grub-mkimage: Do not generate empty SBAT metadata

When creating core.elf with SBAT the grub-mkimage does not check if
an SBAT metadata file contains at least an SBAT header or not. It leads to
adding an empty SBAT ELF note for PowerPC and the .sbat section for EFI.
Fix this by checking the SBAT metadata file size against the SBAT header
size before adding SBAT contents to the ELF note or .sbat section.

Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/util/mkimage.c b/util/mkimage.c
index f364a5718ecee7bf38797d0ac8366fd9fcbc6b75..2920c024909ea9aa4d47acfb7c006b58a15da3cb 100644 (file)
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -56,6 +56,9 @@
 
 #pragma GCC diagnostic ignored "-Wcast-align"
 
+#define SBAT_HEADER      "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md"
+#define SBAT_HEADER_SIZE (sizeof (SBAT_HEADER))
+
 #define TARGET_NO_FIELD 0xffffffff
 
 /* use 2015-01-01T00:00:00+0000 as a stock timestamp */
@@ -963,6 +966,12 @@ grub_install_generate_image (const char *dir, const char *prefix,
 
   if (sbat_path != NULL && (image_target->id != IMAGE_EFI && image_target->id != IMAGE_PPC))
     grub_util_error (_("SBAT data can be added only to EFI or powerpc-ieee1275 images"));
+  else if (sbat_path != NULL)
+    {
+      sbat_size = grub_util_get_image_size (sbat_path);
+      if (sbat_size < SBAT_HEADER_SIZE)
+        grub_util_error (_("%s file should contain at least an SBAT header"), sbat_path);
+    }
 
   if (appsig_size != 0 && image_target->id != IMAGE_PPC)
     grub_util_error (_("appended signature can be support only to powerpc-ieee1275 images"));
@@ -1396,7 +1405,7 @@ grub_install_generate_image (const char *dir, const char *prefix,
 
        if (sbat_path != NULL)
          {
-           sbat_size = ALIGN_ADDR (grub_util_get_image_size (sbat_path));
+           sbat_size = ALIGN_ADDR (sbat_size);
            sbat_size = ALIGN_UP (sbat_size, GRUB_PE32_FILE_ALIGNMENT);
          }
 
@@ -1857,7 +1866,6 @@ grub_install_generate_image (const char *dir, const char *prefix,
        char *sbat = NULL;
        if (sbat_path != NULL)
          {
-           sbat_size = grub_util_get_image_size (sbat_path);
            sbat = xmalloc (sbat_size);
            grub_util_load_image (sbat_path, sbat);
            layout.sbat_size = sbat_size;