[Bug binutils/31077] New: objcopy --enable-deterministic-archives has non-deterministic output

[yannik at sembritzki dot me]

https://sourceware.org/bugzilla/show_bug.cgi?id=31077

            Bug ID: 31077
           Summary: objcopy --enable-deterministic-archives has
                    non-deterministic output
           Product: binutils
           Version: 2.40
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: binutils
          Assignee: unassigned at sourceware dot org
          Reporter: yannik at sembritzki dot me
  Target Milestone: ---

I am building a unified kernel image using objcopy. As this file is part of the
PCR event log which is used for sealing the tpm, it must be deterministic.

For some reason, objcopy produces non-deterministic output, even with
--enable-deterministic-archives option enabled.

How to reproduce:

# adjust vmlinuz/initrd path as required
function create_uki() {
objcopy \
    --enable-deterministic-archives                            \
    --add-section .osrel="/usr/lib/os-release"    \
    --change-section-vma .osrel=0x20000        \
    --add-section .cmdline="/etc/kernel/cmdline"    \
    --change-section-vma .cmdline=0x30000        \
    --add-section .linux="/vmlinuz"            \
    --change-section-vma .linux=0x2000000        \
    --add-section .initrd="/initrd.img"            \
    --change-section-vma .initrd=0x3000000        \
    /usr/lib/systemd/boot/efi/linuxx64.efi.stub    \
    "uki.efi"
}
$ create_uki; sha1sum uki.efi
559e9219d0033770d2e7c5e6412f6b144d0a7f23
$ create_uki;sha1sum uki.efi
675d1b088f8bebbf2c9b969c1206b67b7859bcdb

(Note: I have of course verified that os-release/cmdline/vmlinuz/initrd do not
change between these operations).

-- 
You are receiving this mail because:
You are on the CC list for the bug.