arm/aa64 targets: put .rel* and .dyn* in .rodata

For every problem, there exists a solution which is simple, elegant, and
wrong.  d746292 is that solution.

This patch leaves that intact, but adds a .rodata section wrapping
.rel/.rela and .dynsym/.dynstr., so that they are correctly
incorporated into the authenticode hash.

Signed-off-by: Peter Jones <[email protected]>

Makefile

@@ -242,7 +242,7 @@ ifneq ($(OBJCOPY_GTE224),1)
 	$(error objcopy >= 2.24 is required)
 endif
 	$(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \
-		-j .dynamic -j .dynsym -j .rel* \
+		-j .dynamic -j .rodata -j .rel* \
 		-j .rela* -j .reloc -j .eh_frame \
 		-j .vendor_cert -j .sbat \
 		$(FORMAT) $< $@
@@ -259,7 +259,7 @@ ifneq ($(OBJCOPY_GTE224),1)
 	$(error objcopy >= 2.24 is required)
 endif
 	$(OBJCOPY) -D -j .text -j .sdata -j .data \
-		-j .dynamic -j .dynsym -j .rel* \
+		-j .dynamic -j .rodata -j .rel* \
 		-j .rela* -j .reloc -j .eh_frame -j .sbat \
 		-j .debug_info -j .debug_abbrev -j .debug_aranges \
 		-j .debug_line -j .debug_str -j .debug_ranges \

elf_aarch64_efi.lds

@@ -9,24 +9,12 @@ SECTIONS
     *(.text)
     *(.text.*)
     *(.gnu.linkonce.t.*)
-    *(.srodata)
-    *(.rodata*)
-    . = ALIGN(16);
-    _etext = .;
-  }
-
-  . = ALIGN(4096);
-  .dynamic  : { *(.dynamic) }
-
-  . = ALIGN(4096);
-  .note.gnu.build-id : {
-    *(.note.gnu.build-id)
-  }
-
-  . = ALIGN(4096);
-  .data.ident : {
-    *(.data.ident)
+    _evtext = .;
+    . = ALIGN(4096);
   }
+  _etext = .;
+  _text_size = . - _text;
+  _text_vsize = _evtext - _text;
 
   . = ALIGN(4096);
   .data :
@@ -39,6 +27,8 @@ SECTIONS
    *(.got.plt)
    *(.got)
 
+   *(.dynamic)
+
    /* the EFI loader doesn't seem to like a .bss section, so we stick
       it all into .data: */
    . = ALIGN(16);
@@ -48,52 +38,61 @@ SECTIONS
    *(.dynbss)
    *(.bss)
    *(COMMON)
+   _evdata = .;
    . = ALIGN(4096);
    _bss_end = .;
   }
   _edata = .;
+  _data_vsize = _evdata - _data;
   _data_size = . - _data;
 
+  /*
+   * Note that _sbat must be the beginning of the data, and _esbat must be the
+   * end and must be before any section padding.  The sbat self-check uses
+   * _esbat to find the bounds of the data, and if the padding is included, the
+   * CSV parser (correctly) rejects the data as having NUL values in one of the
+   * required columns.
+   */
   . = ALIGN(4096);
   .sbat :
   {
     _sbat = .;
     *(.sbat)
     *(.sbat.*)
+    _esbat = .;
     . = ALIGN(4096);
+    _epsbat = .;
   }
-  _esbat = .;
-  _sbat_vsize = . - _sbat;
-  . = ALIGN(4096);
-  _sbat_size = . - _sbat;
+  _sbat_size = _epsbat - _sbat;
+  _sbat_vsize = _esbat - _sbat;
 
   . = ALIGN(4096);
-  .vendor_cert :
-  {
-    _vendor_cert = .;
-    *(.vendor_cert)
-    _evirt_vendor_cert = .;
-    . = ALIGN(4096);
-  }
-  _evendor_cert = .;
-  _vendor_cert_vsize = _evirt_vendor_cert - _vendor_cert;
-  _vendor_cert_size = . - _vendor_cert;
-  _alldata_size = . - _data;
-
-  .rela :
+  .rodata :
   {
+    _rodata = .;
     *(.rela.dyn)
     *(.rela.plt)
     *(.rela.got)
     *(.rela.data)
     *(.rela.data*)
+
+    *(.rodata*)
+    *(.srodata)
+    *(.dynsym)
+    *(.dynstr)
+    . = ALIGN(16);
+    *(.note.gnu.build-id)
+    . = ALIGN(4096);
+    *(.vendor_cert)
+    *(.data.ident)
+    _evrodata = .;
+    . = ALIGN(4096);
   }
+  _erodata = .;
+  _rodata_size = . - _rodata;
+  _rodata_vsize = _evrodata - _rodata;
+  _alldata_size = . - _data;
 
-  . = ALIGN(4096);
-  .dynsym   : { *(.dynsym) }
-  . = ALIGN(4096);
-  .dynstr   : { *(.dynstr) }
-  . = ALIGN(4096);
   /DISCARD/ :
   {
     *(.rel.reloc)

elf_arm_efi.lds

@@ -9,22 +9,12 @@ SECTIONS
     *(.text)
     *(.text.*)
     *(.gnu.linkonce.t.*)
-    *(.srodata)
-    *(.rodata*)
-    . = ALIGN(16);
-    _etext = .;
-  }
-  .dynamic  : { *(.dynamic) }
-
-  . = ALIGN(4096);
-  .note.gnu.build-id : {
-    *(.note.gnu.build-id)
-  }
-
-  . = ALIGN(4096);
-  .data.ident : {
-    *(.data.ident)
+    _evtext = .;
+    . = ALIGN(4096);
   }
+  _etext = .;
+  _text_size = . - _text;
+  _text_vsize = _evtext - _text;
 
   . = ALIGN(4096);
   .data :
@@ -33,10 +23,12 @@ SECTIONS
    *(.sdata)
    *(.data)
    *(.data1)
-   *(.data*)
+   *(.data.*)
    *(.got.plt)
    *(.got)
 
+   *(.dynamic)
+
    /* the EFI loader doesn't seem to like a .bss section, so we stick
       it all into .data: */
    . = ALIGN(16);
@@ -46,53 +38,61 @@ SECTIONS
    *(.dynbss)
    *(.bss)
    *(COMMON)
+   _evdata = .;
    . = ALIGN(4096);
    _bss_end = .;
   }
   _edata = .;
+  _data_vsize = _evdata - _data;
   _data_size = . - _data;
 
+  /*
+   * Note that _sbat must be the beginning of the data, and _esbat must be the
+   * end and must be before any section padding.  The sbat self-check uses
+   * _esbat to find the bounds of the data, and if the padding is included, the
+   * CSV parser (correctly) rejects the data as having NUL values in one of the
+   * required columns.
+   */
   . = ALIGN(4096);
   .sbat :
   {
     _sbat = .;
     *(.sbat)
     *(.sbat.*)
+    _esbat = .;
     . = ALIGN(4096);
+    _epsbat = .;
   }
-  _esbat = .;
-  _sbat_vsize = . - _sbat;
-  . = ALIGN(4096);
-  _sbat_size = . - _sbat;
-
-  . = ALIGN(4096);
-  .vendor_cert :
-  {
-    _vendor_cert = .;
-    *(.vendor_cert)
-    _evirt_vendor_cert = .;
-    . = ALIGN(4096);
-  }
-  _evendor_cert = .;
-  _vendor_cert_vsize = _evirt_vendor_cert - _vendor_cert;
-  _vendor_cert_size = . - _vendor_cert;
-  _alldata_size = . - _data;
+  _sbat_size = _epsbat - _sbat;
+  _sbat_vsize = _esbat - _sbat;
 
   . = ALIGN(4096);
-  .rel :
+  .rodata :
   {
+    _rodata = .;
     *(.rel.dyn)
     *(.rel.plt)
     *(.rel.got)
     *(.rel.data)
     *(.rel.data*)
+
+    *(.rodata*)
+    *(.srodata)
+    *(.dynsym)
+    *(.dynstr)
+    . = ALIGN(16);
+    *(.note.gnu.build-id)
+    . = ALIGN(4096);
+    *(.vendor_cert)
+    *(.data.ident)
+    _evrodata = .;
+    . = ALIGN(4096);
   }
+  _erodata = .;
+  _rodata_size = . - _rodata;
+  _rodata_vsize = _evrodata - _rodata;
+  _alldata_size = . - _data;
 
-  . = ALIGN(4096);
-  .dynsym   : { *(.dynsym) }
-  . = ALIGN(4096);
-  .dynstr   : { *(.dynstr) }
-  . = ALIGN(4096);
   /DISCARD/ :
   {
     *(.rel.reloc)