mikebeaton
commented
1 year ago Related: https://github.com/acidanthera/bugtracker/issues/2239 Possibly related(?): https://github.com/rhboot/shim/issues/97
Closed mikebeaton closed 1 year ago
mikebeaton
commented
1 year ago Related: https://github.com/acidanthera/bugtracker/issues/2239 Possibly related(?): https://github.com/rhboot/shim/issues/97
mikebeaton
commented
1 year ago It may be worth clarifying that the files in question are generated by the EDK-II build tooling being developed in https://github.com/acidanthera/audk. This is used, inter alia, in https://github.com/acidanthera/OpenCorePkg. Multiple parts of these updates have been and are being contributed back to mainline EDK-II.
Due to the wide user-base of the project https://github.com/acidanthera/OpenCorePkg we do know that the EFI files generated by this tooling load correctly on a very wide range of (U)EFI firmware (and on OVMF). We believe they are fully correct and to spec.
(FYI The current goal in trying to start any of the files generated with this tooling from shim is to make it optionally possible to integrate shim's MOK handling with our bootloader, OpenCore.efi. OpenCore includes a BLSpec compliant loader which can start Linux without GRUB2. It is already possible to create a fully secure multi-OS boot setup with this boot loader, but any Linux kernel modules require manual user signing, so some may find the existing shim MOK handling more convenient for that. However OpenCore.efi requires some non-trivial config, hence providing OpenShell.efi above as a straightforward example of the issue.)
vit9696
commented
1 year ago @vathpela, any progress on this? The issue is currently a blocker for us. Thanks!
mikebeaton
commented
1 year ago Closed by https://github.com/rhboot/shim/pull/562#issuecomment-1601343882 - thank you.
The shim handle_image method assumes that RelocDir->Size == Section->Misc.VirtualSize, but in fact this is not required.
While current EDK-II GenFw generates files where the above-mentioned two values are equal (and also pads the .reloc section above RelocDir->Size with dummy reloc entries, which the shim loader processes), in general RelocDir->Size may be smaller than the padding aligned Section->Misc.VirtualSize of the .reloc section, and the padding area need not contain dummy reloc entries.
When an .efi file loaded by shim does not match this current requirement, the file loads but then crashes with a page fault because the relocations have been silently dropped by shim. However the same .efi file(s) [see message below] start fine on the firmware of multiple systems, including OVMF - and on shim when modified by the linked PR.
Attached is a version of UEFI Shell showing this issue. It is loaded fine by the firmware of many systems, and we believe is fully valid, but is not currently loaded successfully by the shim image handler, instead showing this issue.
OpenShell.zip