diff --git a/contrib/ci/dependencies.xml b/contrib/ci/dependencies.xml
index 8b4297750..1a13eab15 100644
--- a/contrib/ci/dependencies.xml
+++ b/contrib/ci/dependencies.xml
@@ -893,6 +893,20 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
pango-devel
diff --git a/contrib/debian/lintian/fwupd b/contrib/debian/lintian/fwupd
index 769a1296a..308555896 100644
--- a/contrib/debian/lintian/fwupd
+++ b/contrib/debian/lintian/fwupd
@@ -6,5 +6,5 @@ fwupd binary: systemd-service-file-missing-install-key lib/systemd/system/system
fwupd: library-not-linked-against-libc usr/lib/*/fwupd-plugins-3/libfu_plugin_upower.so
#EFI applications are PE executables
fwupd: executable-not-elf-or-script usr/lib/fwupd/efi/*.efi
-fwupd: portable-executable-missing-security-features usr/lib/fwupd/efi/*.efi ASLR DEP/NX
+fwupd: portable-executable-missing-security-features usr/lib/fwupd/efi/*.efi SafeSEH
fwupd: library-not-linked-against-libc usr/lib/*/fwupd-plugins-3/libfu_plugin_modem_manager.so
diff --git a/meson.build b/meson.build
index 2a13eabde..0eae5b6bb 100644
--- a/meson.build
+++ b/meson.build
@@ -235,6 +235,7 @@ if build_standalone and get_option('plugin_uefi')
objcopy = find_program ('objcopy')
readelf = find_program ('readelf')
tpm2tss = dependency('tss2-esys', version : '>= 2.0')
+ genpeimg = find_program ('genpeimg', required: false)
efi_app_location = join_paths(libexecdir, 'fwupd', 'efi')
conf.set_quoted ('EFI_APP_LOCATION', efi_app_location)
diff --git a/plugins/uefi/efi/generate_binary.sh b/plugins/uefi/efi/generate_binary.sh
new file mode 100755
index 000000000..f4faf5860
--- /dev/null
+++ b/plugins/uefi/efi/generate_binary.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+output=$2
+objcopy_cmd=$(which objcopy)
+genpeimg_cmd=$(which genpeimg)
+
+$objcopy_cmd -j .text \
+ -j .sdata \
+ -j .data \
+ -j .dynamic \
+ -j .dynsym \
+ -j .rel \
+ -j .rela \
+ -j .reloc \
+ $*
+
+if [ -n "${genpeimg_cmd}" ]; then
+ $genpeimg_cmd -d \
+ +d \
+ -d \
+ +n \
+ -d \
+ +s \
+ $output
+fi
diff --git a/plugins/uefi/efi/meson.build b/plugins/uefi/efi/meson.build
index 5be2ffea1..382001c61 100644
--- a/plugins/uefi/efi/meson.build
+++ b/plugins/uefi/efi/meson.build
@@ -135,20 +135,11 @@ so = custom_target('fwup.so',
efi_ldflags + ['@INPUT@'] +
['-lefi', '-lgnuefi', libgcc_file_name])
+build_tool = join_paths(meson.source_root(), 'plugins', 'uefi', 'efi', 'generate_binary.sh')
app = custom_target(efi_name,
input : so,
output : efi_name,
- command : [objcopy,
- '-j', '.text',
- '-j', '.sdata',
- '-j', '.data',
- '-j', '.dynamic',
- '-j', '.dynsym',
- '-j', '.rel',
- '-j', '.rela',
- '-j', '.reloc']
- + efi_format +
- ['@INPUT@', '@OUTPUT@'],
+ command : [build_tool, '@INPUT@', '@OUTPUT@', efi_format],
install : true,
install_dir : efi_app_location)