diff --git a/SOURCES/s390utils-2.22.0-rhel.patch b/SOURCES/s390utils-2.22.0-rhel.patch index 623ce0e..f940bf5 100644 --- a/SOURCES/s390utils-2.22.0-rhel.patch +++ b/SOURCES/s390utils-2.22.0-rhel.patch @@ -1,7 +1,7 @@ From 2844d07e4bba2301fef66f56574c92054bac7cac Mon Sep 17 00:00:00 2001 From: Steffen Eiden Date: Mon, 25 Jul 2022 12:57:53 +0200 -Subject: [PATCH] zipl: Add missing check for a nullpointer. +Subject: [PATCH 1/2] zipl: Add missing check for a nullpointer. Fixes a bug that leads to a segmentation fault when no parmline is provided. @@ -28,5 +28,72 @@ index ffdc297..b5bf5b2 100644 error_text("The length of the parameters line " "(%d bytes) exceeds the allowed maximum " -- -2.37.1 +2.38.1 + + +From ce0c37988aecad84da61b5823035a983872e4ac8 Mon Sep 17 00:00:00 2001 +From: Peter Oberparleiter +Date: Fri, 16 Sep 2022 15:13:01 +0200 +Subject: [PATCH 2/2] zipl/boot: add secure boot trailer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This patch enhances the zipl stage3 loader image adding a trailer as +required for secure boot by future firmware versions. + +Note: with the change in this patch the padding via objcopy command line +options is replaced by padding via linker script directives with the +same effect. + +Signed-off-by: Peter Oberparleiter +Signed-off-by: Jan Höppner +--- + zipl/boot/Makefile | 2 +- + zipl/boot/stage3.lds.S | 10 ++++++++++ + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/zipl/boot/Makefile b/zipl/boot/Makefile +index c2ec76a..f195df0 100644 +--- a/zipl/boot/Makefile ++++ b/zipl/boot/Makefile +@@ -106,7 +106,7 @@ stage3.bin: stage3.exec + --only-section=.stage2dump.tail \ + --only-section=.eckd2dump_mv.tail \ + --only-section=.fixup \ +- --pad-to=0xe000 \ ++ --only-section=.sb.trailer \ + $< $@ + + data.o: $(FILES) +diff --git a/zipl/boot/stage3.lds.S b/zipl/boot/stage3.lds.S +index fa4c81f..d8305f1 100644 +--- a/zipl/boot/stage3.lds.S ++++ b/zipl/boot/stage3.lds.S +@@ -14,6 +14,7 @@ + */ + + #include "boot/loaders_layout.h" ++#include "boot/s390.h" + + SECTIONS + { +@@ -46,6 +47,15 @@ SECTIONS + .rodata : {*(.rodata) } + .data : { *(.data) } + ++ /* Trailer needed for Secure Boot */ ++ . = COMMAND_LINE_EXTRA - 32; ++ .sb.trailer : { ++ QUAD(0x0000c00000000000) ++ QUAD(STAGE3_ENTRY + PSW_LOAD) ++ QUAD(STAGE3_ENTRY) ++ QUAD(0x000000207a49504c) ++ } ++ + . = COMMAND_LINE_EXTRA; + .cmdline_extra : { + . += COMMAND_LINE_EXTRA_SIZE; +-- +2.38.1 diff --git a/SPECS/s390utils.spec b/SPECS/s390utils.spec index 21f1c36..eb01a22 100644 --- a/SPECS/s390utils.spec +++ b/SPECS/s390utils.spec @@ -10,7 +10,7 @@ Name: s390utils Summary: Utilities and daemons for IBM z Systems Version: 2.22.0 -Release: 2%{?dist} +Release: 2%{?dist}.1 Epoch: 2 License: MIT ExclusiveArch: s390 s390x @@ -903,6 +903,10 @@ User-space development files for the s390/s390x architecture. %changelog +* Thu Dec 08 2022 Dan Horák - 2:2.22.0-2.1 +- zipl: Add secure boot trailer (#2151818) +- Resolves: #2151818 + * Thu Aug 04 2022 Dan Horák - 2:2.22.0-2 - zipl: Add missing check for a nullpointer (#2113884) - Resolves: #2113884