Xen project Mailing List

[PATCH] EFI: strip xen.efi when putting it on the EFI partition

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 9 Jun 2022 17:52:45 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W0KfPugo3KQU69jKeUIwn3lcDuM0nZSDmJTaW1CYFB4=; b=iRKpcjbG2JA2IXIdgXHnHb5m/nKCaNfKSxdRALS4FfPO2QyRhVQmqWiF/MPOTbFQQsTNHSydCsB8hUs+xLDWk7w2l9DaKQHZ6C5iC73r/CK40r3xm7T806Gk4dG/9CoF9Ohe75Bbs/88fmV5HJTDRUKOAumCTpreRTjqI3T9Pvpi4r/C7cGz4QjMkwHQ4OEwN9Bp6RJrW/YzEcuzy9tfrKUiTTl8mg82KFJBX+hqYvziUjKbG6vmAZyoUBsiHS63Wsi0Z4rPdb68D4ykGHK0RlSXpo3MBwCwu0fJx3ANnQoZHdKwwYr6e+75Y+bfRCODO9P6TfWc8h7sB+VeRpDtwQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jzpsjknwbU40iC/+l8GagzCTs0OXrg/jVbCkp2LMq6fM5NJ/mhcKheii8WBweNuRh3ccr6qfsf3M1LR5CEP99x95Wriy/PsStWqo5vEH7imrMeiSKz+sWIQEfbky49BFoA6gFYXcJ++e4gvQ5+Ct2SF1lJ8Gr6OyeS7O6Ra9T7R2m0StS3on9+gNkcdY0Rqlrd23HOVV895IpOczYke1MY392bFi7FCxGp+CYTwTEjJXORNXfwIkA0LO9E87xnew0Rwx2yC1QTPSvYDFzRj2fGGkgSfyL4p9iG5gEpxKrBTSWMt3VmJY0Pjkq5bVmvmk3LWfoAjhGfNJfU3SLSHIrQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Thu, 09 Jun 2022 15:52:53 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

With debug info retained, xen.efi can be quite large. Unlike for xen.gz there's no intermediate step (mkelf32 there) involved which would strip debug info kind of as a side effect. While the installing of xen.efi on the EFI partition is an optional step (intended to be a courtesy to the developer), adjust it also for the purpose of documenting what distros would be expected to do during boot loader configuration (which is what would normally put xen.efi into the EFI partition). Model the control over stripping after Linux'es module installation, except that the stripped executable is constructed in the build area instead of in the destination location. This is to conserve on space used there - EFI partitions tend to be only a few hundred Mb in size. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- GNU strip 2.38 appears to have issues when acting on a PE binary: - file name symbols are also stripped; while there is a separate --keep-file-symbols option (which I would have thought to be on by default anyway), its use so far makes no difference, - the string table grows in size, when one would expect it to retain its size (or shrink), - linker version is changed in and timestamp zapped from the header. Older GNU strip (observed with 2.35.1) doesn't work at all ("Data Directory size (1c) exceeds space left in section (8)"). Future GNU strip is going to honor --keep-file-symbols (and will also have the other issues fixed). Question is whether we should use that option (for the symbol table as a whole to make sense), or whether instead we should (by default) strip the symbol table as well. --- a/xen/Makefile +++ b/xen/Makefile @@ -465,6 +465,22 @@ endif .PHONY: _build _build: $(TARGET)$(CONFIG_XEN_INSTALL_SUFFIX) +# Strip +# +# INSTALL_EFI_STRIP, if defined, will cause xen.efi to be stripped before it +# is installed. If INSTALL_EFI_STRIP is '1', then the default option +# --strip-debug will be used. Otherwise, INSTALL_EFI_STRIP value will be used +# as the option(s) to the strip command. +ifdef INSTALL_EFI_STRIP + +ifeq ($(INSTALL_EFI_STRIP),1) +efi-strip-opt := --strip-debug +else +efi-strip-opt := $(INSTALL_EFI_STRIP) +endif + +endif + .PHONY: _install _install: D=$(DESTDIR) _install: T=$(notdir $(TARGET)) @@ -489,6 +505,9 @@ _install: $(TARGET)$(CONFIG_XEN_INSTALL_ ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T)-$(XEN_VERSION).efi; \ ln -sf $(T)-$(XEN_FULLVERSION).efi $(D)$(EFI_DIR)/$(T).efi; \ if [ -n '$(EFI_MOUNTPOINT)' -a -n '$(EFI_VENDOR)' ]; then \ + $(if $(efi-strip-opt), \ + $(STRIP) $(efi-strip-opt) -p -o $(TARGET).efi.stripped $(TARGET).efi && \ + $(INSTALL_DATA) $(TARGET).efi.stripped $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi ||) \ $(INSTALL_DATA) $(TARGET).efi $(D)$(EFI_MOUNTPOINT)/efi/$(EFI_VENDOR)/$(T)-$(XEN_FULLVERSION).efi; \ elif [ "$(D)" = "$(patsubst $(shell cd $(XEN_ROOT) && pwd)/%,%,$(D))" ]; then \ echo 'EFI installation only partially done (EFI_VENDOR not set)' >&2; \

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.