From ec6972ab724c23edb47394e1211c4d3dc635ea8f Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Mon, 13 Mar 2023 12:06:13 +0100 Subject: [PATCH] fix(dracut.sh): use dynamically uefi's sections offset * Uefi section are creating by `objcopy` with hardcoded sections offset. This commit allow to have the correct offset between each part of the efi file, needed to create an UKI. Offsets are simply calculated so no sections overlap, as recommended in https://wiki.archlinux.org/title/Unified_kernel_image#Manually Moreover, efi stub file's header is parsed to apply the correct offsets according the section alignment factor. * Remove EFI_SECTION_VMA_INITRD, no need anymore as initrd section offset dynamically calculated Fixes dracutdevs#2275 Signed-off-by: Valentin Lefebvre --- dracut-functions.sh | 23 +++++++++++++++++++++++ dracut.sh | 45 +++++++++++++++++++++++++++++++++++---------- 2 files changed, 58 insertions(+), 10 deletions(-) diff --git a/dracut-functions.sh b/dracut-functions.sh index 280e4e7..78547f3 100755 --- a/dracut-functions.sh +++ b/dracut-functions.sh @@ -1011,3 +1011,26 @@ get_dev_module() { fi echo "$dev_drivers" } + +# Check if file is in PE format +pe_file_format() { + if [[ $# -eq 1 ]]; then + local magic + magic=$(objdump -p "$1" \ + | awk '{if ($1 == "Magic"){print strtonum("0x"$2)}}') + magic=$(printf "0x%x" "$magic") + # 0x10b (PE32), 0x20b (PE32+) + [[ $magic == 0x20b || $magic == 0x10b ]] && return 0 + fi + return 1 +} + +# Get the sectionAlignment data from the PE header +pe_get_section_align() { + local align_hex + [[ $# -ne "1" ]] && return 1 + [[ $(pe_file_format "$1") -eq 1 ]] && return 1 + align_hex=$(objdump -p "$1" \ + | awk '{if ($1 == "SectionAlignment"){print $2}}') + echo "$((16#$align_hex))" +} diff --git a/dracut.sh b/dracut.sh index 031dd85..f42ef89 100755 --- a/dracut.sh +++ b/dracut.sh @@ -1447,7 +1447,6 @@ if [[ ! $print_cmdline ]]; then exit 1 fi unset EFI_MACHINE_TYPE_NAME - EFI_SECTION_VMA_INITRD=0x3000000 case "${DRACUT_ARCH:-$(uname -m)}" in x86_64) EFI_MACHINE_TYPE_NAME=x64 @@ -1457,8 +1456,6 @@ if [[ ! $print_cmdline ]]; then ;; aarch64) EFI_MACHINE_TYPE_NAME=aa64 - # aarch64 kernels are uncompressed and thus larger, so we need a bigger gap between vma sections - EFI_SECTION_VMA_INITRD=0x4000000 ;; *) dfatal "Architecture '${DRACUT_ARCH:-$(uname -m)}' not supported to create a UEFI executable" @@ -2617,29 +2614,57 @@ if [[ $uefi == yes ]]; then fi fi + offs=$(objdump -h "$uefi_stub" 2> /dev/null | awk 'NF==7 {size=strtonum("0x"$3);\ + offset=strtonum("0x"$4)} END {print size + offset}') + if [[ $offs -eq 0 ]]; then + dfatal "Failed to get the size of $uefi_stub to create UEFI image file" + exit 1 + fi + align=$(pe_get_section_align "$uefi_stub") + if [[ $? -eq 1 ]]; then + dfatal "Failed to get the sectionAlignment of the stub PE header to create the UEFI image file" + exit 1 + fi + offs=$((offs + "$align" - offs % "$align")) + [[ -s $dracutsysrootdir/usr/lib/os-release ]] && uefi_osrelease="$dracutsysrootdir/usr/lib/os-release" + [[ -s $dracutsysrootdir/etc/os-release ]] && uefi_osrelease="$dracutsysrootdir/etc/os-release" + [[ -s $uefi_osrelease ]] \ + && uefi_osrelease_offs=${offs} \ + && offs=$((offs + $(stat -Lc%s "$uefi_osrelease"))) \ + && offs=$((offs + "$align" - offs % "$align")) + if [[ $kernel_cmdline ]] || [[ $hostonly_cmdline == yes && -e "${uefi_outdir}/cmdline.txt" ]]; then echo -ne "\x00" >> "$uefi_outdir/cmdline.txt" dinfo "Using UEFI kernel cmdline:" dinfo "$(tr -d '\000' < "$uefi_outdir/cmdline.txt")" uefi_cmdline="${uefi_outdir}/cmdline.txt" + uefi_cmdline_offs=${offs} + offs=$((offs + $(stat -Lc%s "$uefi_cmdline"))) + offs=$((offs + "$align" - offs % "$align")) else unset uefi_cmdline fi - [[ -s $dracutsysrootdir/usr/lib/os-release ]] && uefi_osrelease="$dracutsysrootdir/usr/lib/os-release" - [[ -s $dracutsysrootdir/etc/os-release ]] && uefi_osrelease="$dracutsysrootdir/etc/os-release" if [[ -s ${dracutsysrootdir}${uefi_splash_image} ]]; then uefi_splash_image="${dracutsysrootdir}${uefi_splash_image}" + uefi_splash_offs=${offs} + offs=$((offs + $(stat -Lc%s "$uefi_splash_image"))) + offs=$((offs + "$align" - offs % "$align")) else unset uefi_splash_image fi + uefi_linux_offs="${offs}" + offs=$((offs + $(stat -Lc%s "$kernel_image"))) + offs=$((offs + "$align" - offs % "$align")) + uefi_initrd_offs="${offs}" + if objcopy \ - ${uefi_osrelease:+--add-section .osrel="$uefi_osrelease" --change-section-vma .osrel=0x20000} \ - ${uefi_cmdline:+--add-section .cmdline="$uefi_cmdline" --change-section-vma .cmdline=0x30000} \ - ${uefi_splash_image:+--add-section .splash="$uefi_splash_image" --change-section-vma .splash=0x40000} \ - --add-section .linux="$kernel_image" --change-section-vma .linux=0x2000000 \ - --add-section .initrd="${DRACUT_TMPDIR}/initramfs.img" --change-section-vma .initrd="${EFI_SECTION_VMA_INITRD}" \ + ${uefi_osrelease:+--add-section .osrel="$uefi_osrelease" --change-section-vma .osrel=$(printf 0x%x "$uefi_osrelease_offs")} \ + ${uefi_cmdline:+--add-section .cmdline="$uefi_cmdline" --change-section-vma .cmdline=$(printf 0x%x "$uefi_cmdline_offs")} \ + ${uefi_splash_image:+--add-section .splash="$uefi_splash_image" --change-section-vma .splash=$(printf 0x%x "$uefi_splash_offs")} \ + --add-section .linux="$kernel_image" --change-section-vma .linux="$(printf 0x%x "$uefi_linux_offs")" \ + --add-section .initrd="${DRACUT_TMPDIR}/initramfs.img" --change-section-vma .initrd="$(printf 0x%x "$uefi_initrd_offs")" \ "$uefi_stub" "${uefi_outdir}/linux.efi"; then if [[ -n ${uefi_secureboot_key} && -n ${uefi_secureboot_cert} ]]; then if sbsign \ -- 2.39.2