Xen project Mailing List

[PATCH RFC] EFI: strip xen.efi when putting it on the EFI partition

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Mon, 25 Apr 2022 12:46:17 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2IyVjbV4+UozLbWszz088eBp53KB5rBQs/D2spIZ4Eg=; b=eO9qSrNSnd4/KvbjVNYnnCPT5LzFQ+dBfkx3B97mDuKif8S2wRSEJ7E06Q8ZnalAbO9581NRkrpd46oSDEEU+fOuEgx8pzkJzXSnZJYDT7Mz7AFS7buNAeGmB+tldbo06+aZV+8NW++TzZqlmffaHhWE8tF4BlqypHqS7djChMNkfedkCb5/HH7YHqloWc77gzcYwkydJi+NVXQLSVJKBX3qpx7pZCOoXpL9kjE6zsfsG0k4V2AUuuiFuntd+Goyv08Jwnn87758AbECCpDIkBivJseH2aR74Qm+Dx7OT3SRGEIgk3JIgc4cAN1FMuZHrSsYlzDh3vSpLvqAPhc/jw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JdJZk4Jev86q83corYMJ/iAju7wV01Br4x78DBxCJXMYVKoRnt6q6tOONR7bCouk5tCZnWIXn3s+YhofZSpkMa+UgPEHCoKvZ4UcY0SatLArbWaLEvKSpjNpUxQAjUzMU+xC3lG1Sts9YzfCjsaxhcBcEA6EqPozf/R1JFFIBEU4Y3wsx5QzeJM6i2ncjSZfbj9NuUYTxB3Mwa6dEwrliX48MhkFTJzXS3rTpeFN+wdpDaCvlTfc3bbrodxUCxT/+9EnEb9+bGZibl9C7iF2O0AsJO3DoFRkiBK/c5GslpfiKyHOk6tbhZHji0c2XwIEMLzKrKndOAcXIqITxr01nA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Mon, 25 Apr 2022 10:46:49 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

With debug info retained, xen.efi can be quite large. Unlike for xen.gz there's no intermediate step (mkelf32 there) involved which would strip debug info kind of as a side effect. While the installing of xen.efi on the EFI partition is an optional step (intended to be a courtesy to the developer), adjust it also for the purpose of documenting what distros would be expected to do during boot loader configuration (which is what would normally put xen.efi into the EFI partition). Model the control over stripping after Linux'es module installation, except that the stripped executable is constructed in the build area instead of in the destination location. This is to conserve on space used there - EFI partitions tend to be only a few hundred Mb in size. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- RFC: GNU strip 2.38 appears to have issues when acting on a PE binary: - the new file positions of the sections do not respect the file alignment specified by the header (a resulting looks to work on one EFI implementation where I did actually try it, but I don't think we can rely on that), - file name symbols are also stripped; while there is a separate --keep-file-symbols option (which I would have thought to be on by default anyway), its use makes no difference. Older GNU strip (observed with 2.35.1) doesn't work at all ("Data Directory size (1c) exceeds space left in section (8)"). --- a/xen/Makefile +++ b/xen/Makefile @@ -461,6 +461,22 @@ endif .PHONY: _build _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) +# Strip +# +# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it +# is installed. If INSTALL_EFI_STRIP is '1', then the default option +# --strip-debug will be used. Otherwise, INSTALL_EFI_STRIP value will be used +# as the option(s) to the strip command. +ifdef INSTALL_EFI_STRIP + +ifeq ($(INSTALL_EFI_STRIP),1) +efi-strip-opt := --strip-debug +else +efi-strip-opt := $(INSTALL_EFI_STRIP) +endif + +endif + .PHONY: _install _install: D=$(DESTDIR) _install: T=$(notdir $(TARGET)) @@ -485,6 +501,9 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_ ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ + $(if $(efi-strip-opt), \ + $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ + $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.