elf2efi: Add GNU_RELRO support

diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index dfb8700547d87b317042fc2e0ae08300aaf2d326..d168d2d553de7d4f9108c3d12919c03f06539a33 100644 (file)
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -162,7 +162,7 @@ efi_c_ld_args = [
         '-z', 'max-page-size=4096',
 
         '-z', 'noexecstack',
-        '-z', 'norelro',
+        '-z', 'relro',
         '-z', 'separate-code',
 ]
 

diff --git a/tools/elf2efi.py b/tools/elf2efi.py
index 1e74dcfff2ba7430482c4a089eb67234ee85d508..54f64fa53c1112b2bd156ef8402c467e47acbd94 100755 (executable)
--- a/tools/elf2efi.py
+++ b/tools/elf2efi.py
@@ -258,6 +258,13 @@ def iter_copy_sections(elf: ELFFile) -> typing.Iterator[PeSection]:
     # manually, so that we can easily strip unwanted sections. We try to only discard things we know
     # about so that there are no surprises.
 
+    relro = None
+    for elf_seg in elf.iter_segments():
+        if elf_seg["p_type"] == "PT_LOAD" and elf_seg["p_align"] != SECTION_ALIGNMENT:
+            raise RuntimeError("ELF segments are not properly aligned.")
+        elif elf_seg["p_type"] == "PT_GNU_RELRO":
+            relro = elf_seg
+
     for elf_s in elf.iter_sections():
         if (
             elf_s["sh_flags"] & SH_FLAGS.SHF_ALLOC == 0
@@ -275,6 +282,10 @@ def iter_copy_sections(elf: ELFFile) -> typing.Iterator[PeSection]:
         else:
             rwx = PE_CHARACTERISTICS_R
 
+        # PE images are always relro.
+        if relro and relro.section_in_segment(elf_s):
+            rwx = PE_CHARACTERISTICS_R
+
         if pe_s and pe_s.Characteristics != rwx:
             yield pe_s
             pe_s = None