From 736533df5bddd7be9b27fa8051a71d731ab7a524 Mon Sep 17 00:00:00 2001 From: Steve McIntyre Date: Tue, 24 Jan 2023 22:37:23 +0000 Subject: [PATCH] Enable NX support at build time As required by policy for signing new shim binaries. --- debian/changelog | 2 ++ debian/patches/Enable-NX.patch | 13 +++++++++++++ debian/patches/series | 1 + 3 files changed, 16 insertions(+) create mode 100644 debian/patches/Enable-NX.patch diff --git a/debian/changelog b/debian/changelog index cd13ba2..edc61f4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ shim (15.7-1) UNRELEASED; urgency=medium + Make sbat_var.S parse right with buggy gcc/binutils * Switch to using gcc-12. Closes: #1022180 * Update to Standards-Version 4.6.2 (no changes needed) + * Enable NX support at build time, as required by policy for signing + new shim binaries. -- Steve McIntyre <93sam@debian.org> Sun, 22 Jan 2023 13:12:14 +0000 diff --git a/debian/patches/Enable-NX.patch b/debian/patches/Enable-NX.patch new file mode 100644 index 0000000..d75c108 --- /dev/null +++ b/debian/patches/Enable-NX.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index a9202f46..4f29fe12 100644 +--- a/Makefile ++++ b/Makefile +@@ -255,7 +255,7 @@ endif + -j .rela* -j .dyn -j .reloc -j .eh_frame \ + -j .vendor_cert -j .sbat -j .sbatlevel \ + $(FORMAT) $< $@ +- ./post-process-pe -vv $@ ++ ./post-process-pe -n -vv $@ + + ifneq ($(origin ENABLE_SHIM_HASH),undefined) + %.hash : %.efi diff --git a/debian/patches/series b/debian/patches/series index f57b178..b3ddfc8 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch +Enable-NX.patch -- 2.39.5