From 6e50cf38a6196af0d46b274c29125b6e58d310bb Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Mon, 31 Oct 2022 09:52:56 +0100 Subject: [PATCH] NEWS: Clarify overlapping UKI PE section offsets --- NEWS | 10 ++++++++-- man/systemd-stub.xml | 4 ++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 0e0939ee8d..fc3b8ea4b4 100644 --- a/NEWS +++ b/NEWS @@ -229,8 +229,14 @@ CHANGES WITH 252 in spe: * The sd-boot stub exports a StubFeatures flag, which is used by bootctl to show features supported by the stub that was used to boot. - * sd-boot will now try to detect and warn about overlapping PE sections - in the UKI. + * The PE section offsets that are used by tools that assemble unified + kernel images have historically been hard-coded. This may lead to + overlapping PE sections which may break on boot. The UKI will now try + to detect and warn about this. + + Any tools that assemble UKIs must update to calculate these offsets + dynamically. Future sd-stub versions may use offsets that will not + work with the currently used set of hard-coded offsets! * sd-stub now accepts (and passes to the initrd and then to the full OS) new PE sections '.pcrsig' and '.pcrkey' that can be used to embed diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml index dacf0fa7a7..415d663f53 100644 --- a/man/systemd-stub.xml +++ b/man/systemd-stub.xml @@ -396,6 +396,10 @@ /usr/lib/systemd/boot/efi/linuxx64.efi.stub \ foo-unsigned.efi + Note that these PE section offsets are example values and a properly assembled image must not + contain any overlapping sections (this includes already existing sections inside the stub before + assembly) or boot may fail. + This generates one PE executable file foo-unsigned.efi from the six individual files for OS release information, kernel command line, boot splash image, kernel image, main initrd and UEFI boot stub.