annobin: Introduction
1
1 1 What is Binary Annotation ?
1 *****************************
1
1 Binary Annotation is a method for recording information about an
1 application inside the application itself. It is an implementation of
1 the 'Watermark' specification defined here:
1 <https://fedoraproject.org/wiki/Toolchain/Watermark>
1
1 Although mainly focused on recording security information, the system
1 can be used to record any kind of data, even data not related to the
1 application. One of the main goals of the system however is the ability
1 to specify the address range over which a given piece of information is
1 valid. So for example it is possible to specify that all of a program
1 was compiled with the '-O2' option except for one special function which
1 was compiled with '-O0' instead.
1
1 The range information is useful because it allows third parties to
1 examine the binary and find out if its construction was consistent. IE
1 that there are no gaps in the recorded information, and no special cases
1 where a required feature was not active.
1
1 The system works by adding special sections to the application
1 containing individual pieces of information along with an address range
1 for which the information is valid. (Some effort has gone into the
1 storing this information in a reasonably compact format).
1
1 The information is generated by a plugin that is attached to the
1 compiler. The plugin extracts information from the internals of
1 compiler and records them in the object file(s) being produced.
1
1 Note - the plugin method is just one way of generating the
1 information. Any interested party can create and add information to the
1 object file, providing that they follow the Watermark specification.
1
1 The information can be extracted from files via the use of tools like
1 'readelf' and 'objdump'. The 'annobin' package itself includes a
1 program called 'annocheck' which can can also examine this information.
1 Details on this program can be found elsewhere in this documentation.
1