Hi Matthew,

On Sun, 24 Nov 2024 at 21:29, Matthew Garrett <mj...@srcf.ucam.org> wrote:
>
> On Sun, Nov 24, 2024 at 03:43:12PM +0100, Heinrich Schuchardt wrote:
> > > +   /* That failed, so try allocating anywhere there's enough room */
> > > +   status = boot->allocate_pages(EFI_ALLOCATE_ANY_PAGES, 
> > > EFI_LOADER_DATA, pages, &addr);

I don't think you can use this as is. IIRC the PE/COFF header defines
the alignment of the loaded image that's why we have
efi_alloc_aligned_pages()

> > > +   if (status == EFI_SUCCESS) {
> > > +           /* Make sure bootm knows where we loaded the image */
> > > +           os->load = addr;
> > > +           return;
> > > +   }
> >
> > Why don't you simply call LoadImage()?
>
> With secure boot that requires that the kernel image have a trusted
> signature, whereas we're relying on a signed FIT.

That signed FIT, contains a kernel compiled as a PE/COFF and you
*want* to jump the the efi stub right? If that's the case and we trust
FIT, why don't we just ignore the crypto checks on LoadImage?

Thanks
/Ilias

Reply via email to