Public bug reported:
EFISTUB zImages for ARM64 contain two sections, a dummy .reloc section
and a .text sections covering the entire payload.
When attempting to sign such a zImage, sbsign fails in the
image_find_regions() like so
Starting program: /home/ard/build/sbsigntool-0.6/src/sbsign --key server.key
--cert server.crt ~/linux-arm/arch/arm64/boot/Image
warning: gap in section table:
(null) : 0xffff8000093bfd01 - 0xffff8000093bfd01,
.text : 0x000001a0 - 0x00000201,
This is caused by the loop in this function, which skips NULL sections
but still increments 'i', causing the contiguity check to become
invalid.
The following patch solves the issue for me.
--- image.c.orig 2013-11-18 15:34:13.451962351 +0100
+++ image.c 2013-11-18 15:34:15.415962345 +0100
@@ -379,34 +379,34 @@
image->checksum_regions,
struct region,
image->n_checksum_regions);
- regions = image->checksum_regions;
+ regions = &image->checksum_regions[image->n_checksum_regions-1];
- regions[i + 3].data = buf + file_offset;
- regions[i + 3].size = align_up(file_size,
+ regions->data = buf + file_offset;
+ regions->size = align_up(file_size,
image->file_alignment);
- regions[i + 3].name = talloc_strndup(image->checksum_regions,
+ regions->name = talloc_strndup(image->checksum_regions,
image->scnhdr[i].s_name, 8);
- bytes += regions[i + 3].size;
+ bytes += regions->size;
- if (file_offset + regions[i+3].size > image->size) {
+ if (file_offset + regions->size > image->size) {
fprintf(stderr, "warning: file-aligned section %s "
"extends beyond end of file\n",
- regions[i+3].name);
+ regions->name);
}
- if (regions[i+2].data + regions[i+2].size
- != regions[i+3].data) {
+ if (regions[-1].data + regions[-1].size
+ != regions->data) {
fprintf(stderr, "warning: gap in section table:\n");
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
- regions[i+2].name,
- regions[i+2].data - buf,
- regions[i+2].data +
- regions[i+2].size - buf);
+ regions[-1].name,
+ regions[-1].data - buf,
+ regions[-1].data +
+ regions[-1].size - buf);
fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
- regions[i+3].name,
- regions[i+3].data - buf,
- regions[i+3].data +
- regions[i+3].size - buf);
+ regions->name,
+ regions->data - buf,
+ regions->data +
+ regions->size - buf);
** Affects: sbsigntool (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1252288
Title:
sbsign failure in the presence of zero sized sections
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1252288/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
