1 |
From cae330868328570a6d2ea5afe38eda0cddb444cb Mon Sep 17 00:00:00 2001 |
2 |
From: Ben Hutchings <ben@decadent.org.uk> |
3 |
Date: Sun, 16 Sep 2018 16:22:47 +0100 |
4 |
Subject: [PATCH 048/145] x86: boot: Fix EFI stub alignment |
5 |
|
6 |
[ Upstream commit 9c1442a9d039a1a3302fa93e9a11001c5f23b624 ] |
7 |
|
8 |
We currently align the end of the compressed image to a multiple of |
9 |
16. However, the PE-COFF header included in the EFI stub says that |
10 |
the file alignment is 32 bytes, and when adding an EFI signature to |
11 |
the file it must first be padded to this alignment. |
12 |
|
13 |
sbsigntool commands warn about this: |
14 |
|
15 |
warning: file-aligned section .text extends beyond end of file |
16 |
warning: checksum areas are greater than image size. Invalid section table? |
17 |
|
18 |
Worse, pesign -at least when creating a detached signature- uses the |
19 |
hash of the unpadded file, resulting in an invalid signature if |
20 |
padding is required. |
21 |
|
22 |
Avoid both these problems by increasing alignment to 32 bytes when |
23 |
CONFIG_EFI_STUB is enabled. |
24 |
|
25 |
Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
26 |
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> |
27 |
Signed-off-by: Sasha Levin <sashal@kernel.org> |
28 |
--- |
29 |
arch/x86/boot/tools/build.c | 7 +++++++ |
30 |
1 file changed, 7 insertions(+) |
31 |
|
32 |
diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c |
33 |
index d4e6cd4577e5..bf0e82400358 100644 |
34 |
--- a/arch/x86/boot/tools/build.c |
35 |
+++ b/arch/x86/boot/tools/build.c |
36 |
@@ -391,6 +391,13 @@ int main(int argc, char ** argv) |
37 |
die("Unable to mmap '%s': %m", argv[2]); |
38 |
/* Number of 16-byte paragraphs, including space for a 4-byte CRC */ |
39 |
sys_size = (sz + 15 + 4) / 16; |
40 |
+#ifdef CONFIG_EFI_STUB |
41 |
+ /* |
42 |
+ * COFF requires minimum 32-byte alignment of sections, and |
43 |
+ * adding a signature is problematic without that alignment. |
44 |
+ */ |
45 |
+ sys_size = (sys_size + 1) & ~1; |
46 |
+#endif |
47 |
|
48 |
/* Patch the setup code with the appropriate size parameters */ |
49 |
buf[0x1f1] = setup_sectors-1; |
50 |
-- |
51 |
2.19.1 |
52 |
|