From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 29 Jan 2025 13:44:27 +0000 (+0100)
Subject: ukify: Calculate section size more correctly
X-Git-Tag: v258-rc1~1435^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=33b25fa11c408ae40f2aa4300220504329a23a52;p=thirdparty%2Fsystemd.git

ukify: Calculate section size more correctly

We should only use Misc_VirtualSize if it's smaller than SizeOfRawData,
since in that case it'll be the non-aligned section size. Otherwise we
have to use SizeOfRawData to get the size on disk.
---

diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py
index 091e5a45e19..42890aae846 100755
--- a/src/ukify/ukify.py
+++ b/src/ukify/ukify.py
@@ -732,6 +732,10 @@ def pe_strip_section_name(name: bytes) -> str:
     return name.rstrip(b'\x00').decode()
 
 
+def pe_section_size(section: pefile.SectionStructure) -> int:
+    return cast(int, min(section.Misc_VirtualSize, section.SizeOfRawData))
+
+
 def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) -> None:
     measure_tool = find_tool(
         'systemd-measure',
@@ -1314,16 +1318,16 @@ def make_uki(opts: UkifyConfig) -> None:
                 continue
 
             print(
-                f"Copying section '{n}' from '{profile}': {pesection.Misc_VirtualSize} bytes",
+                f"Copying section '{n}' from '{profile}': {pe_section_size(pesection)} bytes",
                 file=sys.stderr,
             )
             uki.add_section(
-                Section.create(n, pesection.get_data(length=pesection.Misc_VirtualSize), measure=True)
+                Section.create(n, pesection.get_data(length=pe_section_size(pesection)), measure=True)
             )
 
         if opts.sign_profiles:
             pesection = next(s for s in pe.sections if pe_strip_section_name(s.Name) == '.profile')
-            id = read_env_file(pesection.get_data(length=pesection.Misc_VirtualSize).decode()).get('ID')
+            id = read_env_file(pesection.get_data(length=pe_section_size(pesection)).decode()).get('ID')
             if not id or id not in opts.sign_profiles:
                 print(f'Not signing expected PCR measurements for "{id}" profile')
                 continue
@@ -1505,8 +1509,7 @@ def inspect_section(
 
     ttype = config.output_mode if config else DEFAULT_SECTIONS_TO_SHOW.get(name, 'binary')
 
-    size = section.Misc_VirtualSize
-    # TODO: Use ignore_padding once we can depend on a newer version of pefile
+    size = pe_section_size(section)
     data = section.get_data(length=size)
     digest = sha256(data).hexdigest()