From fea3f2ec1936cfb9ed0b3ee62d9d23698097b814 Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Fri, 15 Mar 2019 09:52:02 -0400

Subject: [PATCH] Once again, try even harder to get binaries without

 timestamps in them.

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

$ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date'

Time/Date		Thu Jan  1 00:00:08 1970

$ _

"What is despair? I have known it—hear my song. Despair is when you’re

debugging a kernel driver and you look at a memory dump and you see that

a pointer has a value of 7."

 - http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf

objcopy only knows about -D for some targets.

ld only believes in --no-insert-timestamp in some versions.

dd takes off and nukes the site from orbit.

It's the only way to be sure.

Signed-off-by: Peter Jones <pjones@redhat.com>

---

 Make.defaults | 4 ++++

 Makefile      | 6 ++++--

 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Make.defaults b/Make.defaults

index e11ab5a7f2c..4c26c1adf1f 100644

--- a/Make.defaults

+++ b/Make.defaults

@@ -72,6 +72,7 @@ ifeq ($(ARCH),x86_64)

 	ARCH_SUFFIX		?= x64

 	ARCH_SUFFIX_UPPER	?= X64

 	ARCH_LDFLAGS		?=

+	TIMESTAMP_LOCATION	:= 136

 endif

 ifeq ($(ARCH),ia32)

 	CFLAGS	+= -mno-mmx -mno-sse -mno-red-zone -nostdinc \

@@ -81,6 +82,7 @@ ifeq ($(ARCH),ia32)

 	ARCH_SUFFIX		?= ia32

 	ARCH_SUFFIX_UPPER	?= IA32

 	ARCH_LDFLAGS		?=

+	TIMESTAMP_LOCATION	:= 136

 endif

 ifeq ($(ARCH),aarch64)

 	CFLAGS += -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align

@@ -90,6 +92,7 @@ ifeq ($(ARCH),aarch64)

 	FORMAT			:= -O binary

 	SUBSYSTEM		:= 0xa

 	ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)

+	TIMESTAMP_LOCATION	:= 72

 endif

 ifeq ($(ARCH),arm)

 	CFLAGS += -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align

@@ -99,6 +102,7 @@ ifeq ($(ARCH),arm)

 	FORMAT			:= -O binary

 	SUBSYSTEM		:= 0xa

 	ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)

+	TIMESTAMP_LOCATION	:= 72

 endif

 FORMAT		?= --target efi-app-$(ARCH)

diff --git a/Makefile b/Makefile

index 115e7f08c0f..a012c9f0d16 100644

--- a/Makefile

+++ b/Makefile

@@ -189,11 +189,13 @@ endif

 ifneq ($(OBJCOPY_GTE224),1)

 	$(error objcopy >= 2.24 is required)

 endif

-	$(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \

+	$(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \

 		-j .dynamic -j .dynsym -j .rel* \

 		-j .rela* -j .reloc -j .eh_frame \

 		-j .vendor_cert \

 		$(FORMAT) $^ $@

+	# I am tired of wasting my time fighting binutils timestamp code.

+	dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@

 ifneq ($(origin ENABLE_SHIM_HASH),undefined)

 %.hash : %.efi

@@ -204,7 +206,7 @@ endif

 ifneq ($(OBJCOPY_GTE224),1)

 	$(error objcopy >= 2.24 is required)

 endif

-	$(OBJCOPY) -j .text -j .sdata -j .data \

+	$(OBJCOPY) -D -j .text -j .sdata -j .data \

 		-j .dynamic -j .dynsym -j .rel* \

 		-j .rela* -j .reloc -j .eh_frame \

 		-j .debug_info -j .debug_abbrev -j .debug_aranges \

-- 

2.20.1