From: Zbigniew Jędrzejewski-Szmek Date: Mon, 18 Aug 2025 07:43:26 +0000 (+0200) Subject: sd-boot: pad .sbat section to 1k bytes X-Git-Tag: v258-rc3~9^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4a1854397e4072f884dd23c5ec2da22bd2cf114;p=thirdparty%2Fsystemd.git sd-boot: pad .sbat section to 1k bytes Fedora's kernels now ship with a .sbat section: kernel,1,Red Hat,kernel-core,6.17.0-0.rc1.250814g0cc53520e68b.20.fc44.x86_64,mailto:secalert@redhat.com kernel.fedora,1,Red Hat,kernel-core,6.17.0-0.rc1.250814g0cc53520e68b.20.fc44.x86_64,mailto:secalert@redhat.com This pushes the combined .sbat section just over its pre-allocated size of 512 bytes: File "/usr/bin/ukify", line 1048, in pe_add_sections raise PEError(f'Not enough space in existing section {section.name} to append new data') PEError: Not enough space in existing section .sbat to append new data PE sections need to align to 512 bytes, so to make it all fit we pad the .sbat section with zeros to 1k. Various tools already should strip trailing zeros when using sbat sections, since ukify always inserts a trailing NUL. The defines are moved to sbat.h, they are used only in sd-stub and sd-boot. --- diff --git a/src/boot/stub.c b/src/boot/stub.c index 77678bc7967..575b4a982c6 100644 --- a/src/boot/stub.c +++ b/src/boot/stub.c @@ -51,7 +51,7 @@ enum { /* magic string to find in the binary image */ DECLARE_NOALLOC_SECTION(".sdmagic", "#### LoaderInfo: systemd-stub " GIT_VERSION " ####"); -DECLARE_SBAT(SBAT_STUB_SECTION_TEXT); +DECLARE_SBAT_PADDED(SBAT_STUB_SECTION_TEXT); static char16_t* pe_section_to_str16( EFI_LOADED_IMAGE_PROTOCOL *loaded_image, diff --git a/src/fundamental/macro-fundamental.h b/src/fundamental/macro-fundamental.h index a322a4587cf..2f2b3df277a 100644 --- a/src/fundamental/macro-fundamental.h +++ b/src/fundamental/macro-fundamental.h @@ -436,17 +436,22 @@ assert_cc(sizeof(dummy_t) == 0); } #endif -/* Declares an ELF read-only string section that does not occupy memory at runtime. */ -#define DECLARE_NOALLOC_SECTION(name, text) \ - asm(".pushsection " name ",\"S\"\n\t" \ - ".ascii " STRINGIFY(text) "\n\t" \ +/* Declare an ELF read-only string section that does not occupy memory at runtime. */ +#define DECLARE_NOALLOC_SECTION(name, text) \ + asm(".pushsection " name ",\"S\"\n\t" \ + ".ascii " STRINGIFY(text) "\n\t" \ ".popsection\n") -#ifdef SBAT_DISTRO -# define DECLARE_SBAT(text) DECLARE_NOALLOC_SECTION(".sbat", text) -#else -# define DECLARE_SBAT(text) -#endif +/* Similar to DECLARE_NOALLOC_SECTION, but pad the section with extra 512 bytes. After taking alignment into + * account, the section has up to 1024 bytes minus the size of the original content of padding, and this + * extra space can be used to extend the contents. This is intended for the .sbat section. */ +#define DECLARE_NOALLOC_SECTION_PADDED(name, text) \ + assert_cc(STRLEN(text) <= 512); \ + asm(".pushsection " name ",\"S\"\n\t" \ + ".ascii " STRINGIFY(text) "\n\t" \ + ".balign 512\n\t" \ + ".fill 512, 1, 0\n\t" \ + ".popsection\n") #define typeof_field(struct_type, member) typeof(((struct_type *) 0)->member) #define sizeof_field(struct_type, member) sizeof(((struct_type *) 0)->member) diff --git a/src/fundamental/sbat.h b/src/fundamental/sbat.h index 9288e058125..1a6e678b355 100644 --- a/src/fundamental/sbat.h +++ b/src/fundamental/sbat.h @@ -12,3 +12,11 @@ SBAT_PROJECT "-stub" ",1,The systemd Developers," SBAT_PROJECT "," PROJECT_VERSION "," PROJECT_URL "\n" \ SBAT_PROJECT "-stub" "." SBAT_DISTRO "," STRINGIFY(SBAT_DISTRO_GENERATION) "," SBAT_DISTRO_SUMMARY "," SBAT_DISTRO_PKGNAME "," SBAT_DISTRO_VERSION "," SBAT_DISTRO_URL "\n" #endif + +#ifdef SBAT_DISTRO +# define DECLARE_SBAT(text) DECLARE_NOALLOC_SECTION(".sbat", text) +# define DECLARE_SBAT_PADDED(text) DECLARE_NOALLOC_SECTION_PADDED(".sbat", text) +#else +# define DECLARE_SBAT(text) +# define DECLARE_SBAT_PADDED(text) +#endif