sbsign - gaps in the section table may result in different checksums
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sbsigntool (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
sbsign -est/test-key.rsa --cert openssl_
warning: gap in section table:
.dynsym : 0x000e4a00 - 0x000f1600,
/14 : 0x000f1752 - 0x000f1f52,
gaps in the section table may result in different checksums
warning: data remaining[990720 vs 1092659]: gaps between PE/COFF sections?
When signing my shim.efi binary with sbsigntool I received the above warnings. I did a little bit of googling and found if the shim is compiled with gnu-efi 3.0q or earlier, this could be an issue; but my shim.efi is compiled with gnu-efi 3.0u.
The end result from the error cause my shim not bootable. I tried to sign with pesign and everything works, so I think the error is in sbsigntool.
I realized because my linker script is incorrect, the section was not aligned correctly, and this is why when I fed it to sbsigntool it has the
warning: gap in section table:
.dynsym : 0x000e4a00 - 0x000f1600,
/14 : 0x000f1752 - 0x000f1f52,
gaps in the section table may result in different checksums
Output from objdump with wrong linker script (note the last section):
CONTENTS, ALLOC, LOAD, READONLY, DATA
CONTENTS, ALLOC, LOAD, READONLY, CODE
CONTENTS, ALLOC, LOAD, READONLY, DATA
CONTENTS, ALLOC, LOAD, DATA
CONTENTS, ALLOC, LOAD, DATA
CONTENTS, ALLOC, LOAD, READONLY, DATA
CONTENTS, ALLOC, LOAD, READONLY, DATA
CONTENTS, ALLOC, LOAD, READONLY, DATA
Sections:
Idx Name Size VMA LMA File off Algn
0 .eh_frame 00013ab0 0000000000005000 0000000000005000 00000400 2**3
1 .text 000872f9 0000000000019000 0000000000019000 00014000 2**4
2 .reloc 0000000a 00000000000a1000 00000000000a1000 0009b400 2**0
3 .data 000240f8 00000000000a2000 00000000000a2000 0009b600 2**5
4 .dynamic 000000f0 00000000000c7000 00000000000c7000 000bf800 2**3
5 .rela 00024ed0 00000000000c8000 00000000000c8000 000bfa00 2**3
6 .dynsym 0000cbe8 00000000000ed000 00000000000ed000 000e4a00 2**3
7 .vendor_cert 00000611 0000000000103352 0000000000103352 000f1752 2**0
With updated linker script, I only get this line now:
warning: data remaining[990720 vs 1092659]: gaps between PE/COFF sections?
However the shim binary is still not bootable.