When creating EFI binaries, the alignment of the text section isn't
correctly factored in. As a result trying to load signed EFI binaries
throws an error with:
efi_image_region_add() efi_image_region_add: new region already part of another
Image not authenticated
Running the binary through sbverify has a similar warning
sbverify ./lib/efi_loader/helloworld.efi
warning: gap in section table:
.text : 0x00001000 - 0x00001c00,
.data : 0x00002000 - 0x00002200,
gaps in the section table may result in different checksums
warning: data remaining[7680 vs 12720]: gaps between PE/COFF sections?
.....
If we include the alignment in the text section, the signed binary boots
fine, and the relevant sbverify warning goes away
sbverify ./lib/efi_loader/helloworld.efi
warning: data remaining[8704 vs 12720]: gaps between PE/COFF sections?
.....
We should look into the remaining warning at some point as well
regarding the gaps between PE/COFF sections.
Signed-off-by: Ilias Apalodimas <[email protected]>
---
arch/arm/lib/elf_aarch64_efi.lds | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/lib/elf_aarch64_efi.lds b/arch/arm/lib/elf_aarch64_efi.lds
index 5dd98091698c..e382254a6cf5 100644
--- a/arch/arm/lib/elf_aarch64_efi.lds
+++ b/arch/arm/lib/elf_aarch64_efi.lds
@@ -32,9 +32,9 @@ SECTIONS
.rela.plt : { *(.rela.plt) }
.rela.got : { *(.rela.got) }
.rela.data : { *(.rela.data) *(.rela.data*) }
+ . = ALIGN(4096);
_etext = .;
_text_size = . - _text;
- . = ALIGN(4096);
.data : {
_data = .;
*(.sdata)
--
2.45.2
