FS#77874 - [mkinitcpio] UKI sections aren't aligned

Attached to Project: Arch Linux
Opened by Jan (medhefgo) - Thursday, 16 March 2023, 18:12 GMT
Last edited by Toolybird (Toolybird) - Thursday, 13 April 2023, 06:04 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Morten Linderud (Foxboron)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

mkinitcpio master correctly adds PE sections with a dynamically calculated offsets, but it fails to align the offsets to the section alignment header field. Although, EFI loaders are lenient about this, it is still in violation of the PE format and future EFI firmware might reject such images.

Ultimately, it would be better to use systemd-ukify as it does all the things and more, reducing duplication of effort and increasing support for more arches in the process.
This task depends upon

Closed by  Toolybird (Toolybird)
Thursday, 13 April 2023, 06:04 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in Arch GitLab
Comment by Toolybird (Toolybird) - Friday, 17 March 2023, 00:04 GMT
This would be better placed over at the new home of mkinitcpio development [1]. Could you please resubmit there?

[1] https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio
Comment by Tobias Powalowski (tpowa) - Saturday, 18 March 2023, 07:33 GMT
This is already implemented in master branch.
Comment by Jan (medhefgo) - Saturday, 18 March 2023, 08:26 GMT
I checked and it's not. Please read my original post again.
Comment by Tobias Powalowski (tpowa) - Saturday, 18 March 2023, 08:51 GMT
Ah sorry misread, you are right. Any solution for this and if yes please add it to mentioned issue tracker.
Comment by Jan (medhefgo) - Saturday, 18 March 2023, 09:04 GMT
I can't: https://bugs.archlinux.org/task/77881

Solution is simple: use ukify or extract alignment and do the math.
Comment by Morten Linderud (Foxboron) - Saturday, 18 March 2023, 12:52 GMT
There are both sides to this coin though.

Yes we should be using ukify, but mkinitcpio isn't run only on systems with systemd. I'd like to keep a objcopy implementation around so we can support the super-old gummiboot stuff.
Comment by Jan (medhefgo) - Friday, 24 March 2023, 19:42 GMT
(Since I still cannot finish my account I'll reply here.)

https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/issues/171

> "Need to align them to the last byte."

This is just wrong. You have to align to the SectionAlignment as indicated in the PE header (of the stub, not the kernel). The PR hard-codes this value - which it should not (we don't want a repeat of hard-coded offsets).

The ukify output should be taken with a grain of salt: systemd-253 wrongly indicates an alignment of 0x200. Upstream is now correctly indicating 0x1000. Nevertheless, the value should be extracted from the PE header (you can scrape `objdump -p`).
Comment by Morten Linderud (Foxboron) - Saturday, 25 March 2023, 13:51 GMT
Thanks! I was looking at it yesterday and had the impression it was incorrect.

Loading...