[PATCH v2] grub-mkimage: Fix empty SBAT metadata file issue

Wed, 24 Dec 2025 04:30:12 -0800 

The grub-mkimage does not check if the SBAT metadata file is contains at least
the SBAT header or not when creating core.elf with the SBAT metadata file. It
leads to adding the empty SBAT ELF note for PowerPC and the .sbat section for 
EFI.
Fixing this by checking the SBAT metadata file size against the SBAT header size
before adding it to the ELF note or .sbat section.

Signed-off-by: Sudhakar Kuppusamy <[email protected]>
---
 util/mkimage.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/util/mkimage.c b/util/mkimage.c
index f364a5718..b3a815be5 100644
--- a/util/mkimage.c
+++ b/util/mkimage.c
@@ -56,6 +56,9 @@
 
 #pragma GCC diagnostic ignored "-Wcast-align"
 
+#define SBAT_HEADER      "sbat,1,SBAT 
Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md";
+#define SBAT_HEADER_SIZE (sizeof(SBAT_HEADER))
+
 #define TARGET_NO_FIELD 0xffffffff
 
 /* use 2015-01-01T00:00:00+0000 as a stock timestamp */
@@ -963,6 +966,12 @@ grub_install_generate_image (const char *dir, const char 
*prefix,
 
   if (sbat_path != NULL && (image_target->id != IMAGE_EFI && image_target->id 
!= IMAGE_PPC))
     grub_util_error (_("SBAT data can be added only to EFI or powerpc-ieee1275 
images"));
+  else if (sbat_path != NULL)
+    {
+      sbat_size = grub_util_get_image_size (sbat_path);
+      if (sbat_size < SBAT_HEADER_SIZE)
+        grub_util_error (_("%s file should contain at least an SBAT header"), 
sbat_path);
+    }
 
   if (appsig_size != 0 && image_target->id != IMAGE_PPC)
     grub_util_error (_("appended signature can be support only to 
powerpc-ieee1275 images"));
@@ -1396,7 +1405,7 @@ grub_install_generate_image (const char *dir, const char 
*prefix,
 
        if (sbat_path != NULL)
          {
-           sbat_size = ALIGN_ADDR (grub_util_get_image_size (sbat_path));
+           sbat_size = ALIGN_ADDR (sbat_size);
            sbat_size = ALIGN_UP (sbat_size, GRUB_PE32_FILE_ALIGNMENT);
          }
 
@@ -1857,7 +1866,6 @@ grub_install_generate_image (const char *dir, const char 
*prefix,
        char *sbat = NULL;
        if (sbat_path != NULL)
          {
-           sbat_size = grub_util_get_image_size (sbat_path);
            sbat = xmalloc (sbat_size);
            grub_util_load_image (sbat_path, sbat);
            layout.sbat_size = sbat_size;
-- 
2.50.1 (Apple Git-155)


_______________________________________________
Grub-devel mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to