ShellCode33
commented
1 year ago You might want to merge #21 first
Closed ShellCode33 closed 1 year ago
ShellCode33
commented
1 year ago You might want to merge #21 first
ShellCode33
commented
1 year ago Commit afc1ae0 fixes potential issues mentioned there.
The layout now looks like this:
$ sudo objdump -h /efi/EFI/arch/secure-boot-linux-hardened.efi
/efi/EFI/arch/secure-boot-linux-hardened.efi: file format pei-x86-64
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 0000bd1e 000000014df91000 000000014df91000 00000400 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
1 .rodata 000022d4 000000014df9d000 000000014df9d000 0000c200 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .data 00000268 000000014dfa0000 000000014dfa0000 0000e600 2**4
CONTENTS, ALLOC, LOAD, DATA
3 .sdmagic 0000002e 000000014dfa1000 000000014dfa1000 0000ea00 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .sbat 000000e8 000000014dfa2000 000000014dfa2000 0000ec00 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .reloc 00000078 000000014dfa3000 000000014dfa3000 0000ee00 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .osrel 00000163 000000014dfa4000 000000014dfa4000 0000f000 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .cmdline 000000ed 000000014dfa5000 000000014dfa5000 0000f200 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .initrd 01f59708 000000014dfa6000 000000014dfa6000 0000f400 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .linux 00af6220 000000014ff00000 000000014ff00000 01f68c00 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATAEDIT: reboot was successful :-)
medhefgo
commented
1 year ago Should be fine. But you should consider using ukify. That would simplify this a lot and make it future proof.
ShellCode33
commented
1 year ago Thanks for taking the time to look at it !
That would simplify this a lot and make it future proof
Probably but:
I'm not saying ukify is bad, I might even switch to it at some point, but arch-secure-boot is a niche tool which provides a minimalistic way of doing the same thing. It does one thing, and does it well ! (or at least it tries to :sweat_smile: )
maximbaz
commented
1 year ago Need to test once more, but using a wrapper function helps me somehow to track what's going on; + some small tricks like setting LC_ALL=C stolen from mkinitcpio, presumably will help for some locales.
ShellCode33
commented
1 year ago I was pretty sure that you would want to do a function, I didn't know how you would like to do that so I let it up to you. Apparently you opted for an inline one. It definitely makes sense, it's much more readable
ShellCode33
commented
1 year ago Don't forget the AUR release ! :)
maximbaz
commented
1 year ago Thanks :grin: Done!
Fixes #18
Before this patch (not aligned):
After this patch (aligned):