meson: using local copy ldscript when local copy crt0 be used for SBAT
When the system crt0 for aaarch64 is not new enough for SBAT. The
efi/meson.build script will use local copy crt0 instead:
efi/meson.build:87: WARNING: Cannot find SBAT section in
/usr/lib64/crt0-efi-aarch64.S, using local copy
In this case, the ld of efi/fwup.so will be failed because missing
symbols:
[ 32s] ld:
/home/abuild/rpmbuild/BUILD/fwupd-efi-1.1/build/efi/crt0/crt0-efi-aarch64.o:
relocation R_AARCH64_PREL32 against symbol `_erodata' which may bind
externally can not be used when making a shared object; recompile with
-fPIC
[ 32s]
/home/abuild/rpmbuild/BUILD/fwupd-efi-1.1/build/efi/crt0/crt0-efi-aarch64.o:
in function `extra_header_fields':
[ 32s] (.text.head+0x90): dangerous relocation: unsupported relocation
[ 32s] ld:
/home/abuild/rpmbuild/BUILD/fwupd-efi-1.1/build/efi/crt0/crt0-efi-aarch64.o:
relocation R_AARCH64_PREL32 against symbol `_evtext' which may bind
externally can not be used when making a shared object; recompile with
-fPIC
[ 32s]
/home/abuild/rpmbuild/BUILD/fwupd-efi-1.1/build/efi/crt0/crt0-efi-aarch64.o:
in function `section_table':
[ 32s] (.text.head+0x100): dangerous relocation: unsupported
relocation
[ 32s] ld:
/home/abuild/rpmbuild/BUILD/fwupd-efi-1.1/build/efi/crt0/crt0-efi-aarch64.o:
relocation R_AARCH64_PREL32 against symbol `_rodata' which may bind
externally can not be used when making a shared object; recompile with
-fPIC
[ 32s] (.text.head+0x17c): dangerous relocation: unsupported
relocation
[ 32s] ld:
/home/abuild/rpmbuild/BUILD/fwupd-efi-1.1/build/efi/crt0/crt0-efi-aarch64.o:
relocation R_AARCH64_PREL32 against symbol `_rodata' which may bind
externally can not be used when making a shared object; recompile with
-fPIC
[ 32s] (.text.head+0x184): dangerous relocation: unsupported
relocation
[ 32s] ninja: build stopped: subcommand failed.
Using local copy ldscript when local copy crt0 be used for SBAT, then
this fail can be fixed.
Ross Burton [Thu, 13 May 2021 10:58:43 +0000 (11:58 +0100)]
meson: remove compiler flags that are never used
The meson.build checks for a slew of warning and linker flags that were
copied from fwupd, but they're never used as fwupd-efi currently invokes
the compile itself.
Ross Burton [Mon, 22 Mar 2021 12:51:54 +0000 (12:51 +0000)]
Add option to disable the UEFI capsule splash screen generation
The dependencies to generate the "updating..." splash screen are non-trivial, and
pointless in headless systems. Add an option to disable the generation entirely.
Ross Burton [Mon, 12 Apr 2021 16:31:14 +0000 (17:31 +0100)]
Don't check for native dependencies as target dependencies
Don't look for cairo, fontconfig, and freetype libraries as this will
look for *target* libraries. The presence of these libraries is used as
a proxy for the gobject-introspection libraries being available for
the make-images.py script, but as this runs at build time we don't care
about target libraries at all.
Luckily there's another script, test-deps.py, which looks for the g-i
libraries so these dependencies can be removed.
uefi-capsule: Include crt0 for arm and aarch64 that add a SBAT section
Due the lack of pei-aarch64 support in binutils, the gnu-efi crt0 harcodes
the PE32+ sections among other things. These crt0 aren't aware of the SBAT
section and so custom ones have to be used.
In the same vein as commit 6ed2d0012c9 ("uefi-capsule: Ensure SBAT metadata
is added correctly") included custom linker scripts, this change add a set
of crt0 for arm and aarch64 that hardcode a SBAT section in the PE headers.
These are the crt0 from gnu-efi plus the following fixes from Peter Jones:
* Include .sbat in section headers
* Fix some PE headers
* Calculate the VirtualSize of .sbat separately
* Put .rel* and .dyn* in .rodata
uefi-capsule: Sync linker scripts with latest used by shim
The linker scripts used in the project were copied from the shim project,
but there were a few fixes made after this original copy.
Until binutils have proper pei-aarch64 support, the linker scripts should
be kept in sync to make sure that the PE32+ binaries are built correctly.
The fixes included in this change are the following:
* Include missing .text sections in PE/COFF binary (Chris Coulson)
* Put .sbat after _edata (Peter Jones)
* Fix some PE headers for arm and aarch64 (Peter Jones)
* Include the aligned part in SizeOfRawData of sbat for arm and aarch64 (Gary Lin)
* Swizzle some sections to make old sbsign happier for arm and aarch64 (Peter Jones)
* Put .rel* and .dyn* in .rodata for arm and aarch64 (Peter Jones)
Gary Lin [Tue, 9 Mar 2021 07:26:20 +0000 (15:26 +0800)]
uefi-capsule: Specify the section flags for .sbat
When using "objcopy -O binary" to generate AArch64 EFI images, it
silently drops the sections without "alloc" or "load" or the sections
with "unload", and this caused the content of .sbat was skipped in the
final EFI image.
This commit sets the common read-only data section flags to .sbat to
make sure the content will be copied.
Norbert Kamiński [Thu, 25 Feb 2021 11:41:15 +0000 (12:41 +0100)]
contrib/qubes: Add Qubes wrapper source and create packages
This patch is adding the fwupd wrapper for Qubes.
The wrapper provides fwupd functionalities for Qubes R4.1.
It creates three packages (two RPMs and one Debian package):
fwupd-qubes-dom0 (RPM)
fwupd-qubes-vm (RPM)
fwupd-qubes-vm-whonix (deb)
More information about the wrapper could be found in the
contrib/qubes/README.md
Chris Coulson [Sat, 20 Feb 2021 14:27:17 +0000 (14:27 +0000)]
uefi-capsule: Ensure SBAT metadata is added correctly
The current approach of adding SBAT metadata after linking is creating
an image that is badly formed in 2 ways:
* The SBAT section's file offset and size are not a multiple of the
file alignment.
* The SBAT section has a virtual address of zero. EDK2 loads the header
here, and so it gets rejected.
This changes the approach to match shim, where an object file is
created with a .sbat section and then the linker takes care of placing
the section at a more appropriate virtual address.
See https://github.com/vathpela/gnu-efi/pull/14 for the section addition.
Richard Hughes [Tue, 16 Feb 2021 10:14:36 +0000 (10:14 +0000)]
Allow building without SBAT metadata
Two reasons:
* It seems a bit antisocial to hard-require all this data without fair warning
* The aarch64 pesign crashes when trying to sign the binary with SBAT metadata
uefi-capsule: Add SBAT metadata to the fwupd EFI binary
The Secure Boot Advanced Targeting (SBAT) [0] is a Generation Number Based
Revocation mechanism that is meant to replace the DBX revocation file list.
Binaries must contain a .sbat data section that has a set entries, each of
them consisting of UTF-8 strings as comma separated values. Allow to embed
this information into the fwupd EFI binary at build time.
The SBAT metadata must contain at least two entries. One that defines the
SBAT version used and another one that defines the component generation.
Downstream users can add additional entries if have changes that make them
diverge from the upstream code and potentially add other vulnerabilities.
The generate_binary.sh is a script that calls the objcopy tool and
genpeimg in the case of Windows, to generate a PE binary file.
But doesn't have to be a shell script and could be rewritten as a
python script. This will make this code to generate a PE binary
easier to extend if needed.
Also, the only reason that's a template is to define the objcopy
tool used, but this can also be passed as a positional argument.
Richard Hughes [Thu, 14 Jan 2021 21:00:37 +0000 (21:00 +0000)]
coreboot: Remove plugin and instead add metadata to flashrom devices
The coreboot plugin never actually gained the ability to write. As it stands a
coreboot system now adds *two* system-firmware devices (from both flashrom and
coreboot) which isn't ideal.
Just allow flashrom to enumerate quirked devices and add coreboot-specific
metadata as required. If we require some kind of cbfs parsing then we can do
that in FuFlashromDevice->prepare_firmware().
Richard Hughes [Thu, 7 Jan 2021 14:20:49 +0000 (14:20 +0000)]
Only include the start year in the copyright header
The end year is legally and functionally redundant, and more importantly causes
cherry-pick conflicts when trying to maintain old branches. Use git for history.
Richard Hughes [Mon, 28 Dec 2020 21:57:04 +0000 (21:57 +0000)]
Make libcurl optional for fuzzing
For fuzzing we want to exclude libcurl support as it depends on other very heavy
libraries like OpenSSL or libtasn which make the fuzzing binary much larger if
linked statically.
Richard Hughes [Tue, 8 Dec 2020 16:02:03 +0000 (16:02 +0000)]
Use honggfuzz to fuzz firmware rather than AFL
This has better multi-core performance and can run in persistent mode -- which
allows us to construct a test harness of all the parsers (which takes time) and
then just reuse the process for lots of different data.