISCV64_SETJMP_H */
diff --git a/gnu-efi/inc/subst/elf.h b/gnu-efi/inc/subst/elf.h
new file mode 100644
index 0000000..c953563
--- /dev/null
+++ b/gnu-efi/inc/subst/elf.h
@@ -0,0 +1,84 @@
+/* Copyright (C) 2024 GNU-EFI Contributors
+
+This library is free software;
+you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation;
+either version 2.1 of the License, or (at your option) any later version.
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+See the GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License along with this library;
+if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+
+#if !defined(__GNU_EFI_NO_GLIBC)
+#include <elf.h>
+
+#else
+
+typedef uint32_t Elf32_Addr;
+typedef int32_t Elf32_Sword;
+typedef uint32_t Elf32_Word;
+
+typedef uint64_t Elf64_Addr;
+typedef int64_t Elf64_Sxword;
+typedef uint64_t Elf64_Xword;
+
+
+typedef struct {
+ Elf32_Addr r_offset;
+ Elf32_Word r_info;
+ } Elf32_Rel;
+
+typedef struct {
+ Elf64_Addr r_offset;
+ Elf64_Xword r_info;
+ Elf64_Sxword r_addend;
+ } Elf64_Rela;
+
+typedef struct {
+ Elf32_Sword d_tag;
+ union {
+ Elf32_Word d_val;
+ Elf32_Addr d_ptr;
+ } d_un;
+ } Elf32_Dyn;
+
+typedef struct {
+ Elf64_Sxword d_tag;
+ union {
+ Elf64_Xword d_val;
+ Elf64_Addr d_ptr;
+ } d_un;
+ } Elf64_Dyn;
+
+#define ELF32_R_TYPE(val) ((val) & 0xff)
+#define ELF64_R_TYPE(i) ((i) & 0xffffffff)
+
+#define DT_NULL 0
+#define DT_REL 17
+#define DT_RELSZ 18
+#define DT_RELENT 19
+#define DT_RELA 7
+#define DT_RELASZ 8
+#define DT_RELAENT 9
+#define DT_PLTGOT 3
+
+
+#define R_AARCH64_NONE 0
+#define R_AARCH64_RELATIVE 1027
+#define R_RISCV_RELATIVE 3
+#define R_LARCH_NONE 0
+#define R_LARCH_RELATIVE 3
+#define R_X86_64_NONE 0
+#define R_X86_64_RELATIVE 8
+#define R_ARM_NONE 0
+#define R_ARM_RELATIVE 23
+#define R_386_NONE 0
+#define R_386_RELATIVE 8
+#define R_MIPS_NONE 0
+#define R_MIPS_64 18
+#define R_MIPS_REL32 3
+
+
+#endif
diff --git a/gnu-efi/lib/init.c b/gnu-efi/lib/init.c
index d979029..40591c7 100644
--- a/gnu-efi/lib/init.c
+++ b/gnu-efi/lib/init.c
@@ -144,7 +144,7 @@ InitializeUnicodeSupport (
//
Languages = Ui->SupportedLanguages;
- Length = strlen(Languages);
+ Length = strlen((const char *)Languages);
for (Position=0; Position < Length; Position += ISO_639_2_ENTRY_SIZE) {
//
diff --git a/gnu-efi/lib/misc.c b/gnu-efi/lib/misc.c
index c9a4b0b..853ca21 100644
--- a/gnu-efi/lib/misc.c
+++ b/gnu-efi/lib/misc.c
@@ -556,7 +556,7 @@ LibGetUiString (
// Search for the match
//
while (Array->LangCode) {
- if (strcmp(Array->LangCode, LangCode) == 0) {
+ if (strcmp((const char *)Array->LangCode, (const char *)LangCode) == 0) {
return Array->UiString;
}
}
diff --git a/gnu-efi/lib/riscv64/initplat.c b/gnu-efi/lib/riscv64/initplat.c
new file mode 100644
index 0000000..3666fcc
--- /dev/null
+++ b/gnu-efi/lib/riscv64/initplat.c
@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR BSD-2-Clause
+
+#include "lib.h"
+
+VOID
+InitializeLibPlatform (
+ IN EFI_HANDLE ImageHandle EFI_UNUSED,
+ IN EFI_SYSTEM_TABLE *SystemTable EFI_UNUSED
+ )
+{
+}
diff --git a/gnu-efi/lib/riscv64/math.c b/gnu-efi/lib/riscv64/math.c
new file mode 100644
index 0000000..3653e42
--- /dev/null
+++ b/gnu-efi/lib/riscv64/math.c
@@ -0,0 +1,62 @@
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * This code is based on EDK II MdePkg/Library/BaseLib/Math64.c
+ * Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.
+ */
+
+#include "lib.h"
+
+/**
+ * LShiftU64() - left shift
+ */
+UINT64
+LShiftU64 (
+ IN UINT64 Operand,
+ IN UINTN Count
+)
+{
+ return Operand << Count;
+}
+
+/**
+ * RShiftU64() - right shift
+ */
+UINT64
+RShiftU64 (
+ IN UINT64 Operand,
+ IN UINTN Count
+)
+{
+ return Operand >> Count;
+}
+
+/**
+ * MultU64x32() - multiply
+ */
+UINT64
+MultU64x32 (
+ IN UINT64 Multiplicand,
+ IN UINTN Multiplier
+)
+{
+ return Multiplicand * Multiplier;
+}
+
+/**
+ * DivU64x32() - divide
+ */
+UINT64
+DivU64x32 (
+ IN UINT64 Dividend,
+ IN UINTN Divisor,
+ OUT UINTN *Remainder OPTIONAL
+)
+{
+ ASSERT(Divisor != 0);
+
+ if (Remainder) {
+ *Remainder = Dividend % Divisor;
+ }
+
+ return Dividend / Divisor;
+}
diff --git a/gnu-efi/lib/riscv64/setjmp.S b/gnu-efi/lib/riscv64/setjmp.S
new file mode 100644
index 0000000..8f8d496
--- /dev/null
+++ b/gnu-efi/lib/riscv64/setjmp.S
@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR BSD-2-Clause
+/*
+ * Copyright Heinrich Schuchardt <xypron.glpk@gmx.de>
+ */
+
+ .text
+ .p2align 3
+
+#define GREG_LIST \
+ REG_ONE(s0, 0); \
+ REG_ONE(s1, 8); \
+ REG_ONE(s2, 16); \
+ REG_ONE(s3, 24); \
+ REG_ONE(s4, 32); \
+ REG_ONE(s5, 40); \
+ REG_ONE(s6, 48); \
+ REG_ONE(s7, 56); \
+ REG_ONE(s8, 64); \
+ REG_ONE(s9, 72); \
+ REG_ONE(s10, 80); \
+ REG_ONE(s11, 88); \
+ REG_ONE(sp, 96); \
+ REG_ONE(ra, 104);
+
+#define FREG_LIST \
+ FREG_ONE(fs0, 112); \
+ FREG_ONE(fs1, 120); \
+ FREG_ONE(fs2, 128); \
+ FREG_ONE(fs3, 136); \
+ FREG_ONE(fs4, 144); \
+ FREG_ONE(fs5, 152); \
+ FREG_ONE(fs6, 160); \
+ FREG_ONE(fs7, 168); \
+ FREG_ONE(fs8, 176); \
+ FREG_ONE(fs9, 184); \
+ FREG_ONE(fs10, 192); \
+ FREG_ONE(fs11, 200);
+
+#define REG_ONE(R, P) sd R, P(a0)
+#define FREG_ONE(R, P) fsd R, P(a0)
+
+ .globl setjmp
+ .type setjmp, @function
+
+setjmp:
+ GREG_LIST
+#ifndef __riscv_float_abi_soft
+ FREG_LIST
+#endif
+ li a0, 0
+ ret
+
+#undef REG_ONE
+#undef FREG_ONE
+
+#define REG_ONE(R, P) ld R, P(a0)
+#define FREG_ONE(R, P) fld R, P(a0)
+
+ .globl longjmp
+ .type longjmp, @function
+
+longjmp:
+ GREG_LIST
+#ifndef __riscv_float_abi_soft
+ FREG_LIST
+#endif
+ seqz a0, a1
+ add a0, a0, a1
+ ret
+
+#if defined(__ELF__) && defined(__linux__)
+ .section .note.GNU-stack,"",%progbits
+#endif

96
0001-Adopt-modern-ReallocatePool-ABI.patch
View File

@ -1,96 +0,0 @@
From 5dc20baf28617d28cd6793f606323b5c79102825 Mon Sep 17 00:00:00 2001
From: Andrea Bolognani <abologna@redhat.com>
Date: Wed, 30 Apr 2025 01:31:00 +0200
Subject: [PATCH 1/7] Adopt modern ReallocatePool() ABI
We could theoretically set GNU_EFI_USE_REALLOCATEPOOL_ABI=0
to keep using the legacy ABI, but since gnu-efi uses the
modern ABI internally and we call into its build systemd
directly, doing that messes things up. Switching to the new
ABI is just a matter of switching the arguments around.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
errlog.c | 5 +++--
fallback.c | 6 +++---
shim.c | 7 ++++---
tpm.c | 5 +++--
4 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/errlog.c b/errlog.c
index 3c5e0af..1f2e941 100644
--- a/errlog.c
+++ b/errlog.c
@@ -35,8 +35,9 @@ VLogError(const char *file, int line, const char *func, const CHAR16 *fmt,
if (file == NULL || func == NULL || fmt == NULL)
return EFI_INVALID_PARAMETER;
- newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
- (nerrs + 3) * sizeof(*errs));
+ newerrs = ReallocatePool((nerrs + 1) * sizeof(*errs),
+ (nerrs + 3) * sizeof(*errs),
+ errs);
if (!newerrs)
return EFI_OUT_OF_RESOURCES;
diff --git a/fallback.c b/fallback.c
index 600cc7a..a5eacec 100644
--- a/fallback.c
+++ b/fallback.c
@@ -440,9 +440,9 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp,
if (efi_status == EFI_BUFFER_TOO_SMALL) {
VerbosePrint(L"Buffer too small for next variable name, re-allocating it to be %d bytes and retrying\n",
varname_size);
- varname = ReallocatePool(varname,
- buffer_size,
- varname_size);
+ varname = ReallocatePool(buffer_size,
+ varname_size,
+ varname);
if (!varname)
return EFI_OUT_OF_RESOURCES;
buffer_size = varname_size;
diff --git a/shim.c b/shim.c
index 633163a..b0703a5 100644
--- a/shim.c
+++ b/shim.c
@@ -1545,8 +1545,9 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
}
certlist = pointer;
user_cert_size += certlist->SignatureListSize;;
- user_cert = ReallocatePool(user_cert, original,
- user_cert_size);
+ user_cert = ReallocatePool(original,
+ user_cert_size,
+ user_cert);
CopyMem(user_cert + original, pointer,
certlist->SignatureListSize);
}
@@ -1635,7 +1636,7 @@ load_unbundled_trust(EFI_HANDLE image_handle)
if (buffersize > 1024)
goto done;
}
- buffer = ReallocatePool(buffer, old, buffersize);
+ buffer = ReallocatePool(old, buffersize, buffer);
if (buffer == NULL) {
perror(L"Failed to read directory %s - %r\n",
PathName, EFI_OUT_OF_RESOURCES);
diff --git a/tpm.c b/tpm.c
index 388f8d1..6c7af4c 100644
--- a/tpm.c
+++ b/tpm.c
@@ -328,8 +328,9 @@ static EFI_STATUS tpm_record_data_measurement(CHAR16 *VarName, EFI_GUID VendorGu
if (measureddata == NULL) {
measureddata = AllocatePool(sizeof(*measureddata));
} else {
- measureddata = ReallocatePool(measureddata, measuredcount * sizeof(*measureddata),
- (measuredcount + 1) * sizeof(*measureddata));
+ measureddata = ReallocatePool(measuredcount * sizeof(*measureddata),
+ (measuredcount + 1) * sizeof(*measureddata),
+ measureddata);
}
if (measureddata == NULL)
--
2.49.0

10
0002-Set-NO_GLIBC-1-when-building-gnu-efi.patch
View File

@ -1,7 +1,7 @@
From a3e9fc33dfe95938e89acb523256e5f70bf8710b Mon Sep 17 00:00:00 2001
From bd54c7a3899fa4cdf4774674f71290af7dfc1ba5 Mon Sep 17 00:00:00 2001
From: Andrea Bolognani <abologna@redhat.com>
Date: Wed, 30 Apr 2025 01:31:45 +0200
Subject: [PATCH 2/7] Set NO_GLIBC=1 when building gnu-efi
Subject: [PATCH] Set NO_GLIBC=1 when building gnu-efi
shim is a standalone EFI application so it shouldn't be
necessary to look at the glibc headers when building it, and
@ -13,10 +13,10 @@ Signed-off-by: Andrea Bolognani <abologna@redhat.com>
1 file changed, 1 insertion(+)
diff --git a/Makefile b/Makefile
index 8283d56..6bff361 100644
index 9a39cd1..7e27a22 100644
--- a/Makefile
+++ b/Makefile
@@ -161,6 +161,7 @@ gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a:
@@ -174,6 +174,7 @@ gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a:
CCC_CC="$(COMPILER)" \
CC="$(CC)" \
ARCH=$(ARCH_GNUEFI) \
@ -25,5 +25,5 @@ index 8283d56..6bff361 100644
-f $(TOPDIR)/gnu-efi/Makefile \
lib gnuefi inc $(IGNORE_COMPILER_ERRORS)
--
2.49.0
2.43.7

644
0003-Initial-RISC-V-support.patch
View File

@ -1,37 +1,37 @@
From dffae241908b262e6979b6fb4852d98b53c1c80d Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Mon, 5 Apr 2021 12:14:44 +0200
Subject: [PATCH 3/7] Initial RISC-V support
Add what is needed to build on riscv64.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This is an update to #420 which brings it in alignment with the current
upstream.
Signed-off-by: Brian 'redbeard' Harrington <redbeard@dead-city.org>
(cherry picked from commit 5031a997425fa84a18b407c76775ec72cbfc5eb7)
---
Cryptlib/Include/OpenSslSupport.h | 3 +-
Cryptlib/Makefile | 3 +
Cryptlib/OpenSSL/Makefile | 3 +
Make.defaults | 10 +++
elf_riscv64_efi.lds | 111 ++++++++++++++++++++++++++++++
include/asm.h | 2 +
include/peimage.h | 2 +
include/system/stdarg.h | 12 +++-
lib/Makefile | 3 +
pe-relocate.c | 6 ++
shim.h | 15 ++++
11 files changed, 168 insertions(+), 2 deletions(-)
create mode 100644 elf_riscv64_efi.lds
diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h
index 0c2fb8b..a0a7124 100644
--- a/Cryptlib/Include/OpenSslSupport.h
+++ b/Cryptlib/Include/OpenSslSupport.h
@@ -61,7 +61,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
From c18d804a746bb431d92cd447a2214bca76f3eb2f Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Mon, 5 Apr 2021 12:14:44 +0200
Subject: [PATCH] Initial RISC-V support
Add what is needed to build on riscv64.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This is an update to #420 which brings it in alignment with the current
upstream.
Signed-off-by: Brian 'redbeard' Harrington <redbeard@dead-city.org>
(cherry picked from commit 5031a997425fa84a18b407c76775ec72cbfc5eb7)
---
Cryptlib/Include/OpenSslSupport.h | 3 +-
Cryptlib/Makefile | 3 +
Cryptlib/OpenSSL/Makefile | 3 +
Make.defaults | 10 +++
elf_riscv64_efi.lds | 111 ++++++++++++++++++++++++++++++
include/asm.h | 2 +
include/peimage.h | 2 +
include/system/stdarg.h | 12 +++-
lib/Makefile | 3 +
pe-relocate.c | 6 ++
shim.h | 15 ++++
11 files changed, 168 insertions(+), 2 deletions(-)
create mode 100644 elf_riscv64_efi.lds
diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h
index 0c2fb8b..a0a7124 100644
--- a/Cryptlib/Include/OpenSslSupport.h
+++ b/Cryptlib/Include/OpenSslSupport.h
@@ -61,7 +61,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define CONFIG_HEADER_BN_H
@ -41,190 +41,190 @@ index 0c2fb8b..a0a7124 100644
//
// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs
// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is
diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
index 626788c..7d7478e 100644
--- a/Cryptlib/Makefile
+++ b/Cryptlib/Makefile
@@ -37,6 +37,9 @@ endif
ifeq ($(ARCH),arm)
DEFINES += -DMDE_CPU_ARM
endif
+ifeq ($(ARCH),riscv64)
+DEFINES += -DMDE_CPU_RISCV64
+endif
LDFLAGS = -nostdlib -znocombreloc
diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
index d59c5d7..931fda1 100644
--- a/Cryptlib/OpenSSL/Makefile
+++ b/Cryptlib/OpenSSL/Makefile
@@ -49,6 +49,9 @@ endif
ifeq ($(ARCH),arm)
DEFINES += -DMDE_CPU_ARM
endif
+ifeq ($(ARCH),riscv64)
+DEFINES += -DMDE_CPU_RISCV64
+endif
LDFLAGS = -nostdlib -znocombreloc
diff --git a/Make.defaults b/Make.defaults
index e75cd3c..54a483d 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -96,6 +96,16 @@ ifeq ($(ARCH),arm)
SUBSYSTEM := 0xa
ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif
+ifeq ($(ARCH),riscv64)
+ ARCH_CFLAGS ?= -DMDE_CPU_RISCV64 -DPAGE_SIZE=4096
+ ARCH_GNUEFI ?= riscv64
+ ARCH_SUFFIX ?= riscv64
+ ARCH_SUFFIX_UPPER ?= RISCV64
+ FORMAT := -O binary
+ SUBSYSTEM := 0xa
+ ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+ TIMESTAMP_LOCATION := 72
+endif
DEFINES = -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \
-DDEFAULT_LOADER_CHAR='"$(DEFAULT_LOADER)"'
diff --git a/elf_riscv64_efi.lds b/elf_riscv64_efi.lds
new file mode 100644
index 0000000..82bf118
--- /dev/null
+++ b/elf_riscv64_efi.lds
@@ -0,0 +1,111 @@
+OUTPUT_FORMAT("elf64-littleriscv", "elf64-littleriscv", "elf64-littleriscv")
+OUTPUT_ARCH(riscv)
+ENTRY(_start)
+SECTIONS
+{
+ .text 0x0 : {
+ _text = .;
+ *(.text.head)
+ *(.text)
+ *(.text.*)
+ *(.gnu.linkonce.t.*)
+ _evtext = .;
+ . = ALIGN(4096);
+ }
+ _etext = .;
+ _text_size = . - _text;
+ _text_vsize = _evtext - _text;
+
+ . = ALIGN(4096);
+ .data :
+ {
+ _data = .;
+ *(.sdata)
+ *(.data)
+ *(.data1)
+ *(.data.*)
+ *(.got.plt)
+ *(.got)
+
+ *(.dynamic)
+
+ /* the EFI loader doesn't seem to like a .bss section, so we stick
+ it all into .data: */
+ . = ALIGN(16);
+ _bss = .;
+ *(.sbss)
+ *(.scommon)
+ *(.dynbss)
+ *(.bss)
+ *(COMMON)
+ _evdata = .;
+ . = ALIGN(4096);
+ _bss_end = .;
+ }
+ _edata = .;
+ _data_vsize = _evdata - _data;
+ _data_size = . - _data;
+
+ /*
+ * Note that _sbat must be the beginning of the data, and _esbat must be the
+ * end and must be before any section padding. The sbat self-check uses
+ * _esbat to find the bounds of the data, and if the padding is included, the
+ * CSV parser (correctly) rejects the data as having NUL values in one of the
+ * required columns.
+ */
+ . = ALIGN(4096);
+ .sbat :
+ {
+ _sbat = .;
+ *(.sbat)
+ *(.sbat.*)
+ _esbat = .;
+ . = ALIGN(4096);
+ _epsbat = .;
+ }
+ _sbat_size = _epsbat - _sbat;
+ _sbat_vsize = _esbat - _sbat;
+
+ . = ALIGN(4096);
+ .rodata :
+ {
+ _rodata = .;
+ *(.rodata*)
+ *(.srodata)
+ . = ALIGN(16);
+ *(.note.gnu.build-id)
+ . = ALIGN(4096);
+ *(.vendor_cert)
+ *(.data.ident)
+ . = ALIGN(4096);
+ }
+ . = ALIGN(4096);
+ .rela :
+ {
+ *(.rela.dyn)
+ *(.rela.plt)
+ *(.rela.got)
+ *(.rela.data)
+ *(.rela.data*)
+ }
+ . = ALIGN(4096);
+ .dyn :
+ {
+ *(.dynsym)
+ *(.dynstr)
+ _evrodata = .;
+ . = ALIGN(4096);
+ }
+ _erodata = .;
+ _rodata_size = . - _rodata;
+ _rodata_vsize = _evrodata - _rodata;
+ _alldata_size = . - _data;
+
+ /DISCARD/ :
+ {
+ *(.rel.reloc)
+ *(.eh_frame)
+ *(.note.GNU-stack)
+ }
+ .comment 0 : { *(.comment) }
+}
diff --git a/include/asm.h b/include/asm.h
index f5118b2..5596d93 100644
--- a/include/asm.h
+++ b/include/asm.h
@@ -19,6 +19,8 @@ static inline uint64_t read_counter(void)
__asm__ __volatile__ ("mrs %0, pmccntr_el0" : "=r" (val));
#elif defined(__arm__)
__asm__ __volatile__ ("mrc p15, 0, %0, c9, c13, 0" : "=r" (val));
+#elif defined(__riscv) && __riscv_xlen == 64
+ __asm__ __volatile__ ("csrr %0, 0xc01" : "=r" (val) : : "memory");
#else
#error unsupported arch
#endif
diff --git a/include/peimage.h b/include/peimage.h
index 6eef105..fda48ee 100644
--- a/include/peimage.h
+++ b/include/peimage.h
@@ -50,6 +50,8 @@
diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
index 68a9395..39c3e8d 100644
--- a/Cryptlib/Makefile
+++ b/Cryptlib/Makefile
@@ -40,6 +40,9 @@ endif
ifeq ($(ARCH),arm)
DEFINES += -DMDE_CPU_ARM
endif
+ifeq ($(ARCH),riscv64)
+DEFINES += -DMDE_CPU_RISCV64
+endif
ifeq ($(ENABLE_CODESIGN_EKU),1)
DEFINES += -DENABLE_CODESIGN_EKU
endif
diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
index e517bcf..2f18b2f 100644
--- a/Cryptlib/OpenSSL/Makefile
+++ b/Cryptlib/OpenSSL/Makefile
@@ -52,6 +52,9 @@ endif
ifeq ($(ARCH),arm)
DEFINES += -DMDE_CPU_ARM
endif
+ifeq ($(ARCH),riscv64)
+DEFINES += -DMDE_CPU_RISCV64
+endif
LDFLAGS = -nostdlib -znocombreloc
diff --git a/Make.defaults b/Make.defaults
index c5fa32b..a73d84d 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -96,6 +96,16 @@ ifeq ($(ARCH),arm)
SUBSYSTEM := 0xa
ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif
+ifeq ($(ARCH),riscv64)
+ ARCH_CFLAGS ?= -DMDE_CPU_RISCV64 -DPAGE_SIZE=4096
+ ARCH_GNUEFI ?= riscv64
+ ARCH_SUFFIX ?= riscv64
+ ARCH_SUFFIX_UPPER ?= RISCV64
+ FORMAT := -O binary
+ SUBSYSTEM := 0xa
+ ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+ TIMESTAMP_LOCATION := 72
+endif
DEFINES = -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \
-DDEFAULT_LOADER_CHAR='"$(DEFAULT_LOADER)"'
diff --git a/elf_riscv64_efi.lds b/elf_riscv64_efi.lds
new file mode 100644
index 0000000..82bf118
--- /dev/null
+++ b/elf_riscv64_efi.lds
@@ -0,0 +1,111 @@
+OUTPUT_FORMAT("elf64-littleriscv", "elf64-littleriscv", "elf64-littleriscv")
+OUTPUT_ARCH(riscv)
+ENTRY(_start)
+SECTIONS
+{
+ .text 0x0 : {
+ _text = .;
+ *(.text.head)
+ *(.text)
+ *(.text.*)
+ *(.gnu.linkonce.t.*)
+ _evtext = .;
+ . = ALIGN(4096);
+ }
+ _etext = .;
+ _text_size = . - _text;
+ _text_vsize = _evtext - _text;
+
+ . = ALIGN(4096);
+ .data :
+ {
+ _data = .;
+ *(.sdata)
+ *(.data)
+ *(.data1)
+ *(.data.*)
+ *(.got.plt)
+ *(.got)
+
+ *(.dynamic)
+
+ /* the EFI loader doesn't seem to like a .bss section, so we stick
+ it all into .data: */
+ . = ALIGN(16);
+ _bss = .;
+ *(.sbss)
+ *(.scommon)
+ *(.dynbss)
+ *(.bss)
+ *(COMMON)
+ _evdata = .;
+ . = ALIGN(4096);
+ _bss_end = .;
+ }
+ _edata = .;
+ _data_vsize = _evdata - _data;
+ _data_size = . - _data;
+
+ /*
+ * Note that _sbat must be the beginning of the data, and _esbat must be the
+ * end and must be before any section padding. The sbat self-check uses
+ * _esbat to find the bounds of the data, and if the padding is included, the
+ * CSV parser (correctly) rejects the data as having NUL values in one of the
+ * required columns.
+ */
+ . = ALIGN(4096);
+ .sbat :
+ {
+ _sbat = .;
+ *(.sbat)
+ *(.sbat.*)
+ _esbat = .;
+ . = ALIGN(4096);
+ _epsbat = .;
+ }
+ _sbat_size = _epsbat - _sbat;
+ _sbat_vsize = _esbat - _sbat;
+
+ . = ALIGN(4096);
+ .rodata :
+ {
+ _rodata = .;
+ *(.rodata*)
+ *(.srodata)
+ . = ALIGN(16);
+ *(.note.gnu.build-id)
+ . = ALIGN(4096);
+ *(.vendor_cert)
+ *(.data.ident)
+ . = ALIGN(4096);
+ }
+ . = ALIGN(4096);
+ .rela :
+ {
+ *(.rela.dyn)
+ *(.rela.plt)
+ *(.rela.got)
+ *(.rela.data)
+ *(.rela.data*)
+ }
+ . = ALIGN(4096);
+ .dyn :
+ {
+ *(.dynsym)
+ *(.dynstr)
+ _evrodata = .;
+ . = ALIGN(4096);
+ }
+ _erodata = .;
+ _rodata_size = . - _rodata;
+ _rodata_vsize = _evrodata - _rodata;
+ _alldata_size = . - _data;
+
+ /DISCARD/ :
+ {
+ *(.rel.reloc)
+ *(.eh_frame)
+ *(.note.GNU-stack)
+ }
+ .comment 0 : { *(.comment) }
+}
diff --git a/include/asm.h b/include/asm.h
index f5118b2..5596d93 100644
--- a/include/asm.h
+++ b/include/asm.h
@@ -19,6 +19,8 @@ static inline uint64_t read_counter(void)
__asm__ __volatile__ ("mrs %0, pmccntr_el0" : "=r" (val));
#elif defined(__arm__)
__asm__ __volatile__ ("mrc p15, 0, %0, c9, c13, 0" : "=r" (val));
+#elif defined(__riscv) && __riscv_xlen == 64
+ __asm__ __volatile__ ("csrr %0, 0xc01" : "=r" (val) : : "memory");
#else
#error unsupported arch
#endif
diff --git a/include/peimage.h b/include/peimage.h
index 5d04968..778b902 100644
--- a/include/peimage.h
+++ b/include/peimage.h
@@ -50,6 +50,8 @@
#define IMAGE_FILE_MACHINE_X64 0x8664
#define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x01c2
#define IMAGE_FILE_MACHINE_ARM64 0xaa64
@ -233,107 +233,107 @@ index 6eef105..fda48ee 100644
//
// EXE file formats
diff --git a/include/system/stdarg.h b/include/system/stdarg.h
index 68c171b..6f8a63e 100644
--- a/include/system/stdarg.h
+++ b/include/system/stdarg.h
@@ -24,7 +24,7 @@ typedef __builtin_va_list __builtin_sysv_va_list;
#endif
#if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \
- defined(__i486__) || defined(__i686__) || defined(__COVERITY__)
+ defined(__i486__) || defined(__i686__) || defined(__COVERITY__) || defined(__riscv)
typedef __builtin_va_list ms_va_list;
typedef __builtin_va_list __builtin_ms_va_list;
@@ -38,6 +38,16 @@ typedef __builtin_va_list sysv_va_list;
#define sysv_va_start(marker, arg) __builtin_va_start(marker, arg)
#define sysv_va_arg(marker, type) __builtin_va_arg(marker, type)
#define sysv_va_end(marker) __builtin_va_end(marker)
+
+/*
+ * gnu-efi needs this.
+ */
+typedef __builtin_va_list va_list;
+# define va_start(v,l) __builtin_va_start(v,l)
+# define va_end(v) __builtin_va_end(v)
+# define va_arg(v,l) __builtin_va_arg(v,l)
+# define va_copy(d,s) __builtin_va_copy(d,s)
+
/*
* OpenSSL's X509ConstructCertificateStack needs this.
*/
diff --git a/lib/Makefile b/lib/Makefile
index f81c5c9..0b79246 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -30,6 +30,9 @@ endif
ifeq ($(ARCH),arm)
DEFINES += -DMDE_CPU_ARM
endif
+ifeq ($(ARCH),riscv64)
+DEFINES += -DMDE_CPU_RISCV64
+endif
LDFLAGS = -nostdlib -znocombreloc
diff --git a/pe-relocate.c b/pe-relocate.c
index bde7172..ab521b6 100644
--- a/pe-relocate.c
+++ b/pe-relocate.c
@@ -280,6 +280,8 @@ allow_64_bit(void)
if (in_protocol)
return 1;
return 0;
+#elif defined (__riscv) && __riscv_xlen == 64
+ return 1;
#else /* assuming everything else is 32-bit... */
return 0;
#endif
@@ -300,6 +302,8 @@ allow_32_bit(void)
return 1;
#elif defined(__aarch64__)
return 0;
+#elif defined (__riscv) && __riscv_xlen == 64
+ return 0;
#else /* assuming everything else is 32-bit... */
return 1;
#endif
@@ -326,6 +330,8 @@ static const UINT16 machine_type =
IMAGE_FILE_MACHINE_I386;
#elif defined(__ia64__)
IMAGE_FILE_MACHINE_IA64;
+#elif defined(__riscv) && __riscv_xlen == 64
+ IMAGE_FILE_MACHINE_RISCV64;
#else
#error this architecture is not supported by shim
#endif
diff --git a/shim.h b/shim.h
index 5791a03..bc8588d 100644
--- a/shim.h
+++ b/shim.h
@@ -128,6 +128,21 @@
#endif
#endif
+#if defined(__riscv) && __riscv_xlen == 64
+#ifndef DEFAULT_LOADER
+#define DEFAULT_LOADER L"\\grubriscv64.efi"
+#endif
+#ifndef DEFAULT_LOADER_CHAR
+#define DEFAULT_LOADER_CHAR "\\grubriscv64.efi"
+#endif
+#ifndef EFI_ARCH
+#define EFI_ARCH L"riscv64"
+#endif
+#ifndef DEBUGDIR
+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/riscv64/"
+#endif
+#endif
+
#ifndef DEBUGSRC
#define DEBUGSRC L"/usr/src/debug/shim-" VERSIONSTR "." EFI_ARCH
#endif
--
2.49.0
diff --git a/include/system/stdarg.h b/include/system/stdarg.h
index 68c171b..6f8a63e 100644
--- a/include/system/stdarg.h
+++ b/include/system/stdarg.h
@@ -24,7 +24,7 @@ typedef __builtin_va_list __builtin_sysv_va_list;
#endif
#if defined(__aarch64__) || defined(__arm__) || defined(__i386__) || \
- defined(__i486__) || defined(__i686__) || defined(__COVERITY__)
+ defined(__i486__) || defined(__i686__) || defined(__COVERITY__) || defined(__riscv)
typedef __builtin_va_list ms_va_list;
typedef __builtin_va_list __builtin_ms_va_list;
@@ -38,6 +38,16 @@ typedef __builtin_va_list sysv_va_list;
#define sysv_va_start(marker, arg) __builtin_va_start(marker, arg)
#define sysv_va_arg(marker, type) __builtin_va_arg(marker, type)
#define sysv_va_end(marker) __builtin_va_end(marker)
+
+/*
+ * gnu-efi needs this.
+ */
+typedef __builtin_va_list va_list;
+# define va_start(v,l) __builtin_va_start(v,l)
+# define va_end(v) __builtin_va_end(v)
+# define va_arg(v,l) __builtin_va_arg(v,l)
+# define va_copy(d,s) __builtin_va_copy(d,s)
+
/*
* OpenSSL's X509ConstructCertificateStack needs this.
*/
diff --git a/lib/Makefile b/lib/Makefile
index f81c5c9..0b79246 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -30,6 +30,9 @@ endif
ifeq ($(ARCH),arm)
DEFINES += -DMDE_CPU_ARM
endif
+ifeq ($(ARCH),riscv64)
+DEFINES += -DMDE_CPU_RISCV64
+endif
LDFLAGS = -nostdlib -znocombreloc
diff --git a/pe-relocate.c b/pe-relocate.c
index 1f82d78..464ac38 100644
--- a/pe-relocate.c
+++ b/pe-relocate.c
@@ -280,6 +280,8 @@ allow_64_bit(void)
if (in_protocol)
return 1;
return 0;
+#elif defined (__riscv) && __riscv_xlen == 64
+ return 1;
#else /* assuming everything else is 32-bit... */
return 0;
#endif
@@ -300,6 +302,8 @@ allow_32_bit(void)
return 1;
#elif defined(__aarch64__)
return 0;
+#elif defined (__riscv) && __riscv_xlen == 64
+ return 0;
#else /* assuming everything else is 32-bit... */
return 1;
#endif
@@ -326,6 +330,8 @@ static const UINT16 machine_type =
IMAGE_FILE_MACHINE_I386;
#elif defined(__ia64__)
IMAGE_FILE_MACHINE_IA64;
+#elif defined(__riscv) && __riscv_xlen == 64
+ IMAGE_FILE_MACHINE_RISCV64;
#else
#error this architecture is not supported by shim
#endif
diff --git a/shim.h b/shim.h
index 8b52ce7..b5f366e 100644
--- a/shim.h
+++ b/shim.h
@@ -129,6 +129,21 @@
#endif
#endif
+#if defined(__riscv) && __riscv_xlen == 64
+#ifndef DEFAULT_LOADER
+#define DEFAULT_LOADER L"\\grubriscv64.efi"
+#endif
+#ifndef DEFAULT_LOADER_CHAR
+#define DEFAULT_LOADER_CHAR "\\grubriscv64.efi"
+#endif
+#ifndef EFI_ARCH
+#define EFI_ARCH L"riscv64"
+#endif
+#ifndef DEBUGDIR
+#define DEBUGDIR L"/usr/lib/debug/usr/share/shim/riscv64/"
+#endif
+#endif
+
#ifndef DEBUGSRC
#define DEBUGSRC L"/usr/src/debug/shim-" VERSIONSTR "." EFI_ARCH
#endif
--
2.43.7

8
0004-bug-Remove-extraneous-configuration-from-RISC-V.patch
View File

@ -1,7 +1,7 @@
From 22c09a365e5a422502b430af40ab480ebebd2871 Mon Sep 17 00:00:00 2001
From a5ff7fbc294af8165a64d803ef45827d89a93d2d Mon Sep 17 00:00:00 2001
From: Brian 'redbeard' Harrington <redbeard@dead-city.org>
Date: Tue, 26 Mar 2024 17:13:50 -0700
Subject: [PATCH 4/7] bug: Remove extraneous configuration from RISC-V
Subject: [PATCH] bug: Remove extraneous configuration from RISC-V
@davidlt and @xypron pointed out prior changed to binutils 2.42 which
added support for RISC-V EFI objects. This reflects the upstream
@ -14,7 +14,7 @@ flat binary files via `objcopy` (i.e. `-O binary` architectures).
1 file changed, 4 deletions(-)
diff --git a/Make.defaults b/Make.defaults
index 54a483d..17b53d8 100644
index a73d84d..f0ae985 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -101,10 +101,6 @@ ifeq ($(ARCH),riscv64)
@ -29,5 +29,5 @@ index 54a483d..17b53d8 100644
DEFINES = -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \
--
2.49.0
2.43.7

6
0005-Sync-elf_riscv64_efi.lds-with-gnu-efi.patch
View File

@ -1,7 +1,7 @@
From ac138bf04a6d8276d5565efb0228a45cae9b9ee9 Mon Sep 17 00:00:00 2001
From 80df60d433cdb2970ce2a6ce019639cae58073ad Mon Sep 17 00:00:00 2001
From: Jason Montleon <jmontleo@redhat.com>
Date: Mon, 24 Jun 2024 02:29:30 -0400
Subject: [PATCH 5/7] Sync elf_riscv64_efi.lds with gnu-efi
Subject: [PATCH] Sync elf_riscv64_efi.lds with gnu-efi
Signed-off-by: Jason Montleon <jmontleo@redhat.com>
---
@ -191,5 +191,5 @@ index 82bf118..e2bd896 100644
}
.comment 0 : { *(.comment) }
--
2.49.0
2.43.7

6
0006-Implement-__riscv_flush_icache.patch
View File

@ -1,7 +1,7 @@
From 15501b0964f5991247611307719e4f7fab980024 Mon Sep 17 00:00:00 2001
From 4d8dd652136cc9f4408a886e9390670d9b415c70 Mon Sep 17 00:00:00 2001
From: Jason Montleon <jason@montleon.com>
Date: Tue, 25 Jun 2024 23:11:38 -0400
Subject: [PATCH 6/7] Implement __riscv_flush_icache
Subject: [PATCH] Implement __riscv_flush_icache
Signed-off-by: Jason Montleon <jason@montleon.com>
---
@ -53,5 +53,5 @@ index 0000000..9515eaf
+ .type x, %function
+
--
2.49.0
2.43.7

56
0007-Correct-signedness-when-calling-string-functions.patch
View File

@ -1,7 +1,7 @@
From c3ba8906a1f69658f5d6205cf3e2aa685308462b Mon Sep 17 00:00:00 2001
From b425246e71c076843f4191c210987f6b13d1f4c0 Mon Sep 17 00:00:00 2001
From: Jason Montleon <jason@montleon.com>
Date: Mon, 8 Jul 2024 12:04:32 -0400
Subject: [PATCH 7/7] Correct signedness when calling string functions.
Subject: [PATCH] Correct signedness when calling string functions.
Signed-off-by: Jason Montleon <jason@montleon.com>
---
@ -50,10 +50,10 @@ index 18460cd..81dbb83 100644
line += UTF8_BOM_SIZE;
diff --git a/httpboot.c b/httpboot.c
index ac9ea25..5bdf1c8 100644
index ccbe028..3a801c3 100644
--- a/httpboot.c
+++ b/httpboot.c
@@ -130,7 +130,7 @@ find_httpboot (EFI_HANDLE device)
@@ -175,7 +175,7 @@ find_httpboot (EFI_HANDLE device)
/* Save the current URI */
UriNode = (URI_DEVICE_PATH *)Node;
@ -62,7 +62,7 @@ index ac9ea25..5bdf1c8 100644
uri = AllocatePool(uri_size + 1);
if (!uri) {
perror(L"Failed to allocate uri\n");
@@ -156,10 +156,10 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader,
@@ -201,10 +201,10 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader,
UINTN path_len = 0;
UINTN count = 0;
@ -75,7 +75,7 @@ index ac9ea25..5bdf1c8 100644
ptr = current_uri + 8;
count += 8;
} else {
@@ -167,7 +167,7 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader,
@@ -212,7 +212,7 @@ generate_next_uri (CONST CHAR8 *current_uri, CONST CHAR8 *next_loader,
}
/* Extract the path */
@ -84,7 +84,7 @@ index ac9ea25..5bdf1c8 100644
while (*ptr != '\0') {
count++;
if (*ptr == '/')
@@ -192,9 +192,9 @@ extract_hostname (CONST CHAR8 *url, CHAR8 **hostname)
@@ -237,9 +237,9 @@ extract_hostname (CONST CHAR8 *url, CHAR8 **hostname)
CONST CHAR8 *ptr, *start;
UINTN host_len = 0;
@ -96,7 +96,7 @@ index ac9ea25..5bdf1c8 100644
start = url + 8;
else
return EFI_INVALID_PARAMETER;
@@ -571,8 +571,8 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size)
@@ -618,8 +618,8 @@ receive_http_response(EFI_HTTP_PROTOCOL *http, VOID **buffer, UINT64 *buf_size)
/* Check the length of the file */
for (i = 0; i < rx_message.HeaderCount; i++) {
@ -104,10 +104,10 @@ index ac9ea25..5bdf1c8 100644
- (CHAR8 *)"Content-Length")) {
+ if (!strcasecmp((char *)rx_message.Headers[i].FieldName,
+ "Content-Length")) {
*buf_size = ascii_to_int(rx_message.Headers[i].FieldValue);
}
}
@@ -731,8 +731,8 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size,
new_buf_size = ascii_to_int(rx_message.Headers[i].FieldValue);
if (buf_size_set && new_buf_size != *buf_size) {
perror(L"Content-Length is invalid\n");
@@ -784,8 +784,8 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size,
if (!uri)
return EFI_NOT_READY;
@ -119,10 +119,10 @@ index ac9ea25..5bdf1c8 100644
/* Create the URI for the next loader based on the original URI */
efi_status = generate_next_uri(uri, next_loader, &next_uri);
diff --git a/mok.c b/mok.c
index 0ac3415..9563046 100644
index a94516e..fc368e5 100644
--- a/mok.c
+++ b/mok.c
@@ -1012,7 +1012,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
@@ -1422,7 +1422,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
struct mok_state_variable *v = &mok_state_variables[i];
ZeroMem(&config_template, sizeof(config_template));
@ -132,19 +132,19 @@ index 0ac3415..9563046 100644
config_template.data_size = v->data_size;
diff --git a/netboot.c b/netboot.c
index d8b1093..1e471af 100644
index 0ec43e5..520b28c 100644
--- a/netboot.c
+++ b/netboot.c
@@ -135,7 +135,7 @@ static CHAR8 *str2ip6(CHAR8 *str)
@@ -146,7 +146,7 @@ static CHAR8 *str2ip6(CHAR8 *str)
if (dotcount > MAX_IP6_DOTS)
return (CHAR8 *)ip;
- len = strlen(str);
+ len = strlen((char *)str);
a = b = str;
for (i = p = 0; i < len; i++, b++) {
if (*b != ':')
@@ -170,7 +170,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name)
for (i = 0; i < len; i++) {
@@ -203,7 +203,7 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name)
while (name[template_len++] != '\0');
template = (CHAR8 *)AllocatePool((template_len + 1) * sizeof (CHAR8));
@ -153,7 +153,7 @@ index d8b1093..1e471af 100644
// to check against str2ip6() errors
memset(ip6inv, 0, sizeof(ip6inv));
@@ -210,17 +210,17 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name)
@@ -243,17 +243,17 @@ static BOOLEAN extract_tftp_info(CHAR8 *url, CHAR8 *name)
FreePool(template);
return FALSE;
}
@ -175,7 +175,7 @@ index d8b1093..1e471af 100644
FreePool(template);
return TRUE;
@@ -251,8 +251,8 @@ static EFI_STATUS parseDhcp4(CHAR8 *name)
@@ -284,8 +284,8 @@ static EFI_STATUS parseDhcp4(CHAR8 *name)
while (name[template_len++] != '\0');
template = (CHAR8 *)AllocatePool((template_len + 1) * sizeof (CHAR8));
@ -186,7 +186,7 @@ index d8b1093..1e471af 100644
if(pxe->Mode->ProxyOfferReceived) {
/*
@@ -272,7 +272,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name)
@@ -305,7 +305,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name)
pkt_v4 = &pxe->Mode->PxeReply.Dhcpv4;
}
@ -195,7 +195,7 @@ index d8b1093..1e471af 100644
INTN i;
UINT8 *dir = pkt_v4->BootpBootFile;
@@ -290,7 +290,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name)
@@ -323,7 +323,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name)
}
if (dir_len > 0) {
@ -204,7 +204,7 @@ index d8b1093..1e471af 100644
if (full_path[dir_len-1] == '/' && template[0] == '/')
full_path[dir_len-1] = '\0';
/*
@@ -305,7 +305,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name)
@@ -338,7 +338,7 @@ static EFI_STATUS parseDhcp4(CHAR8 *name)
}
if (dir_len == 0 && dir[0] != '/' && template[0] == '/')
template_ofs++;
@ -214,7 +214,7 @@ index d8b1093..1e471af 100644
FreePool(template);
diff --git a/sbat.c b/sbat.c
index 0695612..96b0631 100644
index f31d945..965f42c 100644
--- a/sbat.c
+++ b/sbat.c
@@ -95,12 +95,12 @@ parse_sbat_section(char *section_base, size_t section_size,
@ -250,10 +250,10 @@ index 0695612..96b0631 100644
row = list_entry(pos, struct csv_row, list);
diff --git a/tpm.c b/tpm.c
index 6c7af4c..4595614 100644
index 7f4a1b0..ec8931b 100644
--- a/tpm.c
+++ b/tpm.c
@@ -261,7 +261,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr,
@@ -296,7 +296,7 @@ EFI_STATUS tpm_log_event(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 pcr,
const CHAR8 *description)
{
return tpm_log_event_raw(buf, size, pcr, description,
@ -263,5 +263,5 @@ index 6c7af4c..4595614 100644
EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size,
--
2.49.0
2.43.7

61
0008-Fix-additional-signedness-warnings-for-riscv64.patch Normal file
View File

@ -0,0 +1,61 @@
From 6154851c4be8414fd9bd71e1932a50a1cffea4e9 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <alukoshko@almalinux.org>
Date: Mon, 23 Feb 2026 14:52:55 +0000
Subject: [PATCH] Fix additional signedness warnings for riscv64
Add explicit casts for string literal arguments to AsciiSPrint()
and strcpy() in mok.c and errlog.c to fix pointer signedness
warnings on riscv64.
---
errlog.c | 4 ++--
mok.c | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/errlog.c b/errlog.c
index b43a4bc..d2a5fbf 100644
--- a/errlog.c
+++ b/errlog.c
@@ -260,7 +260,7 @@ save_logs(void)
entry = (struct mok_variable_config_entry *)((uintptr_t)new_table + pos);
if (errlog_sz) {
- strcpy(entry->name, "shim-err.txt");
+ strcpy((char *)entry->name, "shim-err.txt");
entry->data_size = errlog_sz;
format_error_log(&entry->data[0], errlog_sz);
@@ -268,7 +268,7 @@ save_logs(void)
entry = (struct mok_variable_config_entry *)((uintptr_t)new_table + pos);
}
if (dbglog_sz) {
- strcpy(entry->name, "shim-dbg.txt");
+ strcpy((char *)entry->name, "shim-dbg.txt");
entry->data_size = dbglog_sz;
format_debug_log(&entry->data[0], dbglog_sz);
diff --git a/mok.c b/mok.c
index fc368e5..bea4384 100644
--- a/mok.c
+++ b/mok.c
@@ -213,15 +213,15 @@ format_variable_info(UINT8 *buf, size_t bufsz,
var_set_t *var_set = &var_sets[i];
UINTN rc;
rc = AsciiSPrint((CHAR8 *)buf + pos, bufsz - pos,
- "%a_max_storage_sz: 0x%lx\n",
+ (CHAR8 *)"%a_max_storage_sz: 0x%lx\n",
var_set->prefix, var_set->max_storage_sz);
pos += rc;
rc = AsciiSPrint((CHAR8 *)buf + pos, bufsz - pos,
- "%a_remaining_sz: 0x%lx\n",
+ (CHAR8 *)"%a_remaining_sz: 0x%lx\n",
var_set->prefix, var_set->remaining_sz);
pos += rc;
rc = AsciiSPrint((CHAR8 *)buf + pos, bufsz - pos,
- "%a_max_var_sz: 0x%lx\n",
+ (CHAR8 *)"%a_max_var_sz: 0x%lx\n",
var_set->prefix, var_set->max_var_sz);
pos += rc;
}
--
2.43.7

BIN
almalinux-sb-cert-1.der Normal file
View File

Binary file not shown.

BIN
almalinux-sb-cert-2.der Normal file
View File

Binary file not shown.

BIN
almalinux-sb-cert-3.der Normal file
View File

Binary file not shown.

1
sbat.almalinux.csv Normal file
View File

@ -0,0 +1 @@
shim.almalinux,3,AlmaLinux,shim,16.1,security@almalinux.org
1 shim.almalinux 3 AlmaLinux shim 16.1 security@almalinux.org

1
sbat.redhat.csv
View File

@ -1 +0,0 @@
shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com
1 shim.redhat 3 Red Hat Inc shim 15.8 secalert@redhat.com

53
shim-unsigned-riscv64.spec
View File

@ -8,32 +8,32 @@
%global __debug_install_post %{SOURCE100} riscv64
%undefine _debuginfo_subpackages
%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
%global efidir almalinux
%global shimrootdir %{_datadir}/shim/
%global shimversiondir %{shimrootdir}/%{version}-%{release}
%global efiarch riscv64
%global shimdir %{shimversiondir}/%{efiarch}
Name: shim-unsigned-riscv64
Version: 15.8
Release: 3.rv.0%{?dist}
Version: 16.1
Release: 1%{?dist}.alma.1
Summary: First-stage UEFI bootloader
ExclusiveArch: riscv64
License: BSD
URL: https://github.com/rhboot/shim
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1: securebootca.cer
# currently here's what's in our dbx:
# nothing.
Source2: dbx.esl
Source3: sbat.redhat.csv
Source3: sbat.almalinux.csv
Source4: shim.patches
# Origin: https://github.com/ncroxon/gnu-efi/releases/tag/4.0.0
Source90: gnu-efi-4.0.0.tar.gz
Source100: shim-find-debuginfo.sh
Source101: almalinux-sb-cert-1.der
Source102: almalinux-sb-cert-2.der
Source103: almalinux-sb-cert-3.der
%include %{SOURCE4}
BuildRequires: gcc make
@ -41,6 +41,7 @@ BuildRequires: elfutils-libelf-devel
BuildRequires: git openssl-devel openssl
BuildRequires: pesign >= %{pesign_vre}
BuildRequires: dos2unix findutils
BuildRequires: efitools
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
# compatible with SysV (there's no red zone under UEFI) and there isn't a
@ -83,19 +84,26 @@ BuildArch: noarch
git config --unset user.email
git config --unset user.name
rm -rf gnu-efi
tar xf %{SOURCE90}
mv gnu-efi-4.0.0 gnu-efi
cp %{SOURCE3} data/
%build
COMMIT_ID=5914984a1ffeab841f482c791426d7ca9935a5e6
# Prepare vendor_db.esl file
openssl x509 -inform DER -in %{SOURCE101} -out 01.pem
openssl x509 -inform DER -in %{SOURCE102} -out 02.pem
openssl x509 -inform DER -in %{SOURCE103} -out 03.pem
cert-to-efi-sig-list -g 9DD8A2AC-0977-4AEF-99A0-E794FD2A31FE 01.pem 01.esl
cert-to-efi-sig-list -g 33D81FE3-5EC0-44F8-AB02-C9DA554F63D8 02.pem 02.esl
cert-to-efi-sig-list -g 50413300-1AC7-49DA-B755-BB0D93E634B6 03.pem 03.esl
cat 01.esl 02.esl 03.esl > vendor_db.esl
COMMIT_ID=afc49558b34548644c1cd0ad1b6526a9470182ed
MAKEFLAGS="TOPDIR=. -f ./Makefile COMMITID=${COMMIT_ID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2025051000 "
MAKEFLAGS+="%{_smp_mflags}"
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1} "
if [ -s vendor_db.esl ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=./vendor_db.esl"
fi
if [ -f "%{SOURCE2}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2} "
@ -104,13 +112,13 @@ fi
make ${MAKEFLAGS} DEFAULT_LOADER='\\\\grub%{efiarch}.efi' all
%install
COMMIT_ID=5914984a1ffeab841f482c791426d7ca9935a5e6
COMMIT_ID=afc49558b34548644c1cd0ad1b6526a9470182ed
MAKEFLAGS="TOPDIR=. -f ./Makefile COMMITID=${COMMIT_ID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1} "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2025051000 "
if [ -s vendor_db.esl ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=./vendor_db.esl"
fi
if [ -f "%{SOURCE2}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2} "
@ -135,6 +143,13 @@ make ${MAKEFLAGS} \
%files debugsource -f debugsource.list
%changelog
* Fri Feb 20 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 16.1-1.el10.alma.1
- Update to shim 16.1
- Rebase patches for 16.1
* Fri Jul 18 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 15.8-3.el10.alma.1
- Use AlmaLinux cert
* Tue Apr 29 2025 Andrea Bolognani <abologna@redhat.com> - 15.8-3.rv.0
- Add riscv64 build

4
shim.patches
View File

@ -1,4 +1,5 @@
Patch0001: 0001-Adopt-modern-ReallocatePool-ABI.patch
# Origin: ncroxon/gnu-efi 4.0.0 riscv64 files adapted for rhboot/gnu-efi shim-16.1
Patch0001: 0001-Add-RISC-V-64-support-to-gnu-efi.patch
Patch0002: 0002-Set-NO_GLIBC-1-when-building-gnu-efi.patch
# Origin: https://github.com/jmontleon/shim/commits/riscv/
Patch0003: 0003-Initial-RISC-V-support.patch
@ -6,3 +7,4 @@ Patch0004: 0004-bug-Remove-extraneous-configuration-from-RISC-V.patch
Patch0005: 0005-Sync-elf_riscv64_efi.lds-with-gnu-efi.patch
Patch0006: 0006-Implement-__riscv_flush_icache.patch
Patch0007: 0007-Correct-signedness-when-calling-string-functions.patch
Patch0008: 0008-Fix-additional-signedness-warnings-for-riscv64.patch

4
sources
View File

@ -1,3 +1 @@
SHA512 (gnu-efi-4.0.0.tar.gz) = 737fda41a45a63ab652f3e8dd5c035bc40dd66e839218c33478fe2ce81346f004b1bed79a5ec29cc282f0d699ad21256e0915482a3fa04b880dea21cae9e2b7f
SHA512 (securebootca.cer) = 8ad5a2a1fc85bfdf1be4eea2e93a5ce7a535ed4800126fd8b9daa796bb4d387d8268e88da5cf9f383f079f4fe80cbae11910f1c28ea0ed97524e3b409085b838
SHA512 (shim-15.8.tar.bz2) = 30b3390ae935121ea6fe728d8f59d37ded7b918ad81bea06e213464298b4bdabbca881b30817965bd397facc596db1ad0b8462a84c87896ce6c1204b19371cd1
SHA512 (shim-16.1.tar.bz2) = ca5f80e82f3b80b622028f03ef23105c98ee1b6a25f52a59c823080a3202dd4b9962266489296e99f955eb92e36ce13e0b1d57f688350006bba45f2718f159fb