On Fri, Feb 13, 2026 at 09:22:24AM +0100, Jan Beulich wrote: > On 12.02.2026 18:58, Andrew Cooper wrote: > > Also, during the final link steps for xen.efi, we twice get: > > > > [10:09:57.995] Warning: relocation to r/o section .text:00000048 > > [10:09:57.995] Warning: relocation to r/o section .text:00000090 > > > > which smells like the multiboot header. > > It is. These diagnostics are seen only when older ld is in use, but the > issue exists in all cases.
Oh, it took me a while to figure that out. Newer ld generates the relocations itself, and hence we no longer use mkreloc that would print those warnings. However ld generated relocations will still be against read-execute section, and hence as you say the issue also exists there. However the ld version on Darwin is: GNU ld (GNU Binutils) 2.45.1 So the issue is not with the version of ld using in the Darwin build being too old, but rather the checking done in efi-nr-fixups not working well with BSD grep. It needs to be adjusted to use -E, otherwise [[:blank:]] is not recognized. I will send a patch. > It should really already be on someone's todo > list wrt fully secure boot conformant xen.efi, as we did discuss this in > the past. I did start on it: https://lore.kernel.org/xen-devel/[email protected]/ However at the time I did this, the XenServer Secure Boot implementation was doing something that would have been incompatible with this work, and hence I set it on the side. Later on, the XenServer implementation changed and picked up most of this work internally. I however never got back to this work, neither the people that internally worked on Secure Boot send an updated version of the patches. I will see whether I can make some progress on this. Thanks, Roger.
