On 12.05.2025 12:39, Gerald Elder-Vass wrote: > --- a/xen/arch/x86/efi/Makefile > +++ b/xen/arch/x86/efi/Makefile > @@ -6,11 +6,19 @@ cmd_objcopy_o_ihex = $(OBJCOPY) -I ihex -O binary $< $@ > $(obj)/%.o: $(src)/%.ihex FORCE > $(call if_changed,objcopy_o_ihex) > > +$(obj)/sbat.o: OBJCOPYFLAGS := -I binary -O elf64-x86-64 \ > + --rename-section .data=.sbat,readonly,data,contents \ > + --add-section .note.GNU-stack=/dev/null > +$(obj)/sbat.o: $(src)/sbat.sbat FORCE > + $(call if_changed,objcopy) > + > $(obj)/boot.init.o: $(obj)/buildid.o > > $(call cc-option-add,cflags-stack-boundary,CC,-mpreferred-stack-boundary=4) > $(addprefix $(obj)/,$(EFIOBJ-y) mbi2.init.o): CFLAGS_stack_boundary := > $(cflags-stack-boundary) > > +EFIOBJ-y += sbat.o > + > obj-y := common-stub.o stub.o > obj-$(XEN_BUILD_EFI) := $(filter-out %.init.o,$(EFIOBJ-y)) > obj-bin-$(XEN_BUILD_EFI) := $(filter %.init.o,$(EFIOBJ-y)) > --- /dev/null > +++ b/xen/arch/x86/efi/sbat.sbat > @@ -0,0 +1 @@ > +sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md > --- a/xen/arch/x86/xen.lds.S > +++ b/xen/arch/x86/xen.lds.S > @@ -343,6 +343,8 @@ SECTIONS > *(.reloc) > __base_relocs_end = .; > } > + > + .sbat (NOLOAD) : { *(.sbat) }
If NOLOAD really took effect, this placement would certainly be okay. Since it doesn't (from all I know), I'm unsure though of putting this after .reloc. Then again you don't have "alloc" in the renamed section's flags, so maybe all is indeed fine as you have it. Jan
