From: Ard Biesheuvel <ardb+git@google.com>
To: stable@vger.kernel.org
Cc: linux-efi@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH stable-v6.1 00/18] efistub/x86 changes for secure boot
Date: Mon, 4 Mar 2024 12:19:38 +0100 [thread overview]
Message-ID: <20240304111937.2556102-20-ardb+git@google.com> (raw)
From: Ard Biesheuvel <ardb@kernel.org>
These are the remaining patches that bring v6.1 in sync with v6.6 in
terms of support for 4k section alignment and strict separation of
executable and writable mappings. More details in [0].
[0] https://lkml.kernel.org/r/CAMj1kXE5y%2B6Fef1SqsePO1p8eGEL_qKR9ZkNPNKb-y6P8-7YmQ%40mail.gmail.com
Ard Biesheuvel (15):
arm64: efi: Limit allocations to 48-bit addressable physical region
x86/efistub: Simplify and clean up handover entry code
x86/decompressor: Avoid magic offsets for EFI handover entrypoint
x86/efistub: Clear BSS in EFI handover protocol entrypoint
x86/decompressor: Move global symbol references to C code
efi/libstub: Add limit argument to efi_random_alloc()
x86/efistub: Perform 4/5 level paging switch from the stub
x86/decompressor: Factor out kernel decompression and relocation
x86/efistub: Prefer EFI memory attributes protocol over DXE services
x86/efistub: Perform SNP feature test while running in the firmware
x86/efistub: Avoid legacy decompressor when doing EFI boot
efi/x86: Avoid physical KASLR on older Dell systems
x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
x86/boot: Rename conflicting 'boot_params' pointer to
'boot_params_ptr'
x86/boot: efistub: Assign global boot_params variable
Evgeniy Baskov (1):
efi/libstub: Add memory attribute protocol definitions
Johan Hovold (1):
efi: efivars: prevent double registration
Yuntao Wang (1):
efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags
Documentation/x86/boot.rst | 2 +-
arch/arm64/include/asm/efi.h | 1 +
arch/x86/boot/compressed/Makefile | 5 +
arch/x86/boot/compressed/acpi.c | 14 +-
arch/x86/boot/compressed/cmdline.c | 4 +-
arch/x86/boot/compressed/efi_mixed.S | 107 +++----
arch/x86/boot/compressed/head_32.S | 32 ---
arch/x86/boot/compressed/head_64.S | 63 +----
arch/x86/boot/compressed/ident_map_64.c | 7 +-
arch/x86/boot/compressed/kaslr.c | 26 +-
arch/x86/boot/compressed/misc.c | 69 +++--
arch/x86/boot/compressed/misc.h | 1 -
arch/x86/boot/compressed/pgtable_64.c | 9 +-
arch/x86/boot/compressed/sev.c | 114 ++++----
arch/x86/include/asm/boot.h | 10 +
arch/x86/include/asm/efi.h | 14 +-
arch/x86/include/asm/sev.h | 7 +
drivers/firmware/efi/libstub/Makefile | 1 +
drivers/firmware/efi/libstub/alignedmem.c | 2 +
drivers/firmware/efi/libstub/arm64-stub.c | 7 +-
drivers/firmware/efi/libstub/efi-stub-helper.c | 2 +
drivers/firmware/efi/libstub/efistub.h | 28 +-
drivers/firmware/efi/libstub/mem.c | 2 +
drivers/firmware/efi/libstub/randomalloc.c | 14 +-
drivers/firmware/efi/libstub/x86-5lvl.c | 95 +++++++
drivers/firmware/efi/libstub/x86-stub.c | 295 +++++++++++---------
drivers/firmware/efi/libstub/x86-stub.h | 17 ++
drivers/firmware/efi/vars.c | 13 +-
include/linux/efi.h | 1 +
29 files changed, 560 insertions(+), 402 deletions(-)
create mode 100644 drivers/firmware/efi/libstub/x86-5lvl.c
create mode 100644 drivers/firmware/efi/libstub/x86-stub.h
--
2.44.0.278.ge034bb2e1d-goog
next reply other threads:[~2024-03-04 11:20 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-04 11:19 Ard Biesheuvel [this message]
2024-03-04 11:19 ` [PATCH stable-v6.1 01/18] arm64: efi: Limit allocations to 48-bit addressable physical region Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 02/18] efi: efivars: prevent double registration Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 03/18] x86/efistub: Simplify and clean up handover entry code Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 04/18] x86/decompressor: Avoid magic offsets for EFI handover entrypoint Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 05/18] x86/efistub: Clear BSS in EFI handover protocol entrypoint Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 06/18] x86/decompressor: Move global symbol references to C code Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 07/18] efi/libstub: Add memory attribute protocol definitions Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 08/18] efi/libstub: Add limit argument to efi_random_alloc() Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 09/18] x86/efistub: Perform 4/5 level paging switch from the stub Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 10/18] x86/decompressor: Factor out kernel decompression and relocation Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 11/18] x86/efistub: Prefer EFI memory attributes protocol over DXE services Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 12/18] x86/efistub: Perform SNP feature test while running in the firmware Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 13/18] x86/efistub: Avoid legacy decompressor when doing EFI boot Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 14/18] efi/x86: Avoid physical KASLR on older Dell systems Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 15/18] x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 16/18] x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 17/18] x86/boot: efistub: Assign global boot_params variable Ard Biesheuvel
2024-03-04 11:19 ` [PATCH stable-v6.1 18/18] efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags Ard Biesheuvel
2024-03-04 11:42 ` [PATCH stable-v6.1 00/18] efistub/x86 changes for secure boot Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240304111937.2556102-20-ardb+git@google.com \
--to=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).