From 10d6e3d90f1ea504a1dedaea50478c444e92951c Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 15 Mar 2019 09:52:02 -0400 Subject: [PATCH 29/62] Once again, try even harder to get binaries without timestamps in them. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit $ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date' Time/Date Thu Jan 1 00:00:08 1970 $ _ "What is despair? I have known it—hear my song. Despair is when you’re debugging a kernel driver and you look at a memory dump and you see that a pointer has a value of 7." - http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf objcopy only knows about -D for some targets. ld only believes in --no-insert-timestamp in some versions. dd takes off and nukes the site from orbit. It's the only way to be sure. Signed-off-by: Peter Jones Upstream-commit-id: a4a1fbe728c --- Make.defaults | 4 ++++ Makefile | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Make.defaults b/Make.defaults index 09807bd8108..f0bfa9fd573 100644 --- a/Make.defaults +++ b/Make.defaults @@ -50,6 +50,7 @@ ifeq ($(ARCH),x86_64) ARCH_SUFFIX ?= x64 ARCH_SUFFIX_UPPER ?= X64 ARCH_LDFLAGS ?= + TIMESTAMP_LOCATION := 136 endif ifeq ($(ARCH),ia32) ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ @@ -60,6 +61,7 @@ ifeq ($(ARCH),ia32) ARCH_SUFFIX_UPPER ?= IA32 ARCH_LDFLAGS ?= ARCH_CFLAGS ?= -m32 + TIMESTAMP_LOCATION := 136 endif ifeq ($(ARCH),aarch64) ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align @@ -70,6 +72,7 @@ ifeq ($(ARCH),aarch64) SUBSYSTEM := 0xa ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) ARCH_CFLAGS ?= + TIMESTAMP_LOCATION := 72 endif ifeq ($(ARCH),arm) ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access @@ -79,6 +82,7 @@ ifeq ($(ARCH),arm) FORMAT := -O binary SUBSYSTEM := 0xa ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) + TIMESTAMP_LOCATION := 72 endif CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ diff --git a/Makefile b/Makefile index fd7e83dc764..49e14a26521 100644 --- a/Makefile +++ b/Makefile @@ -189,11 +189,13 @@ endif ifneq ($(OBJCOPY_GTE224),1) $(error objcopy >= 2.24 is required) endif - $(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \ + $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \ -j .dynamic -j .dynsym -j .rel* \ -j .rela* -j .reloc -j .eh_frame \ -j .vendor_cert \ $(FORMAT) $^ $@ + # I am tired of wasting my time fighting binutils timestamp code. + dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@ ifneq ($(origin ENABLE_SHIM_HASH),undefined) %.hash : %.efi @@ -204,7 +206,7 @@ endif ifneq ($(OBJCOPY_GTE224),1) $(error objcopy >= 2.24 is required) endif - $(OBJCOPY) -j .text -j .sdata -j .data \ + $(OBJCOPY) -D -j .text -j .sdata -j .data \ -j .dynamic -j .dynsym -j .rel* \ -j .rela* -j .reloc -j .eh_frame \ -j .debug_info -j .debug_abbrev -j .debug_aranges \ -- 2.26.2