From: Daan De Meyer Date: Mon, 30 Sep 2024 11:50:27 +0000 (+0200) Subject: ukify: Remove special casing for .linux section X-Git-Tag: v257-rc1~357^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F34583%2Fhead;p=thirdparty%2Fsystemd.git ukify: Remove special casing for .linux section Now that we properly leave sufficient space for inline execution of the .linux section, let's remove the special casing of the .linux section as it doesn't need to be the last section anymore now. --- diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index 86117cd5631..55c40164ae9 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -502,7 +502,7 @@ def pe_strip_section_name(name): return name.rstrip(b"\x00").decode() -def call_systemd_measure(uki, linux, opts): +def call_systemd_measure(uki, opts): if not opts.measure and not opts.pcr_private_keys: return @@ -528,14 +528,10 @@ def call_systemd_measure(uki, linux, opts): continue if s.content is not None: - assert(s.name != ".linux" or linux is None) to_measure.append(f"--{s.name.removeprefix('.')}={s.content}") else: raise ValueError(f"Don't know how to measure section {s.name}"); - if linux is not None: - to_measure.append(f'--linux={linux}') - # And now iterate through the base profile and measure what we haven't measured above if opts.measure_base is not None: pe = pefile.PE(opts.measure_base, fast_load=True) @@ -952,9 +948,6 @@ def make_uki(opts): ('.pcrpkey', pcrpkey, True ), ('.initrd', initrd, True ), ('.ucode', opts.microcode, True ), - - # linux shall be last to leave breathing room for decompression. - # We'll add it later. ] for name, content, measure in sections: @@ -965,6 +958,15 @@ def make_uki(opts): for section in opts.sections: uki.add_section(section) + if linux is not None: + try: + virtual_size = pefile.PE(linux, fast_load=True).OPTIONAL_HEADER.SizeOfImage + except pefile.PEFormatError: + print(f"{linux} is not a valid PE file, not using SizeOfImage.") + virtual_size = None + + uki.add_section(Section.create('.linux', linux, measure=True, virtual_size=virtual_size)) + if opts.extend is None: if linux is not None: # Merge the .sbat sections from stub, kernel and parameter, so that revocation can be done on either. @@ -984,22 +986,10 @@ uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/l # PCR measurement and signing - # We pass in the contents for .linux separately because we need them to do the measurement but can't add - # the section yet because we want .linux to be the last section. Make sure any other sections are added - # before this function is called. - call_systemd_measure(uki, linux, opts=opts) + call_systemd_measure(uki, opts=opts) # UKI creation - if linux is not None: - try: - virtual_size = pefile.PE(linux, fast_load=True).OPTIONAL_HEADER.SizeOfImage - except pefile.PEFormatError: - print(f"{f} is not a valid PE file, not using SizeOfImage.") - virtual_size = None - - uki.add_section(Section.create('.linux', linux, measure=True, virtual_size=virtual_size)) - if sign_args_present: unsigned = tempfile.NamedTemporaryFile(prefix='uki') unsigned_output = unsigned.name