From c74e5d6fe759624ab0182230575b26d5181d79ff Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 5 Sep 2018 17:55:25 +0100 Subject: [PATCH] [x86] boot: Fix EFI stub alignment --- debian/changelog | 1 + .../x86/x86-boot-fix-efi-stub-alignment.patch | 39 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 41 insertions(+) create mode 100644 debian/patches/bugfix/x86/x86-boot-fix-efi-stub-alignment.patch diff --git a/debian/changelog b/debian/changelog index fe9356af4..84138f433 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,7 @@ linux (4.19~rc2-1~exp2) UNRELEASED; urgency=medium * [s390x] linux-image: Install compressed kernel image (fixes FTBFS) * [powerpc*] boot: Fix missing crc32poly.h when building with KERNEL_XZ (fixes FTBFS) + * [x86] boot: Fix EFI stub alignment -- Ben Hutchings Wed, 05 Sep 2018 02:37:19 +0100 diff --git a/debian/patches/bugfix/x86/x86-boot-fix-efi-stub-alignment.patch b/debian/patches/bugfix/x86/x86-boot-fix-efi-stub-alignment.patch new file mode 100644 index 000000000..a51bb9b18 --- /dev/null +++ b/debian/patches/bugfix/x86/x86-boot-fix-efi-stub-alignment.patch @@ -0,0 +1,39 @@ +From: Ben Hutchings +Date: Wed, 05 Sep 2018 17:28:12 +0100 +Subject: x86: boot: Fix EFI stub alignment + +We currently align the end of the compressed image to a multiple of +16. However the PE-COFF header included in the EFI stub says that the +file alignment is 32 bytes, and when adding an EFI signature to the +file it must first be padded to this alignment. + +sbsigntool commands warn about this: + + warning: file-aligned section .text extends beyond end of file + warning: checksum areas are greater than image size. Invalid section table? + +Worse, pesign-at least when creating a detached signature—uses the +hash of the unpadded file, resulting in an invalid signature if +padding is required. + +Avoid both these problems by increasing alignment to 32 bytes when +CONFIG_EFI_STUB is enabled. + +Signed-off-by: Ben Hutchings +--- +--- a/arch/x86/boot/tools/build.c ++++ b/arch/x86/boot/tools/build.c +@@ -391,6 +391,13 @@ int main(int argc, char ** argv) + die("Unable to mmap '%s': %m", argv[2]); + /* Number of 16-byte paragraphs, including space for a 4-byte CRC */ + sys_size = (sz + 15 + 4) / 16; ++#ifdef CONFIG_EFI_STUB ++ /* ++ * COFF requires minimum 32-byte alignment of sections, and ++ * adding a signature is problematic without that alignment. ++ */ ++ sys_size = (sys_size + 1) & ~1; ++#endif + + /* Patch the setup code with the appropriate size parameters */ + buf[0x1f1] = setup_sectors-1; diff --git a/debian/patches/series b/debian/patches/series index b4bb4aefb..9be20e6c0 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -76,6 +76,7 @@ bugfix/powerpc/powerpc-lib-sstep-fix-building-for-powerpcspe.patch bugfix/powerpc/powerpc-lib-makefile-don-t-pull-in-quad.o-for-32-bit.patch bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch +bugfix/x86/x86-boot-fix-efi-stub-alignment.patch # Arch features features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch