Hi folks,
I'm hoping that I might be able to get some development help with binutils for aarch64...
I'm maintaining the UEFI Secure Boot stack in Debian (shim etc.), including for arm64/aarch64 (as I wanted to make that work too!). UEFI binaries are awkward for those of used to the Linux and ELF world - they're PE/COFF format with different calling conventions to match the Microsoft world. But we've made things work.
On x86 platforms, the shim build process uses objcopy --target=efi-app-$(ARCH) to produce the final output binaries. We've never had similar support for the aarch64 platform, and instead somebody came up with a method using locally-hacked linker script and "-O binary" to generate the output binaries. That's worked well enough for a while, but it's been annoying for various reasons (particularly debugging problems).
*However*, recently for security reasons we've tweaked the layout of Secure Boot binaries [1] and this has caused lots of problems. The older hacks to hand-build the right sections etc. needed significant extra work, and we're still dealing with awkward bugs related to this. Based ont these problems, I recently had to make the painful decision to drop support for arm64 SB in Debian. I know that other distributions are feeling similar pain. :-(
Rather than continuing to hack on things, I think it's (way past) time that we did things correctly! We need aarch64 binary format support in binutils so we can just use it like we do on x86. AFAICS, there is already a bug open asking for this from last year [2]. Could I please prevail on some friendly neighourhood aarch64 toolchain engineer to help with that?
Thanks for considering,
Steve
[1] https://github.com/rhboot/shim/blob/main/SBAT.md [2] https://sourceware.org/bugzilla/show_bug.cgi?id=26206#add_comment