From cd2bfd13e80d5a20ca27e3f7e9dd5f4d33c30a6d Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Mon, 13 Mar 2023 12:06:13 +0100 Subject: [PATCH] fix(dracut.sh): use dynamically uefi's sections offset * Uefi section are creating by `objcopy` with hardcoded sections offset. This commit allow to have the correct offset between each part of the efi file, needed to create an UKI. Offsets are simply calculated so no sections overlap, as recommended in https://wiki.archlinux.org/title/Unified_kernel_image#Manually Moreover, efi stub file's header is parsed to apply the correct offsets according the section alignment factor. * Remove EFI_SECTION_VMA_INITRD, no need anymore as initrd section offset dynamically calculated Fixes dracutdevs#2275 Signed-off-by: Valentin Lefebvre (Cherry-picked commit: f32e95bcadbc5158843530407adc1e7b700561b1) Resolves: #2180787 --- dracut-functions.sh | 23 +++++++++++++++++++++++ dracut.sh | 45 +++++++++++++++++++++++++++++++++++---------- 2 files changed, 58 insertions(+), 10 deletions(-) diff --git a/dracut-functions.sh b/dracut-functions.sh index ff6749a1..a95755b2 100755 --- a/dracut-functions.sh +++ b/dracut-functions.sh @@ -995,3 +995,26 @@ get_dev_module() { fi echo "$dev_drivers" } + +# Check if file is in PE format +pe_file_format() { + if [[ $# -eq 1 ]]; then + local magic + magic=$(objdump -p "$1" \ + | awk '{if ($1 == "Magic"){print strtonum("0x"$2)}}') + magic=$(printf "0x%x" "$magic") + # 0x10b (PE32), 0x20b (PE32+) + [[ $magic == 0x20b || $magic == 0x10b ]] && return 0 + fi + return 1 +} + +# Get the sectionAlignment data from the PE header +pe_get_section_align() { + local align_hex + [[ $# -ne "1" ]] && return 1 + [[ $(pe_file_format "$1") -eq 1 ]] && return 1 + align_hex=$(objdump -p "$1" \ + | awk '{if ($1 == "SectionAlignment"){print $2}}') + echo "$((16#$align_hex))" +} diff --git a/dracut.sh b/dracut.sh index d2f07ac6..0c963431 100755 --- a/dracut.sh +++ b/dracut.sh @@ -1433,7 +1433,6 @@ if [[ ! $print_cmdline ]]; then exit 1 fi unset EFI_MACHINE_TYPE_NAME - EFI_SECTION_VMA_INITRD=0x3000000 case $(uname -m) in x86_64) EFI_MACHINE_TYPE_NAME=x64 @@ -1443,8 +1442,6 @@ if [[ ! $print_cmdline ]]; then ;; aarch64) EFI_MACHINE_TYPE_NAME=aa64 - # aarch64 kernels are uncompressed and thus larger, so we need a bigger gap between vma sections - EFI_SECTION_VMA_INITRD=0x4000000 ;; *) dfatal "Architecture '$(uname -m)' not supported to create a UEFI executable" @@ -2596,29 +2593,57 @@ if [[ $uefi == yes ]]; then done fi + offs=$(objdump -h "$uefi_stub" 2> /dev/null | awk 'NF==7 {size=strtonum("0x"$3);\ + offset=strtonum("0x"$4)} END {print size + offset}') + if [[ $offs -eq 0 ]]; then + dfatal "Failed to get the size of $uefi_stub to create UEFI image file" + exit 1 + fi + align=$(pe_get_section_align "$uefi_stub") + if [[ $? -eq 1 ]]; then + dfatal "Failed to get the sectionAlignment of the stub PE header to create the UEFI image file" + exit 1 + fi + offs=$((offs + "$align" - offs % "$align")) + [[ -s $dracutsysrootdir/usr/lib/os-release ]] && uefi_osrelease="$dracutsysrootdir/usr/lib/os-release" + [[ -s $dracutsysrootdir/etc/os-release ]] && uefi_osrelease="$dracutsysrootdir/etc/os-release" + [[ -s $uefi_osrelease ]] \ + && uefi_osrelease_offs=${offs} \ + && offs=$((offs + $(stat -Lc%s "$uefi_osrelease"))) \ + && offs=$((offs + "$align" - offs % "$align")) + if [[ $kernel_cmdline ]] || [[ $hostonly_cmdline == yes && -d "$initdir/etc/cmdline.d" ]]; then echo -ne "\x00" >> "$uefi_outdir/cmdline.txt" dinfo "Using UEFI kernel cmdline:" dinfo "$(tr -d '\000' < "$uefi_outdir/cmdline.txt")" uefi_cmdline="${uefi_outdir}/cmdline.txt" + uefi_cmdline_offs=${offs} + offs=$((offs + $(stat -Lc%s "$uefi_cmdline"))) + offs=$((offs + "$align" - offs % "$align")) else unset uefi_cmdline fi - [[ -s $dracutsysrootdir/usr/lib/os-release ]] && uefi_osrelease="$dracutsysrootdir/usr/lib/os-release" - [[ -s $dracutsysrootdir/etc/os-release ]] && uefi_osrelease="$dracutsysrootdir/etc/os-release" if [[ -s ${dracutsysrootdir}${uefi_splash_image} ]]; then uefi_splash_image="${dracutsysrootdir}${uefi_splash_image}" + uefi_splash_offs=${offs} + offs=$((offs + $(stat -Lc%s "$uefi_splash_image"))) + offs=$((offs + "$align" - offs % "$align")) else unset uefi_splash_image fi + uefi_linux_offs="${offs}" + offs=$((offs + $(stat -Lc%s "$kernel_image"))) + offs=$((offs + "$align" - offs % "$align")) + uefi_initrd_offs="${offs}" + if objcopy \ - ${uefi_osrelease:+--add-section .osrel="$uefi_osrelease" --change-section-vma .osrel=0x20000} \ - ${uefi_cmdline:+--add-section .cmdline="$uefi_cmdline" --change-section-vma .cmdline=0x30000} \ - ${uefi_splash_image:+--add-section .splash="$uefi_splash_image" --change-section-vma .splash=0x40000} \ - --add-section .linux="$kernel_image" --change-section-vma .linux=0x2000000 \ - --add-section .initrd="${DRACUT_TMPDIR}/initramfs.img" --change-section-vma .initrd="${EFI_SECTION_VMA_INITRD}" \ + ${uefi_osrelease:+--add-section .osrel="$uefi_osrelease" --change-section-vma .osrel=$(printf 0x%x "$uefi_osrelease_offs")} \ + ${uefi_cmdline:+--add-section .cmdline="$uefi_cmdline" --change-section-vma .cmdline=$(printf 0x%x "$uefi_cmdline_offs")} \ + ${uefi_splash_image:+--add-section .splash="$uefi_splash_image" --change-section-vma .splash=$(printf 0x%x "$uefi_splash_offs")} \ + --add-section .linux="$kernel_image" --change-section-vma .linux="$(printf 0x%x "$uefi_linux_offs")" \ + --add-section .initrd="${DRACUT_TMPDIR}/initramfs.img" --change-section-vma .initrd="$(printf 0x%x "$uefi_initrd_offs")" \ "$uefi_stub" "${uefi_outdir}/linux.efi"; then if [[ -n ${uefi_secureboot_key} && -n ${uefi_secureboot_cert} ]]; then if sbsign \