Hi Matthew, On Sun, 24 Nov 2024 at 21:29, Matthew Garrett <mj...@srcf.ucam.org> wrote: > > On Sun, Nov 24, 2024 at 03:43:12PM +0100, Heinrich Schuchardt wrote: > > > + /* That failed, so try allocating anywhere there's enough room */ > > > + status = boot->allocate_pages(EFI_ALLOCATE_ANY_PAGES, > > > EFI_LOADER_DATA, pages, &addr);
I don't think you can use this as is. IIRC the PE/COFF header defines the alignment of the loaded image that's why we have efi_alloc_aligned_pages() > > > + if (status == EFI_SUCCESS) { > > > + /* Make sure bootm knows where we loaded the image */ > > > + os->load = addr; > > > + return; > > > + } > > > > Why don't you simply call LoadImage()? > > With secure boot that requires that the kernel image have a trusted > signature, whereas we're relying on a signed FIT. That signed FIT, contains a kernel compiled as a PE/COFF and you *want* to jump the the efi stub right? If that's the case and we trust FIT, why don't we just ignore the crypto checks on LoadImage? Thanks /Ilias