shim-unsigned-x64/0029-Once-again-try-even-harder-to-get-binaries-without-t.patch

99 lines
3.1 KiB
Diff
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 10d6e3d90f1ea504a1dedaea50478c444e92951c Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 15 Mar 2019 09:52:02 -0400
Subject: [PATCH 29/62] Once again, try even harder to get binaries without
timestamps in them.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
$ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date'
Time/Date Thu Jan 1 00:00:08 1970
$ _
"What is despair? I have known it—hear my song. Despair is when youre
debugging a kernel driver and you look at a memory dump and you see that
a pointer has a value of 7."
- http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf
objcopy only knows about -D for some targets.
ld only believes in --no-insert-timestamp in some versions.
dd takes off and nukes the site from orbit.
It's the only way to be sure.
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: a4a1fbe728c
---
Make.defaults | 4 ++++
Makefile | 6 ++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/Make.defaults b/Make.defaults
index 09807bd8108..f0bfa9fd573 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -50,6 +50,7 @@ ifeq ($(ARCH),x86_64)
ARCH_SUFFIX ?= x64
ARCH_SUFFIX_UPPER ?= X64
ARCH_LDFLAGS ?=
+ TIMESTAMP_LOCATION := 136
endif
ifeq ($(ARCH),ia32)
ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
@@ -60,6 +61,7 @@ ifeq ($(ARCH),ia32)
ARCH_SUFFIX_UPPER ?= IA32
ARCH_LDFLAGS ?=
ARCH_CFLAGS ?= -m32
+ TIMESTAMP_LOCATION := 136
endif
ifeq ($(ARCH),aarch64)
ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
@@ -70,6 +72,7 @@ ifeq ($(ARCH),aarch64)
SUBSYSTEM := 0xa
ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
ARCH_CFLAGS ?=
+ TIMESTAMP_LOCATION := 72
endif
ifeq ($(ARCH),arm)
ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access
@@ -79,6 +82,7 @@ ifeq ($(ARCH),arm)
FORMAT := -O binary
SUBSYSTEM := 0xa
ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+ TIMESTAMP_LOCATION := 72
endif
CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
diff --git a/Makefile b/Makefile
index fd7e83dc764..49e14a26521 100644
--- a/Makefile
+++ b/Makefile
@@ -189,11 +189,13 @@ endif
ifneq ($(OBJCOPY_GTE224),1)
$(error objcopy >= 2.24 is required)
endif
- $(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \
+ $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \
-j .dynamic -j .dynsym -j .rel* \
-j .rela* -j .reloc -j .eh_frame \
-j .vendor_cert \
$(FORMAT) $^ $@
+ # I am tired of wasting my time fighting binutils timestamp code.
+ dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@
ifneq ($(origin ENABLE_SHIM_HASH),undefined)
%.hash : %.efi
@@ -204,7 +206,7 @@ endif
ifneq ($(OBJCOPY_GTE224),1)
$(error objcopy >= 2.24 is required)
endif
- $(OBJCOPY) -j .text -j .sdata -j .data \
+ $(OBJCOPY) -D -j .text -j .sdata -j .data \
-j .dynamic -j .dynsym -j .rel* \
-j .rela* -j .reloc -j .eh_frame \
-j .debug_info -j .debug_abbrev -j .debug_aranges \
--
2.26.2