tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'x86-boot-2025-07-29' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 boot updates from Ingo Molnar:

- Implement support for embedding EFI SBAT data (Secure Boot Advanced
Targeting: a secure boot image revocation facility) on x86 (Vitaly
Kuznetsov)

- Move the efi_enter_virtual_mode() initialization call from the
generic init code to x86 init code (Alexander Shishkin)

* tag 'x86-boot-2025-07-29' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/efi: Implement support for embedding SBAT data for x86
x86/efi: Move runtime service initialization to arch/x86

Linus Torvalds 56d5e329 72b8944f

+51 -16
+1 -1
arch/x86/boot/Makefile
··· 71 71 72 72 SETUP_OBJS = $(addprefix $(obj)/,$(setup-y)) 73 73 74 - sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|z_.*\)$$/\#define ZO_\2 0x\1/p' 74 + sed-zoffset := -e 's/^\([0-9a-fA-F]*\) [a-zA-Z] \(startup_32\|efi.._stub_entry\|efi\(32\)\?_pe_entry\|input_data\|kernel_info\|_end\|_ehead\|_text\|_e\?data\|_e\?sbat\|z_.*\)$$/\#define ZO_\2 0x\1/p' 75 75 76 76 quiet_cmd_zoffset = ZOFFSET $@ 77 77 cmd_zoffset = $(NM) $< | sed -n $(sed-zoffset) > $@
+5
arch/x86/boot/compressed/Makefile
··· 106 106 vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o 107 107 vmlinux-libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a 108 108 vmlinux-libs-$(CONFIG_X86_64) += $(objtree)/arch/x86/boot/startup/lib.a 109 + vmlinux-objs-$(CONFIG_EFI_SBAT) += $(obj)/sbat.o 110 + 111 + ifdef CONFIG_EFI_SBAT 112 + $(obj)/sbat.o: $(CONFIG_EFI_SBAT_FILE) 113 + endif 109 114 110 115 $(obj)/vmlinux: $(vmlinux-objs-y) $(vmlinux-libs-y) FORCE 111 116 $(call if_changed,ld)
+7
arch/x86/boot/compressed/sbat.S
··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + /* 3 + * Embed SBAT data in the kernel. 4 + */ 5 + .pushsection ".sbat", "a", @progbits 6 + .incbin CONFIG_EFI_SBAT_FILE 7 + .popsection
+8
arch/x86/boot/compressed/vmlinux.lds.S
··· 43 43 *(.rodata.*) 44 44 _erodata = . ; 45 45 } 46 + #ifdef CONFIG_EFI_SBAT 47 + .sbat : ALIGN(0x1000) { 48 + _sbat = . ; 49 + *(.sbat) 50 + _esbat = ALIGN(0x1000); 51 + . = _esbat; 52 + } 53 + #endif 46 54 .data : ALIGN(0x1000) { 47 55 _data = . ; 48 56 *(.data)
+22 -9
arch/x86/boot/header.S
··· 179 179 #else 180 180 .set pecompat_fstart, setup_size 181 181 #endif 182 - .ascii ".text" 183 - .byte 0 184 - .byte 0 185 - .byte 0 186 - .long ZO__data 187 - .long setup_size 188 - .long ZO__data # Size of initialized data 189 - # on disk 190 - .long setup_size 182 + .ascii ".text\0\0\0" 183 + .long textsize # VirtualSize 184 + .long setup_size # VirtualAddress 185 + .long textsize # SizeOfRawData 186 + .long setup_size # PointerToRawData 191 187 .long 0 # PointerToRelocations 192 188 .long 0 # PointerToLineNumbers 193 189 .word 0 # NumberOfRelocations ··· 191 195 .long IMAGE_SCN_CNT_CODE | \ 192 196 IMAGE_SCN_MEM_READ | \ 193 197 IMAGE_SCN_MEM_EXECUTE # Characteristics 198 + 199 + #ifdef CONFIG_EFI_SBAT 200 + .ascii ".sbat\0\0\0" 201 + .long ZO__esbat - ZO__sbat # VirtualSize 202 + .long setup_size + ZO__sbat # VirtualAddress 203 + .long ZO__esbat - ZO__sbat # SizeOfRawData 204 + .long setup_size + ZO__sbat # PointerToRawData 205 + 206 + .long 0, 0, 0 207 + .long IMAGE_SCN_CNT_INITIALIZED_DATA | \ 208 + IMAGE_SCN_MEM_READ | \ 209 + IMAGE_SCN_MEM_DISCARDABLE # Characteristics 210 + 211 + .set textsize, ZO__sbat 212 + #else 213 + .set textsize, ZO__data 214 + #endif 194 215 195 216 .ascii ".data\0\0\0" 196 217 .long ZO__end - ZO__data # VirtualSize
+7
arch/x86/kernel/cpu/common.c
··· 26 26 #include <linux/pgtable.h> 27 27 #include <linux/stackprotector.h> 28 28 #include <linux/utsname.h> 29 + #include <linux/efi.h> 29 30 30 31 #include <asm/alternative.h> 31 32 #include <asm/cmdline.h> ··· 2537 2536 */ 2538 2537 fpu__init_system(); 2539 2538 fpu__init_cpu(); 2539 + 2540 + /* 2541 + * This needs to follow the FPU initializtion, since EFI depends on it. 2542 + */ 2543 + if (efi_enabled(EFI_RUNTIME_SERVICES)) 2544 + efi_enter_virtual_mode(); 2540 2545 2541 2546 /* 2542 2547 * Ensure that access to the per CPU representation has the initial
+1 -1
drivers/firmware/efi/Kconfig
··· 286 286 287 287 config EFI_SBAT_FILE 288 288 string "Embedded SBAT section file path" 289 - depends on EFI_ZBOOT 289 + depends on EFI_ZBOOT || (EFI_STUB && X86) 290 290 help 291 291 SBAT section provides a way to improve SecureBoot revocations of UEFI 292 292 binaries by introducing a generation-based mechanism. With SBAT, older
-5
init/main.c
··· 53 53 #include <linux/cpuset.h> 54 54 #include <linux/memcontrol.h> 55 55 #include <linux/cgroup.h> 56 - #include <linux/efi.h> 57 56 #include <linux/tick.h> 58 57 #include <linux/sched/isolation.h> 59 58 #include <linux/interrupt.h> ··· 1067 1068 1068 1069 pid_idr_init(); 1069 1070 anon_vma_init(); 1070 - #ifdef CONFIG_X86 1071 - if (efi_enabled(EFI_RUNTIME_SERVICES)) 1072 - efi_enter_virtual_mode(); 1073 - #endif 1074 1071 thread_stack_cache_init(); 1075 1072 cred_init(); 1076 1073 fork_init();