From: Luca Boccassi <bluca@debian.org>
Date: Tue, 23 May 2023 00:45:40 +0000 (+0100)
Subject: ukify: use empty stub for addons
X-Git-Tag: v254-rc1~382^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f644ea3ed7ec22c28814b194e4e5bbbf2fa98560;p=thirdparty%2Fsystemd.git

ukify: use empty stub for addons

Instead of picking up sd-stub, which is runnable, add an empty
addon stub that just returns an error if executed
---

diff --git a/src/boot/efi/addon.c b/src/boot/efi/addon.c
new file mode 100644
index 00000000000..d2ca770c65b
--- /dev/null
+++ b/src/boot/efi/addon.c
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "efi.h"
+
+/* Magic string for recognizing our own binaries */
+_used_ _section_(".sdmagic") static const char magic[] =
+        "#### LoaderInfo: systemd-addon " GIT_VERSION " ####";
+
+/* This is intended to carry data, not to be executed */
+
+EFIAPI EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *system_table);
+EFIAPI EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *system_table) {
+    return EFI_UNSUPPORTED;
+}
diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build
index 9a560cf1936..485f5d2e9d8 100644
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@@ -259,6 +259,10 @@ stub_sources = files(
         'stub.c',
 )
 
+addon_sources = files(
+        'addon.c',
+)
+
 if get_option('b_sanitize') == 'undefined'
         libefi_sources += files('ubsan.c')
 endif
@@ -328,12 +332,27 @@ foreach archspec : efi_archspecs
                 override_options : efi_override_options,
                 name_suffix : 'elf.stub',
                 pie : true)
+
+        efi_elf_binaries += executable(
+                'addon' + archspec['arch'],
+                addon_sources,
+                include_directories : efi_includes,
+                c_args : archspec['c_args'],
+                link_args : archspec['link_args'],
+                link_depends : elf2efi_lds,
+                gnu_symbol_visibility : 'hidden',
+                override_options : efi_override_options,
+                name_suffix : 'elf.stub',
+                pie : true)
 endforeach
 
 foreach efi_elf_binary : efi_elf_binaries
         # FIXME: Use build_tgt.name() with meson >= 0.54.0
         name = fs.name(efi_elf_binary.full_path()).split('.')[0]
-        name += name.startswith('linux') ? '.efi.stub' : '.efi'
+        name += name.startswith('systemd-boot') ? '.efi' : '.efi.stub'
+        # For the addon, given it's empty, we need to explicitly reserve space in the header to account for
+        # the sections that ukify will add.
+        minimum_sections = name.startswith('addon') ? '7' : '0'
         exe = custom_target(
                 name,
                 output : name,
@@ -348,6 +367,7 @@ foreach efi_elf_binary : efi_elf_binaries
                         '--efi-major=1',
                         '--efi-minor=1',
                         '--subsystem=10',
+                        '--minimum-sections=' + minimum_sections,
                         '@INPUT@',
                         '@OUTPUT@',
                 ])
diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
index 3167f5dbc5e..3a0c7af3625 100755
--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@@ -1141,7 +1141,10 @@ def finalize_options(opts):
         opts.efi_arch = guess_efi_arch()
 
     if opts.stub is None:
-        opts.stub = pathlib.Path(f'/usr/lib/systemd/boot/efi/linux{opts.efi_arch}.efi.stub')
+        if opts.linux is not None:
+            opts.stub = pathlib.Path(f'/usr/lib/systemd/boot/efi/linux{opts.efi_arch}.efi.stub')
+        else:
+            opts.stub = pathlib.Path(f'/usr/lib/systemd/boot/efi/addon{opts.efi_arch}.efi.stub')
 
     if opts.signing_engine is None:
         if opts.sb_key: