sbsign - gaps in the section table may result in different checksums

Bug #1575971 reported by mat troi on 2016-04-27
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sbsigntool (Ubuntu)
Undecided
Unassigned

Bug Description

sbsign -est/test-key.rsa --cert openssl_test/test-cert.pem --output shim_delete_please build/amd64/shim.efi
warning: gap in section table:
    .dynsym : 0x000e4a00 - 0x000f1600,
    /14 : 0x000f1752 - 0x000f1f52,
gaps in the section table may result in different checksums
warning: data remaining[990720 vs 1092659]: gaps between PE/COFF sections?

When signing my shim.efi binary with sbsigntool I received the above warnings. I did a little bit of googling and found if the shim is compiled with gnu-efi 3.0q or earlier, this could be an issue; but my shim.efi is compiled with gnu-efi 3.0u.

The end result from the error cause my shim not bootable. I tried to sign with pesign and everything works, so I think the error is in sbsigntool.

mat troi (mattroisang) wrote :

I realized because my linker script is incorrect, the section was not aligned correctly, and this is why when I fed it to sbsigntool it has the
warning: gap in section table:
    .dynsym : 0x000e4a00 - 0x000f1600,
    /14 : 0x000f1752 - 0x000f1f52,
gaps in the section table may result in different checksums

Output from objdump with wrong linker script (note the last section):
Sections:
Idx Name Size VMA LMA File off Algn
  0 .eh_frame 00013ab0 0000000000005000 0000000000005000 00000400 2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .text 000872f9 0000000000019000 0000000000019000 00014000 2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
  2 .reloc 0000000a 00000000000a1000 00000000000a1000 0009b400 2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .data 000240f8 00000000000a2000 00000000000a2000 0009b600 2**5
                  CONTENTS, ALLOC, LOAD, DATA
  4 .dynamic 000000f0 00000000000c7000 00000000000c7000 000bf800 2**3
                  CONTENTS, ALLOC, LOAD, DATA
  5 .rela 00024ed0 00000000000c8000 00000000000c8000 000bfa00 2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .dynsym 0000cbe8 00000000000ed000 00000000000ed000 000e4a00 2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .vendor_cert 00000611 0000000000103352 0000000000103352 000f1752 2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA

With updated linker script, I only get this line now:
warning: data remaining[990720 vs 1092659]: gaps between PE/COFF sections?

However the shim binary is still not bootable.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers