I am developing my ELF payload that TD-Shim loads.

My ELF payload is a generic OS kernel that can be started in different ways. One of these ways is as an ELF payload via the TD-Shim.

Therefore, my ELF payload has a generic startup sequence that has the step of self-relocation. In other words, one of the first things my ELF payload does is to find all relocations (by reading its own ELF header and metadata) and apply them.

I am confused by the TD-Shim linker logic:

• On the one hand, td-shim-ld has an option --relocate-payload. So I skip this option, which should mean relocate-payload = false and thus self.payload_relocation == false, which should not perform any relocations in my ELF payload:
  

  td-shim/td-shim-tools/src/linker.rs

  Lines 413 to 425 in 553e3e6

  	if self.payload_relocation {
  	let mut payload_reloc_buf = vec![0x0u8; MAX_PAYLOAD_CONTENT_SIZE];
  	let reloc = pe::relocate(
  	&payload_bin.data,
  	&mut payload_reloc_buf,
  	TD_SHIM_PAYLOAD_BASE as usize + payload_header.data.len(),
  	)
  	.ok_or_else(|| {
  	io::Error::new(io::ErrorKind::Other, "Can not relocate payload content")
  	})?;
  	trace!("shim payload relocated to 0x{:x}", reloc);
  	output_file.write(&payload_reloc_buf, "payload content")?;
  	} else {

• On the other hand, td-shim-ld seems to relocate the ELF payload anyway, disregarding the value of --relocate-payload:
  

  td-shim/td-shim-tools/src/linker.rs

  Lines 437 to 444 in 553e3e6

  	let mut ipl_reloc_buf = vec![0x00u8; MAX_IPL_CONTENT_SIZE];
  	// relocate ipl to 1M
  	let reloc = elf::relocate_elf_with_per_program_header(
  	&ipl_bin.data,
  	&mut ipl_reloc_buf,
  	0x100000 as usize,
  	)
  	.ok_or_else(|| io::Error::new(io::ErrorKind::Other, "Can not relocate IPL content"))?;

Maybe I don't understand the difference between payload and ipl? Is there a way to skip relocations of my ELF payload?