On Wed, 2016-01-27 at 17:20 +0100, Ard Biesheuvel wrote:
On 27 January 2016 at 17:16, James Bottomley James.Bottomley@hansenpartnership.com wrote:
On Wed, 2016-01-27 at 16:38 +0100, Ard Biesheuvel wrote:
On 27 January 2016 at 16:37, James Bottomley James.Bottomley@hansenpartnership.com wrote:
On Wed, 2016-01-27 at 16:31 +0100, Ard Biesheuvel wrote:
On 27 January 2016 at 16:20, James Bottomley James.Bottomley@hansenpartnership.com wrote:
On Wed, 2016-01-27 at 13:17 +0100, Ard Biesheuvel wrote: > These patches have been in my personal queue for about > two > years, > and > have already been incorporated into the Ubuntu packaged > version > of > sbsigntool. > > Patch #1 and #2 fixes some generic issues, and patch #3 > introduces > the ARM and AArch64 magic values in the PE/COFF header > check, > which > is all that is needed to get sbsign to sign ARM images. > > > Ard Biesheuvel (3): > sbsigntool: remove doubly defined > IMAGE_FILE_MACHINE_AMD64 > sbsigntool: fix handling of zero sized sections > sbsigntool: add support for ARM and Aarch64 PE/COFF > images > > src/coff/pe.h | 2 +- > src/image.c | 48 +++++++++++--------- > 2 files changed, 27 insertions(+), 23 deletions(-)
I can incorporate them into my build service package like I did for multi-sign. The problem is that Jeremy maintains the upstream and it's not moving:
git://kernel.ubuntu.com/jk/sbsigntool
I presume because Jeremy is now at Ozlabs? Do you have a different upstream URL?
To be honest, I wrote these 2+ years ago, so I don't remember exactly. Someone brought it to my attention that these are not upstream, but if that is still Jeremy instead of you, then yes, I suppose they need to be sent to Jeremy.
You mean
http://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.gi t/
It's where I keep my changes, but it's not where Ubuntu pulls from.
OK. Perhaps Jeremy can confirm where I should send these patches, and which tree to base them on?
If Jeremy doesn't want to, I can. I think the first order of business would be to resolve all the divergent patches, although when I look through the ubuntu one (is this the master?):
https://launchpad.net/ubuntu/+source/sbsigntool
The patch efi_arch_ia32.patch should make it not build for aarch64, so I suspect there's another more recent one somewhere.
I honestly haven't tried an aarch64 host, only aarch64 target, which is what I care about mostly tbh.
Hmm, well here be dragons: the selector selects the EFI ABI based on the host architecture, so if you're cross building for AARCH64 on x86, it's actually pulling in the ABI header files from /usr/include/efi/x86_64 ... I suppose we're just lucky and this happens to be identical to the aarch64 ABI?
I know my Ubuntu box's sbsign v0.6 happily signs ARM images since Adam Conrad merged these 3 patches into the ubuntu version (0.6 -0ubuntu7 as per your URL)
So if we can decide on a base to continue on, I'll try to resolve any AArch64 host issues if they are still present, and rebase these 3 patches onto it as well.
I'll begin the integration in the 1h we just got back from Vincent. At least then we'll know what a combined tree might look like. I can also turn on the aarch64 build on OBS ... although without a test platform I'm not sure that will be useful.
James