From 7af304d3b6c8a20020cb00f1399612c5281cc2e3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 30 Sep 2024 13:50:27 +0200 Subject: [PATCH] ukify: Remove special casing for .linux section Now that we properly leave sufficient space for inline execution of the .linux section, let's remove the special casing of the .linux section as it doesn't need to be the last section anymore now. --- src/ukify/ukify.py | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index 86117cd5631..55c40164ae9 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -502,7 +502,7 @@ def pe_strip_section_name(name): return name.rstrip(b"\x00").decode() -def call_systemd_measure(uki, linux, opts): +def call_systemd_measure(uki, opts): if not opts.measure and not opts.pcr_private_keys: return @@ -528,14 +528,10 @@ def call_systemd_measure(uki, linux, opts): continue if s.content is not None: - assert(s.name != ".linux" or linux is None) to_measure.append(f"--{s.name.removeprefix('.')}={s.content}") else: raise ValueError(f"Don't know how to measure section {s.name}"); - if linux is not None: - to_measure.append(f'--linux={linux}') - # And now iterate through the base profile and measure what we haven't measured above if opts.measure_base is not None: pe = pefile.PE(opts.measure_base, fast_load=True) @@ -952,9 +948,6 @@ def make_uki(opts): ('.pcrpkey', pcrpkey, True ), ('.initrd', initrd, True ), ('.ucode', opts.microcode, True ), - - # linux shall be last to leave breathing room for decompression. - # We'll add it later. ] for name, content, measure in sections: @@ -965,6 +958,15 @@ def make_uki(opts): for section in opts.sections: uki.add_section(section) + if linux is not None: + try: + virtual_size = pefile.PE(linux, fast_load=True).OPTIONAL_HEADER.SizeOfImage + except pefile.PEFormatError: + print(f"{linux} is not a valid PE file, not using SizeOfImage.") + virtual_size = None + + uki.add_section(Section.create('.linux', linux, measure=True, virtual_size=virtual_size)) + if opts.extend is None: if linux is not None: # Merge the .sbat sections from stub, kernel and parameter, so that revocation can be done on either. @@ -984,22 +986,10 @@ uki-addon,1,UKI Addon,addon,1,https://www.freedesktop.org/software/systemd/man/l # PCR measurement and signing - # We pass in the contents for .linux separately because we need them to do the measurement but can't add - # the section yet because we want .linux to be the last section. Make sure any other sections are added - # before this function is called. - call_systemd_measure(uki, linux, opts=opts) + call_systemd_measure(uki, opts=opts) # UKI creation - if linux is not None: - try: - virtual_size = pefile.PE(linux, fast_load=True).OPTIONAL_HEADER.SizeOfImage - except pefile.PEFormatError: - print(f"{f} is not a valid PE file, not using SizeOfImage.") - virtual_size = None - - uki.add_section(Section.create('.linux', linux, measure=True, virtual_size=virtual_size)) - if sign_args_present: unsigned = tempfile.NamedTemporaryFile(prefix='uki') unsigned_output = unsigned.name -- 2.47.3