From: Jan Janssen Date: Mon, 31 Oct 2022 08:52:56 +0000 (+0100) Subject: NEWS: Clarify overlapping UKI PE section offsets X-Git-Tag: v252~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e50cf38a6196af0d46b274c29125b6e58d310bb;p=thirdparty%2Fsystemd.git NEWS: Clarify overlapping UKI PE section offsets --- diff --git a/NEWS b/NEWS index 0e0939ee8d2..fc3b8ea4b4f 100644 --- a/NEWS +++ b/NEWS @@ -229,8 +229,14 @@ CHANGES WITH 252 in spe: * The sd-boot stub exports a StubFeatures flag, which is used by bootctl to show features supported by the stub that was used to boot. - * sd-boot will now try to detect and warn about overlapping PE sections - in the UKI. + * The PE section offsets that are used by tools that assemble unified + kernel images have historically been hard-coded. This may lead to + overlapping PE sections which may break on boot. The UKI will now try + to detect and warn about this. + + Any tools that assemble UKIs must update to calculate these offsets + dynamically. Future sd-stub versions may use offsets that will not + work with the currently used set of hard-coded offsets! * sd-stub now accepts (and passes to the initrd and then to the full OS) new PE sections '.pcrsig' and '.pcrkey' that can be used to embed diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml index dacf0fa7a7b..415d663f53e 100644 --- a/man/systemd-stub.xml +++ b/man/systemd-stub.xml @@ -396,6 +396,10 @@ /usr/lib/systemd/boot/efi/linuxx64.efi.stub \ foo-unsigned.efi + Note that these PE section offsets are example values and a properly assembled image must not + contain any overlapping sections (this includes already existing sections inside the stub before + assembly) or boot may fail. + This generates one PE executable file foo-unsigned.efi from the six individual files for OS release information, kernel command line, boot splash image, kernel image, main initrd and UEFI boot stub.