On 22.08.25 13:32, 'Jan Kiszka' via EFI Boot Guard wrote: > Despite all the changes here as well as in gnu-efi upstream, we still > had issues with wholes in the arm 32-bit EFI binaries we built when > using gnu-efi 3.0.19 or newer. These wholes did not prevent to sign the > binaries, and also sbverify was validating them successfully but it > already warned that the result could lead to different checksums. And > that was actually the case for U-Boot as EFI provider. > > There were multiple reasons for the wholes such as empty sections that > still used space or the wdfuncs section that could not be known to the > linker script of gnu-efi but required in the final EFI image. > > This series resolves the wholes while keeping things fine for older > gnu-efi versions. Successfully tested with buster (3.0.9) through trixie > (3.0.19 + [1]) on all supported archs (riscv64 only on trixie). > > Jan > > [1] > https://github.com/ncroxon/gnu-efi/commit/24a4cd0e5653fd84b004c00c808c45cc3fb7a7e2 > > Jan Kiszka (3): > Align EFI linking options with recent gnu-efi > Do exploit constructors for registering drivers > Makefile: Drop no longer needed assembly rule > > Makefile.am | 24 +++++++++++++--------- > configure.ac | 8 +++++++- > drivers/watchdog/wdfuncs_end.c | 10 ++++++--- > drivers/watchdog/wdfuncs_start.c | 10 ++++++--- > include/utils.h | 19 ++++++++++++----- > main.c | 35 ++++++++++++++++++++++++-------- > scripts/cppcheck.sh | 5 +++-- > 7 files changed, 79 insertions(+), 32 deletions(-) >
Not all gaps are gone, though, but that is an upstream gnu-efi topic: https://github.com/ncroxon/gnu-efi/issues/79 Jan -- Siemens AG, Foundational Technologies Linux Expert Center -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to efibootguard-dev+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/efibootguard-dev/1f40fe78-933a-4b04-969f-222eafb57d09%40siemens.com.
