[SRU][F][PATCH 1/1] s390/boot: add secure boot trailer

[frank.heimes at canonical.com]

From: Peter Oberparleiter <oberpar at linux.ibm.com>

BugLink: https://bugs.launchpad.net/bugs/1996071

This patch enhances the kernel image adding a trailer as required for
secure boot by future firmware versions.

Cc: <stable at vger.kernel.org> # 5.2+
Signed-off-by: Peter Oberparleiter <oberpar at linux.ibm.com>
Reviewed-by: Sven Schnelle <svens at linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor at linux.ibm.com>
(backported from commit aa127a069ef312aca02b730d5137e1778d0c3ba7)
[Frank Heimes: Backport needed because file 'vmlinux.lds.S' is at a different
 location: 'arch/s390/boot/compressed/' instead of 'arch/s390/boot/'
 and has a slightly different context.]
Signed-off-by: Frank Heimes <frank.heimes at canonical.com>
---
 arch/s390/boot/compressed/vmlinux.lds.S | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/arch/s390/boot/compressed/vmlinux.lds.S b/arch/s390/boot/compressed/vmlinux.lds.S
index 44561b2c3712..c4d02aa0a6a3 100644
--- a/arch/s390/boot/compressed/vmlinux.lds.S
+++ b/arch/s390/boot/compressed/vmlinux.lds.S
@@ -78,10 +78,19 @@ SECTIONS
 		_compressed_start = .;
 		*(.vmlinux.bin.compressed)
 		_compressed_end = .;
-		FILL(0xff);
-		. = ALIGN(4096);
 	}
-	. = ALIGN(256);
+
+#define SB_TRAILER_SIZE 32
+	/* Trailer needed for Secure Boot */
+	. += SB_TRAILER_SIZE; /* make sure .sb.trailer does not overwrite the previous section */
+	. = ALIGN(4096) - SB_TRAILER_SIZE;
+	.sb.trailer : {
+		QUAD(0)
+		QUAD(0)
+		QUAD(0)
+		QUAD(0x000000207a49504c)
+	}
+
 	.bss : {
 		_bss = . ;
 		*(.bss)
-- 
2.25.1