25 Nov
2024
25 Nov
'24
2:46 p.m.
Hi Matthew,
On Sun, 24 Nov 2024 at 21:29, Matthew Garrett mjg59@srcf.ucam.org wrote:
On Sun, Nov 24, 2024 at 03:43:12PM +0100, Heinrich Schuchardt wrote:
- /* That failed, so try allocating anywhere there's enough room */
- status = boot->allocate_pages(EFI_ALLOCATE_ANY_PAGES, EFI_LOADER_DATA, pages, &addr);
I don't think you can use this as is. IIRC the PE/COFF header defines the alignment of the loaded image that's why we have efi_alloc_aligned_pages()
- if (status == EFI_SUCCESS) {
/* Make sure bootm knows where we loaded the image */os->load = addr;return;- }
Why don't you simply call LoadImage()?
With secure boot that requires that the kernel image have a trusted signature, whereas we're relying on a signed FIT.
That signed FIT, contains a kernel compiled as a PE/COFF and you *want* to jump the the efi stub right? If that's the case and we trust FIT, why don't we just ignore the crypto checks on LoadImage?
Thanks /Ilias