archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 02:44:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
Linux kernel source tree
1397014 commits 1 branch 921 tags 8.5 GiB
Find a file
Dimitri John Ledkov d50f210913
kbuild: align modinfo section for Secureboot Authenticode EDK2 compat 
Previously linker scripts would always generate vmlinuz that has sections
aligned. And thus padded (correct Authenticode calculation) and unpadded
calculation would be same. As in https://github.com/rhboot/pesign userspace
tool would produce the same authenticode digest for both of the following
commands:

    pesign --padding --hash --in ./arch/x86_64/boot/bzImage
    pesign --nopadding --hash --in ./arch/x86_64/boot/bzImage

The commit 3e86e4d74c ("kbuild: keep .modinfo section in
vmlinux.unstripped") added .modinfo section of variable length. Depending
on kernel configuration it may or may not be aligned.

All userspace signing tooling correctly pads such section to calculation
spec compliant authenticode digest.

However, if bzImage is not further processed and is attempted to be loaded
directly by EDK2 firmware, it calculates unpadded Authenticode digest and
fails to correct accept/reject such kernel builds even when propoer
Authenticode values are enrolled in db/dbx. One can say EDK2 requires
aligned/padded kernels in Secureboot.

Thus add ALIGN(8) to the .modinfo section, to esure kernels irrespective of
modinfo contents can be loaded by all existing EDK2 firmware builds.

Fixes: 3e86e4d74c ("kbuild: keep .modinfo section in vmlinux.unstripped")
Cc: stable@vger.kernel.org
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Link: https://patch.msgid.link/20251026202100.679989-1-dimitri.ledkov@surgut.co.uk
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
2025-10-27 16:21:24 -07:00
arch - Reset the why-the-system-rebooted register on AMD to avoid stale bits 2025-10-19 04:41:27 -10:00
block block-6.18-20251016 2025-10-17 08:31:26 -07:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2024-09-20 19:52:48 +03:00
crypto This push contains the following changes: 2025-10-10 08:56:16 -07:00
Documentation Rust 'rustfmt' cleanup 2025-10-18 10:05:13 -10:00
drivers Hi, 2025-10-18 08:38:28 -10:00
fs Description for this pull request: 2025-10-18 07:23:59 -10:00
include kbuild: align modinfo section for Secureboot Authenticode EDK2 compat 2025-10-27 16:21:24 -07:00
init printk changes for 6.18 2025-10-04 11:13:11 -07:00
io_uring io_uring/rw: check for NULL io_br_sel when putting a buffer 2025-10-15 13:38:53 -06:00
ipc namespace-6.18-rc1 2025-09-29 11:20:29 -07:00
kernel - Make sure the check for lost pelt idle time is done unconditionally to 2025-10-19 04:59:43 -10:00
lib lib/test_kho: use kho_preserve_vmalloc instead of storing addresses in fdt 2025-10-07 13:48:56 -07:00
LICENSES LICENSES: Replace the obsolete address of the FSF in the GFDL-1.2 2025-07-24 11:15:39 +02:00
mm slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL 2025-10-16 15:16:45 +02:00
net bpf-fixes 2025-10-18 08:00:43 -10:00
rust rust: bitmap: fix formatting 2025-10-17 13:02:22 +02:00
samples Char/Misc/IIO/Binder changes for 6.18-rc1 2025-10-04 16:26:32 -07:00
scripts kbuild: install-extmod-build: Fix when given dir outside the build dir 2025-10-25 21:59:20 +01:00
security integrity-v6.18 2025-10-05 10:48:33 -07:00
sound ALSA: hda/realtek: Fix mute led for HP Omen 17-cb0xxx 2025-10-17 16:37:21 +02:00
tools hid-for-linus-2025101701 2025-10-18 08:18:18 -10:00
usr gen_init_cpio: Ignore fsync() returning EINVAL on pipes 2025-10-07 09:53:05 -07:00
virt KVM x86 fixes for 6.18: 2025-10-18 10:25:43 +02:00
.clang-format memblock: drop for_each_free_mem_pfn_range_in_zone_from() 2025-09-14 08:49:03 +03:00
.clippy.toml rust: clean Rust 1.88.0's warning about clippy::disallowed_macros configuration 2025-05-07 00:11:47 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore MAINTAINERS: remove Alyssa Rosenzweig 2025-09-18 21:17:31 +02:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore .gitignore: ignore compile_commands.json globally 2025-08-12 15:53:55 -07:00
.mailmap Including fixes from CAN 2025-10-16 09:41:21 -07:00
.pylintrc tools: docs: parse-headers.py: move it from sphinx dir 2025-08-29 15:54:42 -06:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS USB/Thunderbolt changes for 6.18-rc1 2025-10-04 16:07:08 -07:00
Kbuild sched: Make migrate_{en,dis}able() inline 2025-09-25 09:57:16 +02:00
Kconfig io_uring: Rename KConfig to Kconfig 2025-02-19 14:53:27 -07:00
MAINTAINERS MAINTAINERS: Update Kconfig section 2025-10-23 23:56:30 +01:00
Makefile Linux 6.18-rc2 2025-10-19 15:19:16 -10:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.