From 10d6e3d90f1ea504a1dedaea50478c444e92951c Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Fri, 15 Mar 2019 09:52:02 -0400

Subject: [PATCH 29/62] Once again, try even harder to get binaries without

 timestamps in them.

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

$ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date'

Time/Date		Thu Jan  1 00:00:08 1970

$ _

"What is despair? I have known it—hear my song. Despair is when you’re

debugging a kernel driver and you look at a memory dump and you see that

a pointer has a value of 7."

 - http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf

objcopy only knows about -D for some targets.

ld only believes in --no-insert-timestamp in some versions.

dd takes off and nukes the site from orbit.

It's the only way to be sure.

Signed-off-by: Peter Jones <pjones@redhat.com>

Upstream-commit-id: a4a1fbe728c

---

 Make.defaults | 4 ++++

 Makefile      | 6 ++++--

 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Make.defaults b/Make.defaults

index 09807bd8108..f0bfa9fd573 100644

--- a/Make.defaults

+++ b/Make.defaults

@@ -50,6 +50,7 @@ ifeq ($(ARCH),x86_64)

 	ARCH_SUFFIX		?= x64

 	ARCH_SUFFIX_UPPER	?= X64

 	ARCH_LDFLAGS		?=

+	TIMESTAMP_LOCATION	:= 136

 endif

 ifeq ($(ARCH),ia32)

 	ARCH_CFLAGS		?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \

@@ -60,6 +61,7 @@ ifeq ($(ARCH),ia32)

 	ARCH_SUFFIX_UPPER	?= IA32

 	ARCH_LDFLAGS		?=

 	ARCH_CFLAGS		?= -m32

+	TIMESTAMP_LOCATION	:= 136

 endif

 ifeq ($(ARCH),aarch64)

 	ARCH_CFLAGS		?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align

@@ -70,6 +72,7 @@ ifeq ($(ARCH),aarch64)

 	SUBSYSTEM		:= 0xa

 	ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)

 	ARCH_CFLAGS		?=

+	TIMESTAMP_LOCATION	:= 72

 endif

 ifeq ($(ARCH),arm)

 	ARCH_CFLAGS		?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access

@@ -79,6 +82,7 @@ ifeq ($(ARCH),arm)

 	FORMAT			:= -O binary

 	SUBSYSTEM		:= 0xa

 	ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)

+	TIMESTAMP_LOCATION	:= 72

 endif

 CFLAGS		= -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \

diff --git a/Makefile b/Makefile

index fd7e83dc764..49e14a26521 100644

--- a/Makefile

+++ b/Makefile

@@ -189,11 +189,13 @@ endif

 ifneq ($(OBJCOPY_GTE224),1)

 	$(error objcopy >= 2.24 is required)

 endif

-	$(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \

+	$(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \

 		-j .dynamic -j .dynsym -j .rel* \

 		-j .rela* -j .reloc -j .eh_frame \

 		-j .vendor_cert \

 		$(FORMAT) $^ $@

+	# I am tired of wasting my time fighting binutils timestamp code.

+	dd conv=notrunc bs=1 count=4 seek=$(TIMESTAMP_LOCATION) if=/dev/zero of=$@

 ifneq ($(origin ENABLE_SHIM_HASH),undefined)

 %.hash : %.efi

@@ -204,7 +206,7 @@ endif

 ifneq ($(OBJCOPY_GTE224),1)

 	$(error objcopy >= 2.24 is required)

 endif

-	$(OBJCOPY) -j .text -j .sdata -j .data \

+	$(OBJCOPY) -D -j .text -j .sdata -j .data \

 		-j .dynamic -j .dynsym -j .rel* \

 		-j .rela* -j .reloc -j .eh_frame \

 		-j .debug_info -j .debug_abbrev -j .debug_aranges \

-- 

2.26.2